1

This question is about hotpatching. The core of hotpatching is to replace the first two bytes instruction with a two bytes short jump instruction. Microsoft guarantees the first instruction of a hotpatchable function is at least two bytes. Let's call it hotpatch point.

To ensure the replacing operation is an atomic operation, the address of the hotpatch point must be at least 16-bit aligned, MSDN says nothing about this.

So my question is: Does MSVC/Win32 guarantee function start address is aligned ?

amanjiang
  • 1,213
  • 14
  • 33
  • You might want to check out Detours from Microsoft Research. It might have what you want. More details [here](http://research.microsoft.com/pubs/68568/huntusenixnt99.pdf) and [here](http://research.microsoft.com/en-us/projects/detours/#publications). – selbie Dec 11 '15 at 04:58
  • @selbie Thank you. But Detours is not designed for hotpatchable function, and the "suspend thread" method it uses is that I do not want to use. Please have a look at 2nd link in my question. – amanjiang Dec 11 '15 at 06:48
  • MS itself relies on this so it must be correct at least for those binaries shipped by MS. – Marc Sherman Dec 15 '15 at 14:17

0 Answers0