Hooking call function in c++?

Question

Hello people,
I'm kinda newbie with c++ but i have managed to create my own dll and injecting it to my gameserver.exe

Well i have tried for days to hook a user call function but i always fail since it belongs to assembly :(
I would like you guys to show me how i write a proper lines to hook this function:

0048C1AF  |. 8B9B 4C010000  MOV EBX,DWORD PTR DS:[EBX+14C]
0048C1B5  |. 8B13           MOV EDX,DWORD PTR DS:[EBX]
0048C1B7  |. 8B82 EC000000  MOV EAX,DWORD PTR DS:[EDX+EC]
0048C1BD  |. 8BCB           MOV ECX,EBX
0048C1BF  |. FFD0           CALL EAX
0048C1C1  |. 8BF8           MOV EDI,EAX
0048C1C3  |. E8 789EF8FF    CALL SR_GameS.00444040
0048C1C8  |. 8B7C24 1C      MOV EDI,DWORD PTR SS:[ESP+1C]
0048C1CC  |. 8BF0           MOV ESI,EAX
0048C1CE  |. E8 6D9EF8FF    CALL SR_GameS.00444040

What i have written on c++ so far is:

void __cdecl Global()
{

    __asm
    {

           mov msg, edi; //msg

           push ebx;
           mov ebx, dword ptr[esp+1C]; //playername
           mov playername, ebx;
           pop ebx;
    }

    printf("Global [%s] -> %s\n", playername, msg);

    //then calling func entry
    CALL((DWORD)0x00444040);
}

when ever 0048C1CE got called, i get it into my c++ and move it's parameters into Global() until here everything goes fine but inside Global() i can't call back the parameters successful into x00444040 even it show a strange values in console window and sometimes show a part of player message.

P.S. If it's possible an explanation about how things goes with assembly lines.

Sorry for my English, Thanks in advance.

Answer 1

Morality and legality aside, I am just going to focus on the technical aspects of your question - but I do feel you should give sincere thought to the points the david.pfx raised.

Having written a few projects that do similar things to what you described, for personal knowledge only, I would recommend a general purpose hooking library. I worked with the source engine (from Half-life 2 fame), and used a library called SourceHook. SourceHook is part of the AlliedModder's metamod project, which is used inside of SourceMod.

When I tried writing general purpose hooks outside of source-engine projects, I found SourceHook still useful, but also explored other options. I was pleased using mHook, another general purpose hooking library.

Its important the know the calling convention of the methods you are hooking, as restoring the registers correctly is critical to safe execution of your hooks

Answer 2

I'll leave aside the question as to why you would want to do this. It's probably someone else's software and they probably didn't give you permission. You may be in breach of a licence somewhere.

Your description is pretty tangled. The lines of assembler are not a function, they are code with 3 function calls. I'll guess that what you meant to say is that you want to intercept the call to function 0x00444040 in order to execute your own code. You haven't shown how you do that.

The C++ code needs to do roughly three things.

1. On entry, it must conform to the calling sequence expected by its caller. It appears there are two arguments, in ESI and EDI.
2. If you want to call C++ library functions then you must save all registers that might be affected by making those calls and restore them afterwards.
3. When you exit, you should restore the stack and registers exactly how they were on entry, and branch (JMP not CALL) to the hooked function, so that it can return to the original caller, not to your hooking code.

At the debugger level, just make sure that every register (including the stack pointer) is the same as it was on entry, just before you branch to the hooked function.