{"id":15060411,"url":"https://github.com/danielkrupinski/x86retspoof","last_synced_at":"2025-08-21T03:32:17.269Z","repository":{"id":53344049,"uuid":"456634353","full_name":"danielkrupinski/x86RetSpoof","owner":"danielkrupinski","description":"Invoke functions with a spoofed return address. For 32-bit Windows binaries. Supports __fastcall, __thiscall, __stdcall and __cdecl calling conventions. Written in C++17.","archived":false,"fork":false,"pushed_at":"2023-02-17T21:26:39.000Z","size":37,"stargazers_count":170,"open_issues_count":1,"forks_count":30,"subscribers_count":6,"default_branch":"master","last_synced_at":"2024-12-19T19:07:21.376Z","etag":null,"topics":["anticheat-bypass","assembly-language","assembly-x86","cpp17","game-hacking","reverse-engineering","single-header","x86"],"latest_commit_sha":null,"homepage":"","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/danielkrupinski.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-02-07T18:48:53.000Z","updated_at":"2024-12-02T20:58:32.000Z","dependencies_parsed_at":"2023-02-18T11:35:13.487Z","dependency_job_id":null,"html_url":"https://github.com/danielkrupinski/x86RetSpoof","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/danielkrupinski%2Fx86RetSpoof","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/danielkrupinski%2Fx86RetSpoof/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/danielkrupinski%2Fx86RetSpoof/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/danielkrupinski%2Fx86RetSpoof/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/danielkrupinski","download_url":"https://codeload.github.com/danielkrupinski/x86RetSpoof/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":230487843,"owners_count":18233865,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["anticheat-bypass","assembly-language","assembly-x86","cpp17","game-hacking","reverse-engineering","single-header","x86"],"created_at":"2024-09-24T22:58:24.528Z","updated_at":"2024-12-19T19:07:27.874Z","avatar_url":"https://github.com/danielkrupinski.png","language":"C++","funding_links":[],"categories":[],"sub_categories":[],"readme":"# x86RetSpoof [![Windows](https://github.com/danielkrupinski/x86RetSpoof/actions/workflows/windows.yml/badge.svg?event=push)](https://github.com/danielkrupinski/x86RetSpoof/actions/workflows/windows.yml)\nInvoke functions with a spoofed return address. For 32-bit Windows binaries.\n\n# How to use\n1. Include x86RetSpoof.h in your project.\n2. Find `FF 23` byte sequence (`gadget`, machine code equivalent of `jmp dword ptr [ebx]`) in the executable code section of the module you want the spoofed return address to appear in. The address of it will be the `gadgetAddress` and the invoked function will see it as the return address.\n3. Call the function with `x86RetSpoof::invoke...()` matching the calling convention of the target function.\n\n## Example\nCalling [MessageBoxW](https://docs.microsoft.com/en-us/windows/win32/api/winuser/nf-winuser-messageboxw) function:\n```cpp\nx86RetSpoof::invokeStdcall\u003cint\u003e(std::uintptr_t(\u0026MessageBoxW), std::uintptr_t(gadgetAddress), nullptr, L\"text\", L\"title\", MB_OK);\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdanielkrupinski%2Fx86retspoof","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdanielkrupinski%2Fx86retspoof","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdanielkrupinski%2Fx86retspoof/lists"}