Hooking results in incorrect asm (IDirect3DDevice9::CreateDevice)

Dec 1, 2012 at 6:02 PM
Edited Dec 1, 2012 at 6:14 PM

I'm using EasyHook 2.6 to hook IDirect3DDevice9::CreateDevice. The problem is that I'm seeing a bit of inconsistency in the hook; sometimes it works and other times the hook generates incorrect ASM.

Here's what the function looks like before I attempt to hook it:

0:000> u d3d9!CEnum::CreateDevice
d3d9!CEnum::CreateDevice:
5bd12e0e 8bff            mov     edi,edi
5bd12e10 55              push    ebp
5bd12e11 8bec            mov     ebp,esp
5bd12e13 81ec48010000    sub     esp,148h
5bd12e19 53              push    ebx
5bd12e1a 56              push    esi
5bd12e1b 8b7508          mov     esi,dword ptr [ebp+8]
5bd12e1e 85f6            test    esi,esi

and this is what it results in:

0:000> u d3d9!CEnum::CreateDevice
d3d9!CEnum::CreateDevice:
5bd12e0e 8bade4a3af81    mov     ebp,dword ptr [ebp-7E505C1Ch]
5bd12e14 ec              in      al,dx
5bd12e15 48              dec     eax
5bd12e16 0100            add     dword ptr [eax],eax
5bd12e18 005356          add     byte ptr [ebx+56h],dl
5bd12e1b 8b7508          mov     esi,dword ptr [ebp+8]
5bd12e1e 85f6            test    esi,esi
5bd12e20 0f849e000000    je      d3d9!CEnum::CreateDevice+0x19 (5bd12ec4)

EasyHook clearly messes something up here, and instead of inserting a jmp, it creates some bogus asm instead.

Here's what it looks like when the hook is properly installed:

0:000> u d3d9!CEnum::CreateDevice
d3d9!CEnum::CreateDevice:
5bd12e0e e95d4690a4      jmp     00617470
5bd12e13 81ec48010000    sub     esp,148h
5bd12e19 53              push    ebx
5bd12e1a 56              push    esi
5bd12e1b 8b7508          mov     esi,dword ptr [ebp+8]
5bd12e1e 85f6            test    esi,esi

Any idea on what's throwing EasyHook off here?

Edit: I should probably add that LhInstallHook returns success.