DX11 64 bit Hook, main windows freeze

[zdohdds]

Hello everyone. I'm trying to write DX11 hook for x64, but i'm stack for issue: when i do hooks then my game windows is freeze and not answer...

What i do?

Present[address] old asm code replase to JMP to My ASM (12 byte) -> Call MainThreadFunction( [do something] ) -> My ASM return (old asm code) -> JMP to Present[address+12 byte]

I checked using Cheat engine and all asm code is in the right place and JMP \ Call good.

I can't undenstand what's wrong.

My code:

Code:

public class Directx
    {
        private IntPtr _D3D11Present;
        public Detour _hookDetour { get; private set; }

        public Directx()
        {
            this._D3D11Present = Memory.ModuleBaseAddress("dxgi.dll");
            Log.WriteLine("baseaddress dxgi: {0:X}", this._D3D11Present.ToInt64());
            this._hookDetour = new Detour(IntPtr.Add(_D3D11Present, 0x11A0));
        }

        public void Dispose()
        {
            this._hookDetour.Dispose();
        }
    }

public class Detour
    {
        private IntPtr _pTarget;
        private IntPtr _pHook;
        private byte[] _original;
        private IntPtr p;

        private MainThread _mainThread;

        public Detour(IntPtr pTarget)
        {
            this._pTarget = pTarget;
            this._original = Memory.ReadBytes(this._pTarget, 12);

            this._mainThread = new MainThread(MainThreadFunction);
            p = Marshal.GetFunctionPointerForDelegate(this._mainThread);
            Log.WriteLine("p: {0:X}", p.ToInt64());
        }

        public void Apply()
        {
            //0:  9c                      pushf
            //1:  48 b8 f0 49 75 07 34    movabs rax,0x234077549f0
            //8:  02 00 00
            //b:  ff d0                   call   rax
            //e:  9d                      popf
            //f:  48 b8 50 52 53 8c fc    movabs rax,0x7ffc8c535250
            //16: 7f 00 00
            //19: ff e0                   jmp    rax

            List<byte> myByte = new List<byte>();
            myByte.Add(0x9C);
            myByte.AddRange(new byte[] { 0x48, 0xB8 });
            myByte.AddRange(BitConverter.GetBytes(p.ToInt64()));
            myByte.AddRange(new byte[] { 0xFF, 0xD0 });
            myByte.Add(0x9D);
            myByte.AddRange(this._original);
            myByte.AddRange(new byte[] { 0x48, 0xB8 });
            myByte.AddRange(BitConverter.GetBytes(IntPtr.Add(this._pTarget, 12).ToInt64()));
            myByte.AddRange(new byte[] { 0xFF, 0xE0 });

            // Present[address]::old asm code replase to JMP to My ASM (12 byte) -> Call MainThreadFunction( [do something] ) -> My ASM return (old asm code) -> JMP to Present[address +12 byte]
            this._pHook = Marshal.AllocHGlobal(myByte.Count);
            Marshal.Copy(myByte.ToArray(), 0, this._pHook, myByte.Count);

            //0:  48 b8 50 52 53 8c fc    movabs rax,0x7ffc8c535250
            //7:  7f 00 00
            //a:  ff e0                   jmp    rax
            List<byte> newByte = new List<byte>();
            newByte.AddRange(new byte[] { 0x48, 0xB8 });
            newByte.AddRange(BitConverter.GetBytes(p.ToInt64()));
            newByte.AddRange(new byte[] { 0xFF, 0xE0 });

            if (!Memory.WriteBytes(this._pTarget, newByte.ToArray()))
            {
                Log.WriteLine("Can't to replace 'jmp [new address]' in the Present function!");
                Marshal.FreeHGlobal(this._pHook);
            }
        }

        public void Dispose()
        {
            if (!Memory.WriteBytes(this._pTarget, this._original))
            {
                Log.WriteLine("Can't to return original bytes in the Present function!");
            }
            Marshal.FreeHGlobal(this._pHook);
        }

        public void MainThreadFunction()
        {
            Log.WriteLine("Йа в главном потоке! ы!");
            //this.Dispose();
        }
        
        delegate void MainThread(); 
    }

[imzz]

Excuse me, is this problem solved now?
Does anyone know if there is a problem with this code?

[LunaBoy]

D3D11 Hook
=================

Code:

#include <d3d11.h>
#include <mutex>

#include <MinHook.h>

#include "d3d11hook.h"

#pragma comment(lib, "d3d11.lib")

typedef HRESULT(__stdcall *D3D11PresentHook) (IDXGISwapChain* pSwapChain, UINT SyncInterval, UINT Flags);
typedef void(__stdcall *D3D11DrawIndexedHook) (ID3D11DeviceContext* pContext, UINT IndexCount, UINT StartIndexLocation, INT BaseVertexLocation);
typedef void(__stdcall *D3D11ClearRenderTargetViewHook) (ID3D11DeviceContext* pContext, ID3D11RenderTargetView *pRenderTargetView, const FLOAT ColorRGBA[4]);

static HWND                     g_hWnd = nullptr;
static ID3D11Device*            g_pd3dDevice = nullptr;
static ID3D11DeviceContext*     g_pd3dContext = nullptr;
static IDXGISwapChain*          g_pSwapChain = nullptr;
static std::once_flag           g_isInitialized;

