These are chat archives for EasyHook/EasyHook

2nd
Jun 2016
Andrew
@zezba9000
Jun 02 2016 00:07
Is there a way to hook a C++ D3D11 method like "IDXGISwapChain1::Present1".
C method hooking is working great but how to do a non-static method?
How to hook a Member Method in short?
Justin Stenning
@spazzarama
Jun 02 2016 00:56
My C# example shows how to determine the addresses from the vtable. There is a util fund there or search for C++ example of how to get function address from vtable using object's pointer
*func not fund
Andrew
@zezba9000
Jun 02 2016 02:06
Will the func ptr get called before the actual base implementation?
is this an override of the actual implementation in short?
Andrew
@zezba9000
Jun 02 2016 02:54
So got a simple test working with overriding the vtable method via __fastcall etc.
Still have to figure out how to call into its original method
Andrew
@zezba9000
Jun 02 2016 03:21
k figured out vtable method hooking. Will try with D3D11 tomorrow. Tnx for the tips!
Justin Stenning
@spazzarama
Jun 02 2016 05:56
@zezba9000 you can get the vtable address and pass it to easyhook to hook, then simply call the original address while within your override and it will call the original - yes ur method is called before the original.
Andrew
@zezba9000
Jun 02 2016 18:10
@spazzarama I'm not sure how to get the ProcAddress to do it that way.
Right now I get the vTable func ptr via:
auto a = new Derived();
DWORD pdwVTable = (DWORD)(DWORD)a;
Then hook it via:
MEMORY_BASIC_INFORMATION mbi;
VirtualQuery((LPCVOID)pdwVTable, &mbi, sizeof(mbi));
VirtualProtect(mbi.BaseAddress, mbi.RegionSize, PAGE_READWRITE, &mbi.Protect);// unlock
pdwVTableBK = pdwVTable[0];
pdwVTable[0] = (DWORD)myFoo; // Hook!

Then I can invoke the actual method by unhooking then invoking:
void __fastcall myFoo(Derived This, void _EDX, int i)
{
pdwVTable[0] = pdwVTableBK;// unhook
cout << ("YAHOO: " + to_string(i)).c_str() << endl;
This->foo(i);
}

If I use you "LhInstallHook" method I would need to get the C++ manged name... which seems harder
As I can seem to get these names via dumbbin.exe
Andrew
@zezba9000
Jun 02 2016 19:17

How would I go about using EasyHook to hook a VTable method?
Whats the method layout?
Should it look kinda like: "HRESULT __fastcall CreateSwapChainForHwnd_Hook(IDXGIFactory2 thisptr, void edx"?
Andrew
@zezba9000
Jun 02 2016 20:36

How can I repo this example I made in EasyHook?
https://gist.github.com/zezba9000/d93a1738ec1e6c43be9458ae0768689c
Justin Stenning
@spazzarama
Jun 02 2016 21:48
pdwVTable[0] is the function address I.e. Originalfunc=pdwVTable[0]; then use LhInstallHook on originalfunc. The C# direct3d example should have enough info to help. In C# it becomes a this call which I think is something like what you have put.
Andrew
@zezba9000
Jun 02 2016 22:42
@spazzarama How did you determine the SwapChain "Present" method was at index 8?
When I look at IDXGISwapChain the "Present" virtual method is the first method declared.
... in dxgi.h
So hooking using your LhInstallHook works, its just a matter of finding out what proc ptr is used for IDXGIFactory2::CreateSwapChainForHwnd
Andrew
@zezba9000
Jun 02 2016 22:48
Your C# code just has these defined in an enum "DXGISwapChainVTbl" but I'm not sure how you figured what values to use
aww ic, because you take into account the base classes and stack them like they align in memory
Andrew
@zezba9000
Jun 02 2016 23:48
Just an FYI, using EasyHook to hook the "CreateSwapChainForHwnd" swapchain method didn't work BUT DID work manually doing it. Not sure why...
"LhInstallHook(dxgiFactoryVTable[dxgiFactoryVTableIndex], CreateSwapChainForHwnd_Hook, nullptr, &hook)" = Didn't work
LhSetExclusiveACL(ACLEntries, 1, &hook);
dxgiFactoryVTable[dxgiFactoryVTableIndex] = &CreateSwapChainForHwnd_Hook; = Did Work