-
Notifications
You must be signed in to change notification settings - Fork 14
2.6 Hook: VTable Swap
DK edited this page Feb 11, 2024
·
3 revisions
Swaps a virtual method table function with target function
-
vtbl: pointer to virtual method table (base address of class object) -
index: index of the virtual function in the virtual method table -
funcInfo: FUNC_INFO wrapped function -
patch: prolog patch before detouring to target function
VMTHookHandle AddVMTHook(
void* a_vtbl,
std::uint16_t a_index,
FuncInfo a_funcInfo,
Patch* a_patch
) noexceptusing namespace DKUtil::Alias;
class Dummy
{
public:
void MsgA() { INFO("Called MsgA"sv); } // 0
void MsgB() { INFO("Called MsgB"sv); } // 1
};
// target dummy vtbl, it's implicitly at <class pointer + 0x0>
Dummy* dummy = new Dummy();
// target function signature, first parameter is <this>
using MsgFunc = std::add_pointer_t<void(Dummy*)>;
MsgFunc oldMsgA;
MsgFunc oldMsgB;
// swap function
void MsgC(Dummy* a_this) {
INFO("Called MsgC"sv);
// call original function
oldMsgA(a_this);
oldMsgB(a_this);
}
auto _Hook_MsgA = DKUtil::Hook::AddVMTHook(dummy, 0, FUNC_INFO(MsgC));
auto _Hook_MsgB = DKUtil::Hook::AddVMTHook(dummy, 1, FUNC_INFO(MsgC));
// save original function
oldMsgA = _Hook_MsgA->GetOldFunction<MsgFunc>();
oldMsgB = _Hook_MsgB->GetOldFunction<MsgFunc>();
_Hook_MsgA->Enable();
_Hook_MsgB->Enable();
// now MsgA and MsgB will both be detoured to MsgC instead