DoBulletImpact dehook

1. CPedSAInterface*    pBulletImpactInitiator;
2. CEntitySAInterface* pBulletImpactVictim;
3. CVector*            pBulletImpactStartPosition;
4. CVector*            pBulletImpactEndPosition;
5. void Aim() {
6.     struct cactor_info *localped = (struct cactor_info *)(UINT_PTR) * (uint32_t *)ACTOR_POINTER_SELF;
7.     if (localped) {
8.         if (*(DWORD*)&pBulletImpactInitiator != *(DWORD*)&localped) return;
9.         GetClosestCrosshairTarget(&hd.last_ped, hd.WEAPON_SETTINGS[getScriptCurrentWeaponName(localped)].FOV);
10.         struct cactor_info *ped = (cactor_info*)hd.last_ped;
11.         if (ped) {
12.             if (ped == localped) return; //ped self
13.  
14.             CVector myPos;
15.             ULONG readed;
16.             myPos = *(CVector*)(0xB6F258 + 0xE0);
17.             CVector target_bone;
18.             switch (hd.WEAPON_SETTINGS[getScriptCurrentWeaponName(localped)].BODY_PART) {
19.                 case eAimTar::HEAD:
20.                     GetBonePosition((CPed*)ped, &target_bone, eBone::BONE_HEAD);
21.                     break;
22.                 case eAimTar::BODY:
23.                     GetBonePosition((CPed*)ped, &target_bone, eBone::BONE_SPINE1);
24.                     break;
25.                 case eAimTar::AUTO:
26.                     if (ped->state == 50) //driving
27.                         GetBonePosition((CPed*)ped, &target_bone, eBone::BONE_HEAD);
28.                     else
29.                         GetBonePosition((CPed*)ped, &target_bone, eBone::BONE_SPINE1);
30.                     break;
31.                 }
32.             target_bone.fZ += 0.03219923;
33.             //so we have target bone, and now we need CEntitySAInteface...
34.             *(DWORD*)&pBulletImpactInitiator = (DWORD)localped;
35.             *(DWORD*)&pBulletImpactVictim = (DWORD)ped;
36.             pBulletImpactEndPosition = new CVector(target_bone);
37.         }
38.     }
39. }
40.  
41. #define HOOKPOS_CWeapon_DoBulletImpact                  0x73B550
42. DWORD MTAHookAddr;
43. DWORD MTADelta;
44.  
45. void _declspec(naked) BulletImpactHook() {
46.     _asm
47.     {
48.         mov     eax, [esp + 4]
49.         mov     pBulletImpactInitiator, eax
50.         mov     eax, [esp + 8]
51.         mov     pBulletImpactVictim, eax
52.         mov     eax, [esp + 12]
53.         mov     pBulletImpactStartPosition, eax
54.         mov     eax, [esp + 16]
55.         mov     pBulletImpactEndPosition, eax
56.         pushad
57.     }
58.     //some actions if need
59.     Aim();
60.     _asm
61.     {
62.         mov eax, pBulletImpactInitiator
63.         mov [esp + 4], eax
64.         mov eax, pBulletImpactVictim
65.         mov [esp + 8], eax
66.         mov eax, pBulletImpactStartPosition
67.         mov [esp + 12], eax
68.         mov eax, pBulletImpactEndPosition
69.         mov [esp + 16], eax
70.         popad
71.         push    0xFFFFFFFF
72.         push    0x00848E50
73.         jmp     MTAHookAddr
74.     }
75. }
76.  
77. void PrintByteArray(BYTE *arr, int size) {
78.     char *one_byte_with_space = new char[4];
79.     char *dump = new char[4 * size + 1];
80.     memset(dump, 0, 4 * size + 1);
81.     for (int i = 0; i < size; i++) {
82.         sprintf(one_byte_with_space, "%X ", arr[i]);
83.         strcat(dump, one_byte_with_space);
84.     }
85.     dump[4 * size] = '\0';
86.     Log(dump);
87.     delete dump, one_byte_with_space;
88. }
89. void DumpMemRegion(DWORD addr, int bytes) {
90.     PrintByteArray((byte*)addr, bytes);
91. }
92. void SetupBulletImpactHook() {
93.     //we need to change mta inline hook, namely - jmp delta
94.     if (*(BYTE*)(HOOKPOS_CWeapon_DoBulletImpact) == 0xE9) {
95.         DumpMemRegion(HOOKPOS_CWeapon_DoBulletImpact, 20);
96.         MTADelta = *(DWORD*)(HOOKPOS_CWeapon_DoBulletImpact + 1);
97.         DumpMemRegion((DWORD)&MTADelta, 4);
98.         MTAHookAddr = *(DWORD*)(HOOKPOS_CWeapon_DoBulletImpact + 1) + HOOKPOS_CWeapon_DoBulletImpact; //save it for subsequent jump
99.         DWORD old;
100.         ULONG bytes = 4;
101.         ntlib->NtProtectVirtualMemory(GetCurrentProcess(), (PVOID*)(HOOKPOS_CWeapon_DoBulletImpact + 1), &bytes, PAGE_EXECUTE_READWRITE, &old);
102.         *(DWORD*)(HOOKPOS_CWeapon_DoBulletImpact + 1) = (DWORD)BulletImpactHook - (HOOKPOS_CWeapon_DoBulletImpact + 5);
103.         ntlib->NtProtectVirtualMemory(GetCurrentProcess(), (PVOID*)(HOOKPOS_CWeapon_DoBulletImpact + 1), &bytes, old, &old);
104.         DumpMemRegion(HOOKPOS_CWeapon_DoBulletImpact, 20);
105.     }
106. }
107. void RemoveBulletImpactHook() {
108.     if (*(BYTE*)(HOOKPOS_CWeapon_DoBulletImpact) == 0xE9) {
109.         DWORD old;
110.         ULONG bytes = 4;
111.         ntlib->NtProtectVirtualMemory(GetCurrentProcess(), (PVOID*)(HOOKPOS_CWeapon_DoBulletImpact + 1), &bytes, PAGE_EXECUTE_READWRITE, &old);
112.         *(DWORD*)(HOOKPOS_CWeapon_DoBulletImpact + 1) = MTADelta;
113.         ntlib->NtProtectVirtualMemory(GetCurrentProcess(), (PVOID*)(HOOKPOS_CWeapon_DoBulletImpact + 1), &bytes, old, &old);
114.     }
115. }