|
Hooking into HL2 DLL ?
I got to this link via the hlcoding mailing list,
http://www.sourcemod.net/forums/viewtopic.php?t=441 i don't understand it yet. But basicly its telling how to HOOK (aka HL1 style!?) into HL2 and such... if possible, this could be more interesting... |
Re: Hooking into HL2 DLL ?
Reading..... brain hurts o_O
Keeps reading |
Re: Hooking into HL2 DLL ?
that guy had a clever idea. However, if I understand well, as soon as the interface changes a bit, he's left to rearrange all his function pointers in the vtable. I'm not sure it's very practical. It doesn't seem to bother the AMX guys though, as they are used to get/set info where they shouldn't, such as in HL1 edict's private data...
|
Re: Hooking into HL2 DLL ?
You could probably code it so that if there is a new interface, it bypasses the hook.
|
Re: Hooking into HL2 DLL ?
huh?
what would be the point ? |
Re: Hooking into HL2 DLL ?
Well, you can hook whatever functions you need, and have the ones you don't bypass it. You can also make it so that if new functions come around, they could also bypass it.
|
Re: Hooking into HL2 DLL ?
No, you don't get it. The order in which the functions are may be arranged everytime a new interface version is defined. Contrarily to HL1. That's the purpose of this "interface factory" to ensure consistency between DLLs using different versions of the interface. Unless he cares about the version of the interface he hooks onto (but I don't see him doing that), he'll be in big trouble at any minor revision of the interface.
|
Re: Hooking into HL2 DLL ?
i thought about an easier way using the plugin interface. Technically if we chain the plugin, Is it not possible too dump any information between the server -> plugin interface like weapon bit id`s (really needed at the moment).
|
Re: Hooking into HL2 DLL ?
What do you mean by "chain the plugin"?
Plugins in Half-Life2 are implemented similar to the way they are in Metamod. The plugin does not sit between the engine and the game DLL. In Half-Life2, the engine can call plugin functions when (after) game DLL functions are called. It's more of a branch off from the main engine/gameDLL connection than it is a connection between them. For example, the engine calls the game DLL GameFrame() function, then when the game DLL returns back to the engine, the engine calls it for plugin A, then plugin B, then plugin C, like this... engine->GameDLL::GameFrame() <- GameDLL::GameFrame() returns back to the engine engine->PluginA::GameFrame() <- PluginA::GameFrame() returns back to then engine engine->PluginB::GameFrame() <- PluginB::GameFrame() returns back to the engine ...it's NOT like this... engine->PluginA::GameFrame()->PluginB::GameFrame()->GameDLL::GameFrame() ..that would be more like the way the HPB bot hooks the game DLL. The Half-Life2 plugin system does not work that way. botman |
Re: Hooking into HL2 DLL ?
botman what i mean is engine call`s the hook plugin, then hook plugin calls the real plugin.
Have a hook dll that sit`s in between dumping various information on engine functions passed to the real plugin. edit found an intresting hooking library for injecting your own code into a remote process windows only here |
Re: Hooking into HL2 DLL ?
Maybe you could do something like that if you managed to get in-between the engine and the gamedll.
Injection would require a loader but you could also look into proxying a dll that the server uses like wsock32.dll and hooking LoadLibrary from there which you'd return a handle to your dll rather than the server's. You wouldn't even need a loader and since it would be loaded while windows sets up the exe to be run you'd have no problems with hooking something too late. The only problem I noticed was with HL1 where I got something like CCodeErrorException after a while. I did manage to see some libraries being loaded before it crashed. ( Note: Above is an example to add a clock into the client while running in fullscreen, nothing else ) |
Re: Hooking into HL2 DLL ?
There`s a method of hooking the directx 9 dll in gta:vc and creating a speedometer overlay on the screen done by a guy named spooky here.
This method could intresting for hooking into the game but in xp sp2 has this new memory protection, so im not sure how easy it would be (basically all it does is unables anything to write into a remote process other than it`s own, microsoft attempt at stopping buffer overrun`s). One idea i thought about is to change the hWnd, hThread of the inject process to the same as the process you want to hook into then inject quickly and exit (hopefully confuse windows). im not sure if LoadLibraryA method would work with xp sp2`s new memory protection. |
Re: Hooking into HL2 DLL ?
If I remember correctly you can also get your dll injected by using SetWindowsHookEx, the only problem may be hooking too late.
|
Re: Hooking into HL2 DLL ?
send idHook = WH_GETMESSAGE then break in on WM_CREATE to inject. Surely that wouldn`t break in too late ?
edit.. create a thread to check for the executable with above normal priority |
Re: Hooking into HL2 DLL ?
