Raised This Month: $ Target: $400
 0% 

[EXTENSION] Midhooks


Post New Thread Reply   
 
Thread Tools Display Modes
Author Message
Scag
AlliedModders Donor
Join Date: May 2017
Location: Crashing Hale
Old 09-19-2023 , 23:51   [EXTENSION] Midhooks
Reply With Quote #1

Hi. I wrote an extension that exposes midfunc/inline hooks for SourceMod.

Sometimes, you have a function you want to hook. And sometimes, the logic you want to fiddle with is way far down under deep in there, and it would be really, really hard to work to get what you want with just a hook. Sometimes, you can recreate the function yourself, but that might not work if it's super big and complicated. Sometimes, you might be able to patch over it, but if you want to execute more logic, then that also might not work. In those some times, you may need to deploy a midfunc hook.

By hand, it isn't very fun, you have to patch in a jump that goes somewhere that contains your own assembly, and then that assembly jump back when you're done. That stinks even more if you need to execute some bonus code.

And thus, that's why I wrote this extension. Here's how it works.

How it works and a test case:
Spoiler


SOURCE
RELEASES
__________________
Over-engineering is underrated.

GitHub
BTC
ETH

Retired

Last edited by Scag; 09-22-2023 at 22:40.
Scag is offline
fdxx
Member
Join Date: Oct 2020
Location: 0xdeadbeef
Old 09-22-2023 , 11:43   Re: [EXTENSION] Midhooks
Reply With Quote #2

Server crashes after trying, what am I doing wrong?

PHP Code:
/*
"Games"
{
    "left4dead2"
    {
        "Addresses"
        {
            "CLunge::IsAbilityReadyToFire"
            {
                "linux"
                {
                    "signature"    "CLunge::IsAbilityReadyToFire"
                    "offset"    "0xC8"
                }
            }
        }

        "Signatures"
        {
            "CLunge::IsAbilityReadyToFire"
            {
                "library"    "server"
                "linux"        "@_ZNK6CLunge20IsAbilityReadyToFireEv"
            }
        }
    }
}
*/

#pragma semicolon 1
#pragma newdecls required

#include <sourcemod>
#include <sdktools>
#include <midhook>

public void OnPluginStart()
{
    
GameData hGameData = new GameData("midhook_test");

    
Address addr hGameData.GetAddress("CLunge::IsAbilityReadyToFire");
    
MidHook midhook = new MidHook(addrOnMidHook);
    if (!
midhook)
        
SetFailState("Failed to create midhook");
    
delete hGameData;
}

void OnMidHook(MidHookRegisters regs)
{
    
PrintToServer("--- OnMidHook ---"); // Server crashes immediately after printing

Attached Thumbnails
Click image for larger version

Name:	Snipaste_2023-09-22_23-35-13.jpg
Views:	109
Size:	100.6 KB
ID:	201606  
fdxx is offline
Scag
AlliedModders Donor
Join Date: May 2017
Location: Crashing Hale
Old 09-22-2023 , 12:03   Re: [EXTENSION] Midhooks
Reply With Quote #3

Quote:
Originally Posted by fdxx View Post
Spoiler
Please provide an Accelerator crash dump if possible. At a glance, it appears that short jumps (the 74 0B) cannot be fixed up in the trampoline of a midhook. Try hooking somewhere that doesn't have a short jump within ~5 bytes of the target address. If that's the problem, then that is a limitation of the API but something I could consider working on in the future.
__________________
Over-engineering is underrated.

