These are chat archives for EasyHook/EasyHook

9th
May 2017
Nikolaj Mariager
@TinkerWorX
May 09 2017 08:27 UTC
For calling __fastcall, I use the first bit of assembly, the TransformStdCallToFastCallPtr part. It just takes a pointer to a __fastcall function and then transforms the stack into __fastcall convention and finally calls the __fastcall function.
The next bit of assembly is the part I actually inject. It takes an __stdcall function and wraps it in a function that turns __fastcall convention into __stdcall before calling the original.
The WrapStdCall function returns a new piece of code each call, since we need to inject it into an assembly, so the address of our hook function needs to be statically in the code.
Nikolaj Mariager
@TinkerWorX
May 09 2017 08:34 UTC
So to inject I just have some sort of __stdcall function, I pass it to WrapStdCall and then inject the returned function instead. And from inside my hook I use the TransformStdCallToFastCall stuff to call the original using the same delegate definition as I used with the hook.
One problem I can see now that I look at it, is that this is x86 only, since that's what I exclusively work in. I guess we'd need to make something similar for x64 before adding it.
Justin Stenning
@spazzarama
May 09 2017 10:13 UTC
@TinkerWorX
Nikolaj Mariager
@TinkerWorX
May 09 2017 10:13 UTC
Hey
Justin Stenning
@spazzarama
May 09 2017 10:14 UTC
Sorry on the phone and that sent a little early :)
Nikolaj Mariager
@TinkerWorX
May 09 2017 10:14 UTC
Haha
Justin Stenning
@spazzarama
May 09 2017 10:14 UTC
x64 should be fine
there is only the one convention used on Win
although of course compilers could do dumb stuff
Nikolaj Mariager
@TinkerWorX
May 09 2017 10:15 UTC
That makes sense. I remember having to use __msfastcall with MinGW because it had to be Microsoft specific.
I'm not sure if the assembly I made can be optimized a bit, maybe be built into the code you inject, but only for fastcalls
I'm far from an assembly expert