Using Detours on functions within engine-files

I’ve lately ran into the problem where I need to overwrite default functions in the engine (to be specific: virtual methods of IFileSystem) using MS Detours.

Now I’m quite unsure if this is safe (concerning VAC).

I have detoured functions in GMod before (in lua_shared.dll) and this is now months ago (VAC wasn’t triggered for sure). But this wasn’t an engine-function. Now I have to overwrite/hook engine functions.

Background: I’m writing on a module (gm_mount2) which shall allow mounting vpk-files (the one, Left 4 Dead uses) using Nemesis HLLib. Reading from VPK’s is easy but now I have to tell GMod “if you search this file, look it up in the vpks”

There are already a few modules that use detours. I believe it is safe.

Detours are safe - for now. VAC has (Not yet) been enabled. My guess is, when we get the EP3 engine upgrade, we will also have working VAC.

Any idea when the Ep 3 update is coming?

2011 at the earliest.

Can someone send me links to modules which use Detours?
In that case, I don’t mean any SE2-bypass scripts. I already figured out, detouring functions in lua_shared (for instance: lua_Newstate) does not trigger VAC.
I really need to be sure, that someone already used detours on engine functions and didn’t got banned.

Sidenote: I have been told by a person, he has been using Cheat Engine in GMod and didn’t got banned but then he accidentally ran it (on another program) while he alt-tabbed TF2 to the desktop - And got banned.
So apparently, VAC (according to the stories I heared) doesn’t ban in GMod (and allows VACed people to play in GMod).
Still I need some more evidence (links to modules, which use Detours)

gm_gmodeworld (Not sure)

There’s a few more, I think.


luaerror does detour lua_shared functions - Not engine-function :frowning:
enginespew doesn’t detour at all
forceconvar is unknown to me (any links?)
gatekeeper is serverside and therefore irrelevant (and it uses “VTable hooking” - most probably using detours)
gmodworld doesn’t use detours

Still I’m quite convinced using detours right now.

Checkout Azuisleet’s gm_transmittools

gm_luaerror, thread

You can find lots of modules here

If someone would be kind enough to explain exactly how to use detours in gmod modules, the general population could have a greater chance of developing module which fill in the holes in the current Lua binding. I think we would all appreciate it if someone would step forward. :smile:

It’s a dark art and the people who know how to do it don’t want anyone else to know because they then become less revered.

You could, you know, research it.

Along with what Jinto said, just take a read of a detour header file packaged with one of the modules that uses it.

The easiest way is, downloading detours how Jinto suggested, and using their wiki.

Also, in the Detours Express version, there are neat examples on how to detour funtions, but you won’t come around writing dirty hacks, if you have to detour stuff like virtual member functions (Thank’s to jinto once more for you help!).

I may write a blog-entry about this.

Back to topic:
It really seems now, Detours is wideley used. Even clientside and on engine functions so it is (for now) safe to be use for my actions. I hope I get my module working - I want to mount L4D!

Detours are 100% safe in GMod, VAC isn’t enabled. However, you might be making this harder than it has to be, just get the real ISteamFileSystem interface and replace the vtable wtih your own (which means you implement the ISteamFileSystem class). It should literally be *classptr = yourvtable;

Oh I didn’t know you can replace vtables that easy. Nice tip, thank you!

The vtable pointer is always the first pointer in a object with virtual members.

class Bob
 int a;
 int b;
 int c;

 virtual void Awesome();

Would be stored as

struct Bob
 void *vtable;
 int a;
 int b;
 int c;

Thank’s haza55.
I got a method (Jinto told me) how to retrieve the vtabl and convert it’s contents to valid pointers I can store anywhere.

So I guess it’s easy now: Get the vtable and backup + replace the pointer of my target-method by my own method. No detours necessary but same effect. :slight_smile:

Just a quick question again:
Overwriting the vtable’s entries doesn’t work directly, right? There is some type of memory-protection how it seems (Well, you can disable it)

If so, I better use detours: Easier to handle than coding my own vtable-hooking-system.