Closed UCFoxi closed 3 years ago
stevemk14ebr
commented
3 years ago I don't see anything obviously incorrect here with how the patch was applied. Please verify that your typedef is correct for hkEndScene (remember there is a hidden this parameter for virtual member functions). If you believe it is correct after inspection then please post the parts of your code relating to this hook, or debug the crash and try to identify the faulting instruction
UCFoxi
commented
3 years ago here is my present one that gives me the same issue:
typedef HRESULT(__stdcall* D3D11PresentHook) (IDXGISwapChain* pSwapChain, UINT SyncInterval, UINT Flags);
D3D11PresentHook pOriginalD3D11PresentHook;
HRESULT __stdcall PresentHook(IDXGISwapChain* pSwapChain, UINT SyncInterval, UINT Flags)
{//effects.PeakEffect().trigger();
MessageBoxA(0, "called", 0, 0);
return 0;}i do return 0 just for testing!
if (FAILED(hr = D3D11CreateDeviceAndSwapChain(NULL,
D3D_DRIVER_TYPE_HARDWARE,
NULL,
0,
&FeatureLevelsRequested,
numFeatureLevelsRequested,
D3D11_SDK_VERSION,
&sd,
&swapchain,
&dev,
&FeatureLevelsSupported,
&devcon)))
{
std::cout << "[-] Failed to hook Present with VT method." << std::endl;
return 0;
}
DWORD_PTR* pSwapChainVtable = NULL;
pSwapChainVtable = (DWORD_PTR*)swapchain;
pSwapChainVtable = (DWORD_PTR*)pSwapChainVtable[0];
PLH::CapstoneDisassembler dis(PLH::Mode::x64);
PLH::x64Detour detour((uint64_t)pSwapChainVtable[8], (uint64_t)&PresentHook, reinterpret_cast<uint64_t*>(&pOriginalD3D11PresentHook), dis);
hooked = detour.hook();
if (!hooked) {
MessageBoxA(0, "Hook failed!", 0, 0);
}some said there are 2x void* args in the start of PresentHook but that dont work...
HRESULT __stdcall PresentHook(void* a0, void* a1, IDXGISwapChain* pSwapChain, UINT SyncInterval, UINT Flags)
*it crashes after ~2s at [+] Info: Trampoline Jmp Tbl:
Mixaill
commented
3 years ago some said there are 2x void* args in the start of PresentHook but that dont work...
There is no additional args before this ptr.
Also, you must call original Present function
HRESULT __stdcall PresentHook(IDXGISwapChain* pSwapChain, UINT syncInterval, UINT flags)
{
//
//... your code goes heere
//
//execute original function to perform buffer swap
return pOriginalD3D11PresentHook(pSwapChain, syncInterval, flags);
}PLH::CapstoneDisassembler dis(PLH::Mode::x64);
PLH::x64Detour detour((uint64_t)pSwapChainVtable[8], (uint64_t)&PresentHook, reinterpret_cast<uint64_t*>(&pOriginalD3D11PresentHook), dis);Probably you have issues with objects lifetime. AFAIK, disassembler and detour objects should be alive during all the program execution time. Try to save it as global variables to test this.
Also, it is not so clear for me, do the crash occurs during .hook() execution or during first hooked function invocation?
UCFoxi
commented
3 years ago no thats the point, i added a messagebox to see if it get called but it dont even... its so weird
and the original one gets called like this:
return PLH::FnCast(pPresent, pOriginalD3D11PresentHook)(pSwapChain, syncInterval, flags);
stevemk14ebr
commented
3 years ago Please use a debugger, your guess is as good as anyone elses with the information provided. If this is a game it's very possible you are being caught by an anti-cheat system or a game integrity check. There is simply no way to know unless you pin point the cause of the crash and provide details. From the original assembly your provided it appears that polyhook has installed the hook correctly
For a 64bit game here is the correct typedef for your hook: https://github.com/stevemk14ebr/BF4-AtomBot/blob/e539c786578c95774c68fdd7dc9721a0a5cb9a39/BF4%20AtomBot/dllmain.cpp#L332
UCFoxi
commented
3 years ago ok i will try it pls its that stdcall xd
PLH::CapstoneDisassembler dis(PLH::Mode::x64); PLH::x64Detour detour((uint64_t)pInterface[42], (uint64_t)hkEndScene, (uint64_t*)&EndScene, dis); detour.hook();crash game:
any way to get it fixed? *same with Present..