Skip to content
/ x86RetSpoof Public

Invoke functions with a spoofed return address. For 32-bit Windows binaries. Supports __fastcall, __thiscall, __stdcall and __cdecl calling conventions. Written in C++17.

License

MIT license
165 stars 31 forks Branches Tags Activity
Star
Notifications

danielkrupinski/x86RetSpoof

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

61 Commits

.github/workflows

.github/workflows

 
 

Tests

Tests

 
 

CMakeLists.txt

CMakeLists.txt

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

x86RetSpoof.h

x86RetSpoof.h

 
 

Repository files navigation

x86RetSpoof Windows

Invoke functions with a spoofed return address. For 32-bit Windows binaries.

How to use

  1. Include x86RetSpoof.h in your project.
  2. Find FF 23 byte sequence (gadget, machine code equivalent of jmp dword ptr [ebx]) in the executable code section of the module you want the spoofed return address to appear in. The address of it will be the gadgetAddress and the invoked function will see it as the return address.
  3. Call the function with x86RetSpoof::invoke...() matching the calling convention of the target function.

Example

Calling MessageBoxW function:

x86RetSpoof::invokeStdcall<int>(std::uintptr_t(&MessageBoxW), std::uintptr_t(gadgetAddress), nullptr, L"text", L"title", MB_OK);

About

Invoke functions with a spoofed return address. For 32-bit Windows binaries. Supports __fastcall, __thiscall, __stdcall and __cdecl calling conventions. Written in C++17.

Topics

reverse-engineering game-hacking assembly-language x86 cpp17 single-header assembly-x86 anticheat-bypass

Resources

Readme

License

MIT license
Activity

Stars

165 stars

Watchers

6 watching

Forks

31 forks
Report repository

Languages