[K.K.Lv]

just like the title
can someone show me a example ?

[Arkshine]

There is nothing specific to do. What is your problem exactly ?

[K.K.Lv]

OK , More clear, how to hook SV_DropClient with chooker ?

[Arkshine]

Just get its address with MemorySearch() and use CreateHook(). You still is not clear about what is your problem exactly.

[K.K.Lv]

Code:

#include "amxxmodule.h"
#include "chooker.h"

CHooker  HookerClass;
CHooker*    Hooker = &HookerClass;

typedef int (WINAPIV *SV_DropClient)(int, int, char *, char);
int WINAPIV OnNewDropClient(int dest, int maxlen, char *format, char arg);

SV_DropClient OnOriDropClient = NULL;
CFunc *DropClientHook = NULL;

bool HookDropClient();

void OnMetaAttach()
{
    bool result = HookDropClient();
    
    printf(" %s.\n\n", result ? "Loaded with success" : "Failed to create hook");
}

bool HookDropClient()
{
    OnOriDropClient = Hooker->MemorySearch<SV_DropClient>("0x55,0x8B,*,0x81,*,*,*,*,*,0x8B,0x4D,*,0x53,0x56,0x8D,0x45,*,0x57,0x50,0x51,0x8D,0x95", (void*)gpGamedllFuncs->dllapi_table->pfnThink, FALSE);
    if (!OnOriDropClient)
    {
        g_engfuncs.pfnServerPrint("Signature search failed\n");
        return false;
    }
    DropClientHook = Hooker->CreateHook((void*)OnOriDropClient, (void*)OnNewDropClient, TRUE);

    return DropClientHook ? true:false;
}

int WINAPIV OnNewDropClient(int dest, int maxlen, char *format, char arg)
{
    int ret = NULL;
    if (DropClientHook->Restore())
    {
        ret = OnOriDropClient(dest, maxlen, format, arg);
    }
    g_engfuncs.pfnServerPrint("\n\t\tHook Drop Client.\n");
    return ret;
}

this is my test code, did I make something wrong ?

[Arkshine]

I would do more :

Spoiler

Code:

#include "amxxmodule.h"
#include "chooker.h"

CHooker  HookerClass;
CHooker*    Hooker = &HookerClass;

typedef void ( *Func_SV_DropClient )( void*, int, char*, ... );
Func_SV_DropClient SV_DropClient_Addr = NULL;

bool hookDropClient();
void SV_DropClient_Hook( void* client, int hasCrashed, char* message, ... );

void OnMetaAttach()
{
    bool result = hookDropClient();
    
    printf( " %s.\n\n", result ? "Loaded with success" : "Failed to create hook" );
}

bool hookDropClient()
{
    #ifdef _WIN32 
        SV_DropClient_Addr = Hooker->MemorySearch< Func_SV_DropClient>( "0x55,0x8B,*,0x81,*,*,*,*,*,0x8B,*,*,0x53,0x56,0x8D,*,*,0x57,0x50,0x51", ( void* )gpGlobals, FALSE );
    #else
        SV_DropClient_Addr = Hooker->MemorySearch< Func_SV_DropClient>( "SV_DropClient", ( void* )gpGlobals, TRUE );
    #endif

    return Hooker->CreateHook( ( void* )SV_DropClient_Addr, ( void* )SV_DropClient_Hook, TRUE ) ? true : false;
}

void SV_DropClient_Hook( void* client, int hasCrashed, char* message, ... ) // client_t*
{
    GET_ORIG_FUNC( func );

    if( func->Restore() )
    {
        va_list argptr;

        va_start( argptr, message );
        SV_DropClient_Addr( client, hasCrashed, message, argptr );
        va_end( argptr );

        func->Patch();
    }

    printf( "\n\t\tHook Drop Client as post.\n" );
}

[K.K.Lv]

OK ! my problem is :
(sorry for my poor assembly language)
how to detect the function return type ?

Code:

typedef void ( *Func_SV_DropClient )( void*, int, char*, ... );

and how many argument function pass ?

Code:

void SV_DropClient_Hook( void* client, int hasCrashed, char* message, ... ) // client_t* 

in IDA, I see it like (int, int, char *format, char arg);

which library address I should use ?

Code:

SV_DropClient_Addr = Hooker->MemorySearch< Func_SV_DropClient>( "0x55,0x8B,*,0x81,*,*,*,*,*,0x8B,*,*,0x53,0x56,0x8D,*,*,0x57,0x50,0x51", ( void* )gpGlobals, FALSE );

[Arkshine]

Quote:

how to detect the function return type ?

You have to guess it after looking the code, or maybe looking to the opcodes but I don't know much about that. You can also search on google to see if there are references.

Quote:

and how many argument function pass ?

Generally you see the header of the function, but sometimes not, like in engine ; but the decompiled version is most of time correct if well decompiled. IDA gives me : SV_DropClient(int a1, int a2, const char *a3, ...) and again, it's also about guessing/searching a lot, in google, OSHLDS, other engines., etc.

Quote:

which library address I should use ?

For engine functions.. the engine library. lol
I'm using ( void* )gpGlobals because shorter. gpGlobals points to the engine library. It doesn't matter what you use, you have just to provide a pointer containing in the engine library.

[joropito]

Commonly return type fits in an integer type.

If you have to return a pointer or integer, you can use integer (if you're unsure).

Also, sometimes, return types are not used by the caller. In that case doesn't matter if you declare with or without return type. You wont get any problem because (normally) the value is returned with EAX and it's discarded if it's not used.

To know if the function returns something, just check at the end (asm view).
If EAX is modified just after ret, for sure it returns a type. If you see 8bits register (part of EAX) modified, then it's a byte (bool maybe).

Code:

.text:000519D0 89 D0                                   mov     eax, edx
.text:000519D2 5B                                      pop     ebx
.text:000519D3 C3                                      retn

Remember you're just guessing....

[Bos93]

Can i call with this RadiusDamage? Can you write the code?