[Release] Register Detour 1.1

08-20-2010, 11:48 PM

This is a function I made to detour program flow and log a specific register into a variable, using this I can get the structures I use for operation7 without the need for pointers or calling the game's own functions.

Here is the video example with instructions in the bottom right corner
Best in HD & Fullscreen

Whats new:

Quote:

Adding and subtracting the offset *Optional
Calling a void based function after *Optional

What it does:

Quote:

1. It creates a newly allocated section of memory

2. It writes the opcodes at the address specified ( in the amount of bytes that you specified as the original opcode amount )

3. It logs the register you put as the parameter into the variable you put as the result variable

4. If you put a value for add offset it adds the offset to the result variable

5. If you put a value for sub offset it subtracts the offset to the result variable

6. If you put a value for the call parameter it writes a call to that function to be executed

7. If you put true as the value for bRewriteOriginal, it will write the original instructions back to the address that was detoured so that it no longer gets logged

8. Once the log is finished it returns to the normal program flow

**|KungFuPenguin|** · 08-20-2010, 11:58 PM

This is looks, interesting.

I like the concept.

Good work

**Kozmo** · 08-25-2010, 05:13 AM

Great Job, Great Video!

+REP
Koz

08-25-2010, 05:29 AM

o: Thnks, I hope that some people will use it in their projects as a regular method :]

**Kozmo** · 08-25-2010, 05:38 AM

Will this detour thiscall's where EAX is passed?

08-25-2010, 06:19 AM

I dont know what you mean, show the dump

**learn_more** · 08-25-2010, 12:54 PM

Quote:

Originally Posted by Kozmo

Will this detour thiscall's where EAX is passed?

this is meant to find out what the value of a register is at a fixed position (e.g. for finding classptr's)

M.Holder · 08-27-2010, 02:56 PM

Hello,

sorry for this n00by question, i heard register detour for the first time...

Can i use this detour-Method for hooking D3D functions like EndScene or DIP?

**Wieter20** · 08-27-2010, 03:33 PM

Quote:

Originally Posted by M.Holder

Hello,

sorry for this n00by question, i heard register detour for the first time...

Can i use this detour-Method for hooking D3D functions like EndScene or DIP?

They aint in the register?-.- but are a simple function in directx afaik correct me if im rong

M.Holder · 08-27-2010, 04:18 PM

Quote:

Originally Posted by Wieter20

They aint in the register?-.- but are a simple function in directx afaik correct me if im rong

I don´t know, thats why i asked.

Your video isn´t working in germany because of music licencenes.

10-01-2010, 12:37 AM

Added two new functions

PHP Code:

  void C_Memory_Manager::RegisterDetourUnhook( DWORD dwDetourAddress )
{
    DWORD dwCaveAddress = *( DWORD* )( dwDetourAddress + 0x01 ); // Gets the address of the cave from the detour
    DWORD dwOriginalOpcodesAddress = dwCaveAddress;
    DWORD dwOriginalOpcodeAmount = *( DWORD* )( CMManager.FindPattern( dwCaveAddress, 1024, "\x68\x00\x00\x00\x00\xC3", "x????x" ) + 6 ); // Gets the amount of bytes that were detoured
    DWORD dwOldProtect; 

    VirtualProtect( ( LPVOID )dwDetourAddress, dwOriginalOpcodeAmount, PAGE_EXECUTE_READWRITE, &dwOldProtect );

    memmove( ( PVOID )dwDetourAddress, ( PVOID )dwOriginalOpcodesAddress, dwOriginalOpcodeAmount ); // restores original opcodes

    VirtualProtect( ( LPVOID )dwDetourAddress, dwOriginalOpcodeAmount, dwOldProtect, 0 );
}

PHP Code:

  bool C_Memory_Manager::IsRegisterDetoured( DWORD dwDetourAddress )
{
    if( *( BYTE* )dwDetourAddress == ASM_PUSH_DWORD && *( BYTE* )( dwDetourAddress + 5 ) == ASM_RET ) // checks if its a push & ret
        return true;
    return false;
}

So now u can check if it got unhooked or if you want to remove it.

**disavow** · 10-01-2010, 01:25 AM

Really good job here, i like.

[ plus one

]