[TUT] Most Efficient Function Hooking Method - Page 2

jim_yang · 09-09-2010 , 01:25 Re: [TUT] Most Efficient Function Hooking Method

right, thanks for pointing it out, I forgot that part when I wrote this article.
you need to save the original function addr or find it youself for future use when necessary.
my example is the prehook handled case.
if you want to post hook, just call the original function at the begining of your hook function.
or prehook ignored case: call the original function at the end of your hook function.

note: don't mess up the stack or register, or crashing server is easy.

Immortal_BLG · 09-10-2010 , 03:41 Re: [TUT] Most Efficient Function Hooking Method

jim_yang how to possible to redirect member functions? Like in hamsandwich?:
For original function

Code:

void Class::Foo (void);

redirected function should looks like that

Code:

void __fastcall Class__Foo (void *pthis, int dummy);

- it's right?

joaquimandrade · 09-10-2010 , 14:51 Re: [TUT] Most Efficient Function Hooking Method

Quote:

Originally Posted by Immortal_BLG

jim_yang how to possible to redirect member functions? Like in hamsandwich?:
For original function

Code:

void Class::Foo (void);

redirected function should looks like that

Code:

void __fastcall Class__Foo (void *pthis, int dummy);

- it's right?

If Foo is a static function cdecl if not thiscall.

http://en.wikipedia.org/wiki/X86_calling_conventions

Immortal_BLG · 09-10-2010 , 21:15 Re: [TUT] Most Efficient Function Hooking Method

Function is non-static and non-virtual(if it something changes). If I use __thiscall I got "error C3865: '__thiscall' : can only be used on native member functions".

joaquimandrade · 09-11-2010 , 00:13 Re: [TUT] Most Efficient Function Hooking Method

Quote:

Originally Posted by Immortal_BLG

Function is non-static and non-virtual(if it something changes). If I use __thiscall I got "error C3865: '__thiscall' : can only be used on native member functions".

Ok. I don't know the best way but you can do:

Code:

long _stdcall function()
{
    long object;
    _asm mov object, ecx;
...
}

Because thiscall is like stdcall but passes a pointer to the object in register ecx. This is for MSVC, with gcc, thiscall = cldecl with the pointer to the object as the first argument.

You can also try to declare that function inside a class but I don't know if that will work.

Immortal_BLG · 09-11-2010 , 02:19 Re: [TUT] Most Efficient Function Hooking Method

Thank you joaquimandrade.
I tested the code below:

Code:

class EmptyClass {};

typedef void (EmptyClass::*CHalfLifeMultiplay__SendMOTDToClient_t) (edict_t *client);
CHalfLifeMultiplay__SendMOTDToClient_t g_org (NULL);

void __stdcall CHalfLifeMultiplay__SendMOTDToClient_1 (edict_t *client)
{
	EmptyClass *object (NULL);

	__asm
	{
		mov object, ecx;
	}

	assert (object != NULL);
//	assert (object == g_pGameRules);	// OCCURS, BUT WORK!!!

	// below both calls are correct - tested....
	reinterpret_cast <void (__fastcall *) (EmptyClass * /*this*/, int /*dummy*/, edict_t *)> (reinterpret_cast <const void *&> (g_org)) (object, 0, client);
//	(object->*g_org) (client);
}

void __fastcall CHalfLifeMultiplay__SendMOTDToClient_2 (EmptyClass *const object, int /*dummy*/, edict_t *client)
{
	assert (object != NULL);
	assert (object == g_pGameRules);	// NOT OCCURS!!!

	// below both calls are correct - tested....
//	reinterpret_cast <void (__fastcall *) (EmptyClass * /*this*/, int /*dummy*/, edict_t *)> (reinterpret_cast <const void *&> (g_org)) (object, 0, client);
	(object->*g_org) (client);
}

write_func(CHalfLifeMultiplay__SendMOTDToClient_1, GETREALADDR(0x99352 + sizeof (0xE8)));
write_func(CHalfLifeMultiplay__SendMOTDToClient_2, GETREALADDR(0x99352 + sizeof (0xE8)));

Note: g_pGameRules is hooked from mp.dll and the pointer is correct!
Note2: I AM NOT REDIRECTED FUNCTIONS IN ONE AND THE SAME TIME THE.

Both function declarations and call methods are work correctly for me!

But I prefer second method of redirected function declaration.

Sorry for poor english....

jim_yang · 09-11-2010 , 08:36 Re: [TUT] Most Efficient Function Hooking Method

no matter what the function is, if only there is a "call", you can replace the jump addr with your own hook function addr. the only thing you should take care is the stack, make it balance if sub function need to clean the stack. windows pass this pointer by ecx, so don't list it in parameters in your hook function. linux yes.
I can't show more examples cause I'm not home these days, see you guys later.

joaquimandrade · 09-11-2010 , 09:48 Re: [TUT] Most Efficient Function Hooking Method

Quote:

Originally Posted by jim_yang

no matter what the function is, if only there is a "call", you can replace the jump addr with your own hook function addr. the only thing you should take care is the stack, make it balance if sub function need to clean the stack. windows pass this pointer by ecx, so don't list it in parameters in your hook function. linux yes.
I can't show more examples cause I'm not home these days, see you guys later.

He can list the parameter in the hook function because fastcall receives first argument from ecx. And as it cleans the stack (like thiscall), it's ok like he has it. The only "ugly" thing about it, is that the second argument is edx, so it's dummy.

jim_yang · 09-11-2010 , 11:33 Re: [TUT] Most Efficient Function Hooking Method

right, I just want to say that parameter is not the big deal, what ever you list, cause it's just show what's in stack
void hook(void *a, void *b, void *c, void *d, ...)
it's just esp-4 esp-8 esp-12....
all depend on what you need

K.K.Lv · *Last edited by K.K.Lv; 06-05-2012 at 03:52.*

1.if I want to hook ""%s<%i><%s><TERRORIST>" triggered "Got_The_Bomb""
how to get player name/index/steamid etc ? -- Solved
2.Dose it can be block ?

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode