[Injection] EndScene: Memory Protection Attribute

**Bananenbrot** · 06-17-2010

Hi there,

While finally hooking EndScene, I was constantly getting some kind of uncatchable (from .Net perspective) error, which resulted in the ICLRRuntimeHost::ExecuteInDefaultAppDomain Method to return with E_POINTER, indicating that I accessed an invalid address.

I tracked down the problem and located it in the actual access in my Memory class while writing the 6 magic bytes to the EndScene address. Regardless if I do the writing with Marshal.Copy or with pure unsafe arithmetic, the managed dll returns immediately without a chance to catch an Exception. I opened OllyDbg and queried the protection attributes for the .text section of d3d9.dll, which suprised me:
WoW changed them from RWE Copy on Write to RE, explaining my errors.

Since I'm using Apoc's WhiteMagic (kind of, the Manager<> stuff), I edited the protection attributes for test purposes and my EndScene-handler was called correctly.

Now my questions are:
1.) Why does the access violation pass through my .Net Exception handlers?
2.) The main reason for this post, did you have the same issue? It's not much of a problem because it's easy to fix, but I like to know if I did some kind of n00b mistake and there's an even easier solution.

**IceFire32** · 06-18-2010

I had exactly the the same problem, I solved it by hooking the D3D vTable, instead of an easy detour

Imo that's a perfect method of DX hooking.

**Cypher** · 06-18-2010

http://msdn.microsoft.com/en-us/library/aa366898(VS.85).aspx

Just set the memory as PAGE_EXECUTE_READWRITE, do your shit, then set it back to its original state.

You're both over-complicating things.

**suicidity** · 06-18-2010

Yeah.. A virtual table hook because you're too lazy to set protections, is silly.

**Bananenbrot** · 06-18-2010

Originally Posted by Cypher

http://msdn.microsoft.com/en-us/library/aa366898(VS.85).aspx

Just set the memory as PAGE_EXECUTE_READWRITE, do your shit, then set it back to its original state.

You're both over-complicating things.

That's exactly how I'm doing it now. I just wondered that nobody talked about it before in here and that the example of WhiteMagic didn't care for that either.

**Apoc** · 06-18-2010

Originally Posted by suicidity

Yeah.. A virtual table hook because you're too lazy to set protections, is silly.

I always hook the vtable, it's a bit easier to use through multiple games. (Go ahead Cypher, bitch about how it doesn't always work.)

**suicidity** · 06-18-2010

Well I prefer a virtual table hook because it's simple (In my opinion), but IceFire said he went with it because of protection issues; Doesn't make sense.

**Cypher** · 06-18-2010

Originally Posted by Apoc

I always hook the vtable, it's a bit easier to use through multiple games. (Go ahead Cypher, bitch about how it doesn't always work.)

Doesn't always work.

Shout-Out

User Tag List

Thread: [Injection] EndScene: Memory Protection Attribute

Thread Tools

Search Thread

[Injection] EndScene: Memory Protection Attribute

Similar Threads

[Release] [C# DLL] iHook, EndScene ASM Injection!

[C++] Getting Started (1): Injection and Endscene Detour Tutorial, Bot Framework

[C++] Endscene hook and dostring code inject and wow crashed....

[Offtopic] How to impress girls with browser memory protection bypasses.

Unlock Protected LUA with a Patch? (Without Injecting code?)

OwnedCore Forums

casino

CoreCoins

My OwnedCore

About Us

Casino