Hooking Object Methods

Sep 28, 2009 at 1:53 PM

Hello,

First of all congratulations on your fantastic work!

I'm interested in hooking DirectX calls which as you probably know are done mostly through calls to COM objects - is it possible to hook onto object methods from EasyHook?

If so, how? I've briefly used Detours and it was quite messy to do so - I had to get a pointer to the object's virtual table and the particular method I want and then pass that onto Detours.

Thanks!

Sep 29, 2009 at 9:14 PM

I managed to figure that out and now I have ran into a different problem. I am installing further hooks from within a hook callback and it seems there is a race condition whereby a hook has not been completely installed and the method gets called and so I miss the call. How can I fix this?

Pseudo-code:

 

CoCreateInstanceHook()
{
        if(objectType == theOneIWant)
        {
                GetMethodPointer;
                InstallMethodPointerHook with LocalHook.Create()
                SetExclusiveACL
        }

}

Method_Hook()
{
        Trace.WriteLine(...)
}

 

I know exactly how many calls to MethodHook to expect() and yet Trace.Writeline() won't be called that many times - and some other times it is called duplicate times.

 

Any ideas?

Oct 3, 2009 at 12:27 PM

Hi,

Could you explain how you managed to hook an object method? Or point me to some example code or relevant section in the documentation?

Thanks a million.

 

Oct 3, 2009 at 4:49 PM

Hey Fara,

I've only done it with COM objects, not plain C++ objects - I'm not sure if the virtual table is defined in the same way.

Also, I haven't managed to resolve the problem I posted above with hooking the methods from the managed API.

But anyway, the code is something like this - you need Managed C++ for it :

 

IntPtr vTable = Marshal::ReadIntPtr(retComObj);
IntPtr addFilterAddress = Marshal::ReadIntPtr(vTable, 3 * IntPtr::Size);
realAddFilter = (type_RealAddFilter)addFilterAddress.ToPointer();

                    
LocalHook::CreateUnmanaged(IntPtr(realAddFilter), IntPtr((void*)&DetouredAddFilter), IntPtr((void*)&realAddFilter));

type_RealAddFilter is defined as a normal C++ function but with the first argument being the object itself.

I am in the middle of doing this completely unmanaged with the EasyHook unmanaged API - I think it'll work better.