c# - Unmanaged function hooking, stack/register problem with calling convention? -


this not particular function easyhook hooking in general. want hook function signature:

public: int __thiscall connection_t::send(unsigned int,unsigned int,void const *)

this unmanaged code , i'm trying hook managed c# code using easyhook.but think it's not easyhook causing problems here knowlegde on calling conventions etc...
how define dllimport , delete:

    public static int send_hooked(uint connection, uint size, intptr pdatablock)     {         return send(connection, size, pdatablock);     }      [dllimport("connection.dll", entrypoint = "?send@connection_t@@qaehiipbx@z", callingconvention = callingconvention.thiscall)]     static extern int send(uint connection, uint size, intptr pdatablock);      [unmanagedfunctionpointer(callingconvention.thiscall, charset = charset.unicode, setlasterror = true)]     delegate int dsend(uint connection, uint size, intptr pdatablock);

but hooked programm keeps on crashing inject hook - no big surprise. supppose it's problem of calling convention , hooking-function somehow interferes stack of hooked programm.

so had @ project hook same function detours in c++ (the hooking part):

func =  (int (__stdcall *)(unsigned int, unsigned short, void const ))::getprocaddress(::getmodulehandle("connection.dll"), "?send@connection_t@@qaehiipbx@z"); pvoid detourptr; pvoid targetptr; detourtransactionbegin(); detourattachex(&func, sendconnectionhook, &trampoline, &targetptr, &detourptr ); detourtransactioncommit();

and called function:

__declspec(naked) void sendconnectionhook (cpu_context saved_regs, void * ret_addr, word arg1, dword arg2, dword arg3) {     dword edi_value;     dword old_last_error;      __asm     {         pushad;   /* first "argument", used store registers */         push ecx; /* padding ebp+8 refers first "argument" */          /* set standard prologue */         push ebp;         mov ebp, esp;         sub esp, __local_size;     }      edi_value = saved_regs.edi;     old_last_error = getlasterror();     onconnectionsend((void *) saved_regs.ecx, (unsigned char *) arg3, arg2);     setlasterror(old_last_error);      __asm     {         /* standard epilogue */         mov esp, ebp;         pop ebp;          pop ecx; /* clear padding */         popad; /* clear first "argument" */         jmp [trampoline];     } }

(target assembly , c++ example both compiled visual c++). guess i'll have save registers , repair stack before call original function? or other idea i'm doing wrong here?

you trying hook c++ class instance method. has hidden argument, this. argument commonly passed through ecx register __this calling convention. that's see detours version doing.

getting right quite untrivial, cpu register values must preserved early, ecx in particular. requires stub uses machine code, no machine code in managed stub of course. doubt easyhook has support it, isn't promised in feature list.


Comments

Post a Comment

Popular posts from this blog

Add email recipient to all new Trac tickets -

is there configuration change can made trac send notification email address upon creation of new tickets? if can't done through config, plugin second best option, source code modification last resort. note: setting smtp_always_cc in notification section of tracini send messages on updates. i'm in need of email notifications only on creation of new ticket. does have email notification? 1 option have create query list ten (or many) recently-created tickets. when looking @ results of query, use "rss feed" button @ bottom of page subscribe feed notify whenever results of query updated.
Read more

400 Bad Request on Apache/PHP AddHandler wrapper -

i'm trying create wrapper/handler called on apache server whenever requests php script inside of directory. way can authorize users entire directory or write other stuff called when directory called. this best configuration i've been able come with... <directory "/srv/http/innov/public_html"> options -indexes allowoverride order allow,deny allow directoryindex index.php </directory> then in /srv/http/innov/public_html/kb/ have .htaccess file... options -indexes addhandler auth_handler .php action auth_handler ../auth_handler.php then in /srv/http/innov/public_html/kb/auth_handler.php follows... <?php $file = $_server['path_translated']; echo $file; ?> access log: - - [02/dec/2010:17:43:15 -0500] "get /kb/index.php http/1.1" 400 590 error log: [thu dec 02 17:50:19 2010] [error] [client xxx.xxx.xxx.xxx] invalid uri in request /kb/ http/1.1 i've checked browser , seems making proper request...
Read more

php - Change action and image src url's with jQuery -

i parsing form 1 of sites using php proxy. working fine form action , img src of submit button url's relative. how can prepend full http//www.domain.com/ in front of each of url's in form? edit: here's form code once fed through new domain: <div style="display: none;" id="subscribeform" class="newform"> <h5>subscribe our newsletter</h5> <form action="/campaignprocess.aspx?listid=27057" method="post" onsubmit="return checkwholeform93426(this)" name="catemaillistform93426"> <div class="form"> <div class="item"> <label for="clfullname">full name</label> <br /> <input type="text" maxlength="255" id="clfullname" name="fullname" class="cat_textbox_small" st...
Read more