Raised This Month: $12 Target: $400
 3% 

[EXTENSION] Midhooks


Post New Thread Reply   
 
Thread Tools Display Modes
Author Message
Scag
AlliedModders Donor
Join Date: May 2017
Location: Crashing Hale
Old 09-19-2023 , 23:51   [EXTENSION] Midhooks
Reply With Quote #1

Hi. I wrote an extension that exposes midfunc/inline hooks for SourceMod.

Sometimes, you have a function you want to hook. And sometimes, the logic you want to fiddle with is way far down under deep in there, and it would be really, really hard to work to get what you want with just a hook. Sometimes, you can recreate the function yourself, but that might not work if it's super big and complicated. Sometimes, you might be able to patch over it, but if you want to execute more logic, then that also might not work. In those some times, you may need to deploy a midfunc hook.

By hand, it isn't very fun, you have to patch in a jump that goes somewhere that contains your own assembly, and then that assembly jump back when you're done. That stinks even more if you need to execute some bonus code.

And thus, that's why I wrote this extension. Here's how it works.

How it works and a test case:
Spoiler


SOURCE
RELEASES
__________________
Over-engineering is underrated.

GitHub
BTC
ETH

Retired

Last edited by Scag; 09-22-2023 at 22:40.
Scag is offline
fdxx
Member
Join Date: Oct 2020
Location: 0xdeadbeef
Old 09-22-2023 , 11:43   Re: [EXTENSION] Midhooks
Reply With Quote #2

Server crashes after trying, what am I doing wrong?

PHP Code:
/*
"Games"
{
    "left4dead2"
    {
        "Addresses"
        {
            "CLunge::IsAbilityReadyToFire"
            {
                "linux"
                {
                    "signature"    "CLunge::IsAbilityReadyToFire"
                    "offset"    "0xC8"
                }
            }
        }

        "Signatures"
        {
            "CLunge::IsAbilityReadyToFire"
            {
                "library"    "server"
                "linux"        "@_ZNK6CLunge20IsAbilityReadyToFireEv"
            }
        }
    }
}
*/

#pragma semicolon 1
#pragma newdecls required

#include <sourcemod>
#include <sdktools>
#include <midhook>

public void OnPluginStart()
{
    
GameData hGameData = new GameData("midhook_test");

    
Address addr hGameData.GetAddress("CLunge::IsAbilityReadyToFire");
    
MidHook midhook = new MidHook(addrOnMidHook);
    if (!
midhook)
        
SetFailState("Failed to create midhook");
    
delete hGameData;
}

void OnMidHook(MidHookRegisters regs)
{
    
PrintToServer("--- OnMidHook ---"); // Server crashes immediately after printing

Attached Thumbnails
Click image for larger version

Name:	Snipaste_2023-09-22_23-35-13.jpg
Views:	48
Size:	100.6 KB
ID:	201606  
fdxx is offline
Scag
AlliedModders Donor
Join Date: May 2017
Location: Crashing Hale
Old 09-22-2023 , 12:03   Re: [EXTENSION] Midhooks
Reply With Quote #3

Quote:
Originally Posted by fdxx View Post
Spoiler
Please provide an Accelerator crash dump if possible. At a glance, it appears that short jumps (the 74 0B) cannot be fixed up in the trampoline of a midhook. Try hooking somewhere that doesn't have a short jump within ~5 bytes of the target address. If that's the problem, then that is a limitation of the API but something I could consider working on in the future.
__________________
Over-engineering is underrated.

GitHub
BTC
ETH

Retired
Scag is offline
fdxx
Member
Join Date: Oct 2020
Location: 0xdeadbeef
Old 09-22-2023 , 21:27   Re: [EXTENSION] Midhooks
Reply With Quote #4

Quote:
Originally Posted by Scag View Post
Please provide an Accelerator crash dump if possible. At a glance, it appears that short jumps (the 74 0B) cannot be fixed up in the trampoline of a midhook. Try hooking somewhere that doesn't have a short jump within ~5 bytes of the target address. If that's the problem, then that is a limitation of the API but something I could consider working on in the future.
https://crash.limetech.org/pw6nmzpo53dp
Attached Files
File Type: txt stack.txt (234.3 KB, 32 views)
fdxx is offline
Scag
AlliedModders Donor
Join Date: May 2017
Location: Crashing Hale
Old 09-22-2023 , 22:38   Re: [EXTENSION] Midhooks
Reply With Quote #5

Quote:
Originally Posted by fdxx View Post
Yes, looks like that's exactly what happened.

Quote:
Originally Posted by Scag
At a glance, it appears that short jumps (the 74 0B) cannot be fixed up in the trampoline of a midhook.
The disassembly in the crash dump provides the tail end bytes of the following movzx instruction. The jz was fortunately short.

Anyways, for now, try to avoid emplacing midhooks where there are short (2-3 byte-long) jmp instructions that the midhook will run over. E8 and E9 jumps should be okay. I can work on getting short jumps to remap/work but that will take some finesse. I'll update the main post to reflect that fact.
__________________
Over-engineering is underrated.

GitHub
BTC
ETH

Retired

Last edited by Scag; 09-22-2023 at 22:39.
Scag is offline
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 13:18.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode