OpenRCE

📚 OpenRCE is preserved as a read-only archive. Launched at RECon Montreal in 2005. Registration and posting are disabled.

About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Users What's New

Customize Theme

Flag: Tornado! Hurricane!

Topic created on: December 25, 2007 22:37 CST by Joelbenm .

Hi Everyone,

My question is, in short - how can I know in directx VTables, which item hold the Present function address.

I'm hooking a directx program and using a JMP-injection technique. I have code that uses a vtable to get the address of the device Present function, and it hard-codedly takes the address of the Present from the vtable's 17th item. Now, I need to do the same for IDirect3DSwapChain Present. How do i know which item of this vtable hold the Present?

thanks very much for _ANY_ idea,
J

c1de0x		December 26, 2007 02:00.58 CST
Wow... there seems to be a lot of confusion as to how to properly reverse C++ and especially COM. Maybe I should write up an article. Joelbenm: the easiest way to find out the vtable index of a given function is to either: - write a short snippet which uses the function, compile, disassem and read, or: - write a short snippet containing a class implementing (or inheriting) the interface/class you are interested in and compile it with MSVC's hidden -dreportAllClassLayout compiler flag to output class structures and vtable mappings. Hope this helps. If you need more help, be sure to hit the irc chan.

dELTA		December 26, 2007 12:33.25 CST
See this: http://www.woodmann.com/forum/showthread.php?t=10999

Joelbenm		December 27, 2007 13:54.40 CST
thanks everyone. actually, it was much easier than I thought (but do let me know if i got it wrong): I just went to the header file where IDirect3DSwapChain9 and there it was - the interface arranged by order. thanks again J DECLARE_INTERFACE_(IDirect3DSwapChain9, IUnknown) { /* IUnknown methods / STDMETHOD(QueryInterface)(THIS_ REFIID riid, void* ppvObj) PURE; STDMETHOD_(ULONG,AddRef)(THIS) PURE; STDMETHOD_(ULONG,Release)(THIS) PURE; /* IDirect3DSwapChain9 methods / STDMETHOD(Present)(THIS_ CONST RECT pSourceRect,CONST RECT* pDestRect,HWND hDestWindowOverride,CONST RGNDATA* pDirtyRegion,DWORD dwFlags) PURE; STDMETHOD(GetFrontBufferData)(THIS_ IDirect3DSurface9* pDestSurface) PURE; STDMETHOD(GetBackBuffer)(THIS_ UINT iBackBuffer,D3DBACKBUFFER_TYPE Type,IDirect3DSurface9** ppBackBuffer) PURE; STDMETHOD(GetRasterStatus)(THIS_ D3DRASTER_STATUS* pRasterStatus) PURE; STDMETHOD(GetDisplayMode)(THIS_ D3DDISPLAYMODE* pMode) PURE; STDMETHOD(GetDevice)(THIS_ IDirect3DDevice9** ppDevice) PURE; STDMETHOD(GetPresentParameters)(THIS_ D3DPRESENT_PARAMETERS* pPresentationParameters) PURE;

Note: Registration is required to post to the forums.

There are 31,328 total registered users.

Recently Created Topics
[help] Unpacking VMP...	Mar/12
Reverse Engineering ...	Jul/06
let 'IDAPython' impo...	Sep/24
set 'IDAPython' as t...	Sep/24
GuessType return une...	Sep/20
About retrieving the...	Sep/07
How to find specific...	Aug/15
How to get data depe...	Jul/07
Identify RVA data in...	May/06
Question about memor...	Dec/12

Recent Forum Posts
Finding the procedur...	rolEYder
Question about debbu...	rolEYder
Identify RVA data in...	sohlow
let 'IDAPython' impo...	sohlow
How to find specific...	hackgreti
Problem with ollydbg	sh3dow
How can I write olly...	sh3dow
New LoadMAP plugin v...	mefisto...
Intel pin in loaded ...	djnemo
OOP_RE tool available?	Bl4ckm4n

Recent Blog Entries
	halsten	Mar/14
Breaking IonCUBE VM
	oleavr	Oct/24
Anatomy of a code tracer
	hasherezade	Sep/24
IAT Patcher - new tool for ...
	oleavr	Aug/27
CryptoShark: code tracer ba...
	oleavr	Jun/25
Build a debugger in 5 minutes
More ...

Recent Blog Comments
	nieo on:	Mar/22
IAT Patcher - new tool for ...
	djnemo on:	Nov/17
Kernel debugger vs user mod...
	acel on:	Nov/14
Kernel debugger vs user mod...
	pedram on:	Dec/21
frida.github.io: scriptable...
	capadleman on:	Jun/19
Using NtCreateThreadEx for ...
More ...

Imagery

SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit