SendChatMessage Hook Problem

[oldmanofmen]

I am trying to install a hook in the Script_SendChatMessage function so that I can intercept text written by the user. Here is the code:

Code:

.text:008CB82C                 mov     edi, [ebp-14h]
.text:008CB82F                 mov     esi, [ebp-10h]
.text:008CB832                 push    ebx
.text:008CB833                 push    0
.text:008CB835                 push    dword ptr [ebp-4]
.text:008CB838                 call    SendChatMessage -- HOOK LOCATION; 5 bytes replaced here with a jmp to my code cave (5 byte instruction)
.text:008CB83D                 add     esp, 0Ch
.text:008CB840                 jmp     short loc_8CB851
//skipped some code because of the jmp above
.text:008CB851                 pop     edi
.text:008CB852                 pop     esi
.text:008CB853                 pop     ebx
.text:008CB854                 xor     eax, eax
.text:008CB856                 leave
.text:008CB857                 retn

I have successfully got it so that it won't interfere with normal messages and no crash will occur, I use the following code in case anyone is interested (at the exit point of my code cave for normal messages):

Code:

				popfd
				popad
				call SendChatMessage
				add esp, 0xC
				jmp dword ptr Return ; Return here is instruction 8CB840 which can be seen above

The broken part of my code which will basically end all execution if a message with an ! at the start is found here:

Code:

				popfd
				popad
				pop edi
				pop esi
				pop ebx
				xor eax, eax
				mov esp, ebp
				pop ebp
				retn

Does anyone here understand why this segment crashes my WoW client? What is the correct way to leave this code cave given the state of the stack at this point in execution? There is some code missing but all changes to registers in the code I use before this piece of code is reverted with 'popad, popfd' so it wouldn't make much difference if I posted that.

[SKU]

The 3 argument pushes happen before you jump to your hook. If you detect a '!', you skip the SendChatMessage call as well as the add esp, 0xc, eventually filling up edi, esi and ebx with garbage.

[wootie1337]

This is much more cleaner and stylish:

Code:

void __cdecl SendChatMessage(arg1, arg2, arg3)
{
   if (msg[0] != '!')
      SendChatMessage_I(arg1, arg2, arg3);
}

[oldmanofmen]

I appreciate the advice both of you have offered but I actually managed to solve this myself using a different method to the ones you suggested. Your help was greatly appreciated even though I did not get to make use of it.