I'm trying to use MS detours, and I don't know if I am doing something wrong; I cannot seem to find an answer to my issue.
I have tried detouring several functions in a process using my injected DLL, but each attempt causes the process to crash.
One of the functions I try to hook is winapi DirectDrawCreate:
DetourTransactionBegin();
DetourUpdateThread( GetCurrentThread() );
DetourAttach( (PVOID *)DirectDrawCreate, hkDirectDrawCreate );
DetourTransactionCommit();
hkDirectDrawCreate is defined as:
HRESULT __stdcall hkDirectDrawCreate( GUID *p1, LPDIRECTDRAW *p2, IUnknown *p3 )
{
if( !pDDC )
return 0x00;
printf( "A call to hkDirectDrawCreate was made\n" );
return DirectDrawCreate( p1, p2, p3 );
}
On the call to DetourAttach the process crashes; the stack trace is:
myProj.dll!detour_skip_jmp(unsigned char * pbCode, void * * ppGlobals) Line 135 C++
myProj.dll!DetourCodeFromPointer(void * pPointer, void * * ppGlobals) Line 984 C++
myProj.dll!DetourAttachEx(void * * ppPointer, void * pDetour, _DETOUR_TRAMPOLINE * * ppRealTrampoline, void * * ppRealTarget, void * * ppRealDetour) Line 1456 C++
myProj.dll!DetourAttach(void * * ppPointer, void * pDetour) Line 1395 C++
The code breaks in 'detour_skip_jmp' at '0x68B028BD':
// First, skip over the import vector if there is one.
if (pbCode[0] == 0xff && pbCode[1] == 0x25) { // jmp [imm32]
68B028B2 mov ecx,1
68B028B7 imul edx,ecx,0
68B028BA mov eax,dword ptr [pbCode]
68B028BD movzx ecx,byte ptr [eax+edx]
68B028C1 cmp ecx,0FFh
68B028C7 jne detour_skip_jmp+82h (68B02912h)
68B028C9 mov edx,1
68B028CE shl edx,0
68B028D1 mov eax,dword ptr [pbCode]
68B028D4 movzx ecx,byte ptr [eax+edx]
68B028D8 cmp ecx,25h
68B028DB jne detour_skip_jmp+82h (68B02912h)
Edit: ppGlobals is NULL, and pbCode gives the error 'Error reading characters of string'
Going back to DetourCodeFromPointer ppGlobals is also NULL there, but I guess it is supposed to be; here is the call:
pDetour = DetourCodeFromPointer(pDetour, NULL);
