Use non-nightly with unsafe extern "system" fn

[Roms1383]

Hi and thanks for this lib :)
I'm complete noob here, literally first time I try to hook (onto a game function) and I'm kinda stuck:
on one side I need a lib that doesn't work with nightly,
on the other side I couldn't find how to properly declare target parameter for the GenericDetour::<_>::new function so that it accept a unsafe extern "system" fn(uint64_t aObject, uint64_t aEvent) where both parameters are pointers to some underlying structs on C++ side.
Is there a way to do this without splitting crates ?

[Roms1383]

Ok so I've tried something like:

very naive and probably full of mistakes, sorry for my lack of knowledge in this area... still learning...

let address: usize = 0x141419130;
let target: unsafe extern "system" fn(u64, u64) -> bool = std::mem::transmute(address);
let target: fn(u64, u64) -> bool = std::mem::transmute(target);
// ✅ it goes till here, at least per the logs
if let Ok(detour) = GenericDetour::<fn(u64, u64) -> bool>::new(target, my_hook_func) {
// ❌ but it never reaches here
}

Any help would be greatly appreciated :)

[Roms1383]

Technically the error I got (I also switched to a RawDetour in the meantime) is a Region::Error stating Queried memory is unmapped.

[Hpmason]

Welcome, I'd be happy to help you in the right direction!
This sounds like one of three things:

• (most likely) library is loaded in different position: libraries get loaded dynamically at runtime and don't have the same address every time. You have to use OS functions at runtime to get the start address of the library and add the offset to the function.

• library isn't loaded yet: Depending on your injection process, the libraries you're trying to hook may not even be loaded yet. In the past, I've hooked library loading functions at startup and when the library I want to hook is being loaded, I initialize all the hooks at once

• The offset is wrong: tools like WinDbg provide offsets higher than the libraries should be. If that's the case, I've personally used Cheat Engine Lite to find function offsets

[Roms1383]

(most likely) library is loaded in different position: libraries get loaded dynamically at runtime and don't have the same address every time. You have to use OS functions at runtime to get the start address of the library and add the offset to the function.

indeed I'm on Windows and needed:

• GetModuleHandleW to get base address at runtime and cast its result as a usize
• add function relative address as a usize too which turns out being 0x1419130 instead

  0x141419130 takes into account base 0x14000... (found in e.g. IDA: the very beginning of binary)

• use RawDetour to avoid relying on nightly
• I also thought function was unsafe extern "system" fn(u64, u64) -> bool while it's actually unsafe extern "C" fn(usize, usize) -> (): there was no bool returned and struct pointers seems better represented by usize (well at least peeking at other people's code, but it kinda make sense anyway)

library isn't loaded yet: Depending on your injection process, the libraries you're trying to hook may not even be loaded yet. In the past, I've hooked library loading functions at startup and when the library I want to hook is being loaded, I initialize all the hooks at once

This was fine since it's already taken care by lib, or one can implement a extern "system" fn DllMain on Windows (Sam Rambles has a nice article on it).

The offset is wrong: tools like WinDbg provide offsets higher than the libraries should be. If that's the case, I've personally used Cheat Engine Lite to find function offsets

I didn't know about Cheat Engine Lite, thanks :)

[Hpmason]

Also, what crate are you using that doesn't allow nightly?

If the issue you're having is the first one and you can use static-detour, my helper crate retour-utils could be really helpful with the hook initialization process.

[Roms1383]

I'm using red4ext-rs which is a cool lib to mod Cyberpunk 2077.
I use retour-rs mostly to access an event handler out of reach from the natives / scripting engine.

I cannot tell for sure if it doesn't work on nightly, because really it compiled and built just fine.
However game crashed on start with cryptic logs (well, cryptic... at least to me 😅).
When switching using a RawDetour, then everything went fine (past previous mistakes fixed, of course).

[Roms1383]

I'm gonna mark my own feedback as the answer, but your replies were truly helpful in solving it. I hope resolving this discussion won't shadow it from other people facing the same issue (usually people, myself included, tend to forget to look at "resolved" section for previous discussions). Your crate is really great, cheers 🙂