Usage of VEH hook

[gurachan]

why do i need to loop the ->hook to update the screen :( .. in d3d good hook i use VEHHook i dont need to loop because its permanent; now i try to use it on different lvl like

VEHHook = new PLH::VEHHook;
    VEHHook->SetupHook((BYTE*)WriteServerConsole, (BYTE*)&hWriteServerConsole);
    VEHHook->Hook();
    oWriteServerConsole = VEHHook->GetOriginal<tWriteServerConsole>();

server response but you need to make thread

CreateThread( NULL, NULL, (LPTHREAD_START_ROUTINE)OverwriteValues, NULL, NULL, NULL );  

and do this for

DWORD WINAPI OverwriteValues() {

for (;;Sleep(150))
{

    VEHHook->Hook();
}

}

how to make this permanent hook :( do i really need this "for (;;Sleep(150))" or there's something i dint know ?

DLL Console Debug Purpose Engine Started [SERVER] @ - Call CGameGuardMgr::CGameGuardMgr(): Before [SERVER] @ - Call CTextInfoMgr::GetText_FromMiscMsgW() -> szName = %s [SERVER] @ - Version = %s etc ...........

[SERVER] @ - Call NetComponent_CreateGameStage< %s >::OnEvent

[stevemk14ebr]

You most likely forgot to call the getprotectionobject function in your hook. Take a look at my example for VEH, that call is necessary to reprotect after each call of the hook On Dec 16, 2015 7:53 PM, "Dj-jom2x" notifications@github.com wrote:

why do i need to loop the ->hook to update the screen :( in d3d good hook i use VEHHook now i try to use it on different lvl like

VEHHook = new PLH::VEHHook; VEHHook->SetupHook((BYTE)WriteServerConsole, (BYTE)&hWriteServerConsole); VEHHook->Hook(); oWriteServerConsole = VEHHook->GetOriginal();

server response but you need to make thread

CreateThread( NULL, NULL, (LPTHREAD_START_ROUTINE)OverwriteValues, NULL, NULL, NULL );

and do this for (;;Sleep(150)) {

VEHHook->Hook();

}

how to make this permanent hook :(

— Reply to this email directly or view it on GitHub https://github.com/stevemk14ebr/PolyHook/issues/2.

[stevemk14ebr]

And remove your loop aswell where you constantly call hook

[gurachan]

cool it works xD omg you are great xD http://postimg.org/image/e6c716v6n/ hahaha <3 for some reason when i called the original function it crash .. i use ida 6.8 to check the return type and params .. so insted calling back i always "return 1" because the return type is int .. and I re create the function by analyzing Ida 6.8 structures xD ...

last question is this the proper way? to use offset one .. I use detour 3.0 before that's why i come up with this

mine is

int(_cdecl* ServerConsole)(char, char, ...) = ( int(_cdecl)(char, char*, ...)) ((DWORD)address);

typedef int(__cdecl* tWriteServerConsole)(char, char*, ...) ; tWriteServerConsole oWriteServerConsole;

function some where int ServerConsole2(char a,char *b, ...);

dll main somewhere ... VEHHook->SetupHook((BYTE)ServerConsole, (BYTE)&ServerConsole2); VEHHook->Hook(); oWriteServerConsole = VEHHook->GetOriginal();

i should return like this right oWriteServerConsole(a,b) ? rather than recreating for future purpose.

[gurachan]

ok i understand now i need to call the original first before grabing the info xD

int hWriteServerConsole3(char a1, int a2, char a3, ...) { oServer_Logs2(a1, a2, a3);

auto ProtectionObject = WriteServerConsole_hook->GetProtectionObject();
return 1;

}

<3

[stevemk14ebr]

it doesn't matter what order you call the original in, i've tested both ways and they work properly. If you crash when doing this then you should check your function typedefs. This is a variadic function (the ...) so you need to handle that you can't just pass on the format string only. It's working when you call the original first because when you do that the original state of the stack is preserved since no other code is executed first, but regardless your typedef is wrong and should be fixed.

int hWriteServerConsole3(char *a1, int a2, char *a3, ...) //<- ... is an issue here
{
    auto ProtectionObject = WriteServerConsole_hook->GetProtectionObject();
    return oServer_Logs2(a1, a2, a3,...); //<-need to handle the ... here
}

[gurachan]

hello sorry to bother and happy new year btw ..but hooking "__thiscall" in real scenarios is new to me if my target is similar to this

( base on IDA pro 6.8 ) // 0x687EBA is the function dword void __thiscall sub_687EBA(int this, int a2, float a3) { int v3; // esi@1 int *v4; // edi@2 float v5; // ST04_4@3 int v6; // eax@3 int v7; // ecx@3 int v8; // edi@3 int v9; // eax@3

v3 = this; if ( a2 >= 0 ) { v4 = (int _)(this + 140); if ( (_DWORD )(this + 140) != a2 ) { sub8E61B0((_DWORD )(this + 136)); v5 = (double)a2; v4 = a2; v6 = sub_405247(a3, v5); v7 = (_DWORD )(v3 + 136); v8 = v6; sub_8E60F0(v6); sub_4011BC(v8); v9 = (_DWORD )(v3 + 136); (float )(v9 + 32) = 0.0; (_DWORD )(v9 + 36) = 0; (_DWORD )(v9 + 8) = 0; } } }

how do i hook it using pollyhook

i tried this way // type def typedef void(__thiscall* pfloat_update)(void* ,int , float ); pfloat_update ofloat_update; //

// hook function void __fastcall float_update(void *_this, int a2, float a3) {

auto ProtectionObject = BeatString_Hook->GetProtectionObject();

//ofloat_update(_this, a2, a3);  still error
return ofloat_update(_this, a2, a3);  // still error

} // //hook prepare to call in main .. void beats::float_update_Setup(DWORD Src) {

BeatString_Hook->SetupHook((BYTE*)Src, (BYTE*)&float_update); 
BeatString_Hook->Hook();
ofloat_update = BeatString_Hook->GetOriginal<pfloat_update>();

} // i also tried to change fastcall to thiscall

they all compile 100% but when in game it crashed .. i think i hook it wrong .. i just wanna know how to deal with __thiscall using this ..

[gurachan]

i fixed it xD

typedef void(__thiscall* pfloat_update)(void * ,int , float); extern pfloat_update ofloat_update;

void __fastcall float_update(void * This,void *EDX, int a2, float a3) {

// if the param is 3 and the first one is *this .. you need to add dummy param to push the edx xD and it works ... this one give me head aches because "__thiscall is very new to me" due to it uses class pointers xD }

this thread is very usefull to others who uses poly one ^_^

pollyrocks