So there was a bug several years ago in ircd-ratbox that impacted the core code that wasn't a loadable module. There was a bug in cidr matching that really needed fixed. So..I wrote a loadable module that got the address of the C function that needed replaced. Then I used mprotect to set that page the function was in memory to be read/write.
Then..I scribbled over the start of the function with x86 opcodes to make it jump to a replacement function that was in the just loaded module.
Or in code.. match_cidr is the bad function, fixed_match_cidr is the replacement.
snag = 0xB8;
*(int *) &snag = (int) fixed_match_cidr;
snag = 0xFF;
snag = 0xE0;
memcpy(saved, match_cidr, 7);
mprotect(ALIGN(match_cidr-(PAGESIZE)), PAGESIZE*2, PROT_READ|PROT_WRITE|PROT_EXEC);
memcpy(match_cidr, snag, 7);
mprotect(ALIGN(match_cidr-(PAGESIZE)), PAGESIZE*2, PROT_READ|PROT_EXEC);