[ET Windows] OpenGL PB Bypass

stealth93

Semi-Coder
The following has been tested on ETPub and NoQuarter 2.6b but should work on all mods except ETPro due to their security checks. Hopefully this helps someone with their OpenGL dreams :p

Critiquing is welcome.

Portion of 'qboolean ETGL_Init( constchar *dllname )' in IDA
Lets find the next address to be called after GetProcAddress is done with glDrawElements
Code:
.
.
.
.text:004781D7                 call    esi ; GetProcAddress
.text:004781D9                 mov     dword_102A404, eax
.text:004781DE                 mov     dword_1787650, eax
.text:004781E3                 mov     eax, dword_16BB70C
.text:004781E8                 push    offset aGldrawelemen_0 ; "glDrawElements"
.text:004781ED                 push    eax             ; hModule
.text:004781EE                 call    esi ; GetProcAddress
[COLOR=red].text:004781F0                 mov     ecx, dword_16BB70C  [/COLOR][COLOR=lime]<--------:p[/COLOR]
.text:004781F6                 push    offset aGldrawpixels ; "glDrawPixels"
.text:004781FB                 push    ecx             ; hModule
.text:004781FC                 mov     dword_102A2B4, eax
.text:00478201                 mov     dword_17875E4, eax
.text:00478206                 call    esi ; GetProcAddress
.text:00478208                 mov     edx, dword_16BB70C
.text:0047820E                 push    offset aGledgeflag ; "glEdgeFlag"
.text:00478213                 push    edx             ; hModule
.text:00478214                 mov     dword_102A4EC, eax
.text:00478219                 mov     dword_17876D8, eax
.text:0047821E                 call    esi ; GetProcAddress
.
.
.

Our GetProcAddress hook:
Code:
[SIZE=2][SIZE=2]FARPROC WINAPI hook_GetProcAddress( HMODULE hModule, LPCSTR lpProcName )[/SIZE]
[SIZE=2]{[/SIZE]
[SIZE=2]FARPROC ret = orig_GetProcAddress( hModule, lpProcName );[/SIZE]
[SIZE=2][COLOR=#008000][SIZE=2][COLOR=#008000]/* If lpProcName is what we are looking for... */[/COLOR][/SIZE]
[/COLOR][/SIZE][SIZE=2][COLOR=#0000ff][SIZE=2][COLOR=#0000ff]if[/COLOR][/SIZE][/COLOR][/SIZE][SIZE=2]( strstr( lpProcName, [/SIZE][SIZE=2][COLOR=#a31515][SIZE=2][COLOR=#a31515]"glDrawElements"[/COLOR][/SIZE][/COLOR][/SIZE][SIZE=2] ) )[/SIZE]
[SIZE=2]{[/SIZE]
[SIZE=2][COLOR=#008000][SIZE=2][COLOR=#008000]/* Check if the next address to be called is 0x4781F0 [/COLOR][COLOR=seagreen]*/[/COLOR][/SIZE]
[/COLOR][/SIZE][SIZE=2][COLOR=#008000][SIZE=2][COLOR=#008000]/* Offsets is for ET 2.6b */[/COLOR][/SIZE][/COLOR][/SIZE]
[SIZE=2][COLOR=#0000ff][SIZE=2][COLOR=#0000ff]if[/COLOR][/SIZE][/COLOR][/SIZE][SIZE=2]( (DWORD)_ReturnAddress() == 0x4781F0 )[/SIZE]
[SIZE=2]{[/SIZE]
[SIZE=2][COLOR=#008000][SIZE=2][COLOR=#008000]/* If we are calling from ETGL_Init, hook the OpenGL function by returning our hook */[/COLOR][/SIZE]
[/COLOR][/SIZE][SIZE=2]orig_glDrawElements = (glDrawElements_t)ret;[/SIZE]
[SIZE=2]ret = (FARPROC)hook_glDrawElements;[/SIZE]
[SIZE=2]}[/SIZE]
[SIZE=2][COLOR=#0000ff][SIZE=2][COLOR=#0000ff]else[/COLOR][/SIZE]
[/COLOR][/SIZE][SIZE=2]{[/SIZE]
[SIZE=2][COLOR=#008000][SIZE=2][COLOR=#008000]/* The OpenGL function should already be hooked so return the original and PB is none the wiser ;) */[/COLOR][/SIZE]
[/COLOR][/SIZE][SIZE=2]ret = (FARPROC)orig_glDrawElements;[/SIZE]
[SIZE=2]}[/SIZE]
[SIZE=2]}[/SIZE]
[SIZE=2][COLOR=#0000ff][SIZE=2][COLOR=#0000ff]return[/COLOR][/SIZE][/COLOR][/SIZE][SIZE=2] ret;[/SIZE]
[SIZE=2]}[/SIZE]
[/SIZE]

Credits: q3 sdk
 

Attachments

  • 2010-03-18-211652-h.jpg
    2010-03-18-211652-h.jpg
    110.8 KB · Views: 135
Top