问题
Know anybody something about hooking __usercall type of functions?
I hooking successfully __thiscall, __stdcall and __cdecl calls but this is enough for me.
Know anybody hooking library for __usercall's or how to hook this type of functions using translation to __stdcall or __cdecl?
Function what i must hook at first is:
int __usercall func<eax>(int a<eax>, int b<ecx>, int c, unsigned int d, signed int e);
回答1:
Use a wrapper which will convert it to __stdcall.
int __stdcall func_hook_payload(int a, int b, int c, unsigned int d, signed int e);
// Wrapper for
// int __usercall func<eax>(int a<eax>, int b<ecx>, int c, unsigned int d, signed int e);
__declspec(naked) void func_hook()
{__asm{
push ebp
mov ebp, esp
push dword ptr[ebp + 0x0C] // or just push e
push dword ptr[ebp + 0x08] // d
push dword ptr[ebp + 0x04] // c
push ecx // b
push eax // a
call func_hook_payload
leave
ret // note: __usercall is cdecl-like
}}
回答2:
When all else fails.. walk through it with a debugger.
In particular take note of these like the ESP when you enter the call, and then again just before the function returns..
来源:https://stackoverflow.com/questions/4099026/how-to-hook-usercall-userpurge-spoils-functions