Im hooking functions in an external process via their function offset. That works well for the functions im hooking so far - however i have found a "debugLog(char...)" function that still exist in the binary but doesnt do any printing - it looks like this
debugMessage proc near ;
xor eax, eax ; Logical Exclusive OR
retn ; Return Near from Procedure
debugMessage endp
it is called like this
push offset debugString ; "This is a debug message"...
call debugMessage ; Call Procedure
Now the debug message has obviously been disabled, i wanted to hook into this as i was able to simply hook into similar func(char..) in the binary already.
This is the code:
typedef void (__stdcall* DebugLog)(const char*);
DebugLog Real_DebugLog = (DebugLog)(0xCAFEBABE);
extern "C"
{
static void __stdcall Hook_DebugLog(const char*);
}
void __stdcall Hook_DebugLog(const char* text) {
MessageBox(NULL, text, "MyDebugLog", MB_OK);
return Real_DebugLog(text);
}
// in dll main attach..
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourAttach(&(PVOID&)Real_DebugLog, (PVOID)Hook_DebugLog);
A similar approach works for all other functions i have so far hooked into this binary. I also made sure the debugMessage is even called with a debugger.
Any ideas why this hook is not working at all? Maybe because the function could have var args? i already tried with const char*,...).
A "detour" requires a minimum of 5 bytes to work (x86) - debugMessage
is only 3 bytes.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With