Reading data from within a function with detours DLL hook

Question

I was wondering if it is possible to read data from with in the function.
I know I can use detours to hook functions and change the parameters freely.
But that's all I understand with using detours.

For example:

//cryptkeys
typedef int (WINAPI *pCryptKey)(int crypt1, int crypt2, int crypt3);
int WINAPI MyCryptKey(int crypt1, int crypt2, int crypt3);
pCryptKey MyCrypt2Key = (pCryptKey)(0x60FF50);

int WINAPI MyCryptKey(int crypt1, int crypt2, int crypt3)
{
    cout << crypt1 << crypt2 << crypt3 << endl;
    return MyCrypt2Key(999,135,2);
}

That code detours a crypt key function from within a game and changes the arguments before it gets called. So when its called the arguments has been altered.

I was thinking what if there was data from within the function not on the arguments.
How do I change or display it?

Should I rewrite the whole function?

What I'm trying to get is use the game itself to encrypt and decrypt packets.
I have hooked the function that does this but all I can do is change the arguments.
And the game just continues its thing.

I have changed the packet before it gets encrypted so another packet is sent. But this will only happen if I try to send a packet and just modify it. I wanted to call the function literally without waiting for it to be called by the game and just get to modify values.
Like I'll use the game to input my own unencrypted packet and press encrypt to see the the encrypted value or vice versa.

An explanation or a link to tutorial would be great.

---

What if I went like:

int WINAPI MyCryptKey(int crypt1, int crypt2, int crypt3)
{
    //dont know whats supposed to be in here. But it should be alot of codes.
}

And call the return like:

int cryptValue = MyCrypt2Key(999,135,2);
cout << cryptValue << endl;    //to get the return?

Answer 1

You are already on the right track with your example, both cout and endl exist outside of the detour function. There really aren't any explicit restrictions on what code you place inside of a function detour. Accessing data outside of the function is the same as any other program.

int globalVar = 1;

int WINAPI MyCryptKey(int crypt1, int crypt2, int crypt3)
{
    cout << crypt1 << crypt2 << crypt3 << globalVar << endl;

    globalVar++;

    return MyCrypt2Key(999,135,2);
}

To keep the data inside of function you can declare variable like you normally would, with static storage duration if necessary.

int WINAPI MyCryptKey(int crypt1, int crypt2, int crypt3)
{
    static int staticVar = 1;
    int localVar = staticVar + 1;

    staticVar++;

    cout << localVar << crypt1 << crypt2 << crypt3 << endl;
    return MyCrypt2Key(999,135,2);
}

If you want to completely replace the function just remove the call to the original one and provide a complete implementation. You should keep in mind that the function should exhibit the same behavior as the original when it's called otherwise code that uses it may fail.

int WINAPI MyCryptKey(int crypt1, int crypt2, int crypt3)
{
    cout << crypt1 << crypt2 << crypt3 << endl;

    return 5;
}

Figuring out how a function works in order to replace it's implementation is where you have to put in the effort. You can usually get a good idea of how the function should work by reading the documentation for it. If there is no documentation or there isn't very much you'll have to work for it.

You can call the original function just like you normally would. The example below will call the real MyCryptKey function without being invoked by the application you are hooking.

int  FunctionForAnotherThread()
{
    int cryptValue = MyCrypt2Key(999,135,2);

    cryptValue += rand() % 10;

    return cryptValue;
}