[Keeper]

I'm trying to detour this function to figure out if I can do something...but I can't seem to get it to work in windows. I get the "ESP not properly saved across functions" error.

Code:

NET_SendPacket(INetChannel*, int, netadr_s const&, unsigned char const*, int)

I am guessing the result of this is (int) or maybe even (int *). But I'm using void * for the INetChannel* and the netadr_s. I'm not changing anything, just sending the information along. It works fine in Linux, but not windows. I have other detoured functions that work, so I'm wondering if anybody has experience with this?

TIA,
Keeper

[BAILOPAN]

You're misaligning the stack, maybe from not getting the signature right. Step through it in the debugger.

[Keeper]

Crud, I was hoping you weren't going to say that. Let me do some digging

EDIT:I 'm pretty sure the signature is correct. Even testing with the debugger at that address confirms this ( to the best of my reckoning ).

When I look at the linux version, and then look at the windows version, the strings match up within the same subroutine. Those don't appear anywhere else in either binary.

When I click refresh on my browser window, the breakpoint fires each time, as well as 3 or 4 times on startup.

Here are my sigs:
OB:

Code:

         #define NET_SendPacket_Sig "\xB8\x2A\x2A\x2A\x2A\xE8\x76\x2A\x2A\x2A\xA1\x2A\x2A\x2A\x2A\x83\x78\x2A\x2A\x53\x55\x8B"

EP1:

Code:

    #define NET_SendPacket_Sig "\xA1\x2A\x2A\x2A\x2A\x83\xEC\x2a\x83\x78\x2A\x2A\x55\x8B\x6C\x2A\x2A\x56\x57\x8B\x7C"

What else can I look at?

[pRED*]

What game is this for?

-e- On OB at least it has an extra two params. Not sure about old engine.

[Keeper]

It's for both, and yes the OB has 7 and EP1 has 5. They are basically the same, except the last 2 parameters:

Code:

DECL_DETOUR7_void(NetSendPacketDetour, void *, int, void *, unsigned const char *, int, void *, bool)
DECL_DETOUR5_void(NetSendPacketDetour, void *, int, void *, unsigned const char *, int)

Again, I used void * for INetChannel* and const netadr_s&. ( the latter I don't have a good feeling about )

[BAILOPAN]

Step through it in the debugger. The value of ESP should be the same before and after the detour point.

[Keeper]

Ok, now I got ya.

So, the ESP value changes every time it pushes one of the variables. It starts off at 0x0012E300 and then ends up at 0x0012E2EC before the original was called. It doesn't change when the original function is called, but at the end of the run, ESP does not match what it started with, hence the error.

Does this mean I do have the wrong signature? Here is the disassembly:

Code:

    return ORIGINAL_CALL(NetSendPacketDetour)(p1,p2,p3,p4,p5);
0E2700F6 8B F4            mov         esi,esp 
0E2700F8 8B 45 18         mov         eax,dword ptr [p5] 
0E2700FB 50               push        eax  
0E2700FC 8B 4D 14         mov         ecx,dword ptr [p4] 
0E2700FF 51               push        ecx  
0E270100 8B 55 10         mov         edx,dword ptr [p3] 
0E270103 52               push        edx  
0E270104 8B 45 0C         mov         eax,dword ptr [p2] 
0E270107 50               push        eax  
0E270108 8B 4D 08         mov         ecx,dword ptr [p1] 
0E27010B 51               push        ecx  
0E27010C 8B 4D FC         mov         ecx,dword ptr [this] 
0E27010F FF 15 EC 37 62 0E call        dword ptr [NetSendPacketDetourClass::NetSendPacketDetour_Original (0E6237ECh)] 
0E270115 3B F4            cmp         esi,esp

[pRED*]

Net_SendPacket is a cdecl function, so caller needs to pop the args off the stack.

Looks like the assembly code you've generated is treating it as a member function and expecting it to pop its own args.

[Keeper]

Ok, I was afraid it had something to do with the detour code. Let me look at it again and see what I did

EDIT:
Yes, I was using the wrong detouring method in this case. I wasn't thinking. I got it running, so thanks all!