I am trying to install a hook in the Script_SendChatMessage function so that I can intercept text written by the user. Here is the code:
Code:
.text:008CB82C mov edi, [ebp-14h]
.text:008CB82F mov esi, [ebp-10h]
.text:008CB832 push ebx
.text:008CB833 push 0
.text:008CB835 push dword ptr [ebp-4]
.text:008CB838 call SendChatMessage -- HOOK LOCATION; 5 bytes replaced here with a jmp to my code cave (5 byte instruction)
.text:008CB83D add esp, 0Ch
.text:008CB840 jmp short loc_8CB851
//skipped some code because of the jmp above
.text:008CB851 pop edi
.text:008CB852 pop esi
.text:008CB853 pop ebx
.text:008CB854 xor eax, eax
.text:008CB856 leave
.text:008CB857 retn
I have successfully got it so that it won't interfere with normal messages and no crash will occur, I use the following code in case anyone is interested (at the exit point of my code cave for normal messages):
Code:
popfd
popad
call SendChatMessage
add esp, 0xC
jmp dword ptr Return ; Return here is instruction 8CB840 which can be seen above
The broken part of my code which will basically end all execution if a message with an ! at the start is found here:
Code:
popfd
popad
pop edi
pop esi
pop ebx
xor eax, eax
mov esp, ebp
pop ebp
retn
Does anyone here understand why this segment crashes my WoW client? What is the correct way to leave this code cave given the state of the stack at this point in execution? There is some code missing but all changes to registers in the code I use before this piece of code is reverted with 'popad, popfd' so it wouldn't make much difference if I posted that.