I'm trying to hook a function using its address, and so far it is overall working great!
The only problem is when using std::cout in combination with having MessageBoxA from the WinAPI hooked, then it crashes! The weird thing is, it only crashes in that specific case, not if it is called in combination with printf or simply int i = MessageBoxA(...);
For testing, I made so that the instructions at the function address directly returns 32. Not much of a hook I know, but this is just for testing.
// mov eax, 32
// ret
const DWORD instructionCount = 6;
BYTE instructions[instructionCount] = { 0xB8, 0x20, 0x00, 0x00, 0x00, 0xC3 };
Besides having to change protection on a region with VirtualProtect(), then
now I basically just do
memcpy(MessageBoxA, instructions, instructionCount);
Now testing it using this:
int i = MessageBoxA(NULL, "Hello World", "Injector", MB_OK);
printf("Works: %d\n", i);
printf("Works: %d\n", MessageBoxA(NULL, "Hello World", "Injector", MB_OK));
std::cout << "Works: " << i << std::endl;
std::cout << "Doesn't: " << MessageBoxA(NULL, "Hello World", "Injector", MB_OK) << std::endl;
printf("Hello World\n");
Then it crashes just after std::cout << MessageBoxA(...). Removing that line, and everything works!
Note that it successfully prints 32, it crashes when reaching the next statement.
Again it is only in that case where it doesn't work, so using this:
__declspec(noinline) int testFunction(int i)
{
return i;
}
Then reusing the above code and changing MessageBoxA to testFunction (as well as the arguments), and now all 4 statements work!
Bottom line, does anybody have any ideas for why and what is causing the crash in that specific case? When the other cases work perfectly fine.
