HWBP GetGUIDFromToken issue

[aeo]

So, Im trying to hook this function using HWBPs. I found the following example and am trying to replicate it.

http://www.ownedcore.com/forums/worl...ml#post1774064 (Question: Target Unit By GUID in Addons, Possible?)

However, I cannot get it to return the correct guid. I set it and its fine if the function flow doesn't get altered. However as soon as i try to set the second param and return true it crashes/returns incirrect (nil,nil) in the example of UnitName(guid). This is the part I;m having trouble understanding.

Code:

                ExceptionInfo->ContextRecord->Esp += 0x14;
                ExceptionInfo->ContextRecord->Eip = 0x005A154A;

                /*3.2.2a

                .text:005900DB                 mov     al, 1 <-- return true

                .text:005900DD                 pop     edi 

                .text:005900DE                 mov     esp, ebp

                .text:005900E0                 pop     ebp

                .text:005900E1                 retn

                */
 return EXCEPTION_CONTINUE_EXECUTION;

From what I have read ( im doing this in x64) I should increase rsp by the size of the number of arguments passed so 3 in x64 at 8 each so rsp+24?
Then set the RIP to wow.exe + 0x000657F34

Code:

.text:0000000140657F34 B0 01                                                  mov     al, 1
.text:0000000140657F36 48 83 C4 50                                            add     rsp, 50h
.text:0000000140657F3A 41 5D                                                  pop     r13
.text:0000000140657F3C 5F                                                     pop     rdi
.text:0000000140657F3D 5E                                                     pop     rsi
.text:0000000140657F3E 5B                                                     pop     rbx
.text:0000000140657F3F 5D                                                     pop     rbp
.text:0000000140657F40 C3                                                     retn

My Code

Code:

else if (E->ContextRecord->Rip ==  getGUIDByKeyword)
    {
        /*RCX, RDX, R8 and R9*/
        char* UnitID;
        WOWGUID** pGUID;
        UnitID = (char*)E->ContextRecord->Rcx;
        pGUID = (WOWGUID**)(E->ContextRecord->Rdx);


        if (UnitID)
        {
            WOWGUID *orig = new WOWGUID();
            int result = orig->fromString((char*)UnitID);
            if (result != 0)
            {
                CGObject_C* unit = findObjectByGuid(orig);
                if (unit)
                {
                    Log("Name %s", unit->GetObjectName());
                     *pGUID = orig;


                    ///script local t = ObjectCount() for i = 1,t do print(UnitName(GetObjectById(i)))  end
                    DWORD_PTR jmpAddress = (DWORD_PTR)GetModuleHandle(NULL) + (0x0000000140657F34 - 0x140000000);
                    E->ContextRecord->Rip = jmpAddress;
                }


            }
        }
        
        return EXCEPTION_CONTINUE_EXECUTION;
    }

I've tried to find an old 3.2.2a binary to look at but that near impossible. Really at a loss here. I know i could just inline hook/detour it but I just want to try an complete this

Thanks for any help.

Ace

[aeo]

I never got this to work but also realized its incredibly slow for how many times this function is called. I ended up just inline hooking the function.

EDIT: Right after I posted this I resolved it. I just want to shout out to DarthTon for BlackBone.

Code:

det2.Hook(t, &hookGetGUIDFromToken, HookType::HWBP, CallOrder::HookLast, ReturnMethod::UseOriginal)

Works perfectly