Device Pointer!/Problems!
Author
Im actually one of those people who hack games through D3D and Reverse Engineering. Although i have come across a Problem!:
#include "stdafx.h"
#include <windows.h>
#include <detours.h>
#include <d3d8.h>
#include <d3dx8.h>
#include "log.h"
#include <fstream>
#include <iostream>
#pragma comment(lib, "d3dx8.lib")
#pragma comment(lib, "d3d8.lib")
using namespace std;
static DWORD dwBeginScene = 0x6D9D9250;
static DWORD dwEndScene = 0x6d9d93a0;
static DWORD dwDrawIndexedPrimitive = 0x6d9d73a0;
static DWORD dwSetStreamSource = 0x6d9d6760;
static DWORD dwSetViewport = 0x6d9d5b90 ;
static DWORD dwReset = 0x6D9EE3B0;
IDirect3DDevice8 * pGameDevice;
int m_Stride;
int texnum;
int nNumVertices;
int nPrimitiveCount;
LPDIRECT3DTEXTURE8 Red,Yellow,Green,Blue,Purple,Pink,Orange;
bool Color = true;
bool Logger = false;
ofstream ofile;
char dlldir[320];
float ScreenCenterX = 0.0f;
float ScreenCenterY = 0.0f;
bool xhair = false;
bool WallHack = false;
bool WallHack2 = false;
bool Fog = false;
bool Guns = false;
HANDLE hand1 =NULL;
HANDLE hand2 =NULL;
DWORD bytes;
//Logger
int texarray[1000];
int arraycounter;
int delarray[500];
int dcount;
unsigned int arrc;
int i=0;
D3DCOLOR redt = D3DCOLOR_XRGB( 255, 0, 0 );
char *GetDirectoryFile(char *filename)
{
static char path[320];
strcpy(path, dlldir);
strcat(path, filename);
return path;
}
void __cdecl add_log (const char *fmt, ...)
{
if(ofile != NULL)
{
if(!fmt) { return; }
va_list va_alist;
char logbuf[256] = {0};
va_start (va_alist, fmt);
_vsnprintf (logbuf+strlen(logbuf), sizeof(logbuf) - strlen(logbuf), fmt, va_alist);
va_end (va_alist);
ofile << logbuf << endl;
}
}
HRESULT GenerateTexture(IDirect3DDevice8 *pD3Ddev, IDirect3DTexture8 **ppD3Dtex, DWORD colour32)
{
if( FAILED(pD3Ddev->CreateTexture(8, 8, 1, 0, D3DFMT_A4R4G4B4, D3DPOOL_MANAGED, ppD3Dtex)) )
return E_FAIL;
WORD colour16 = ((WORD)((colour32>>28)&0xF)<<12)
|(WORD)(((colour32>>20)&0xF)<<8)
|(WORD)(((colour32>>12)&0xF)<<4)
|(WORD)(((colour32>>4)&0xF)<<0);
D3DLOCKED_RECT d3dlr;
(*ppD3Dtex)->LockRect(0, &d3dlr, 0, 0);
WORD *pDst16 = (WORD*)d3dlr.pBits;
for(int xy=0; xy < 8*8; xy++)
*pDst16++ = colour16;
(*ppD3Dtex)->UnlockRect(0);
return S_OK;
}
//=================================EndScene_Start=================================================================================//
typedef HRESULT ( WINAPI* oEndScene ) ( LPDIRECT3DDEVICE8 pDevice );
oEndScene pEndScene;
HRESULT WINAPI myEndScene(LPDIRECT3DDEVICE8 pDevice)
{
if(Color)
{
GenerateTexture(pDevice, &Red, D3DCOLOR_ARGB (255 , 255 , 0 , 0 ));
GenerateTexture(pDevice, &Yellow, D3DCOLOR_ARGB (255 , 255 , 255 , 0 ));
GenerateTexture(pDevice, &Green, D3DCOLOR_ARGB (255 , 0 , 255 , 0 ));
GenerateTexture(pDevice, &Blue, D3DCOLOR_ARGB (255 , 0 , 0 , 255 ));
GenerateTexture(pDevice, &Purple, D3DCOLOR_ARGB (255 , 102 , 0 , 153 ));
GenerateTexture(pDevice, &Pink, D3DCOLOR_ARGB (255 , 255 , 20 , 147 ));
GenerateTexture(pDevice, &Orange, D3DCOLOR_ARGB (255 , 255 , 165 , 0 ));
Color=false;
}
if(xhair)
{
D3DRECT rec2 = {ScreenCenterX-20, ScreenCenterY, ScreenCenterX+ 20, ScreenCenterY+2};
D3DRECT rec3 = {ScreenCenterX, ScreenCenterY-20, ScreenCenterX+ 2,ScreenCenterY+20};
pDevice->Clear(1, &rec2, D3DCLEAR_TARGET,redt, 0, 0);
pDevice->Clear(1, &rec3, D3DCLEAR_TARGET,redt, 0, 0);
}
//=============================================UnHooK_Start===================================================//
if((GetAsyncKeyState(VK_F5)&1))
{
int end =NULL;
int dip =NULL;
int svp =NULL;
int sss =NULL;
int rst =NULL;
BYTE Unhook[5] = {0x8B,0xFF,0x55,0x8B,0xEC};//Original Function Bytes.
