question hooking virtual table / class functions
-
Hello community, ive got a problem i hooked a function that has virtual table inside it and calls other functions: Decompailed with hex rayz :
signed int __cdecl sub_4594F5() { signed int result; // eax@1 result = -691773993; dword_4B0068 = (unsigned int)sub_40511C ^ 0xD6C45DD7; // i suppouse 0 dword_4B006C = (unsigned int)sub_438213 ^ 0xD6C45DD7; // 1 dword_4B0070 = (unsigned int)sub_424041 ^ 0xD6C45DD7; // 2 dword_4B0074 = (unsigned int)sub_42A4FC ^ 0xD6C45DD7; // 3 dword_4B0078 = (unsigned int)sub_410B73 ^ 0xD6C45DD7; // 4 dword_4B02F8 = (unsigned int)((char *)sub_416A34 + 4) ^ 0xD6C45DD7; // 5 // the function list goes alot more on there like this around 50-60 funcs or more... return result; }This is second function from the virtual table that i want to hookint (__cdecl* pointermy_sub_438213)(int, int, int, int); int __cdecl testmy_sub_438213(int a, int b, int c, int d) { return pointermy_sub_438213(a, b, c, d); }This is the hooked vtable func i used ms detours to hook it :int (__cdecl* pPBVTBLsub_4594F5)(); int __cdecl myPBVTBLsub_4594F5() { int dword_4B006C; dword_4B006C = (unsigned int)testmy_sub_438213 ^ 0xD6C45DD7; return pPBVTBLsub_4594F5(); }So in shortly the testmy_sub_438213 wont get hooked, so anyone knows what im doing wrong or mybe my aproach is false and this way cant be done vtable hooking any input is really welcome. -
Hello community, ive got a problem i hooked a function that has virtual table inside it and calls other functions: Decompailed with hex rayz :
signed int __cdecl sub_4594F5() { signed int result; // eax@1 result = -691773993; dword_4B0068 = (unsigned int)sub_40511C ^ 0xD6C45DD7; // i suppouse 0 dword_4B006C = (unsigned int)sub_438213 ^ 0xD6C45DD7; // 1 dword_4B0070 = (unsigned int)sub_424041 ^ 0xD6C45DD7; // 2 dword_4B0074 = (unsigned int)sub_42A4FC ^ 0xD6C45DD7; // 3 dword_4B0078 = (unsigned int)sub_410B73 ^ 0xD6C45DD7; // 4 dword_4B02F8 = (unsigned int)((char *)sub_416A34 + 4) ^ 0xD6C45DD7; // 5 // the function list goes alot more on there like this around 50-60 funcs or more... return result; }This is second function from the virtual table that i want to hookint (__cdecl* pointermy_sub_438213)(int, int, int, int); int __cdecl testmy_sub_438213(int a, int b, int c, int d) { return pointermy_sub_438213(a, b, c, d); }This is the hooked vtable func i used ms detours to hook it :int (__cdecl* pPBVTBLsub_4594F5)(); int __cdecl myPBVTBLsub_4594F5() { int dword_4B006C; dword_4B006C = (unsigned int)testmy_sub_438213 ^ 0xD6C45DD7; return pPBVTBLsub_4594F5(); }So in shortly the testmy_sub_438213 wont get hooked, so anyone knows what im doing wrong or mybe my aproach is false and this way cant be done vtable hooking any input is really welcome.Umm - which bit is the function table? (Note - it is NOT a virtual function table - that has a specific meaning, which isn't the one you're using). I see no function or function calls in sub_4594F5 at all. Which could be why you can't hook any of them.
Java, Basic, who cares - it's all a bunch of tree-hugging hippy cr*p CodeProject MVP for 2010 - who'd'a thunk it!
-
Umm - which bit is the function table? (Note - it is NOT a virtual function table - that has a specific meaning, which isn't the one you're using). I see no function or function calls in sub_4594F5 at all. Which could be why you can't hook any of them.
Java, Basic, who cares - it's all a bunch of tree-hugging hippy cr*p CodeProject MVP for 2010 - who'd'a thunk it!
No, no i mean sub_4594F5() is the function that has virtualtable inside it, so i hooked it with micorsoft detours and inside sub_4594F5()i want to do vtable hooking like that
int dword_4B006C; dword_4B006C = (unsigned int)testmy_sub_438213 ^ 0xD6C45DD7;But function sub_438213 wont get hooked and that function is second function from the vtable -
No, no i mean sub_4594F5() is the function that has virtualtable inside it, so i hooked it with micorsoft detours and inside sub_4594F5()i want to do vtable hooking like that
int dword_4B006C; dword_4B006C = (unsigned int)testmy_sub_438213 ^ 0xD6C45DD7;But function sub_438213 wont get hooked and that function is second function from the vtableThat is because
testmy_sub_438213isn't being called! They are XORing its address with0xD6C45DD7. There are no function calls there! So there's no way any hooking can intercept any calls.Java, Basic, who cares - it's all a bunch of tree-hugging hippy cr*p CodeProject MVP for 2010 - who'd'a thunk it!