[CODE]VTable hooking

**Hell_Demon** · 10-29-2010

Code:

DWORD *hookVFunc(DWORD *vtable, int index, DWORD *newFunction)
{
	DWORD dwOldProt, *oldFunc;
	VirtualProtect(&vtable[index], 4, PAGE_EXECUTE_READWRITE, &dwOldProt);
	oldFunc=(DWORD*)vtable[index];
	vtable[index]=(DWORD)newFunction;
	VirtualProtect(&vtable[index], 4, dwOldProt, &dwOldProt);
	return oldFunc;
}

A bit of a mess, but it works

Example usage:

Code:

UINT (__stdcall *oGetAdapterCount)(void);
UINT __stdcall xGetAdapterCount(void)
{
	MessageBox(0, L"hooked", L"hook", MB_OK);
	return oGetAdapterCount();
}

int main()
{
	HANDLE hDll = LoadLibrary(L"d3d9.dll");
	IDirect3D9 *pD9 = Direct3DCreate9(D3D_SDK_VERSION);
	//the index of GetAdapterCount is 4
	oGetAdapterCount = (UINT (__stdcall *)(void))hookVFunc(*(DWORD**)pD9, 4, (DWORD*)&xGetAdapterCount);
	pD9->GetAdapterCount();
	system("pause");
	return 1;
}

Have fun?

~ Hell

**Void** · 10-29-2010

Noice, VirtualProtect + pointers.

Naws, gj HD, makes patching the vtable much cleaner.

Btw, still no type definitions for those long casts? D:

Code:

oGetAdapterCount = (UINT (__stdcall *)(void))hookVFunc(*(DWORD**)pD9, 4, (DWORD*)&xGetAdapterCount);

Luckily that function doesn't even take any arguments.

**Hell_Demon** · 10-30-2010

compile
error: cannot cast from DWORD * to UINT (__stdcall *)(void)
C&P the typecast
compile
success

/victory.

**Hell_Demon** · 10-31-2010

^5[^9AU^5]^9Wesley: hookVFunc(0x40CE14, 40, (DWORD*)&yuorEndScene);
Tweak: Yeah
^5[^9AU^5]^9Wesley: or *(DWORD*)0x40CE14, not sure
^5[^9AU^5]^9Wesley: it really cant be that hard lol
Tweak: I believe it worked.
Tweak: I injected, and nothing happened (no crash)
Tweak: so
^5[^9AU^5]^9Wesley: k
^5[^9AU^5]^9Wesley: did u return orig function?
Tweak: er
^5[^9AU^5]^9Wesley: shove a messagebox in there
Tweak: In hookVFunc?
Tweak: hmmm
Tweak: nothing
^5[^9AU^5]^9Wesley: no
^5[^9AU^5]^9Wesley: in your hooked func >.>
Tweak: owait
Tweak: failme
Tweak: I'm using it as a dll
Tweak: and it has int main
^5[^9AU^5]^9Wesley: *facepalm*
^5[^9AU^5]^9Wesley: might wanna go read up on C++ basics
Tweak: the code was copy pasted....
Tweak: To see if it would work

**Void** · 10-31-2010

Originally Posted by Hell_Demon

^5[^9AU^5]^9Wesley: hookVFunc(0x40CE14, 40, (DWORD*)&yuorEndScene);
Tweak: Yeah
^5[^9AU^5]^9Wesley: or *(DWORD*)0x40CE14, not sure
^5[^9AU^5]^9Wesley: it really cant be that hard lol
Tweak: I believe it worked.
Tweak: I injected, and nothing happened (no crash)
Tweak: so
^5[^9AU^5]^9Wesley: k
^5[^9AU^5]^9Wesley: did u return orig function?
Tweak: er
^5[^9AU^5]^9Wesley: shove a messagebox in there
Tweak: In hookVFunc?
Tweak: hmmm
Tweak: nothing
^5[^9AU^5]^9Wesley: no
^5[^9AU^5]^9Wesley: in your hooked func >.>
Tweak: owait
Tweak: failme
Tweak: I'm using it as a dll
Tweak: and it has int main
^5[^9AU^5]^9Wesley: *facepalm*
^5[^9AU^5]^9Wesley: might wanna go read up on C++ basics
Tweak: the code was copy pasted....
Tweak: To see if it would work

Wow... \:

This is what happens when you try and help leechers.

Thread: [CODE]VTable hooking

Thread Tools

Display

[CODE]VTable hooking

The Following 3 Users Say Thank You to Hell_Demon For This Useful Post:

Similar Threads

[Tutorial] Vtable hooking/Vmt hooking

[Release] Vtable hook source

[Tutorial] -How to make .dll[Vtable Hook]-

[Help] how the vtable hook works?

[Source]Vtable Hook?