Raised This Month: $12 Target: $400
 3% 

[INFO] Hooking without extension


  
 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
Author Message
BHaType
Great Tester of Whatever
Join Date: Jun 2018
Old 08-27-2020 , 04:56   [INFO] Hooking without extension
Reply With Quote #1

Introduction

I think many people think that it is impossible to create a hook from a plugin without extension but in fact this is not the case and in this topic I will show you how to hook a normal function without using extension

Notes
  • This method is simply as information and is not as an alternative
  • It is very difficult to make such a hook and you need to understand ASM very well
  • If the hook will crash it is very difficult to understand what exactly is causing the crash which is also a minus
  • This topic uses Source Scramble but this hook can also be done without it
  • There is also a great replacement for Source Scramble that will save you from the first stage

Stages
  1. You need to get the base addresses of server.dll and sourcemod.logic.dll
  2. Get the plugin's callback address
  3. Create a hook
  4. Create an original function (optional)

Getting base addresses

There is already a topic on the forum about how to get a PEB so we will skip this part.
PEB stores modules in a ladder order, so we need to go through all the steps to find the necessary modules.

This is C++ code and we need to do the same via sourcemod.

Spoiler


And we should get something like this (This is just an example and you can rewrite it as you want).

Spoiler


Now we need to get the module name and its address but the problem is that the module names are stored in Unicode format so I created a function that allows reading Unicode but it's not perfect


Spoiler


It remains to add StrEqual and save the found modules so we go to the next stage

Getting callback address

Now We need to create a callback through which you can get another callback that will already be set to Hook
You can use any sourcemod function to do this
I chose SortFloats

The offset of this function is 33C0
Spoiler


To pass an argument to callback you need to write sending the argument and calling the function manually using ASM
I have already written a ready made ASM that should work on any sourcemod function

Code:
 8B 44 24 08 56 57 8B 7C 24 0C 8B CF FF 70 08 8B 17 FF 92 88 00 00 00 8B F0 57 8B CE 8B 16 FF 12 8B 16 8D 44 24 0C 50 8B CE FF 52 20 5F 33 C0 5E C3
Which is the same as function below
The second argument of this function will take the index of callback which will be passed via the plugin

PHP Code:
cell_t context (IPluginContext *pContext, const cell_t *params)
{
    
cell_t result;

    
pFunc->PushCell((cell_t)pContext);
    
pFunc->Execute(&result);

    return 
0;

It's time to start getting callback
Spoiler


I'll add that I'm using the UTIL_SetModel function as an example

Creating hook

Now the callback has already been found it remains to create a Hook
Our hook is that the UTIL_SetModel function will create a call to our plugin's function and pass parameters to it

Spoiler


Creating SDK which call original code (optional)

As you can see our hook works but the original code is not called which means the UTIL_SetModel function just outputs a message so you need to create an SDK that will call the original code
In General there are two ways to solve this problem the first is to create the SDK and the second is to rewrite the meaning of the original function in our hook

I will follow the path of creating the SDK
Creating an original code call via the SDK is not universal and is not suitable for every function

The best way for me is to create a jump through a relative address

Spoiler


Ending...

I repeat that this is not an alternative
All this can be done without Source Scramble but without it you will have to use gamedata and search for dummy/unused functions/memory

Just some test
Attached Files
File Type: sp Get Plugin or Get Source (hook.sp - 189 views - 9.0 KB)
__________________
cry

Last edited by BHaType; 09-27-2020 at 20:01.
BHaType is offline
Send a message via AIM to BHaType
 


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 10:53.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode