[raydan]

Code:

static void PhysicsCheckSweep( CBaseEntity *pEntity, const Vector& vecAbsStart, const Vector &vecAbsDelta, trace_t *pTrace )
{
...
}

use ob-valve build

Code:

 ; void __usercall PhysicsCheckSweep(CBaseEntity *pEntity<esi>, Vector *vecAbsStart<edi>, Vector *vecAbsDelta, CGameTrace *pTrace)
.text:1019A390                         PhysicsCheckSweep proc near             ; CODE XREF: CBaseEntity::PhysicsPushEntity(Vector const &,CGameTrace *)+BAp
.text:1019A390
.text:1019A390                         vecAbsEnd       = Vector ptr -0Ch
.text:1019A390                         vecAbsDelta     = dword ptr  4
.text:1019A390                         pTrace          = dword ptr  8
.text:1019A390
.text:1019A390                         pEntity = esi
.text:1019A390                         vecAbsStart = edi
.text:1019A390 83 EC 0C                                sub     esp, 0Ch
.text:1019A393 8B 06                                   mov     eax, [pEntity]
.text:1019A395 8B 90 64 02 00 00                       mov     edx, [eax+264h]
.text:1019A39B 53                                      push    ebx
.text:1019A39C 8B 5C 24 14                             mov     ebx, [esp+10h+vecAbsDelta]
.text:1019A3A0 55                                      push    ebp
.text:1019A3A1 8B CE                                   mov     ecx, pEntity
.text:1019A3A3 FF D2                                   call    edx
.text:1019A3A5 D9 07                                   fld     dword ptr [vecAbsStart]
.text:1019A3A7 80 BE 69 01 00 00 00                    cmp     byte ptr [pEntity+169h], 0
.text:1019A3AE D8 03                                   fadd    dword ptr [ebx]
.text:1019A3B0 8B E8                                   mov     ebp, eax
.text:1019A3B2 D9 5C 24 08                             fstp    [esp+14h+vecAbsEnd.x]
.text:1019A3B6 D9 47 04                                fld     dword ptr [vecAbsStart+4]
.text:1019A3B9 D8 43 04                                fadd    dword ptr [ebx+4]
.text:1019A3BC D9 5C 24 0C                             fstp    [esp+14h+vecAbsEnd.y]
.text:1019A3C0 D9 47 08                                fld     dword ptr [vecAbsStart+8]
.text:1019A3C3 D8 43 08                                fadd    dword ptr [ebx+8]
.text:1019A3C6 D9 5C 24 10                             fstp    [esp+14h+vecAbsEnd.z]
.text:1019A3CA 74 16                                   jz      short loc_1019A3E2
.text:1019A3CC F6 86 64 01 00 00 04                    test    byte ptr [pEntity+164h], 4
.text:1019A3D3 75 0D                                   jnz     short loc_1019A3E2
.text:1019A3D5 8A 86 64 01 00 00                       mov     al, [pEntity+164h]
.text:1019A3DB C0 E8 05                                shr     al, 5
.text:1019A3DE A8 01                                   test    al, 1
.text:1019A3E0 74 46                                   jz      short loc_1019A428

css server.dll

Code:

; int __cdecl sub_10171D60(int, void *)
.text:10171D60                         sub_10171D60    proc near               ; CODE XREF: sub_10172AB0+BAp
.text:10171D60
.text:10171D60                         var_C           = dword ptr -0Ch
.text:10171D60                         var_8           = dword ptr -8
.text:10171D60                         var_4           = dword ptr -4
.text:10171D60                         arg_0           = dword ptr  4
.text:10171D60                         arg_4           = dword ptr  8
.text:10171D60
.text:10171D60 83 EC 0C                                sub     esp, 0Ch
.text:10171D63 8B 06                                   mov     eax, [esi]
.text:10171D65 8B 90 8C 02 00 00                       mov     edx, [eax+28Ch]
.text:10171D6B 53                                      push    ebx
.text:10171D6C 8B 5C 24 14                             mov     ebx, [esp+10h+arg_0]
.text:10171D70 55                                      push    ebp
.text:10171D71 8B CE                                   mov     ecx, esi
.text:10171D73 FF D2                                   call    edx
.text:10171D75 D9 07                                   fld     dword ptr [edi]
.text:10171D77 80 BE 69 01 00 00 00                    cmp     byte ptr [esi+169h], 0
.text:10171D7E D8 03                                   fadd    dword ptr [ebx]
.text:10171D80 8B E8                                   mov     ebp, eax
.text:10171D82 D9 5C 24 08                             fstp    [esp+14h+var_C]
.text:10171D86 D9 47 04                                fld     dword ptr [edi+4]
.text:10171D89 D8 43 04                                fadd    dword ptr [ebx+4]
.text:10171D8C D9 5C 24 0C                             fstp    [esp+14h+var_8]
.text:10171D90 D9 47 08                                fld     dword ptr [edi+8]
.text:10171D93 D8 43 08                                fadd    dword ptr [ebx+8]
.text:10171D96 D9 5C 24 10                             fstp    [esp+14h+var_4]
.text:10171D9A 74 16                                   jz      short loc_10171DB2
.text:10171D9C F6 86 64 01 00 00 04                    test    byte ptr [esi+164h], 4
.text:10171DA3 75 0D                                   jnz     short loc_10171DB2
.text:10171DA5 8A 86 64 01 00 00                       mov     al, [esi+164h]
.text:10171DAB C0 E8 05                                shr     al, 5
.text:10171DAE A8 01                                   test    al, 1
.text:10171DB0 74 46                                   jz      short loc_10171DF8

any idea?

[AltPluzF4]

Hm, could you please explain what you want? You can get a signature for the function, use the address returned with a detour library (I personally prefer/use pRED's CDetour)

Probably not helpful.. but I don't understand quite what you're asking here :-/

[pRED*]

Assuming you are using CDetour (or something that works similarly), then you need to define the callback function with the same signature as the original code. The compiler should then generate correct code to handle it, nothing extra is needed.

I'm not sure what the c++ code would be to get a __usercall function, I've never heard of this calling convention.

The current CDetour macros don't provide a way to easily specify the calling convention type to generate the function signature with, I'm sure you can expand one out by hand and fill in the gaps though.

[raydan]

i use CDetour, try 2,4 parameters, all doesn't work

CBaseEntity *pEntity AND const Vector& vecAbsStart come from esi & edi

[Chrisber]

Isn't that called __fastcall?

[asherkin]

Quote:

Originally Posted by Chrisber Isn't that called __fastcall?

Quote:

Originally Posted by http://msdn.microsoft.com/en-us/library/6xa169sk.aspx The first two DWORD or smaller arguments are passed in ECX and EDX registers

This is talking about ESI and EDI so, no .

[Chrisber]

Right, the only thing I have had in mind was that two parameters are passed via registers, but didn't remember which one :>

[pRED*]

It looks like __usercall is IDA's name for a calling convention that it doesn't know.

Does this binary have link time code generation enabled?

If you disassemble your code you should see that the detour handler isn't marked as __usercall, and this is why it isn't working.

You could look at writing a __declspec(naked) detour handler to explicitly manage the two register based parameters?

[Wazz]

Writing a naked function could be made to work but its horrible to do. What exactly are you trying to achieve with the detour? Do you need to all the parameters in your routine?

Also could you post (or pastebin) the entire function from the server.dll as well as a function that calls it?

[pRED*]

I never said it was a nice option. This is the sort of thing that bintools was designed to handle.