How to use int3( VEH or SEH )

Question

Know I want to replace function prologue with jmp to jump to my allocate zone(VirtualAllocateEx). But function prologue just have 3 bytes, and jmp have 5 bytes. like this:

55                 `push ebp`  

8B EC              `mov ebp, esp`

833D C4354200 02   `cmp dword ptr ds:[4235C4],2`

E9 AD00000000  `jmp` 00140000 // replace above three instructions

If I want to use jmp to cover function prologue, the third instruction after function prologue must be covered.

So know I want to use int3 to replace function prologue to to jump to my allocate zone or any address, how can I do it?

I try to use VEH or SEH to do so, but I can't figure out how to make it.

Answer 1

You need to write the original code (the one you quoted) on another memory location (just allocate something).

Write it while saving some space for the additional OpCodes (your custom new code). It doesn't have to fit exactly as you're allowed to fill the unused bytes with NOP (0x90 if I'm not mistaken).

Now, jump to this code from the original code.

I've been doing this stuff when I was making game trainers years ago.. Works very well.

On thing to note: Your reWritten code should, at the end, jump back to the original place to continue the code flow.

Let me know if it's unclear.