To use the 8 byte version if you need an atomic update is so straightforward that independent discovery is possible.
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
I was basically about to say the same: I had used that "trick" back in the day when writing a hooking engine for an AV company.
-
It's pretty obvious, and how msft hot patching works. They even described it in their patent, see claim [0046] here. https://patents.google.com/patent/US20040107416A1/en …
-
I was about to say, isn't that literally how /hotpatch works? 2-byte NOP in function prologue swapped to a short jmp with lock cmpxhg
-
I'd be surprised if anyone who does professional reversing doesn't know what those mov edi, edi's are? Seems hard to miss ¯\_(ツ)_/¯
-
The mechanism was even described in Windows Internals 5th Edition, as if we need any more references.pic.twitter.com/ZiCkYj2gQz
-
(side note: this reminded me to buy Windows Internals 7th Edition Part 1)
-
Buy it. I'm like 20-30 pages in and it's already

-
Way ahead of you! I hit up Amazon immediately after that tweet. Need to keep my winternals book collection up to date!
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.