nazgul144 <nlscotty@xxxxxxxxxxx> writes:
> I would like to do this in GCC,
>
> [code]
>
> void Hooks::NewSendFun()
> {
> __asm__ (
> "mov [ppSendPacket],%esp\n\t"
> "pusha\n\t"
> "call SendPacketCallback\n\t"
> "popa\n\t"
> "jmp *%ulSendRet]\n\t"
> );
> }
>
> //and jmp from an address, like this
> *(char*)ulSend = 0xE9;
> //*(void **)((char *)ulSend + 1) = (void*)(((char*)(NewSendFun)) -
> ((char *)ulSend + 5));
> *(unsigned long*)(ulSend + 1) = ((unsigned long)NewSendFun - (unsigned
> long)ulSend - 5);
> [/code]
>
> But none of it is working, ulSend(ret) is an unsigned long, the address I'm
> trying to hook,
The chances of getting that work correctly are extremely remote. You
are jumping away from the function without cleaning up the stack frame.
Note that gcc will already turn sibling calls into jumps when possible
when optimizing. I would recommend either relying on that optimization
or simply writing assembler code directly.
Ian
