Preview Midfunction hook
o, today we will learn how to make an midfunction hooking
For all beginner, you should test it with d3d9 cause d3d9.dll have the same address for both all program in an OS
First, define a naked function
__declspec( naked ) VOID WINAPI EndSceneMidfunction( )
{
}
Now, try first hook with EndScene in d3d9.dll
Look in this picture, we have 0x4fe571b0 is the address, now attack ollydbg then go to this address
Now look on this, to make a jump, we need 5 bytes, let hook on this header
Save all memory will be modified to nake function
__declspec( naked ) VOID WINAPI EndSceneMidfunction( )
{
_asm
{
mov edi,edi
push ebp
mov ebp,esp
}
}
after we detoured we need jump back ogrinal function, look on it we have 0x4fe571b5 cause we hooked on 5 bytes first
DWORD back = 0x4fe571b5;
__declspec( naked ) VOID WINAPI EndSceneMidfunction( )
{
_asm
{
mov edi,edi
push ebp
mov ebp,esp
}
//do your work here
_asm jmp back;
}
how to get the device?
_asm mov eax,dword ptr ds:[ebp + 0x8] // first agrument LPDIRECT9DEVICE pDevice
_asm mov pDevice,eax; // need define
Now you can draw everything with it :D
0 comments: