How to resolve interfaces from the XEX

Discussion in 'TitanFall' started by CRACKbomber, Apr 6, 2014.

  1. CRACKbomber

    CRACKbomber Resident Xbox Guru XPG Developer
    85/94

    276
    235
    25
    Sep 12, 2011
    Michigan
    Console:
    Xbox
    First find an interface string like "VClient018" (hint use the source sdk)
    Next either grab the export address manually from IDA, or resolve the ordinal (Export 4)

    Cast it into the function "CreateInterfaceFn"
    Code:
    typedef void* (*CreateInterfaceFn)(const char *pName, int *pReturnCode);
    Next use this vftable hooking class to hook the interface
    Code:
    #pragma once

//Credits: Casual_Hacker


#include <winbase.h>
class CVMTHookManager
{
public:
CVMTHookManager( )
{
memset( this, 0, sizeof( CVMTHookManager ) );
}
 
CVMTHookManager( PDWORD* ppdwClassBase )
{
bInitialize( ppdwClassBase );
}
 
~CVMTHookManager( )
{
UnHook();
}
bool bInitialize( PDWORD* ppdwClassBase )
{
m_ppdwClassBase = ppdwClassBase;
m_pdwOldVMT = *ppdwClassBase;
m_dwVMTSize = dwGetVMTCount( *ppdwClassBase );
m_pdwNewVMT = new DWORD[ m_dwVMTSize ];
memcpy( m_pdwNewVMT, m_pdwOldVMT, sizeof( DWORD ) * m_dwVMTSize );
*ppdwClassBase = m_pdwNewVMT;
return true;
}
bool bInitialize( PDWORD** pppdwClassBase ) // fix for pp
{
return bInitialize( *pppdwClassBase );
}
 
void UnHook( )
{
if ( m_ppdwClassBase )
{
*m_ppdwClassBase = m_pdwOldVMT;
}
}
 
void ReHook( )
{
if ( m_ppdwClassBase )
{
*m_ppdwClassBase = m_pdwNewVMT;
}
}
 
int iGetFuncCount( )
{
return ( int ) m_dwVMTSize;
}
 
DWORD dwGetMethodAddress( int Index )
{
if ( Index >= 0 && Index <= ( int )m_dwVMTSize && m_pdwOldVMT != NULL )
{
return m_pdwOldVMT[ Index ];
}
return NULL;
}
 
PDWORD pdwGetOldVMT( )
{
return m_pdwOldVMT;
}
 
DWORD dwHookMethod( DWORD dwNewFunc, unsigned int iIndex )
{
if ( m_pdwNewVMT && m_pdwOldVMT && iIndex <= m_dwVMTSize && iIndex >= 0 )
{
m_pdwNewVMT[ iIndex ] = dwNewFunc;
return m_pdwOldVMT[ iIndex ];
}
 
return NULL;
}
 
private:
DWORD dwGetVMTCount( PDWORD pdwVMT )
{
DWORD dwIndex = 0;
 
for ( dwIndex = 0; pdwVMT[ dwIndex ]; dwIndex++ )
{
if ( IsBadCodePtr( ( FARPROC ) pdwVMT[ dwIndex ] ) )
{
break;
}
}
return dwIndex;
}
PDWORD* m_ppdwClassBase;
PDWORD m_pdwNewVMT, m_pdwOldVMT;
DWORD m_dwVMTSize;
};
    result
    Code:
    typdef void* (*tCreateMove)(int,float,bool)
CVMTHookManager* g_pHLClient = NULL;
tCreateMove oldCreateMove = NULL;
VOID HookedCreateMove(int sequence_number, float input_sample_frametime, bool active)
{
   //do CUserCMD haxing here
   oldCreateMove(sequence_number, input_sample_frametime, active);
}

//in dll main
g_pHLClient = new CVMTHookManager(); 
g_pHLClient->bInitialize((PDWORD*)createInterface("VClient018", 0));
//24 is the index of Createmove
oldCreateMove  = (tCreateMove)g_pHLClient->dwHookMethod((DWORD)hookedCreateMove, 24);
    thanks and have fun
     
    CRACKbomber, Apr 6, 2014
    CRACKbomber, Apr 6, 2014
    #1
  2. Coder123

    Coder123 Finnish Modder XPG Developer TeamXPG
    105/188

    1,953
    717
    105
    Jan 21, 2012
    Finland
    Console:
    Xbox
    Great release, but this is way too advanced for majority of users in here :D
     
    Coder123, Apr 7, 2014
    Coder123, Apr 7, 2014
    #2
  3. So

    Sonido64 Newbie
    0/47

    6
    0
    0
    Dec 16, 2013
    France
    Console:
    Xbox
    Hello , how do you use this please ?
     
    Sonido64, Apr 8, 2014
    Sonido64, Apr 8, 2014
    #3
  4. AAW

    AAW Developer XPG Developer Lifetime Gold
    85/94

    652
    690
    85
    Aug 6, 2012
    Inside XPG
    Console:
    Xbox
    Perfect example Coder123/ Good Job CRACKbomber
     
    AAW, Apr 8, 2014
    AAW, Apr 8, 2014
    #4
  5. So

    Sonido64 Newbie
    0/47

    6
    0
    0
    Dec 16, 2013
    France
    Console:
    Xbox
    Yes :/
    Can you say me the way ? Not all, only the steps or something please.
     
    Sonido64, Apr 8, 2014
    Sonido64, Apr 8, 2014
    #5

Share This Page