HookEngine
Info
Dependencies:
- None
Implementation:
HookEngine.d on GitHub
This package allows you to hook anywhere in an engine function to run your own Daedalus code.
Tip
Zerxes has provided a list of all engine functions for G2, including the number of bytes to fill in for oldInstr
. This list can be found here. This should make it possible for everyone to use the HookEngine effectively without IDA.
Initialization
N/A
Functions
HookEngine
HookEngine
Attaches a function to an engine function address.
var int address
Address of an engine function to which the function should be attached.var int oldInstr
The length in bytes of the instruction to be found ataddress
, at least 5 bytes. Can be seen in IDA.var string function
Name of Daedalus function to be called.
HookEngineS
HookEngineS
Alias to the HookEngine
function.
var int address
Address of an engine function to which the function should be attached.var int oldInstr
The length in bytes of the instruction to be found ataddress
, at least 5 bytes. Can be seen in IDA.var string function
Name of Daedalus function to be called.
HookEngineI
HookEngineI
Alias to HookEngine
with funcID.
var int address
Address of an engine function to which the function should be attached.var int oldInstr
The length in bytes of the instruction to be found ataddress
, at least 5 bytes. Can be seen in IDA.var int funcID
ID of Daedalus function to be called.
HookEngineF
HookEngineF
Alias to HookEngine
with func
parameter.
var int address
Address of an engine function to which the function should be attached.var int oldInstr
The length in bytes of the instruction to be found ataddress
, at least 5 bytes. Can be seen in IDA.var func function
Daedalus function to be called.
IsHooked
IsHooked
Checks if a hook is already present at a given address.
var int address
Address of an engine function.
Return value
The function returns TRUE
if the hook already exists at the address, FALSE
is returned otherwise.
IsHook
IsHook
Checks if a hook with a certain function is already present at an address.
var int address
Address of an engine function.var string function
Name of a function.
Return value
The function returns TRUE
if the hook already exists at the address, FALSE
is returned otherwise.
IsHookI
IsHookI
Alias to IsHook
with a funcID as parameter.
var int address
Address of an engine function.var int funcID
ID of a function.
Return value
The function returns TRUE
if the hook already exists at the address, FALSE
is returned otherwise.
IsHookF
IsHookF
Alias to IsHook
with a function as parameter.
var int address
Address of an engine function.var func function
Daedalus function.
Return value
func
parameter
The function returns TRUE
if the hook already exists at the address, FALSE
is returned otherwise.
RemoveHook
RemoveHook
Removes a function from a hook so that it is no longer called.
var int address
Address of an engine function to which the function should be attached.var int oldInstr
The length in bytes of the instruction to be found ataddress
, at least 5 bytes. Can be seen in IDA.var string function
Name of Daedalus function that should no longer be called.
RemoveHookI
RemoveHookI
Alias to RemoveHook
with funcID.
var int address
Address of an engine function to which the function should be attached.var int oldInstr
The length in bytes of the instruction to be found ataddress
, at least 5 bytes. Can be seen in IDA.var int funcID
ID of Daedalus function that should no longer be called.
RemoveHookF
RemoveHookF
Alias for RemoveHook
with func
parameter.
var int address
Address of an engine function to which the function should be attached.var int oldInstr
The length in bytes of the instruction to be found ataddress
, at least 5 bytes. Can be seen in IDA.var func function
Daedalus function that should no longer be called.
ReplaceEngineFunc
ReplaceEngineFunc
Replaces an engine function with a Daedalus function.
var int address
Address of the engine function to be replaced.var int thiscall_numparams
Number of parameters passed to the engine function, if it is a stdcall or thiscall (otherwise 0).var string replaceFunc
Name of a Daedalus function to be called instead.
ReplaceEngineFuncI
ReplaceEngineFuncI
Alias to ReplaceEngineFunc
with funcID.
var int address
Address of the engine function to be replaced.var int thiscall_numparams
Number of parameters passed to the engine function, if it is a stdcall or thiscall (otherwise 0).var int funcID
ID of a Daedalus function to be called instead.
ReplaceEngineFuncF
ReplaceEngineFuncF
Alias to ReplaceEngineFunc
with func parameter.
var int address
Address of the engine function to be replaced.var int thiscall_numparams
Number of parameters passed to the engine function, if it is a stdcall or thiscall (otherwise 0).var func function
Daedalus function to be called instead.
DisableEngineFunc
DisableEngineFunc
Makes sure that an engine function is simply skipped. This is very delicate and will not always work so easily.
var int address
Address of the engine function to be skipped.var int thiscall_numparams
Number of parameters passed to the engine function, if it is a stdcall or thiscall (otherwise 0).
Hook_ReturnFalse
Hook_ReturnTrue
Registers
In addition the HookEngine package implement x86 32-bit registers that can be used to access hooked function parameters.