D3D11PresentHook                phookD3D11Present = nullptr;
D3D11DrawIndexedHook            phookD3D11DrawIndexed = nullptr;
D3D11ClearRenderTargetViewHook  phookD3D11ClearRenderTargetViewHook = nullptr;

DWORD*                          pSwapChainVTable = nullptr;
DWORD*                          pDeviceContextVTable = nullptr;

HRESULT __stdcall PresentHook(IDXGISwapChain* pSwapChain, UINT SyncInterval, UINT Flags)
{
	std::call_once(g_isInitialized, [&]() {
		pSwapChain->GetDevice(__uuidof(g_pd3dDevice), reinterpret_cast<void**>(&g_pd3dDevice));
		g_pd3dDevice->GetImmediateContext(&g_pd3dContext);
	});

	ImplHookDX11_Present(g_pd3dDevice, g_pd3dContext, g_pSwapChain);

	return phookD3D11Present(pSwapChain, SyncInterval, Flags);
}

void __stdcall DrawIndexedHook(ID3D11DeviceContext* pContext, UINT IndexCount, UINT StartIndexLocation, INT BaseVertexLocation)
{
	return phookD3D11DrawIndexed(pContext, IndexCount, StartIndexLocation, BaseVertexLocation);
}

void __stdcall ClearRenderTargetViewHook(ID3D11DeviceContext* pContext, ID3D11RenderTargetView *pRenderTargetView, const FLOAT ColorRGBA[4])
{
	return phookD3D11ClearRenderTargetViewHook(pContext, pRenderTargetView, ColorRGBA);
}

DWORD __stdcall HookDX11_Init(LPVOID)
{
	D3D_FEATURE_LEVEL level = D3D_FEATURE_LEVEL_11_0;
	DXGI_SWAP_CHAIN_DESC sd;
	{
		ZeroMemory(&sd, sizeof(sd));
		sd.BufferCount = 1;
		sd.BufferDesc.Format = DXGI_FORMAT_R8G8B8A8_UNORM;
		sd.BufferUsage = DXGI_USAGE_RENDER_TARGET_OUTPUT;
		sd.OutputWindow = g_hWnd;
		sd.SampleDesc.Count = 1;
		sd.Windowed = TRUE;
		sd.BufferDesc.ScanlineOrdering = DXGI_MODE_SCANLINE_ORDER_UNSPECIFIED;
		sd.BufferDesc.Scaling = DXGI_MODE_SCALING_UNSPECIFIED;
		sd.SwapEffect = DXGI_SWAP_EFFECT_DISCARD;
	}

	HRESULT hr = D3D11CreateDeviceAndSwapChain(nullptr, D3D_DRIVER_TYPE_HARDWARE, nullptr, 0, &level, 1, D3D11_SDK_VERSION, &sd, &g_pSwapChain, &g_pd3dDevice, nullptr, &g_pd3dContext);
	if (FAILED(hr))
	{
		MessageBox(g_hWnd, L"Failed to create device and swapchain.", L"Fatal Error", MB_ICONERROR);
		return E_FAIL;
	}

	pSwapChainVTable = reinterpret_cast<DWORD*>(g_pSwapChain);
	pSwapChainVTable = reinterpret_cast<DWORD*>(pSwapChainVTable[0]);

	pDeviceContextVTable = reinterpret_cast<DWORD*>(g_pd3dContext);
	pDeviceContextVTable = reinterpret_cast<DWORD*>(pDeviceContextVTable[0]);

	if (MH_Initialize() != MH_OK) { return 1; }
	if (MH_CreateHook((DWORD*)pSwapChainVTable[8], PresentHook, reinterpret_cast<void**>(&phookD3D11Present)) != MH_OK) { return 1; }
	if (MH_EnableHook((DWORD*)pSwapChainVTable[8]) != MH_OK) { return 1; }
	if (MH_CreateHook((DWORD*)pSwapChainVTable[12], DrawIndexedHook, reinterpret_cast<void**>(&phookD3D11DrawIndexed)) != MH_OK) { return 1; }
	if (MH_EnableHook((DWORD*)pSwapChainVTable[12]) != MH_OK) { return 1; }
	if (MH_CreateHook((DWORD*)pSwapChainVTable[50], ClearRenderTargetViewHook, reinterpret_cast<void**>(&phookD3D11ClearRenderTargetViewHook)) != MH_OK) { return 1; }
	if (MH_EnableHook((DWORD*)pSwapChainVTable[50]) != MH_OK) { return 1; }

	DWORD old_protect;
	VirtualProtect(phookD3D11Present, 2, PAGE_EXECUTE_READWRITE, &old_protect);

	g_pd3dDevice->Release();
	g_pd3dContext->Release();
	g_pSwapChain->Release();

	return S_OK;
}

D3D11_HOOK_API void ImplHookDX11_Init(void *hwnd)
{
	g_hWnd = (HWND)hwnd;
	CreateThread(nullptr, 0, reinterpret_cast<LPTHREAD_START_ROUTINE>(HookDX11_Init), nullptr, 0, nullptr);
}

D3D11_HOOK_API void ImplHookDX11_Shutdown()
{
	if (MH_DisableHook(MH_ALL_HOOKS)) { return; };
	if (MH_Uninitialize()) { return; }
}