You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I just want to thank you for your "X64 Function Hooking by Example" article. It helped me a lot doing some 64-bit game hacking for fun. I've initially done it using Cheat Engine but wanted to create and inject my own DLL.
Got stuck on the fact that Visual C++ does not support inline assembly for x64 as well as some other differences between x32 and x64 in general (jumps...). Your article helped a lot with the "jump" problem. I really like the solution you presented (relative jump from the hooked function to the Relay function and absolute jump to the PayLoad function).
What I ended up doing differently, compared to your example, was that I included the instruction whose bytes got corrupted by the relative jump and its "nopED" bytes and the change (hack) in my pure asm Payload function that is a part of my C++ project. I also then made an absolute jump back from the Payload to the hooked function right after the included corrupted instruction. And it worked ! :) Haven't fully looked at your Trampoline code, that uses the Capstone library, since I wanted to get my modification(hack) to work first as proof of concept.
I hope you don't mind if I point out something in your code :)
In Full Code for Example 2 (click to expand), your
InstallHook (void* targetFunction, void* payloadFunction) function never uses the input arguments (targetFunction and payloadFunction). It's not a big deal since you just directly calculate a pointer to targetFunction and use NullPaint3DButtonHandler in the WriteAbsoluteJump64(relayFuncMemory, NullPaint3DButtonHandler) step but I thought you might've overlooked that since you already pass the void pointers to targetFunction and payloadFunction that you use in InstallHook....Hope this makes sense :)
Anyways, thanks again for such a great article and keep up the great work !
Ada
The text was updated successfully, but these errors were encountered:
Hey Kyle,
I just want to thank you for your "X64 Function Hooking by Example" article. It helped me a lot doing some 64-bit game hacking for fun. I've initially done it using Cheat Engine but wanted to create and inject my own DLL.
Got stuck on the fact that Visual C++ does not support inline assembly for x64 as well as some other differences between x32 and x64 in general (jumps...). Your article helped a lot with the "jump" problem. I really like the solution you presented (relative jump from the hooked function to the Relay function and absolute jump to the PayLoad function).
What I ended up doing differently, compared to your example, was that I included the instruction whose bytes got corrupted by the relative jump and its "nopED" bytes and the change (hack) in my pure asm Payload function that is a part of my C++ project. I also then made an absolute jump back from the Payload to the hooked function right after the included corrupted instruction. And it worked ! :) Haven't fully looked at your Trampoline code, that uses the Capstone library, since I wanted to get my modification(hack) to work first as proof of concept.
I hope you don't mind if I point out something in your code :)
In Full Code for Example 2 (click to expand), your
InstallHook (void* targetFunction, void* payloadFunction) function never uses the input arguments (targetFunction and payloadFunction). It's not a big deal since you just directly calculate a pointer to targetFunction and use NullPaint3DButtonHandler in the WriteAbsoluteJump64(relayFuncMemory, NullPaint3DButtonHandler) step but I thought you might've overlooked that since you already pass the void pointers to targetFunction and payloadFunction that you use in InstallHook....Hope this makes sense :)
Anyways, thanks again for such a great article and keep up the great work !
Ada
The text was updated successfully, but these errors were encountered: