From 56bc9ea8fe73dc6f2f36d7d017081f8717e6fb22 Mon Sep 17 00:00:00 2001
From: gsuberland <gsuberland@gmail.com>
Date: Thu, 9 Mar 2017 22:16:25 +0000
Subject: [PATCH] Patched to support patching jmp [rip+imm32].

---
 mhook-lib/mhook.cpp | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/mhook-lib/mhook.cpp b/mhook-lib/mhook.cpp
index 3380dce..9e70c2f 100644
--- a/mhook-lib/mhook.cpp
+++ b/mhook-lib/mhook.cpp
@@ -678,15 +678,21 @@ static DWORD DisassembleAndSkip(PVOID pFunction, DWORD dwMinLen, MHOOKS_PATCHDAT
 		while ( (dwRet < dwMinLen) && (pins = GetInstruction(&dis, (ULONG_PTR)pLoc, pLoc, dwFlags)) ) {
 			ODPRINTF(("mhooks: DisassembleAndSkip: %p:(0x%2.2x) %s", pLoc, pins->Length, pins->String));
 			if (pins->Type == ITYPE_RET		) break;
-			if (pins->Type == ITYPE_BRANCH	) break;
 			if (pins->Type == ITYPE_BRANCHCC) break;
 			if (pins->Type == ITYPE_CALL	) break;
 			if (pins->Type == ITYPE_CALLCC	) break;
 
 			#if defined _M_X64
 				BOOL bProcessRip = FALSE;
+				// jmp to rip+imm32
+				if ((pins->Type == ITYPE_BRANCH) && (pins->OperandCount == 1) && (pins->X86.Relative) && (pins->X86.BaseRegister == AMD64_REG_RIP) && (pins->Operands[0].Flags & OP_IPREL))
+				{
+					// rip-addressing "jmp [rip+imm32]"
+					ODPRINTF((L"mhooks: DisassembleAndSkip: found OP_IPREL on operand %d with displacement 0x%x (in memory: 0x%x)", 1, pins->X86.Displacement, *(PDWORD)(pLoc + 3)));
+					bProcessRip = true;
+				}
 				// mov or lea to register from rip+imm32
-				if ((pins->Type == ITYPE_MOV || pins->Type == ITYPE_LEA) && (pins->X86.Relative) && 
+				else if ((pins->Type == ITYPE_MOV || pins->Type == ITYPE_LEA) && (pins->X86.Relative) && 
 					(pins->X86.OperandSize == 8) && (pins->OperandCount == 2) &&
 					(pins->Operands[1].Flags & OP_IPREL) && (pins->Operands[1].Register == AMD64_REG_RIP))
 				{