C#: Hijacking a near relative call

Question

Alright, I'm trying to write a vary basic modification to a program NOT written by me.
I DO NOT have the source to it.
I also do not care if this only works for a single version of the program, so hard coding offsets is feasible. Anyways, I've found the function and where it is called in the compiled program.

.text:1901C88F loc_1901C88F:                     ; CODE XREF: ConnectionThread+1A2j
.text:1901C88F                                   ; DATA XREF: .text:off_1901CC64o
.text:1901C88F 8B C8          mov     ecx, eax  ; jumptable 1901C862 case 11
.text:1901C891 8B C6          mov     eax, esi
.text:1901C893 E8 48 C5 FF FF call    ChatEvent

According to IDA the full function signature is:

char *__usercall ChatEvent<eax>(char *Data<eax>, unsigned int Length<ecx>)

I already have all I need to patch the program during runtime, and do whatever other manipulations I need.
What I need, is to be able to write a function like so:

bool ProcessChat(char *Data, unsigned int Length);
char *__usercall HijackFunction(char *Data, unsigned int Length){
    if (ProcessChat(Data, Length))
        Call OriginalChatEvent(Data, Length);
}

Get the jist of what I am trying to do?
With stdcall function it's easy just replace the 4 byte address with my own function's address. But this is a near relative call, which is.. more annoying.

So, anyone have any idea?

Answer 1

AFAIK, you can't do this in pure C#. Write a small C/C++ DLL to contain the hooked code. If the C/C++ compiler doesn't support this specific calling convention, you can always just use assembly. If you don't want to use a separate DLL, you can always write the binary code "by hand" to a new memory region in C#, and redirect the call to that memory region.