Im hooking functions in an external process via their function offset. That works well for the functions im hooking so far - however i have found a "debugLog(char...)" function that still exist in the binary but doesnt do any printing - it looks like this
debugMessage    proc near               ; 
            xor     eax, eax        ; Logical Exclusive OR
            retn                    ; Return Near from Procedure
debugMessage    endp
it is called like this
push    offset debugString ; "This is a debug message"...
call    debugMessage    ; Call Procedure
Now the debug message has obviously been disabled, i wanted to hook into this as i was able to simply hook into similar func(char..) in the binary already.
This is the code:
typedef void (__stdcall* DebugLog)(const char*);
DebugLog Real_DebugLog = (DebugLog)(0xCAFEBABE);
extern "C"
 {
 static void __stdcall Hook_DebugLog(const char*);
 }
void __stdcall Hook_DebugLog(const char* text) {
MessageBox(NULL, text, "MyDebugLog", MB_OK);
return Real_DebugLog(text);
}
// in dll main attach..
DetourTransactionBegin(); 
DetourUpdateThread(GetCurrentThread()); 
DetourAttach(&(PVOID&)Real_DebugLog, (PVOID)Hook_DebugLog); 
A similar approach works for all other functions i have so far hooked into this binary. I also made sure the debugMessage is even called with a debugger.
Any ideas why this hook is not working at all? Maybe because the function could have var args? i already tried with const char*,...).
A "detour" requires a minimum of 5 bytes to work (x86) - debugMessage is only 3 bytes.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With