I have this function type from IDA that I am trying to detour:
int CTeamInfo__GetNumConnectedClients()
so I have the following code into a C++ DLL:
The Original Function:
int(__stdcall * CTeamInfo__GetNumConnectedClients)() = (int(__stdcall*)(void))::GetProcAddress(GetModuleHandle(TEXT("game.dll")), "?GetNumConnectedClients@CTeamInfo@@QBEHXZ");
My Function:
int myCTeamInfo__GetNumConnectedClients()
{
std::cout << "Called My Function" << std::endl;
return CTeamInfo__GetNumConnectedClients();
}
and my detours:
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourAttach(&(PVOID&)CTeamInfo__GetNumConnectedClients, myCTeamInfo__GetNumConnectedClients);
DetourTransactionCommit();
I then try calling myCTeamInfo__GetNumConnectedClients(); and it prints in the console "Called My Function" but then the target process seems to crash.
Here's the pseudo code from IDA:
int __thiscall CTeamInfo::GetNumConnectedClients(int this)
{
int v1; // edi@1
int result; // eax@1
int v3; // ebx@2
int v4; // ebp@2
int v5; // esi@3
int v6; // ecx@3
int v7; // edx@3
int *v8; // ecx@10
int v9; // ecx@12
int v10; // ecx@13
int v11; // [sp+4h] [bp-10h]@1
int v12; // [sp+8h] [bp-Ch]@8
int v13; // [sp+Ch] [bp-8h]@11
int v14; // [sp+10h] [bp-4h]@1
v1 = *(_DWORD *)(this + 140);
result = 0;
v11 = 0;
v14 = *(_DWORD *)(this + 144);
if ( v1 != v14 )
{
v3 = *(_DWORD *)(LODWORD(IGame::s_pGame) + 236);
v4 = *(_DWORD *)(v3 + 4);
do
{
v5 = *(_DWORD *)v1;
v6 = v4;
v7 = v3;
while ( !*(_BYTE *)(v6 + 21) )
{
if ( *(_DWORD *)(v6 + 12) >= v5 )
{
v7 = v6;
v6 = *(_DWORD *)v6;
}
else
{
v6 = *(_DWORD *)(v6 + 8);
}
}
v12 = v7;
if ( v7 == v3 || v5 < *(_DWORD *)(v7 + 12) )
{
v13 = v3;
v8 = &v13;
}
else
{
v8 = &v12;
}
v9 = *v8;
if ( v9 != v3 )
{
v10 = *(_DWORD *)(v9 + 16);
if ( v10 )
{
if ( !(*(_WORD *)(v10 + 592) & 0x81) )
++v11;
}
}
v1 += 4;
}
while ( v1 != v14 );
result = v11;
}
return result;
}
Any help appreciated!