search

Reloaded-Project / Reloaded.Hooks

Advanced native function hooks for x86, x64. Welcome to the next level!
GNU Lesser General Public License v3.0
213 stars 33 forks source link

Function hook stops application without any error #21

Open konserwa1992 opened 1 year ago

konserwa1992 commented 1 year ago 
        public static void AttachHook()
        {
            //881DC0 0x2d5399
            sendFunction = ReloadedHooks.Instance.CreateFunction<SendFunc>((long)(GameMethods.GetBaseAdress() + 0x268DC));
            _sendPacketFuncHook= sendFunction.Hook(PacketSendHook).Activate();

        }

        public static IntPtr PacketSendHook(IntPtr a, byte[] packet)
        {
            return _sendPacketFuncHook.OriginalFunction(a,packet);
        }
Sewer56 commented 1 year ago

Doublecheck the original signature in your disassembler.

Chances are you probably need to use byte* rather than byte[].

konserwa1992 commented 1 year ago

Doublecheck the original signature in your disassembler.

Chances are you probably need to use byte* rather than byte[].

there is anyway to check signature in x64dbg?

Sewer56 commented 1 year ago

You can probably have a guess if you know the calling convention of the function and check how it's called.

Way easier with IDA/Ghidra/BinaryNinjs though.

konserwa1992 commented 1 year ago

obraz

        [Function(CallingConventions.Microsoft)]
        public unsafe delegate void SendFunc(IntPtr a, byte* packet);
        public  static IFunction<SendFunc> sendFunction;

        private static IHook<SendFunc> _sendPacketFuncHook;

......
        public unsafe static void AttachHook()
        {
            //881DC0 0x2d5399  trose.exe+2D539E 

            sendFunction = ReloadedHooks.Instance.CreateFunction<SendFunc>((long)(GameMethods.GetBaseAdress() + 0x268DC));
            _sendPacketFuncHook= sendFunction.Hook(PacketSendHook).Activate();

        }

        public unsafe static void PacketSendHook(IntPtr a, byte* packet)
        {
            _sendPacketFuncHook.OriginalFunction(a,packet);
        }

Calling this function work fine.

konserwa1992 commented 1 year ago

Do i do something wrong?

Sewer56 commented 1 year ago

Nothing particularly sticks out here, degelate seems fine, declaration seems fine.

Only thing that's a little unclear is which address you're hooking. If you're hooking the one ending with 881dc0, this is fine.

What I'd do is doublecheck just in case you're hooking the right address by comparing the assembly (in CE, x64asm or other); since it seems that in Binja you're showing absolute addresses rather than module relative ones.

konserwa1992 commented 1 year ago

After long 4 hours of waiting for error i got this one obraz


System.Exception: Unable to find memory location to fit MemoryBuffer of size 32 (4096) between 2303604896685 and 2303604962155.
   w Reloaded.Memory.Buffers.MemoryBufferHelper.CreateMemoryBuffer(Int32 size, UIntPtr minimumAddress, UIntPtr maximumAddress, Int32 retryCount)
   w Reloaded.Hooks.Tools.Utilities.FindOrCreateBufferInRange(Int32 size, UIntPtr minimumAddress, UIntPtr maximumAddress, Int32 alignment)
   w Reloaded.Hooks.Tools.Utilities.CreateJump(UIntPtr targetPtr, Boolean is64Bit, Int32 minBytesUsed)
   w Reloaded.Hooks.X64.ReverseWrapper`1.Create(ReverseWrapper`1 reverseFunctionWrapper, UIntPtr functionPtr)
   w Reloaded.Hooks.X64.ReverseWrapper`1..ctor(TFunction function)
   w Reloaded.Hooks.Hook`1.CreateReverseWrapper(TFunction function)
   w Reloaded.Hooks.ReloadedHooks.CreateHook[TFunction](TFunction function, Int64 functionAddress, Int32 minHookLength)
   w Reloaded.Hooks.ReloadedHooks.CreateHook[TFunction](TFunction function, Int64 functionAddress)
   w CodeInject.GameMethods.AttachHook() w C:\Users\grzeg\Documents\GitHub\GodLeftMeUnfinished\CodeInject\GameMethods.cs:wiersz 87
   w CodeInject.Form1.button1_Click_1(Object sender, EventArgs e) w C:\Users\grzeg\Documents\GitHub\GodLeftMeUnfinished\CodeInject\Form1.cs:wiersz 103
   w System.Windows.Forms.Control.OnClick(EventArgs e)
   w System.Windows.Forms.Button.OnClick(EventArgs e)
   w System.Windows.Forms.Button.OnMouseUp(MouseEventArgs mevent)
   w System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons button, Int32 clicks)
   w System.Windows.Forms.Control.WndProc(Message& m)
   w System.Windows.Forms.ButtonBase.WndProc(Message& m)
   w System.Windows.Forms.Button.WndProc(Message& m)
   w System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)
Sewer56 commented 1 year ago

Yeah; it tried to brute force find some memory within 2GB memory space of the code you are hooking.
Normally this is possible; I've never seen this legitimately fail before.

I'm not sure if there's much possible to do about this specific one.

konserwa1992 commented 1 year ago

i have thats same problem when i try hook API functions in notepad so maybe its because i using clr host?

Sewer56 commented 1 year ago

I wouldn't know; though the free buffer/address scanning part is done mainly through native API.