Hooked GetProcAddress not picking up request for Direct3DCreate9

**revertlife** · 07-05-2010

I wrote the following code for my injected DLL which uses the EasyHook LocalHook to hook LoadLibraryA and GetProcAddress. The LoadLibraryA hook picks up that the client loads d3d9.dll (but it's loaded 3 times apparently...) and GetProcAddress picks up a bunch of other functions, but never Direct3DCreate().

Does anyone know why this might be or could point me in the right direction?

Code:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading;
using System.Runtime.InteropServices;
using System.Runtime.Remoting;
using EasyHook;
using System.Windows.Forms;
using System.Diagnostics;

namespace DllInjector
{

    public class Main : EasyHook.IEntryPoint
    {
        WoWInterface Interface;
        LocalHook GetProcAddrHook, LoadLibHook,D3DCreateHook;
        IntPtr d3dHandle;

        public Main(RemoteHooking.IContext InContext, String InChannelName)
        {
          Interface = RemoteHooking.IpcConnectClient<WoWInterface>(InChannelName);
          Interface.WriteConsole("LOL LOADED");
        }

        public void Run(RemoteHooking.IContext InContext, String InChannelName)
        {
            try
            {
                Interface.WriteConsole("LoadLibraryA Location: 0x" + LocalHook.GetProcAddress("kernel32.dll", "LoadLibraryA").ToString("X8"));
                Interface.WriteConsole("GetProcAddress Location: 0x" + LocalHook.GetProcAddress("kernel32.dll", "GetProcAddress").ToString("X8"));
                GetProcAddrHook = LocalHook.Create(LocalHook.GetProcAddress("kernel32.dll", "GetProcAddress"), new DGetProcAddress(_GetProcAddress), this);
                LoadLibHook = LocalHook.Create(LocalHook.GetProcAddress("kernel32.dll", "LoadLibraryA"), new DLoadLibraryA(_LoadLibraryA), this);
                GetProcAddrHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
                LoadLibHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
            }
            catch (Exception ExtInfo)
            {
                Interface.WriteConsole("Error: \r\n" + ExtInfo.ToString());
            }
            Interface.WriteConsole("GetProcAddress Hooked");
            while (true)
            {

                //Byte[] playerName;
                try
                {

                    //Interface.WriteConsole(playerName.ToString() + "    -    ");
                }
                catch (Exception ExtInfo)
                {
                    Interface.WriteConsole("Error: " + ExtInfo.ToString());
                }
            }
        }

        public void HookD3DCreate9()
        {

        }

       [UnmanagedFunctionPointer(CallingConvention.StdCall,
            CharSet = CharSet.Unicode,
            SetLastError = true)]
        delegate IntPtr DGetProcAddress(
            IntPtr hModule,
            IntPtr lpProcName);

        // just use a P-Invoke implementation to get native API access from C# (this step is not necessary for C++.NET)
        [DllImport("kernel32.dll",
            CharSet = CharSet.Unicode,
            SetLastError = true,
            CallingConvention = CallingConvention.StdCall)]
        static extern IntPtr GetProcAddress(
            IntPtr hModule,
            IntPtr lpProcName);


        static IntPtr _GetProcAddress(IntPtr hModule, IntPtr lpProcName)
        {
            Main This = (Main)HookRuntimeInfo.Callback;

            lock (This)
            {
                This.Interface.WriteConsole("Function loaded");
                if (This.d3dHandle == hModule)
                {
                    This.Interface.WriteConsole("Function loaded from target library: " + Marshal.PtrToStringAnsi(lpProcName));
                }

                if (Marshal.PtrToStringAnsi(lpProcName) == "Direct3DCreate9" || Marshal.PtrToStringUni(lpProcName) == "Direct3DCreate9")
                {
                    This.Interface.WriteConsole("Function loaded from target library: " + Marshal.PtrToStringAnsi(lpProcName));
                }
            }

            if (Marshal.PtrToStringAnsi(lpProcName) == "GetProcAddress")
            {
                lock (This)
                {
                    This.Interface.WriteConsole("GetProcAddress on... GetProcAddress");
                }
            }

            return GetProcAddress(hModule, lpProcName);
        }

        [UnmanagedFunctionPointer(CallingConvention.StdCall,
        CharSet = CharSet.Unicode,
        SetLastError = true)]
        delegate IntPtr DLoadLibraryA(
            IntPtr lpProcName);

        // just use a P-Invoke implementation to get native API access from C# (this step is not necessary for C++.NET)
        [DllImport("kernel32.dll",
            CharSet = CharSet.Unicode,
            SetLastError = true,
            CallingConvention = CallingConvention.StdCall)]
        static extern IntPtr LoadLibraryA(
            IntPtr lpProcName);


        static IntPtr _LoadLibraryA(IntPtr libName)
        {
            try
            {
            Main This = (Main)HookRuntimeInfo.Callback;
            String strLibName;
           
            strLibName = Marshal.PtrToStringAnsi(libName);
            lock (This)
            {
                This.Interface.WriteConsole("Loading library....  "+ strLibName);

            }
            if (strLibName == "d3d9.dll")
            {
                lock (This)
                {
                    This.Interface.WriteConsole("Target Library loaded: " + strLibName);
                    This.d3dHandle = LoadLibraryA(libName);




                    return This.d3dHandle;
                }

            }
            }
            catch (Exception ExtInfo)
            {
                MessageBox.Show("Exception: " + ExtInfo.ToString());
            }
            
            return LoadLibraryA(libName);
        }
    }
}

**Cypher** · 07-05-2010

Who says that Direct3DCreate9 has to be called via GetProcAddress? It could just be statically imported.

**revertlife** · 07-05-2010

Well I checked the binary imports for WoW and none of the Direct3D functions are static imports.

Also, in the disassembly Direct3DCreate9 is loaded via GetProcAddress. There are references to alGetProcAddress and alcGetProcAddress but I couldn't find any info for those functions

**Cypher** · 07-05-2010

Well in that case, fiik.

**MaiN** · 07-05-2010

Are you sure you're injecting your DLL at the correct time? It needs to be done very early in the startup process to be able to hook Direct3DCreate9 and get a valid result.

**revertlife** · 07-05-2010

I do an external call to CreateProcess with the suspend flag and then I inject the DLL and it hooks LoadLibraryA and GetProcAddress and then the host process resumes the main WoW thread so it's hooked before it is even executed for the first time

Shout-Out

User Tag List

Thread: Hooked GetProcAddress not picking up request for Direct3DCreate9

Thread Tools

Search Thread

Hooked GetProcAddress not picking up request for Direct3DCreate9

Similar Threads

Request for Glider

Tauren male to Orc male request for patch 2.0.1 plz :(

Few Requests for Tauren Hunter

continued requests for stuff add me to MSN

Model Editing Request for Race Conversion and Other

OwnedCore Forums

casino

CoreCoins

My OwnedCore

About Us

Casino