Problems with Detours v1.5

[lanman92]

Okay, I'm trying to detour the SendPacket function. All I'm trying to do at the moment is detour it to my function and call the trampoline. I keep getting a error when I compile. Here's the code I'm using:

Code:

 
DWORD __cdecl my_Detour(DWORD *pData);
DWORD(*orig_Func)(DWORD *pData);
 
.....
 
orig_Func= DetourFunction((PBYTE)__FuncAddy__, (PBYTE)my_Detour);
 
...
 
DWORD __cdecl my_Detour(DWORD *pData)
{
DWORD rtn = orig_Func(pData);
return rtn;
}

[Shynd]

Gee, including the error(s) you're getting wouldn't be helpful at all.

[lanman92]

error C2440: '=' : cannot convert from 'PBYTE' to 'DWORD (__cdecl *)(DWORD *)'

EDIT: And yes, I tried casting the DetourFunction() to (orig_Func)

[galpha]

Code:

 
DWORD __cdecl my_Detour(DWORD *pData);
DWORD(*orig_Func)(DWORD *pData);
 
.....
 
orig_Func= DetourFunction((PBYTE)__FuncAddy__, (PBYTE)my_Detour);
 
...
 
DWORD __cdecl my_Detour(DWORD *pData)
{
DWORD rtn = orig_Func(pData);
return rtn;
}

DWORD(*orig_Func)(DWORD *pData);

should be

DWORD(__cdecl *orig_Func)(DWORD *pData);

and

orig_Func= DetourFunction((PBYTE)__FuncAddy__, (PBYTE)my_Detour);

should be

orig_Func= (DWORD (__cdecl *)(DWORD*))DetourFunction((PBYTE)__FuncAddy__, (PBYTE)my_Detour);

[lanman92]

Okay, I see now. Thanks for the help.

EDIT: Could I use a typedef for that so there's not a big mess of parentheses' next to my DetourFunction()?

[lanman92]

Okay, this Detour was supposed to be for SendPacket, but it doesn't seem to work. WoW crashes whenever I inject and move. It says that an address is pointing to 0x2B4 or something. I looked at the code in IDA, and it looks like I'm using the wrong call type. Do I have to pass something in the ecx register(the reference is: mov esi, ecx; cmp [esi + 2b4], 6). I know there is one previous thread about this, but I'm missing something. Also, I can't seem to find the CurrentConnection address.

[kynox]

Because SendPacket is part of the CNetClient class. This results in it being a __thiscall convention. You need to preserve ECX!

[lanman92]

Ah, okay. Have you released your code for this class? Or is there a simpler alternative?

[kynox]

From my teleport hack:

Code:

void __declspec(naked) hkSendPacketStub( )
{
    __asm
    {
        push ecx ; CDataStore*
        push [esp+8]
        call mySendPacket
        add esp, 4
        pop ecx
        jmp pSendPacket
    }    
}

[lanman92]

Okay, here is my code:

Code:

 
#include "includes.h"
DWORD __SendPacket__ = 0x005843A0;
DWORD __GetCurrentConnection__ = 0xDEADBEEF;
DWORD __RecvPacket__ = 0xDEADBEEF;
void main(void);
void SendPacket(DWORD *pData);
void(*orig_SendPacket)(DWORD *pData);
BOOL bWantsExit = false;
BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpReserved)
{
switch( fdwReason ) 
{ 
case DLL_PROCESS_ATTACH:
DisableThreadLibraryCalls(hinstDLL);
CreateThread(0, 0, (LPTHREAD_START_ROUTINE)main, 0, 0, 0);
break;
case DLL_PROCESS_DETACH:
break;
}
return TRUE; 
}
void main(void)
{
while(!bWantsExit)
{
if(GetAsyncKeyState(VK_F11))
{
orig_SendPacket = (void(*)(DWORD*))DetourFunction((PBYTE)__SendPacket__, (PBYTE)SendPacket);
}
if(GetAsyncKeyState(VK_F12))
{
DetourRemove((PBYTE)orig_SendPacket, (PBYTE)SendPacket);
bWantsExit = true;
}
Sleep(500);
}
}
void SendPacket(DWORD *pDataStore)
{
orig_SendPacket(pDataStore);
}

I have to preserve ECX even for something like this? For now, at least...

[galpha]

You aren't doing anything in your DLL_PROCESS_DETACH. You should remove your detour in there IMO... way better coding and smarter IMO.

[Cypher]

You aren't doing anything in your DLL_PROCESS_DETACH. You should remove your detour in there IMO... way better coding and smarter IMO.

Only if you intend to allow detatching of the DLL. Often this is not desirable, or not an option at all. Then when the process is killed all memory is freed and so you don't really need to do anything.