Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Function hook stops application without any error #21

Open
konserwa1992 opened this issue Mar 29, 2023 · 10 comments
Open

Function hook stops application without any error #21

konserwa1992 opened this issue Mar 29, 2023 · 10 comments

Comments

@konserwa1992
Copy link 

        public static void AttachHook()
        {
            //881DC0 0x2d5399
            sendFunction = ReloadedHooks.Instance.CreateFunction<SendFunc>((long)(GameMethods.GetBaseAdress() + 0x268DC));
            _sendPacketFuncHook= sendFunction.Hook(PacketSendHook).Activate();

        }

        public static IntPtr PacketSendHook(IntPtr a, byte[] packet)
        {
            return _sendPacketFuncHook.OriginalFunction(a,packet);
        }
@Sewer56
Copy link
Member

Sewer56 commented Mar 29, 2023

Doublecheck the original signature in your disassembler.

Chances are you probably need to use byte* rather than byte[].

@konserwa1992
Copy link
Author

Doublecheck the original signature in your disassembler.

Chances are you probably need to use byte* rather than byte[].

there is anyway to check signature in x64dbg?

@Sewer56
Copy link
Member

Sewer56 commented Mar 30, 2023

You can probably have a guess if you know the calling convention of the function and check how it's called.

Way easier with IDA/Ghidra/BinaryNinjs though.

@konserwa1992
Copy link
Author

konserwa1992 commented Mar 30, 2023
edited
Loading

obraz

        [Function(CallingConventions.Microsoft)]
        public unsafe delegate void SendFunc(IntPtr a, byte* packet);
        public  static IFunction<SendFunc> sendFunction;

        private static IHook<SendFunc> _sendPacketFuncHook;

......
        public unsafe static void AttachHook()
        {
            //881DC0 0x2d5399  trose.exe+2D539E 

            sendFunction = ReloadedHooks.Instance.CreateFunction<SendFunc>((long)(GameMethods.GetBaseAdress() + 0x268DC));
            _sendPacketFuncHook= sendFunction.Hook(PacketSendHook).Activate();

        }

        public unsafe static void PacketSendHook(IntPtr a, byte* packet)
        {
            _sendPacketFuncHook.OriginalFunction(a,packet);
        }

Calling this function work fine.

@konserwa1992
Copy link
Author

Do i do something wrong?

@Sewer56
Copy link
Member

Sewer56 commented Mar 31, 2023
edited
Loading

Nothing particularly sticks out here, degelate seems fine, declaration seems fine.

Only thing that's a little unclear is which address you're hooking. If you're hooking the one ending with 881dc0, this is fine.

What I'd do is doublecheck just in case you're hooking the right address by comparing the assembly (in CE, x64asm or other); since it seems that in Binja you're showing absolute addresses rather than module relative ones.

@konserwa1992
Copy link
Author

After long 4 hours of waiting for error i got this one
obraz


System.Exception: Unable to find memory location to fit MemoryBuffer of size 32 (4096) between 2303604896685 and 2303604962155.
   w Reloaded.Memory.Buffers.MemoryBufferHelper.CreateMemoryBuffer(Int32 size, UIntPtr minimumAddress, UIntPtr maximumAddress, Int32 retryCount)
   w Reloaded.Hooks.Tools.Utilities.FindOrCreateBufferInRange(Int32 size, UIntPtr minimumAddress, UIntPtr maximumAddress, Int32 alignment)
   w Reloaded.Hooks.Tools.Utilities.CreateJump(UIntPtr targetPtr, Boolean is64Bit, Int32 minBytesUsed)
   w Reloaded.Hooks.X64.ReverseWrapper`1.Create(ReverseWrapper`1 reverseFunctionWrapper, UIntPtr functionPtr)
   w Reloaded.Hooks.X64.ReverseWrapper`1..ctor(TFunction function)
   w Reloaded.Hooks.Hook`1.CreateReverseWrapper(TFunction function)
   w Reloaded.Hooks.ReloadedHooks.CreateHook[TFunction](TFunction function, Int64 functionAddress, Int32 minHookLength)
   w Reloaded.Hooks.ReloadedHooks.CreateHook[TFunction](TFunction function, Int64 functionAddress)
   w CodeInject.GameMethods.AttachHook() w C:\Users\grzeg\Documents\GitHub\GodLeftMeUnfinished\CodeInject\GameMethods.cs:wiersz 87
   w CodeInject.Form1.button1_Click_1(Object sender, EventArgs e) w C:\Users\grzeg\Documents\GitHub\GodLeftMeUnfinished\CodeInject\Form1.cs:wiersz 103
   w System.Windows.Forms.Control.OnClick(EventArgs e)
   w System.Windows.Forms.Button.OnClick(EventArgs e)
   w System.Windows.Forms.Button.OnMouseUp(MouseEventArgs mevent)
   w System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons button, Int32 clicks)
   w System.Windows.Forms.Control.WndProc(Message& m)
   w System.Windows.Forms.ButtonBase.WndProc(Message& m)
   w System.Windows.Forms.Button.WndProc(Message& m)
   w System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)

@Sewer56
Copy link
Member

Sewer56 commented Mar 31, 2023

Yeah; it tried to brute force find some memory within 2GB memory space of the code you are hooking.
Normally this is possible; I've never seen this legitimately fail before.

I'm not sure if there's much possible to do about this specific one.

@konserwa1992
Copy link
Author

i have thats same problem when i try hook API functions in notepad so maybe its because i using clr host?

@Sewer56
Copy link
Member

Sewer56 commented Mar 31, 2023

I wouldn't know; though the free buffer/address scanning part is done mainly through native API.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Sewer56 @konserwa1992