acá tenes unas cuantas variantes:
case DETOUR_TYPE_STC_JC:
pDirApi[0] = 0xF9;
pDirApi[1] = 0x0F;
pDirApi[2] = 0x82;
*(DWORD*)&pDirApi[3]=(DWORD)(newDirApi-pDirApi)-7;
break;
case DETOUR_TYPE_CLC_JNC:
pDirApi[0] = 0xF8;
pDirApi[1] = 0x0F;
pDirApi[2] = 0x83;
*(DWORD*)&pDirApi[3]=(DWORD)(newDirApi-pDirApi)-7;
break;
case DETOUR_TYPE_NOP_NOP_JMP:
pDirApi[0]=0x90;
pDirApi[1]=0x90;
pDirApi[2]=0xE9;
*(DWORD*)&pDirApi[3]=(DWORD)(newDirApi-pDirApi)-7;
break;
case DETOUR_TYPE_PUSH_EAX_RET:
pDirApi[0]=0xB8;
*(DWORD*)&pDirApi[1]=(DWORD)newDirApi;
pDirApi[5]=0x50;
pDirApi[6]=0xC3;
break;
case DETOUR_TYPE_NOP_PUSH_RET:
pDirApi[0]=0x90;
pDirApi[1]=0x68;
*(DWORD*)&pDirApi[2]=(DWORD)newDirApi;
pDirApi[6]=0xC3;
break;
case DETOUR_TYPE_JMP_EAX:
pDirApi[0]=0xB8;
*(DWORD*)&pDirApi[1]=(DWORD)newDirApi;
pDirApi[5]=0xFF;
pDirApi[6]=0xE0;
break;
case DETOUR_TYPE_JMP_JMP:
pDirApi[-5]=0xE9;
*(DWORD*)&pDirApi[-4]=(DWORD)(newDirApi-pDirApi);
pDirApi[0]=0xEB;
pDirApi[1]=0xF9;
break;
case DETOUR_TYPE_PUSH_RET:
pDirApi[0]=0x68;
*(DWORD*)&pDirApi[1]=(DWORD)newDirApi;
pDirApi[5]=0xC3;
break;
case DETOUR_TYPE_NOP_JMP:
pDirApi[0]=0x90;
pDirApi[1]=0xE9;
*(DWORD*)&pDirApi[2]=(DWORD)(newDirApi-pDirApi)-6;
break;
default://DETOUR_TYPE_JMP
pDirApi[0]=0xE9;
*(DWORD*)&pDirApi[1]=(DWORD)(newDirApi-pDirApi)-5;
break;
y las instrucciones ASM referentes a jmps:
EB cb JMP rel8 Jump short, relative, displacement relative to next instruction.
E9 cw JMP rel16 Jump near, relative, displacement relative to next instruction.
E9 cd JMP rel32 Jump near, relative, displacement relative to next instruction.
FF /4 JMP r/m16 Jump near, absolute indirect, address given in r/m16.
FF /4 JMP r/m32 Jump near, absolute indirect, address given in r/m32.
EA cd JMP ptr16:16 Jump far, absolute, address given in operand.
EA cp JMP ptr16:32 Jump far, absolute, address given in operand.
FF /5 JMP m16:16 Jump far, absolute indirect, address given in m16:16.
FF /5 JMP m16:32 Jump far, absolute indirect, address given in m16:32.
S2
Autor
En línea
. En mi 
