Simplified Interceptor reimplemented in TypeScript

simpleceptor-arm.ts

const THUMB_HOOK_REDIRECT_SIZE = 8;
const THUMB_BIT_REMOVAL_MASK = ptr(1).not();

const trampolines: NativePointer[] = [];
const replacements: NativePointer[] = [];

export function makeTrampoline(target: NativePointer): NativePointer {
    const targetAddress = target.and(THUMB_BIT_REMOVAL_MASK);
    const trampoline = Memory.alloc(Process.pageSize);

    Memory.patchCode(trampoline, 128, code => {
        const writer = new ThumbWriter(code, { pc: trampoline });
        const relocator = new ThumbRelocator(targetAddress, writer);

        let n: number;
        do {
            n = relocator.readOne();
        } while (n < THUMB_HOOK_REDIRECT_SIZE);

        relocator.writeAll();

        if (!relocator.eoi) {
            writer.putLdrRegAddress(ArmRegister.Pc, target.add(n));
        }

        writer.flush();
    });

    trampolines.push(trampoline);

    return trampoline.or(1);
}

export function replace(target: NativePointer, replacement: NativePointer): void {
    const targetAddress = target.and(THUMB_BIT_REMOVAL_MASK);

    Memory.patchCode(targetAddress, 128, code => {
        const writer = new ThumbWriter(code, { pc: targetAddress });
        writer.putLdrRegAddress(ArmRegister.Pc, replacement);
        writer.flush();
    });

    replacements.push(replacement);
}

How with an "attach" implementation look like with this?

@Syrou (Oops, sorry for the delay here!) It would need to generate another trampoline that saves registers/flags, calls the user's onEnter, and restores registers/flags. Beside that it would also need to replace the return address with that of a similar trampoline so it can trap the return and do the same dance for onLeave. That logic would also need to maintain a per-thread stack of return addresses. Maybe I'll get around to fleshing that out someday.