GitHub
BTC
ETH

Retired
Scag is offline
fdxx
Member
Join Date: Oct 2020
Location: 0xdeadbeef
Old 09-22-2023 , 21:27   Re: [EXTENSION] Midhooks
Reply With Quote #4

Quote:
Originally Posted by Scag View Post
Please provide an Accelerator crash dump if possible. At a glance, it appears that short jumps (the 74 0B) cannot be fixed up in the trampoline of a midhook. Try hooking somewhere that doesn't have a short jump within ~5 bytes of the target address. If that's the problem, then that is a limitation of the API but something I could consider working on in the future.
https://crash.limetech.org/pw6nmzpo53dp
Attached Files
File Type: txt stack.txt (234.3 KB, 78 views)
fdxx is offline
Scag
AlliedModders Donor
Join Date: May 2017
Location: Crashing Hale
Old 09-22-2023 , 22:38   Re: [EXTENSION] Midhooks
Reply With Quote #5

Quote:
Originally Posted by fdxx View Post
Yes, looks like that's exactly what happened.

Quote:
Originally Posted by Scag
At a glance, it appears that short jumps (the 74 0B) cannot be fixed up in the trampoline of a midhook.
The disassembly in the crash dump provides the tail end bytes of the following movzx instruction. The jz was fortunately short.

Anyways, for now, try to avoid emplacing midhooks where there are short (2-3 byte-long) jmp instructions that the midhook will run over. E8 and E9 jumps should be okay. I can work on getting short jumps to remap/work but that will take some finesse. I'll update the main post to reflect that fact.
__________________
Over-engineering is underrated.

GitHub
BTC
ETH

Retired

Last edited by Scag; 09-22-2023 at 22:39.
Scag is offline
Vit_amin
Senior Member
Join Date: Dec 2015
Location: Russian Federation
Old 09-28-2024 , 18:55   Re: [EXTENSION] Midhooks
Reply With Quote #6

Game: Counter-Strike: Source
OS: Linux (Linux Admin 5.15.153.1-microsoft-standard-WSL2 #1 SMP Fri Mar 29 23:14:13 UTC 2024 x86_64 GNU/Linux)

Extension output, when try loaded plugin:
Code:
L 09/29/2024 - 00:53:06: [SM] Unable to load extension "midhooks.ext": bin/libstdc++.so.6: version `GLIBCXX_3.4.20' not found (required by .../cstrike/addons/sourcemod/extensions/midhooks.ext.so)
Vit_amin is offline
Scag
AlliedModders Donor
Join Date: May 2017
Location: Crashing Hale
Old 09-28-2024 , 22:59   Re: [EXTENSION] Midhooks
Reply With Quote #7

Quote:
Originally Posted by Vit_amin View Post
Game: Counter-Strike: Source
OS: Linux (Linux Admin 5.15.153.1-microsoft-standard-WSL2 #1 SMP Fri Mar 29 23:14:13 UTC 2024 x86_64 GNU/Linux)

Extension output, when try loaded plugin:
Code:
L 09/29/2024 - 00:53:06: [SM] Unable to load extension "midhooks.ext": bin/libstdc++.so.6: version `GLIBCXX_3.4.20' not found (required by .../cstrike/addons/sourcemod/extensions/midhooks.ext.so)
Weird. I'm building on Debian 10 which I think is usually pretty compatible. I've now statically linked glibc so please try using the latest release and let me know if it works.
__________________
Over-engineering is underrated.

GitHub
BTC
ETH

Retired
Scag is offline
Vit_amin
Senior Member
Join Date: Dec 2015
Location: Russian Federation
Old 09-29-2024 , 13:48   Re: [EXTENSION] Midhooks
Reply With Quote #8

All work corrected, check on CentOS and Debian, many thanks
Vit_amin is offline
blueblur
Junior Member
Join Date: Nov 2022
Location: 23℃
Old 09-30-2024 , 00:54   Re: [EXTENSION] Midhooks
Reply With Quote #9

Hi, just one more question I've been wondering these days, can I detour and midhook a same function at the same time? (I guess probably not?)
blueblur is offline
donrevan
AlliedModders Donor
Join Date: Jul 2010
Old 10-02-2024 , 13:39   Re: [EXTENSION] Midhooks
Reply With Quote #10

in theory yes, as long as there is enough room for the detour and enough bytes for a midhook
donrevan is offline
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 00:13.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode