Detour successful, but hook modification not applied

[BD9a]

Hey, I tried to Hook wglSwapBuffers (changing from MinHook to PolyHook, so nothing can get wrong huh), but ye - got hooked and literally nothing changed In process asm and it just doesnt work.

Used vcpkg.exe install polyhook2:x64-windows-static to install this.
Then added VcpkgTriplet in .vcxproj file.. Changed to Multi-threaded..

#include <windows.h>
#include <iostream>
#include <cstdarg>

#include <gl/gl.h> 
#pragma comment(lib,"opengl32.lib")

#pragma comment(lib,"asmjit.lib")
#pragma comment(lib,"capstone.lib")
#pragma comment(lib,"PolyHook_2.lib")
#pragma comment(lib,"Zycore.lib")
#pragma comment(lib,"Zydis.lib")

#include <polyhook2/Detour/x64Detour.hpp>
#include <polyhook2/CapstoneDisassembler.hpp>
#include <fstream>

typedef BOOL(__stdcall * twglSwapBuffers) (_In_ HDC hDc);
twglSwapBuffers xwglSwapBuffers;

BOOL __stdcall hwglSwapBuffers(_In_ HDC hDc)
{
	std::cout << "Hooked\n";
	return xwglSwapBuffers(hDc);
}

DWORD WINAPI OpenglInit(__in  LPVOID lpParameter)
{
	AllocConsole();
	FILE* in;
	FILE* out;
	freopen_s(&in, "conin$", "r", stdin);
	freopen_s(&out, "conout$", "w", stdout);
	freopen_s(&out, "conout$", "w", stderr);

	PLH::CapstoneDisassembler dis(PLH::Mode::x64);

	while (!GetModuleHandleW(L"OPENGL32.dll"))
	{
		std::cout << "Not found\n";
		Sleep(100);
	}
	HMODULE hMod = GetModuleHandleW(L"OPENGL32.dll");
	if (hMod)
	{
		void* ptr = GetProcAddress(hMod, "wglSwapBuffers");

		uint64_t owglSwapBuffers = NULL;

		std::cout << ptr << std::endl << &ptr;
		
		PLH::x64Detour detour((char*)ptr, (char*)&hwglSwapBuffers, &owglSwapBuffers, dis);
		if (detour.hook()) {
			std::cout << "Hooked\n";
		}
		else {
			std::cout << "Failed\n";
		}
	}
	return 1;
}

BOOL __stdcall DllMain (HINSTANCE hinstDll, DWORD fdwReason, LPVOID lpvReserved)
{
	switch(fdwReason)
	{
		case DLL_PROCESS_ATTACH:
			DisableThreadLibraryCalls (hinstDll);	
			CreateThread(0, 0, OpenglInit, 0, 0, 0);
			break;

		case DLL_PROCESS_DETACH:
			break;
	}
	return TRUE;
}

[stevemk14ebr]

You are immediately destructing the hook object which unhooks the target. move the PLH::x64Detour object to global scope

[BD9a]

Like this?
PLH::x64Detour PolyHook;
It doesnt work, as class global object I did this (^) mostly.

PolyHook.detour(...);
class "PLH::x64Detour" has no member "detour"

[stevemk14ebr]

std::unique_ptr<PLH::x64Detour> is what you want.

PolyHook_2_0/polyhook2/Detour/ADetour.hpp

Line 75 in e4601b1

if (m_hooked) {

[BD9a]

I got this:
std::unique_ptr<PLH::x64Detour> uptrTest;

uptrTest->Detour::Detour(..) (imo this is wrong)

if (uptrTest->hook()) {
	std::cout << "\nHooked\n";
}

The instruction at 0x00007FFF3E402353 referenced memory at 0x0000000000000000. The memory could not be written.

Code doesnt even reach "if hooked" state.

[stevemk14ebr]

You are not using C++ correctly. uptrTest->hook() is how you invoke a virtual method of a base class, the uptrTest->Detour is nonsense

[BD9a]

How then this function should be done?
uptrTest->Detour::Detour(..)

[stevemk14ebr]

Dude seriously go learn how object oriented programming and C++ in general works. I already showed you how it works.

std::unique_ptr<PLH::x64Detour> uptrTest(new PLH::x64Detour(...args...));
uptrTest->hook();

[BD9a]

But if it's in global scope, fnAddress is 0. Later in some place im filling it using GetProcAddress.
Crashing cuz it want to read from 0x0.. address.

It's first time when I have to use unique_ptr, new and virtual functions / methods so those kind of solutions are just new for me.

#include <windows.h>
#include <iostream>
#include <cstdarg>

#include <gl/gl.h> 
#include <polyhook2/Detour/x64Detour.hpp>
#include <polyhook2/CapstoneDisassembler.hpp>

#pragma comment(lib,"opengl32.lib")

#pragma comment(lib,"asmjit.lib")
#pragma comment(lib,"capstone.lib")
#pragma comment(lib,"PolyHook_2.lib")
#pragma comment(lib,"Zycore.lib")
#pragma comment(lib,"Zydis.lib")

void* ptr = nullptr;

uint64_t owglSwapBuffers = NULL;
PLH::CapstoneDisassembler dis(PLH::Mode::x64);

typedef BOOL(__stdcall* twglSwapBuffers) (_In_ HDC hDc);
twglSwapBuffers xwglSwapBuffers;

BOOL __stdcall hwglSwapBuffers(_In_ HDC hDc)
{
	std::cout << "SwapBuffers\n";
	return xwglSwapBuffers(hDc);
}

std::unique_ptr<PLH::x64Detour> uptrTest(new PLH::x64Detour((char*)ptr, (char*)&hwglSwapBuffers, &owglSwapBuffers, dis));

DWORD WINAPI OpenglInit(__in  LPVOID lpParameter)
{
	AllocConsole(); // allocate a console
	FILE* in;
	FILE* out;

	freopen_s(&in, "conin$", "r", stdin);
	freopen_s(&out, "conout$", "w", stdout);
	freopen_s(&out, "conout$", "w", stderr);

	while (!GetModuleHandleW(L"OPENGL32.dll"))
	{
		std::cout << "Not found\n";
		Sleep(100);
	}
	HMODULE hMod = GetModuleHandleW(L"OPENGL32.dll");
	if (hMod)
	{
		ptr = GetProcAddress(hMod, "wglSwapBuffers");

		if (uptrTest->hook()) {
			std::cout << "\nHooked\n";
		}
		else {
			std::cout << "\nFailed\n";
		}
	}
	return 1;
}

BOOL __stdcall DllMain (HINSTANCE hinstDll, DWORD fdwReason, LPVOID lpvReserved)
{
	switch(fdwReason)
	{
		case DLL_PROCESS_ATTACH:
			DisableThreadLibraryCalls (hinstDll);	
			CreateThread(0, 0, OpenglInit, 0, 0, 0);
			break;

		case DLL_PROCESS_DETACH:
			break;
	}
	return TRUE;
}

[stevemk14ebr]

You need to delay initialization of the object then. You can do that like this:

#include <windows.h>
#include <iostream>
#include <cstdarg>

#include <gl/gl.h> 
#include <polyhook2/Detour/x64Detour.hpp>
#include <polyhook2/CapstoneDisassembler.hpp>

#pragma comment(lib,"opengl32.lib")

#pragma comment(lib,"asmjit.lib")
#pragma comment(lib,"capstone.lib")
#pragma comment(lib,"PolyHook_2.lib")
#pragma comment(lib,"Zycore.lib")
#pragma comment(lib,"Zydis.lib")

uint64_t owglSwapBuffers = NULL;
PLH::CapstoneDisassembler dis(PLH::Mode::x64);

typedef BOOL(__stdcall* twglSwapBuffers) (_In_ HDC hDc);
twglSwapBuffers xwglSwapBuffers;

BOOL __stdcall hwglSwapBuffers(_In_ HDC hDc)
{
	std::cout << "SwapBuffers\n";
	return xwglSwapBuffers(hDc);
}

std::unique_ptr<PLH::x64Detour> uptrTest;
DWORD WINAPI OpenglInit(__in  LPVOID lpParameter)
{
	AllocConsole(); // allocate a console
	FILE* in;
	FILE* out;

	freopen_s(&in, "conin$", "r", stdin);
	freopen_s(&out, "conout$", "w", stdout);
	freopen_s(&out, "conout$", "w", stderr);

	while (!GetModuleHandleW(L"OPENGL32.dll"))
	{
		std::cout << "Not found\n";
		Sleep(100);
	}
	HMODULE hMod = GetModuleHandleW(L"OPENGL32.dll");
	if (hMod)
	{
		void* ptr = GetProcAddress(hMod, "wglSwapBuffers");
                uptrTest.reset(new PLH::x64Detour((char*)ptr, (char*)&hwglSwapBuffers, &owglSwapBuffers, dis));

		if (uptrTest->hook()) {
			std::cout << "\nHooked\n";
		}
		else {
			std::cout << "\nFailed\n";
		}
	}
	return 1;
}

BOOL __stdcall DllMain (HINSTANCE hinstDll, DWORD fdwReason, LPVOID lpvReserved)
{
	switch(fdwReason)
	{
		case DLL_PROCESS_ATTACH:
			DisableThreadLibraryCalls (hinstDll);	
			CreateThread(0, 0, OpenglInit, 0, 0, 0);
			break;

		case DLL_PROCESS_DETACH:
			break;
	}
	return TRUE;

[BD9a]

Should I create new issue?

When it reach the end of OpenglInit function, targeted program just crashing. When changing fnAddress to other (from ptr to *ptr, which will not hit my targeted function) it doesnt crash. Maybe "protection" or sth like that (no anticheat).

Or maybe function arguments is wrong here, fnCallback which is (char*)&hwglSwapBuffers.

[stevemk14ebr]

No, please debug it and find the root cause. If you can create a simple reproduction and an explanation of the root cause then I can fix any potential bugs. I don't have the time or will to walk you through this libraries usage