Raised This Month: $66 Target: $400

[INFO] Hooking without extension

Post New Thread Reply   
Thread Tools Display Modes
Author Message
Great Tester of Whatever
Join Date: Jun 2018
Location: Methamphetamine
Old 08-27-2020 , 04:56   [INFO] Hooking without extension
Reply With Quote #1


I think many people think that it is impossible to create a hook from a plugin without extension but in fact this is not the case and in this topic I will show you how to hook a normal function without using extension

  • This method is simply as information and is not as an alternative
  • It is very difficult to make such a hook and you need to understand ASM very well
  • If the hook will crash it is very difficult to understand what exactly is causing the crash which is also a minus
  • This topic uses Source Scramble but this hook can also be done without it
  • There is also a great replacement for Source Scramble that will save you from the first stage

  1. You need to get the base addresses of server.dll and sourcemod.logic.dll
  2. Get the plugin's callback address
  3. Create a hook
  4. Create an original function (optional)

Getting base addresses

There is already a topic on the forum about how to get a PEB so we will skip this part.
PEB stores modules in a ladder order, so we need to go through all the steps to find the necessary modules.

This is C++ code and we need to do the same via sourcemod.


And we should get something like this (This is just an example and you can rewrite it as you want).


Now we need to get the module name and its address but the problem is that the module names are stored in Unicode format so I created a function that allows reading Unicode but it's not perfect


It remains to add StrEqual and save the found modules so we go to the next stage

Getting callback address

Now We need to create a callback through which you can get another callback that will already be set to Hook
You can use any sourcemod function to do this
I chose SortFloats

The offset of this function is 33C0

To pass an argument to callback you need to write sending the argument and calling the function manually using ASM
I have already written a ready made ASM that should work on any sourcemod function

 8B 44 24 08 56 57 8B 7C 24 0C 8B CF FF 70 08 8B 17 FF 92 88 00 00 00 8B F0 57 8B CE 8B 16 FF 12 8B 16 8D 44 24 0C 50 8B CE FF 52 20 5F 33 C0 5E C3
Which is the same as function below
The second argument of this function will take the index of callback which will be passed via the plugin

PHP Code:
cell_t context (IPluginContext *pContext, const cell_t *params)
cell_t result;



It's time to start getting callback

I'll add that I'm using the UTIL_SetModel function as an example

Creating hook

Now the callback has already been found it remains to create a Hook
Our hook is that the UTIL_SetModel function will create a call to our plugin's function and pass parameters to it


Creating SDK which call original code (optional)

As you can see our hook works but the original code is not called which means the UTIL_SetModel function just outputs a message so you need to create an SDK that will call the original code
In General there are two ways to solve this problem the first is to create the SDK and the second is to rewrite the meaning of the original function in our hook

I will follow the path of creating the SDK
Creating an original code call via the SDK is not universal and is not suitable for every function

The best way for me is to create a jump through a relative address



I repeat that this is not an alternative
All this can be done without Source Scramble but without it you will have to use gamedata and search for dummy/unused functions/memory

Just some test
Attached Files
File Type: sp Get Plugin or Get Source (hook.sp - 31 views - 9.0 KB)

Last edited by BHaType; 09-27-2020 at 20:01.
BHaType is offline
Send a message via AIM to BHaType
AlliedModders Donor
Join Date: May 2017
Location: Crashing Hale
Old 08-27-2020 , 14:38   Re: [INFO] Hooking without extension
Reply With Quote #2

Awesome. Thanks for this.
Over-engineering is underrated.

Scag is offline
Junior Member
Join Date: Feb 2019
Old 09-10-2020 , 07:22   Re: [INFO] Hooking without extension
Reply With Quote #3

You can use MemoryEx to avoid additional addiction [Source Scramble]
Very very old thread [2.0 Version]: https://forums.alliedmods.net/showthread.php?t=320439
GitHub: https://github.com/Rostu13/Memory-Extended [3.1 Version]
Example: Get any library
P.S Get PEB funciton => https://github.com/Rostu13/Memory-Ex...nction.inc#L28
PHP Code:
public void OnPluginStart()
void MemoryEx_InitPEB()
g_pSourcemod g_hMem.GetModuleHandle("sourcemod.logic");
g_pServer g_hMem.GetModuleHandle("server");


Malloc? Win/Lin =>
PHP Code:
#include <MemoryEx>

public void OnPluginStart()
void MemoryEx_InitPEB()
Address pBase VirtualAlloc(0x100);
PrintToServer("pBase = 0x%X"pBase);

Extra: link with description inc [Only rus]: https://hlmod.ru/resources/inc-memory-extended.1448/

Last edited by Rostu; 09-10-2020 at 07:29. Reason: add extra links
Rostu is offline
Great Tester of Whatever
Join Date: Jun 2018
Location: Methamphetamine
Old 09-27-2020 , 19:58   Re: [INFO] Hooking without extension
Reply With Quote #4

Originally Posted by Rostu View Post
You can use MemoryEx to avoid additional addiction [Source Scramble
I'll add it as a note to the main post
BHaType is offline
Send a message via AIM to BHaType

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

All times are GMT -4. The time now is 14:50.

Powered by vBulletin®
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
Theme made by Freecode