Question：libmem.alloc_memory_ex When allocating virtual memory in a 64-bit program, the Windows system will automatically allocate it to a farther place, causing thejmp instruction to be too long. Can this be optimized? Programming language:Python

Problem description：

1. Assume the current instruction is:

notepad++.exe+3A-0000- add [rax],alnotepad++.exe+3C-2801-sub [rcx],alnotepad++.exe+3E-0000- add [rax],alnotepad++.exe+40- 0E- push csnotepad++.exe+41- 1F- pop dsnotepad++.exe+42- BA 0E00B409- mov edx,09B4000Enotepad++.exe+47- CD21-int21notepad++.exe+49- B8 014CCD21- mov eax,21CD4C01notepad++.exe+4E-54- push rsp

2. The address obtained by using thealloc_memory_ex function is:0x1d0f84c0000

000001D0F84D0000 |0000      | ADD BYTE PTR DS:[RAX],AL

3. Usehook_code_ex function to hook，The assembly instructions become：

notepad++.exe+3A- FF2500000000 00004DF8D0010000- jmp 1D0F84D0000notepad++.exe+48-90- nop notepad++.exe+49- B8 014CCD21- mov eax,21CD4C01notepad++.exe+4E-54- push rsp

4. 👆The problem is that thejmp command uses14 bytes to complete:FF25 00000000 00004DF8D0010000

Extended description：

• Thealloc function in CE can specify anAllocateNearThisAddress parameter. If specified, memory space will be allocated near this address.
• At this time, since the address distance is very close, thejmp instruction only needs5 bytes:E9 6EFFFEFF
• As shown below：

//////////////////// Before hooknotepad++.exe+8D-30 EC- xor ah,chnotepad++.exe+8F- 5E- pop rsinotepad++.exe+90-66 8E 4A E6- mov cs,[rdx-1A]//////////////////// After hooknotepad++.exe+8D- E9 6EFFFEFF- jmp 7FF7B8D90000notepad++.exe+92-90- nop

So is there any way, when applying for memory, to apply for memory near the specified memory, just like CE's alloc function?

Thank you