I think you need a valid hWnd to set a windows hook though :(. I just wonder if its possible to make an exe loader which runs it under our program's address space which would allow changing of imports without injecting a dll.
( Note: Not thought out very well ) |
Re: Hooking into HL2 DLL ?
you could use CreateProcessA or CreateToolHelp32Snapshot & Module32First, Module32Next
ex. here using CreateToolHelp32Snapshot, Module32First & Module32Next to get the hWnd |
Re: Hooking into HL2 DLL ?
these are ugly hacks, I definitely wouldn't want to use them :(
anyway, let me correct one thing: Quote:
This is actually what we would need in HL2. |
Re: Hooking into HL2 DLL ?
Quote:
|
Re: Hooking into HL2 DLL ?
ugly, and won't work on Linux.
botman |
Re: Hooking into HL2 DLL ?
I just read the bots here, using the runplayermove botman had 'invented' stopped working. Perhaps its time for more ugly methods? I dunno.
|
Re: Hooking into HL2 DLL ?
Quote:
found in CBasePlayer, might help. Code:
// Run a user command. The default implementation calls ::PlayerRunCommand. In TF, this controls a vehicle if |
Re: Hooking into HL2 DLL ?
botmans method DOES still work. It's the CBasePlayer->ProcessUsercmds() that doesn't work anymore (as of latest cs:s update) I found the cbaseplayer method much tider though than the buffer writing and stuff, but hell it looks like it's gonna be the only way to do it. :)
|
Re: Hooking into HL2 DLL ?
cheeseh i thought botmans method was using the ProcessUsercmds, to get the bots to process movement.
|
Re: Hooking into HL2 DLL ?
The CBasePlayer->ProcessUserCommands() trick (which I started) doesn't work anymore as has been said, but the CBasePlayer->PlayerRunCommand() doesn't work either, even if you do pass the correct movehelper pointer. The debug error is that the function isn't returning as it expected so it sounds like Valve changed the CBasePlayer class, and therefore changed the virtual function table. However the SDK hasn't been updated (?), so currently we can't use the CBasePlayer class.
I don't know if Valve changed the CBasePlayer to stop us using it or if it was to fix some bugs. I think it's just something they had to do to get the bots working. PS. Botmans way will always work, because it is based on building a network message. (until they re-write the netcode) |
Re: Hooking into HL2 DLL ?
PS! They have changed stuff, because you can now add bots in HL2: DM !
|
Re: Hooking into HL2 DLL ?
maybe they chaged it to give us a way to access CBasePlayer & CBaseEntity without using any hacks too.
|
Re: Hooking into HL2 DLL ?
Hopefully. But we'll just have to wait.
|
Re: Hooking into HL2 DLL ?
botmans method is this ...
PHP Code:
|
Re: Hooking into HL2 DLL ?
Quote:
|
Re: Hooking into HL2 DLL ?
Yeah I had my own bot in HL2: DM. I hadn't converted my movement code so it didn't do anything, just floated there. But it was in the game, in a team, and alive. It died too with a high speed barrel :D !
I haven't done anything special, just refreshed the SDK content which might have changed stuff. |
Re: Hooking into HL2 DLL ?
"PS. Botmans way will always work, because it is based on building a network message. (until they re-write the netcode)"
Heh-heh! :) botman |
Re: Hooking into HL2 DLL ?
Just tossing this...
Maybe the hooking method isn't impossible, what about implementing the functionality of the interface factory in the hook DLL ? We would "just" need to know about a particular version of the interface and stick to it (which involves of course the need to know where to read and write for this particular version). It sounds like it would work OK for one side of the interface, but I'm wondering about the other... |
Re: Hooking into HL2 DLL ?
You know it might work if the netcode was hooked, but that would probably be more evil than hooking the interfaces.
|
Re: Hooking into HL2 DLL ?
huh ? I don't get it again. I wasn't talking about netcode, but about the virtual function tables... ???:(
|
Re: Hooking into HL2 DLL ?
Quote:
|
Re: Hooking into HL2 DLL ?
Also, if any SDK release comes soon, we can hope for a fully basic bot plugin from Valve, which i find very neat from them! :)
|
Re: Hooking into HL2 DLL ?
Quote:
|
Re: Hooking into HL2 DLL ?
Quote:
|
Re: Hooking into HL2 DLL ?
My stupidity getting mixed up with CBasePlayer & IServerGameClients Processusercmds (i was messing with the ubframe and not steve`s template) and wasn`t using my brain :).
|
Re: Hooking into HL2 DLL ?
Quote:
|
| All times are GMT +2. The time now is 01:00. |
Powered by vBulletin® Version 3.8.2
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.