c ++ d3d hooking

本文介绍了c ++ d3d hooking - COM vtable的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

尝试制作一个Fraps类型的程序。

#includeprecompiled.h typedef IDirect3D9 * STDMETHODCALLTYPE * Direct3DCreate9_t）（UINT SDKVersion）; Direct3DCreate9_t RealDirect3DCreate9 = NULL; 的typedef HRESULT（STDMETHODCALLTYPE * CreateDevice_t）（UINT适配器，D3DDEVTYPE的devicetype，HWND hFocusWindow， DWORD BehaviorFlags，D3DPRESENT_PARAMETERS * pPresentationParameters， **的IDirect3DDevice9 ppReturnedDeviceInterface）; CreateDevice_t RealD3D9CreateDevice = NULL; HRESULT STDMETHODCALLTYPE HookedD3D9CreateDevice（UINT适配器，D3DDEVTYPE的devicetype，HWND hFocusWindow， DWORD BehaviorFlags，D3DPRESENT_PARAMETERS * pPresentationParameters， **的IDirect3DDevice9 ppReturnedDeviceInterface） { //这个调用使它跳到HookedDirect3DCreate9并崩溃。我做错了什么 HRESULT RET = RealD3D9CreateDevice（适配器的devicetype，hFocusWindow，BehaviorFlags， pPresentationParameters，ppReturnedDeviceInterface）; return ret; } IDirect3D9 * STDMETHODCALLTYPE HookedDirect3DCreate9（UINT SDKVersion） {的MessageBox（0，L创建D3D，L，，0）; IDirect3D9 * d3d = RealDirect3DCreate9（SDKVersion）; UINT_PTR * pVTable =（UINT_PTR *）（*（（UINT_PTR *）d3d））; RealD3D9CreateDevice =（CreateDevice_t）pVTable [16]; DetourTransactionBegin（）; DetourUpdateThread（GetCurrentThread（））; DetourAttach（&（PVOID&）RealD3D9CreateDevice，HookedD3D9CreateDevice）;如果（！DetourTransactionCommit（）= ERROR_SUCCESS） {的MessageBox（0，L，未能创建createdev钩，L，，0）; } return d3d; } 布尔APIENTRY的DllMain（HINSTANCE HMODULE，DWORD fdwReason，LPVOID lpReserved） {如果（fdwReason == DLL_PROCESS_ATTACH） { MessageBox（0，L，L，0）; RealDirect3DCreate9 =（Direct3DCreate9_t）GetProcAddress（GetModuleHandle（Ld3d9.dll），Direct3DCreate9）; DetourTransactionBegin（）; DetourUpdateThread（GetCurrentThread（））; DetourAttach（&（PVOID&）RealDirect3DCreate9，HookedDirect3DCreate9）; DetourTransactionCommit（）; } // TODO分离钩子 return true; }

解决方案

IDirect3D9 :: CreateDevice 是：

STDMETHOD（CreateDevice） b $ b THIS_ UINT适配器，D3DDEVTYPE的devicetype，HWND hFocusWindow， DWORD BehaviorFlags，D3DPRESENT_PARAMETERS * pPresentationParameters， **的IDirect3DDevice9 ppReturnedDeviceInterface）PURE;

这扩展为：

的typedef HRESULT（STDMETHODCALLTYPE * CreateDevice_t）（ IDirect3D9 FAR *此，//你忘了这 UINT适配器，D3DDEVTYPE的devicetype，HWND hFocusWindow， DWORD BehaviorFlags， D3DPRESENT_PARAMETERS * pPresentationParameters， IDirect3DDevice9 ** ppReturnedDeviceInterface）;

换句话说，你声明了 CreateDevice

此外，您可能只需要 IDirect3D9 vtable，而不是直接索引到 #define CINTERFACE 并访问要通过 d3d-> lpVtbl-> CreateDevice 覆盖的函数。

Trying to make a Fraps type program. See comment for where it fails.

#include "precompiled.h" typedef IDirect3D9* (STDMETHODCALLTYPE* Direct3DCreate9_t)(UINT SDKVersion); Direct3DCreate9_t RealDirect3DCreate9 = NULL; typedef HRESULT (STDMETHODCALLTYPE* CreateDevice_t)(UINT Adapter, D3DDEVTYPE DeviceType, HWND hFocusWindow, DWORD BehaviorFlags, D3DPRESENT_PARAMETERS* pPresentationParameters, IDirect3DDevice9** ppReturnedDeviceInterface); CreateDevice_t RealD3D9CreateDevice = NULL; HRESULT STDMETHODCALLTYPE HookedD3D9CreateDevice(UINT Adapter, D3DDEVTYPE DeviceType, HWND hFocusWindow, DWORD BehaviorFlags, D3DPRESENT_PARAMETERS* pPresentationParameters, IDirect3DDevice9** ppReturnedDeviceInterface) { // this call makes it jump to HookedDirect3DCreate9 and crashes. i'm doing something wrong HRESULT ret = RealD3D9CreateDevice(Adapter, DeviceType, hFocusWindow, BehaviorFlags, pPresentationParameters, ppReturnedDeviceInterface); return ret; } IDirect3D9* STDMETHODCALLTYPE HookedDirect3DCreate9(UINT SDKVersion) { MessageBox(0, L"Creating d3d", L"", 0); IDirect3D9* d3d = RealDirect3DCreate9(SDKVersion); UINT_PTR* pVTable = (UINT_PTR*)(*((UINT_PTR*)d3d)); RealD3D9CreateDevice = (CreateDevice_t)pVTable[16]; DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourAttach(&(PVOID&)RealD3D9CreateDevice, HookedD3D9CreateDevice); if (DetourTransactionCommit() != ERROR_SUCCESS) { MessageBox(0, L"failed to create createdev hook", L"", 0); } return d3d; } bool APIENTRY DllMain(HINSTANCE hModule, DWORD fdwReason, LPVOID lpReserved) { if (fdwReason == DLL_PROCESS_ATTACH) { MessageBox(0, L"", L"", 0); RealDirect3DCreate9 = (Direct3DCreate9_t)GetProcAddress(GetModuleHandle(L"d3d9.dll"), "Direct3DCreate9"); DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourAttach(&(PVOID&)RealDirect3DCreate9, HookedDirect3DCreate9); DetourTransactionCommit(); } // TODO detach hooks return true; }

解决方案

The signature for the C interface of IDirect3D9::CreateDevice is:

STDMETHOD(CreateDevice)( THIS_ UINT Adapter,D3DDEVTYPE DeviceType,HWND hFocusWindow, DWORD BehaviorFlags,D3DPRESENT_PARAMETERS* pPresentationParameters, IDirect3DDevice9** ppReturnedDeviceInterface) PURE;

Which expands to:

typedef HRESULT (STDMETHODCALLTYPE* CreateDevice_t)( IDirect3D9 FAR *This, // you forgot this. UINT Adapter, D3DDEVTYPE DeviceType, HWND hFocusWindow, DWORD BehaviorFlags, D3DPRESENT_PARAMETERS* pPresentationParameters, IDirect3DDevice9** ppReturnedDeviceInterface);

In other words, you declared the thunk for CreateDevice incorrectly.

Also, instead of directly indexing into the IDirect3D9 vtable, you might just want to #define CINTERFACE and access the function you want to override through d3d->lpVtbl->CreateDevice.