EndScene detour question

[bad6oy30]

So I've moved from out-of-process to in-process, and it's pretty damn cool. I detoured D3D9 EndScene with a wrapper DLL, that was all well and good, but now I want to get rid of the proxy and do a "live" detour.

One thing I don't understand... if you know the pointer to the IDirect3DDevice9, then you can get the pointer to the virtual EndScene method. After that, you overwrite the virtual method pointer with the addr of your hook function. Your function does the extra work, then calls the original pointer, casted to the same signature.

But I see all the asm in the detour examples, and I don't understand it... why is it necessary?

[Azzie2k8]

So I've moved from out-of-process to in-process, and it's pretty damn cool. I detoured D3D9 EndScene with a wrapper DLL, that was all well and good, but now I want to get rid of the proxy and do a "live" detour.

One thing I don't understand... if you know the pointer to the IDirect3DDevice9, then you can get the pointer to the virtual EndScene method. After that, you overwrite the virtual method pointer with the addr of your hook function. Your function does the extra work, then calls the original pointer, casted to the same signature.

But I see all the asm in the detour examples, and I don't understand it... why is it necessary?

Because basicly what is done is that you do not overwrite the original function but write a jump in the first few bytes of the original function.
This jump goes to your detoured function in which you most likely jump back to where you left in the original function.

All this is obviously done in assembler since you are messing with memory.

I am not a pro at this and I might be wrong but I think this thread is very interesting for you

http://www.mmowned.com/forums/world-...-codecave.html

[_Mike]

One thing I don't understand... if you know the pointer to the IDirect3DDevice9, then you can get the pointer to the virtual EndScene method. After that, you overwrite the virtual method pointer with the addr of your hook function. Your function does the extra work, then calls the original pointer, casted to the same signature.

But I see all the asm in the detour examples, and I don't understand it... why is it necessary?

It's not. Most people here just don't have a clue what "virtual method" means. Haven't you noticed that almost everyone here who claims to code in C++ could just as well compile their code as C?

Just overwrite the VMT entry and be done with it. Easy, clean and efficient. And it makes it so much cleaner to do hook chains if you ever want to do that.

Because basicly what is done is that you do not overwrite the original function but write a jump in the first few bytes of the original function.
This jump goes to your detoured function in which you most likely jump back to where you left in the original function.

What? Writing new data to a function is not overwriting it?
If you want to do this then at least use the hotpatch padding. There's no need to destroy the original function.

[Azzie2k8]

It's not. Most people here just don't have a clue what "virtual method" means. Haven't you noticed that almost everyone here who claims to code in C++ could just as well compile their code as C?

Just overwrite the VMT entry and be done with it. Easy, clean and efficient. And it makes it so much cleaner to do hook chains if you ever want to do that.


What? Writing new data to a function is not overwriting it?
If you want to do this then at least use the hotpatch padding. There's no need to destroy the original function.

Damn I need to read the full post before posting sorry

[bad6oy30]

Thanks for the link and info!

Maybe the EndScene vtable pointer is Warden-watched? But the device object is API constructed... the object pointer is non-static, and I thought Warden only watched static regions.

Maybe we'll see a big explanation by tomorrow