"Never measure the height of a mountain until you have reached the top. Then you will see how low it was."
- Dag Hammarskjöld
More pages: 1 ... 11 ... 21 ... 31 ... 41 ... 51 ... 61 ... 71 ... 81 ... 91 ... 101 ... 111 ... 121 ... 124 125 126 127 128 129 130 131 132 133 134 ... 141 ... 151 ... 161 ... 171 ... 181 ... 191 ... 201 ... 211 ... 221 ... 231 ... 241 ... 251 ... 261 ... 271 ... 281 ... 291 ... 301 ... 311 ... 321 ... 331 ... 341 ... 351 ... 361 ... 371 ... 381 ... 391 ... 401 ... 411 ... 421 ... 431 ... 438
Query Failedr2d2Proton
Friday, August 20, 2010

Well, if Detours wasn't readily known at the time of need, I think this hack-trick was brilliant. Personally I haven't heard of Detours until you guys mentioned it below. Now I am going to be investigating it too. . .
deadc0de
Wednesday, August 18, 2010

Thatcher: I'm not 100% sure but I think the catch is that he's using SV_POSITION, and not a position copy ala DX9. I don't have a dx10 pc a home (well... I have a macbook) to confirm this and the sdk documentation is not clear, but googling seems to confirm that SV_POSITION is in viewport space.

I still agree that there is a lot of misinformation, i.e. on the way the hi-z works and on the benefits of using derivatives for post processing...
Barbie
Monday, August 9, 2010

I'm with GianT, I personally like detour for this kind of redirection. It works wonders, and is not limited to COM/vtable-enabled functions either: it actually patches the target method's implementation. It's brilliant! But it does require a little bit more setup than this otherwise fine hack.

A word of caution too, on the "copy more memory". While it's unlikely, copying arbitrary memory can
also result in a segfault, assuming you're at the end of the page...
GianT
Monday, August 9, 2010

You could also patch Win32 and COM functions with the help of a library like Detours. http://research.microsoft.com/en-us/projects/detours/

Also, this is very useful to intercept all calls to VirtualAlloc/VirtualFree, so you can monitor the memory allocations of your Windows build :-)
GianT
Monday, August 9, 2010

You could also patch Win32 and COM functions with the help of a library like Detours. http://research.microsoft.com/en-us/projects/detours/

Also, this is very useful to intercept all calls to VirtualAlloc/VirtualFree, so you can monitor the memory allocations of your Windows build :-)
eXile
Saturday, August 7, 2010

Thanks for the article! Somehow this approach reminds me of my old SSDT-hookinh implementations (except vtable-hooking is of course in user mode, not in kernel mode). Cartainly a nice approach to find out what exactly third-party libraries are doing under their hood
Humus
Friday, August 6, 2010

Axel,
well, that's more or less a summary of my last paragraph and I think the title of the post sort of set the right expectations. This is more intended as a hacking for fun than for actual measurable gains. I have another blog post coming up on a more practically usable v-table hacking technique.
David
Friday, August 6, 2010

In this case(and in general if you are not writing a JIT/compiler/something esoteric), such things are completly pointless.

But there are cases where such things might be useful, but it would be better to write the target address into the jump instruction, thus avoiding the more expensive call-through-pointer instruction.

In fact, if you use a JIT compiled language(eg MS CLR), the JIT will often do this for you, perhaps with a conditional branch to detect if the target changes(from the class ID, not the address)....

David
More pages: 1 ... 11 ... 21 ... 31 ... 41 ... 51 ... 61 ... 71 ... 81 ... 91 ... 101 ... 111 ... 121 ... 124 125 126 127 128 129 130 131 132 133 134 ... 141 ... 151 ... 161 ... 171 ... 181 ... 191 ... 201 ... 211 ... 221 ... 231 ... 241 ... 251 ... 261 ... 271 ... 281 ... 291 ... 301 ... 311 ... 321 ... 331 ... 341 ... 351 ... 361 ... 371 ... 381 ... 391 ... 401 ... 411 ... 421 ... 431 ... 438