Raised This Month: $12 Target: $400
 3% 

DHooks getting param


Post New Thread Reply   
 
Thread Tools Display Modes
Author Message
farawayf
Senior Member
Join Date: Jan 2019
Old 01-27-2022 , 16:43   DHooks getting param
Reply With Quote #1

Hello.
How i can get the the value from function parameter in plugin with dhooks if the param is object and the object variable value is CBitVec ?

for example engine function:
PHP Code:
class someClass : public somePublic
{
    
int someInt;

public:
    
CBitVec<100anyName;
}; 
i want to do something like this on plugin. object = class *name
PHP Code:
if ( object->anyName.Get(99) ) 
{
    
// do something 


Last edited by farawayf; 01-27-2022 at 16:47.
farawayf is offline
Dragokas
Veteran Member
Join Date: Nov 2017
Location: Ukraine on fire
Old 02-03-2022 , 11:53   Re: DHooks getting param
Reply With Quote #2

Set up dhook parameter type as "Address".
Then, read memory using LoadFromAddress.

I think, you'll need firstly to dereference pointer (4 bytes) to get access to class members.
Then, read memory at desired offset. Dereference array pointer to get access to its data.
Then read array the same way filling each index of char[].
To analyze memory you can use sm_ptr.
__________________
Expert of CMD/VBS/VB6. Malware analyst. L4D fun (Bloody Witch & FreeZone)
[My plugins] [My tools] [GitHub] [Articles] [HiJackThis+] [Donate]
Dragokas is offline
farawayf
Senior Member
Join Date: Jan 2019
Old 02-04-2022 , 13:49   Re: DHooks getting param
Reply With Quote #3

Hello.
How i can setup the parameter as address ? if you mean DHookGetParamAddress, then it does not exist on windows with latest released version. ( Dhooks (2.2.0-detours17). Native "DHookGetParamAddress" was not found )

Thanks.

Last edited by farawayf; 02-04-2022 at 13:54.
farawayf is offline
Dragokas
Veteran Member
Join Date: Nov 2017
Location: Ukraine on fire
Old 02-04-2022 , 14:48   Re: DHooks getting param
Reply With Quote #4

You don't have those native because it is moved to methodmaps.

See: Experimental dynamic detour support
Ctrl + F => "Address"

Everything is described. You need DHookParam.GetAddress
Correct prototypes are always located at dhooks.inc (since SM 1.11.6820 it is included with sourcemod).

Something like:
Code:
		"Functions"
		{
			"someClass"
			{
				"signature"		"?"
				"callconv"		"?"
				"return"		"?"
				"this"			"address"
				"arguments"
				{
					"a1"
					{
						"type"	"objectptr"
					}
PHP Code:
public function MRESReturn (Address pThisDHookParam hParams)
{
    
int pObj hParams.GetAddress(1);

__________________
Expert of CMD/VBS/VB6. Malware analyst. L4D fun (Bloody Witch & FreeZone)
[My plugins] [My tools] [GitHub] [Articles] [HiJackThis+] [Donate]

Last edited by Dragokas; 02-04-2022 at 14:49.
Dragokas is offline
farawayf
Senior Member
Join Date: Jan 2019
Old 02-04-2022 , 15:02   Re: DHooks getting param
Reply With Quote #5

Same thing Native "DHookParam.GetAddress" was not found.

UPD. Ok, seems like it was problem on the dhooks version itself. Updated it from the sm 1.11 archive and this fixed the issue.

UPD2. am i doing this correct ?
PHP Code:
Address addr hParams.GetAddress(1) + view_as<Address>(4);

for (
int i 0100i++)
{
    
int value LoadFromAddress(addr view_as<Address>(4), NumberType_Int32);


Last edited by farawayf; 02-04-2022 at 15:58.
farawayf is offline
Dragokas
Veteran Member
Join Date: Nov 2017
Location: Ukraine on fire
Old 02-04-2022 , 17:12   Re: DHooks getting param
Reply With Quote #6

Sorry, I'm not familiar with those class and C++ generally.
From what I see, looks close.
Code:
template<int NUM_BITS>
class CBitVec
{
...
enum {NUM_DWORDS = NUM_BITS/32 + !!(NUM_BITS & 31)};
uint32	m_DWords[NUM_DWORDS];
for CBitVec<100> anyName, I think it's m_DWords[7], per 4 bytes each member.

I would study more with sm_ptr, perhaps you could see decoded chars.
To convert to char array, I would do something like:
PHP Code:
char name[7];
Address addr hParams.GetAddress(1) + view_as<Address>(4);

for (
int i 07i++)
{
    
name[i] = LoadFromAddress(addr view_as<Address>(4), NumberType_Int32);

or
PHP Code:
char name[4*7];
Address addr hParams.GetAddress(1) + view_as<Address>(4);

for (
int i 0sizeof(name); i++)
{
    
name[i] = LoadFromAddress(addr view_as<Address>(i), NumberType_Int8);

Not sure.
Which function is it used?
__________________
Expert of CMD/VBS/VB6. Malware analyst. L4D fun (Bloody Witch & FreeZone)
[My plugins] [My tools] [GitHub] [Articles] [HiJackThis+] [Donate]
Dragokas is offline
poggu
Junior Member
Join Date: Dec 2021
Old 02-06-2022 , 11:50   Re: DHooks getting param
Reply With Quote #7

Looking at your code you posted, you assume that the class members will start at offset 0. This doesn't always have to be the case, for e.g. if your class has virtual methods the class will have to make a vtable, by making such table it has to add pointer to it. This pointer is always added to the top of the class, thus moving your member offset. Make sure to check whether your class has a virtual table or not. Also if a class has multiple attributes there's a very high change not all of them will have the same size, the compiler likes to optimize these classes by adding a padding to align all the attributes. Let's say you'd have a class like
PHP Code:
bool testBool true;
int testInt 9
in this case the testBool would be on +0 offset and you'd expect the testInt to be at +1 but that wouldn't be the case, the compiler will add a padding in front of the int to align it. ints have align on 4, so you would have a 3 byte large padding after the bool. thus the offset would be + 4

Last edited by poggu; 02-06-2022 at 12:05.
poggu is offline
Silvers
SourceMod Plugin Approver
Join Date: Aug 2010
Location: SpaceX
Old 02-06-2022 , 12:43   Re: DHooks getting param
Reply With Quote #8

I guess you setup the detour arguments as "objectptr" and use the various natives available, such as:


PHP Code:
DHookGetParamObjectPtrVar(hParams10ObjectValueType_Booltrue);
DHookGetParamObjectPtrVar(hParams20ObjectValueType_Float);
int a1 DHookGetParamObjectPtrVar(hParams148ObjectValueType_EhandlePtr); 
PHP Code:
                "arguments"
                
{
                    
"a1"
                    
{
                        
"type"    "objectptr"
                    
}
                    
"a2"
                    
{
                        
"type"    "objectptr"
                    

__________________

Last edited by Silvers; 02-06-2022 at 12:44.
Silvers is offline
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 20:31.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode