Conserve Registers

Nov 18, 2010 at 3:05 PM

Hi all,

 

Thanks for this great library, really full of ressources.

 

Just a simple question, maybe a little dumb, I use EasyHook in a really intuitive way so there may be some things I don't clearly understand...

 

I am using EasyHook to hook some QT4 function (custom QT4), I can hook the function but when I try to call  it  back it crashes the application.

After some debugging I found out that this function is passed some argument through the register ECX, but I think EasyHook doesn't restore

the registers to their initial values from the beginning of the function call. So here's my question: Is there a way to tell EasyHook to restore all

registers values to their initial state?

 

Thanks a lot,

 

grwip

Nov 18, 2010 at 4:49 PM

Ok I think I found the solution. I had to use the ThisCall CallingConvention in the declaration of the delegate and add a first argument for "this"  because what I am hooking is a method on an object. ECX is used to store the this pointer, it's explained in the doc.... Sorry for posting before looking further... Anyway is there some way to have control on / access the registers in a hooked function? This could come in handy when hooking an executable internals functions.

 

grwip