Solved Hooks

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

memeplayer

Newbie
Jun 18, 2017
1
32
0
So I wanted to figure out how hooks are working and ended up with code like this:

Target
C++:
#pragma once
#include <iostream>

class SomeClass
{
	int number;

public:
	SomeClass(int n) :
		number(n)
	{
	}

	virtual int sum(int a, int b)
	{
		std::cout << "(" << number << ") ";
		return a + b;
	}

	virtual int subtract(int a, int b)
	{
		std::cout << "(" << number << ") ";
		return a - b;
	}
};

int a = 10;
int b = 20;

int main()
{
	SomeClass* instance = new SomeClass(1337);

	while (true)
	{
		system("cls");
		std::cout << "instance = 0x" << std::hex << instance << std::endl << std::endl;

		std::cout << "sum(" << a << ", " << b << ") returns " << instance->sum(a, b) << std::endl;
		std::cout << "subtract(" << a << ", " << b << ") returns " << instance->subtract(a, b) << std::endl;

		Sleep(1000);
	}
}
DLL:
C++:
#include <Windows.h>
#include "Hooker.h"

DWORD address = 0x00915600; //I update it every time
Hooker* instance = nullptr;

using Function = int(__thiscall*)(void*, int, int);

Function originalFunc1;

int __fastcall hookedFunc1(void* thisptr, void* edx, int a, int b)
{
	return 1000;
}

void Hook()
{
	DWORD** baseClass = (DWORD**)address;
	instance = new Hooker(baseClass);

	originalFunc1 = (Function)instance->HookFunction((DWORD)hookedFunc1, 0);
}

BOOL APIENTRY DllMain(HMODULE hModule, DWORD ulReason, LPVOID lpReserved)
{
	if (ulReason == DLL_PROCESS_ATTACH)
	{
		SetConsoleTitle("Injected");
		CreateThread(NULL, NULL, (LPTHREAD_START_ROUTINE)Hook, NULL, NULL, NULL);
	}
}
Hooker:
C++:
#pragma once
#include <Windows.h>

class Hooker
{
public:
	Hooker(PDWORD* ppdwClassBase)
	{
		classBase = ppdwClassBase;
		oldVT = *ppdwClassBase;
		size = GetCount(*ppdwClassBase);
		newVT = new DWORD[size];
		memcpy(newVT, oldVT, sizeof(DWORD) * size);
		*ppdwClassBase = newVT;
	}

	DWORD HookFunction(DWORD dwNewFunc, unsigned int iIndex)
	{
		if (newVT && oldVT && iIndex <= size && iIndex >= 0)
		{
			newVT[iIndex] = dwNewFunc;
			return oldVT[iIndex];
		}

		return NULL;
	}

private:
	DWORD GetCount(PDWORD pdwVMT)
	{
		DWORD index = 0;

		for (index = 0; pdwVMT[index]; index++)
			if (IsBadCodePtr((FARPROC)pdwVMT[index]))
				break;

		return index;
	}

	PDWORD* classBase;
	PDWORD newVT, oldVT;
	DWORD size;
};
But it crashes application. I tried to hook functions in target and it worked fine. Where is the problem?
 

Traxin

Escobar Tier VIP
Dank Tier Donator
Aug 3, 2015
1,041
25,378
154
You tell us... whats the error?
Attach a debugger and see what happens when you inject. Are you getting an access violation? If so, where?

My two bits of advice is always call VirtualProtect\Ex on the memory you're changing just in case the current protection doesn't allow you to.
Also, according to MSDN IsBadCodePtr is obsolete and not safe to use.

Take from that what you will.
 
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods