[TUT] What should it looks like of mem::in::detour_trampoline in current version?

rdbo / libmem

Advanced Game Hacking Library for C, Modern C++, Rust and Python (Windows/Linux/FreeBSD) (Process/Memory Hacking) (Hooking/Detouring) (Cross Platform) (x86/x64) (DLL/SO Injection) (Internal/External) (Assembler/Disassembler)

GNU Affero General Public License v3.0

812 stars 98 forks source link

[TUT] What should it looks like of mem::in::detour_trampoline in current version? #24

Closed laper32 closed 2 years ago

laper32 commented 2 years ago

Hi, by referencing your AssaultCube-Multihack of this line:

Data::oSwapBuffers = (SwapBuffers_t)mem::in::detour_trampoline(Data::pSwapBuffers, (mem::voidptr_t)Hooks::SwapBuffers, Data::szSwapBuffers, mem::MEM_DT_M1);

see here

What should it looks like in current version of libmem?

This is the code what I've made:

lm_module_t opengl32;
namespace gl
{
  void* SwapBuffers;
}
using SwapBuffers_t = BOOL(__stdcall*)(_In_ HDC hDC);
namespace hook
{
  namespace gl
  {
    SwapBuffers_t SwapBuffers;
  }
}

// idk why crashed...
void Init(HMODULE hModule)
{
  LM_GetModule(LM_MOD_BY_STR, (void*)LM_STR("OPENGL32.dll"), &opengl32);

  gl::SwapBuffers = LM_GetSymbol(opengl32, (lm_cstring_t)"wglSwapBuffers");
  hook::gl::SwapBuffers=(SwapBuffers_t)LM_MakeTrampoline(gl::SwapBuffers, 5);
  LM_DetourCode(gl::SwapBuffers, &hook::gl::SwapBuffers, LM_DETOUR_JMP32);
}

rdbo commented 2 years ago

oSwapBuffers = (SwapBuffers_t)LM_MakeTrampoline(<swap buffers addr>, <size of trampoline>);
LM_DetourCode(<swap buffers addr>, hkSwapBuffers, <detour type>);

// after use

LM_DestroyTrampoline(oSwapBuffers);

laper32 commented 2 years ago

hmm, looks like kind of this?


using SwapBuffers_t = BOOL(__stdcall*)(_In_ HDC hDC);

lm_module_t opengl32;

namespace gl
{
  void* SwapBuffers;
}

namespace hook
{
  namespace gl
  {
    SwapBuffers_t SwapBuffers;
  }
}

BOOL __stdcall hook_SwapBuffers(_In_ HDC hDC)
{
  return hook::gl::SwapBuffers(hDC);
}

BOOL WINAPI MainThread(HMODULE hModule)
{
  AllocConsole();
  freopen("CONOUT$", "w", stdout);

  LM_GetModule(LM_MOD_BY_STR, (void*)LM_STR("OPENGL32.dll"), &opengl32);
  gl::SwapBuffers = LM_GetSymbol(opengl32, (lm_cstring_t)"wglSwapBuffers");

  hook::gl::SwapBuffers = (SwapBuffers_t)LM_MakeTrampoline(gl::SwapBuffers, 5);
  LM_DetourCode(gl::SwapBuffers, hook_SwapBuffers, LM_DETOUR_JMP32);

  while (!(GetAsyncKeyState(VK_END) & 1));

  LM_DestroyTrampoline(hook::gl::SwapBuffers);
  fclose(stdout);
  FreeConsole();
  FreeLibraryAndExitThread(hModule, 0);
}

BOOL APIENTRY DllMain(HMODULE hModule, DWORD dwReason, LPVOID lpReserved)
{
  switch (dwReason)
  {
    case DLL_PROCESS_ATTACH:
      if (HANDLE hndl = CreateThread(nullptr, 0, (LPTHREAD_START_ROUTINE)MainThread, hModule, 0, nullptr))
      {
        CloseHandle(hndl);
      }
      break;
    default: break;
  }
  return TRUE;
}

laper32 commented 2 years ago

Code above triggered exception... I don't exactly know why caused it...

The injector is using GH's injector.

Before injection, the memory view is shown here:

After injection, it goes to fatal error, shown below

laper32 commented 2 years ago

Further information updated, about crashes.