开发者

Why is my detoured code, crashing with a NOP

问答 作者:

Hi this is my first question so please treat me gently.I am detouring an exe, using MS detours and Visual Studio 2005, my dll gets loaded and my hook works a treat however when I try to extend my hook code something is going wrong and the whole thing crashes, I think its creating an exception in the exe which is popping up a message box contact support.

typedef void (__stdcall* GenterateStrings)(int,int,int);

GenterateStrings Real_GenterateStrings = (GenterateStrings)(0x06EDFA0);

extern "C" { static void __stdcall myGenterateStrings(int,int,int); }

void __stdcall myGenterateStrings(int a1, int a2, int a3) 
{   
    myLogMessage(L"its working");
    Real_GenterateStrings( a1,  a2,  a3);
    return;
}

That works a treat no exceptions and my log file fills with "its working", however, i need to capture EAX after my Real_GenterateStrings() call as it contains a pointer to a unicode string.

but if i put any code after the Real_GenterateStrings call just cause the crash as soon as its hooked. Even just a nop

void __stdcall PokerAdvisorGenterateStrings(int a1, int a2, int a3) 
{   
    myLogMessage(L"its working");
    Re开发者_运维百科al_GenterateStrings( a1,  a2,  a3);
    __asm   
    {
        nop
    }   
    return;
}

Any ideas?

The function i am hooking is 

mov     eax, [rsp+0Ch]
mov     ecx, [rsp+8]
mov     edx, cs:113650Ah
push    rax
mov     eax, [rsp+8]
push    rcx
push    rdx
push    0A3CA2Ch
push    rax
call      near ptr unk_6AB8E0
add     esp, 14h
retn

I dont think it returns a value?

How do you know there is something in eax ?

In general, detour crashes are often due to an inaccurate calling convention and/or prototype. I suspect that the detoured function returns a void* or something else. You need to capture the return value and pass it along to the caller once you're done, like so:

typedef void* (__stdcall* GenterateStrings)(int,int,int);

GenterateStrings Real_GenterateStrings = (GenterateStrings)(0x06EDFA0);

extern "C" { static void __stdcall myGenterateStrings(int,int,int); }

void* __stdcall myGenterateStrings(int a1, int a2, int a3) 
{   
    myLogMessage(L"its working");
    void* ret = Real_GenterateStrings( a1,  a2,  a3);
    __asm   
    {
        nop
    }   

    return ret;
}

继续阅读:assemblycrashdetourshook

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9