Open konserwa1992 opened 1 year ago
Doublecheck the original signature in your disassembler.
Chances are you probably need to use byte*
rather than byte[]
.
Doublecheck the original signature in your disassembler.
Chances are you probably need to use
byte*
rather thanbyte[]
.
there is anyway to check signature in x64dbg?
You can probably have a guess if you know the calling convention of the function and check how it's called.
Way easier with IDA/Ghidra/BinaryNinjs though.
[Function(CallingConventions.Microsoft)]
public unsafe delegate void SendFunc(IntPtr a, byte* packet);
public static IFunction<SendFunc> sendFunction;
private static IHook<SendFunc> _sendPacketFuncHook;
......
public unsafe static void AttachHook()
{
//881DC0 0x2d5399 trose.exe+2D539E
sendFunction = ReloadedHooks.Instance.CreateFunction<SendFunc>((long)(GameMethods.GetBaseAdress() + 0x268DC));
_sendPacketFuncHook= sendFunction.Hook(PacketSendHook).Activate();
}
public unsafe static void PacketSendHook(IntPtr a, byte* packet)
{
_sendPacketFuncHook.OriginalFunction(a,packet);
}
Calling this function work fine.
Do i do something wrong?
Nothing particularly sticks out here, degelate seems fine, declaration seems fine.
Only thing that's a little unclear is which address you're hooking. If you're hooking the one ending with 881dc0, this is fine.
What I'd do is doublecheck just in case you're hooking the right address by comparing the assembly (in CE, x64asm or other); since it seems that in Binja you're showing absolute addresses rather than module relative ones.
After long 4 hours of waiting for error i got this one
System.Exception: Unable to find memory location to fit MemoryBuffer of size 32 (4096) between 2303604896685 and 2303604962155.
w Reloaded.Memory.Buffers.MemoryBufferHelper.CreateMemoryBuffer(Int32 size, UIntPtr minimumAddress, UIntPtr maximumAddress, Int32 retryCount)
w Reloaded.Hooks.Tools.Utilities.FindOrCreateBufferInRange(Int32 size, UIntPtr minimumAddress, UIntPtr maximumAddress, Int32 alignment)
w Reloaded.Hooks.Tools.Utilities.CreateJump(UIntPtr targetPtr, Boolean is64Bit, Int32 minBytesUsed)
w Reloaded.Hooks.X64.ReverseWrapper`1.Create(ReverseWrapper`1 reverseFunctionWrapper, UIntPtr functionPtr)
w Reloaded.Hooks.X64.ReverseWrapper`1..ctor(TFunction function)
w Reloaded.Hooks.Hook`1.CreateReverseWrapper(TFunction function)
w Reloaded.Hooks.ReloadedHooks.CreateHook[TFunction](TFunction function, Int64 functionAddress, Int32 minHookLength)
w Reloaded.Hooks.ReloadedHooks.CreateHook[TFunction](TFunction function, Int64 functionAddress)
w CodeInject.GameMethods.AttachHook() w C:\Users\grzeg\Documents\GitHub\GodLeftMeUnfinished\CodeInject\GameMethods.cs:wiersz 87
w CodeInject.Form1.button1_Click_1(Object sender, EventArgs e) w C:\Users\grzeg\Documents\GitHub\GodLeftMeUnfinished\CodeInject\Form1.cs:wiersz 103
w System.Windows.Forms.Control.OnClick(EventArgs e)
w System.Windows.Forms.Button.OnClick(EventArgs e)
w System.Windows.Forms.Button.OnMouseUp(MouseEventArgs mevent)
w System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons button, Int32 clicks)
w System.Windows.Forms.Control.WndProc(Message& m)
w System.Windows.Forms.ButtonBase.WndProc(Message& m)
w System.Windows.Forms.Button.WndProc(Message& m)
w System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)
Yeah; it tried to brute force find some memory within 2GB memory space of the code you are hooking.
Normally this is possible; I've never seen this legitimately fail before.
I'm not sure if there's much possible to do about this specific one.
i have thats same problem when i try hook API functions in notepad so maybe its because i using clr host?
I wouldn't know; though the free buffer/address scanning part is done mainly through native API.