CODEWITHSUNDEEP
c++assemblycrashhookdetours
Infromthecold
Infromthecold

Reputation: 43

Why is my detoured code, crashing with a NOP

Hi this is my first question so please treat me gently.I am detouring an exe, using MS detours and Visual Studio 2005, my dll gets loaded and my hook works a treat however when I try to extend my hook code something is going wrong and the whole thing crashes, I think its creating an exception in the exe which is popping up a message box contact support.

typedef void (__stdcall* GenterateStrings)(int,int,int);

GenterateStrings Real_GenterateStrings = (GenterateStrings)(0x06EDFA0);

extern "C" { static void __stdcall myGenterateStrings(int,int,int); }

void __stdcall myGenterateStrings(int a1, int a2, int a3) 
{   
    myLogMessage(L"its working");
    Real_GenterateStrings( a1,  a2,  a3);
    return;
}

That works a treat no exceptions and my log file fills with "its working", however, i need to capture EAX after my Real_GenterateStrings() call as it contains a pointer to a unicode string.

but if i put any code after the Real_GenterateStrings call just cause the crash as soon as its hooked. Even just a nop

void __stdcall PokerAdvisorGenterateStrings(int a1, int a2, int a3) 
{   
    myLogMessage(L"its working");
    Real_GenterateStrings( a1,  a2,  a3);
    __asm   
    {
        nop
    }   
    return;
}

Any ideas?

The function i am hooking is 

mov     eax, [rsp+0Ch]
mov     ecx, [rsp+8]
mov     edx, cs:113650Ah
push    rax
mov     eax, [rsp+8]
push    rcx
push    rdx
push    0A3CA2Ch
push    rax
call      near ptr unk_6AB8E0
add     esp, 14h
retn

I dont think it returns a value?

Upvotes: 1

Views: 1150

Answers (1)

Bahbar
Bahbar

Reputation: 18015

How do you know there is something in eax ?

In general, detour crashes are often due to an inaccurate calling convention and/or prototype. I suspect that the detoured function returns a void* or something else. You need to capture the return value and pass it along to the caller once you're done, like so:

typedef void* (__stdcall* GenterateStrings)(int,int,int);

GenterateStrings Real_GenterateStrings = (GenterateStrings)(0x06EDFA0);

extern "C" { static void __stdcall myGenterateStrings(int,int,int); }

void* __stdcall myGenterateStrings(int a1, int a2, int a3) 
{   
    myLogMessage(L"its working");
    void* ret = Real_GenterateStrings( a1,  a2,  a3);
    __asm   
    {
        nop
    }   

    return ret;
}

Upvotes: 2

Related Questions