Untitled

From Morose Duck, 11 Years ago, written in C++, viewed 848 times.

URL https://paste.godclan.hu/view/i3V2xcB_ Embed

Download Paste or View Raw

 
// __stdcall means that the called function must clear the arguments from the stack before return
// __cdecl is the opposite, the caller function clears the stack
// its easier to use __stdcall now
void __stdcall CChat__Draw(void* this){
    
}
 
void __declspec(naked) HOOKCChat__Draw(){
    /*
    .text:1000EA60 000                 push    0FFFFFFFFh
    .text:1000EA62 004                 push    offset SEH_1000EA60
    .text:1000EA67 008                 mov     eax, large fs:0
    .text:1000EA6D 008                 push    eax
    */
    _asm {
        push ecx // ecx contains the this ptr for a __thiscall, save it on stack
        
        push ecx // push this ptr again on the stack, first parameter of CChat__Draw
        call CChat__Draw
        
        pop ecx // restore ecx register from stack
        
        // first two instructions replaced by the jump
        push 0xffffffff
        mov eax,vcmpaddr // push offset +0xEA60, need to recalculate
        add eax,0xBADFB
        
        // jump back
        mov eax,vcmpaddr
        add eax,0xEA67 // calculate return address, third instruction
        jmp eax
    }
}
 
hook:
MakeJump(vcmpaddr+0xea60, 7, HOOKCChat__Draw);
 
 

Reply to "Untitled"

Here you can reply to the paste above

Author What's your name?

Title Give your paste a title.

Language What language is your paste written in?

Your paste Paste your paste here

// __stdcall means that the called function must clear the arguments from the stack before return
// __cdecl is the opposite, the caller function clears the stack
// its easier to use __stdcall now
void __stdcall CChat__Draw(void* this){
    
}

void __declspec(naked) HOOKCChat__Draw(){
    /*
    .text:1000EA60 000                 push    0FFFFFFFFh
    .text:1000EA62 004                 push    offset SEH_1000EA60
    .text:1000EA67 008                 mov     eax, large fs:0
    .text:1000EA6D 008                 push    eax
    */
    _asm {
        push ecx // ecx contains the this ptr for a __thiscall, save it on stack
        
        push ecx // push this ptr again on the stack, first parameter of CChat__Draw
        call CChat__Draw
        
        pop ecx // restore ecx register from stack
        
        // first two instructions replaced by the jump
        push 0xffffffff
        mov eax,vcmpaddr // push offset +0xEA60, need to recalculate
        add eax,0xBADFB
        
        // jump back
        mov eax,vcmpaddr
        add eax,0xEA67 // calculate return address, third instruction
        jmp eax
    }
}

hook:
MakeJump(vcmpaddr+0xea60, 7, HOOKCChat__Draw);

Create Shorturl Create a shorter url that redirects to your paste?

Private Private paste aren't shown in recent listings.

Delete After When should we delete your paste?

Spam protection Type in the letters

godclan.hu Pastebin

Untitled

Reply to "Untitled"