0

Just for the fun of it, I am trying to make a simple detouring library that will detour member functions by modifying the vtable of the class to create a detour. I am getting some odd behaviour. Here is the entire program (I am using MSVC++ 2010):

fixed

It's jmping to the address of the new function correctly, but it crashes after that. When I watch it in ollydbg to see why it's crashing, something very strange happens. It will walk right over some instructions without doing anything. Where I see a push xxx in the debugger, the stack will not be modified. Where I see a retn 4 the thing will just keep going, into the space between functions, filled with int 3s. Does anyone have any idea why this is happening?

EDIT: Nevermind, I found the answer.

James Way
  • 15
  • 1
  • 4

2 Answers2

0

Found the problem. Turns out you have to subtract 5 from the address to calculate it correctly, since it's the relative address not from the end of the instruction but from the beginning.

James Way
  • 15
  • 1
  • 4
0

for MSVC Microsoft Research has library called "Detours": http://research.microsoft.com/en-us/projects/detours/ You may want to use it since it is already available and I think 32 bit version is free.

Alexei Polkhanov
  • 599
  • 4
  • 8
  • The point was not to detour something, the point was to make my own detouring library. I already use Detours, but I wanted to make my own. – James Way Jan 22 '11 at 22:10
  • The whole "charge for 64-bit version" thing is a real turn-off for me, even more (somehow) than just the closed-source aspect. – SamB Apr 11 '15 at 20:26