hand1 = GetCurrentProcess();
DWORD dwmodualBase=(DWORD)GetModuleHandle("d3d8.dll");
end = 0x6d9d93a0;
dip = 0x6d9d73a0;
svp = 0x6d9d5b90;
sss = 0x6d9d6760;
rst = 0x6d9ee3b0;
WriteProcessMemory(hand1, (void*) end, Unhook, 5, &bytes);
WriteProcessMemory(hand1, (void*) dip, Unhook, 5, &bytes);
WriteProcessMemory(hand1, (void*) svp ,Unhook, 5, &bytes);
WriteProcessMemory(hand1, (void*) sss,Unhook, 5, &bytes);
WriteProcessMemory(hand1, (void*) rst,Unhook, 5, &bytes);
}
//=========================================UnHook_End=========================================================//
if((GetAsyncKeyState(VK_F1)&1)){xhair=!xhair;}
if((GetAsyncKeyState(VK_F2)&1)){WallHack=!WallHack;}
if((GetAsyncKeyState(VK_F3)&1)){Fog=!Fog;}
if((GetAsyncKeyState(VK_F4)&1)){Guns=!Guns;}
return pEndScene(pDevice);
}
//====================================EndScene_End============================================================================//
//=================================Dip_Start============================================================================================//
typedef HRESULT ( WINAPI* oDrawIndexedPrimitive ) ( LPDIRECT3DDEVICE8 pDevice, D3DPRIMITIVETYPE pType, UINT nMinIndex, UINT nNumVertices, UINT nStartIndex, UINT nPrimitiveCount );
oDrawIndexedPrimitive pDrawIndexedPrimitive, OriginalDrawIndexedPrimitive;
HRESULT WINAPI myDrawIndexedPrimitive(LPDIRECT3DDEVICE8 pDevice, D3DPRIMITIVETYPE pType, UINT nMinIndex, UINT nNumVertices, UINT nStartIndex, UINT nPrimitiveCount)
{
if (Fog)
{
pDevice->SetRenderState(D3DRS_FOGENABLE,false); // Disable Fog
}
if (WallHack)
{
texnum = (nNumVertices*100000)+nPrimitiveCount;
if (m_Stride==40 && // Characters =============== //
(texnum==34900580)|| // Delta Force Head
(texnum==36100604)|| // Spetsnaz Head
(texnum==38000658)|| // Spetsnaz Legs
(texnum==18300268)|| // Spetsnaz Body
(texnum==36200604)|| // GIGN Head
(texnum==21200306)|| // GIGN Body
(texnum==35500568)|| // GSG9 Head
(texnum==2200024)|| // GSG9 Bangs
(texnum==8800105)|| // GSG9 Feet
(texnum==36900650)|| // GSG9 Legs
(texnum==19600314)|| // GSG9 Body
(texnum==36700612)|| // SAS Head
(texnum==8500105)|| // SAS Feet
(texnum==37000650)|| // SAS Legs
(texnum==18000274)|| // SAS Body
(texnum==35300556)|| // KSF Head
(texnum==7500121)|| // KSF Arms
(texnum==9200115)|| // KSF Feet
(texnum==12400168)|| // KSF Hands
(texnum==30100522)|| // KSF Legs
(texnum==18700288)|| // KSF Body
(texnum==40900594)|| // ARTC Head
(texnum==11700190)|| // ARTC Arms
(texnum==9100118)|| // ARTC Feet
(texnum==12500170)|| // ARTC Hands
(texnum==37000634)|| // ARTC Legs
(texnum==41700516)|| // ARTC Body
(texnum==19400260)|| // ROKMC Body
(texnum==37900592)|| // ROKMC Head
(texnum==36500642)|| // ROKMC Legs
(texnum==44800776)|| // SRG Head
(texnum==15900200)|| // SRG Left Arm
(texnum==10500168)|| // SRG Right Arm
(texnum==80401016)|| // SRG Body
(texnum==10000121)|| // SRG Feet
(texnum==13200180)|| // SRG Hands
(texnum==33800534)) // SRG Leg
{
pDevice->SetRenderState(D3DRS_ZENABLE, D3DZB_FALSE);
pDevice->SetRenderState(D3DRS_ZFUNC,D3DCMP_NEVER);
pDevice->SetTexture(0,Orange);
pDrawIndexedPrimitive(pDevice, pType, nMinIndex, nNumVertices, nStartIndex, nPrimitiveCount);
pDevice->SetRenderState(D3DRS_ZENABLE, D3DZB_TRUE);
pDevice->SetRenderState(D3DRS_ZFUNC,D3DCMP_LESSEQUAL);
pDevice->SetTexture(0,Red);
}
}
if (nNumVertices == 213 && nPrimitiveCount == 174) // M67 Grenade =============== //
{
pDevice->SetRenderState(D3DRS_ZENABLE, D3DZB_FALSE);
pDevice->SetRenderState(D3DRS_ZFUNC,D3DCMP_NEVER);
pDevice->SetTexture(0,Red);
pDrawIndexedPrimitive(pDevice, pType, nMinIndex, nNumVertices, nStartIndex, nPrimitiveCount);
pDevice->SetRenderState(D3DRS_ZENABLE, D3DZB_TRUE);
pDevice->SetRenderState(D3DRS_ZFUNC,D3DCMP_LESSEQUAL);
pDevice->SetTexture(0,Red);
}
if (nNumVertices == 158 && nPrimitiveCount == 131) // Flashbang =============== //
{
pDevice->SetRenderState(D3DRS_ZENABLE, D3DZB_FALSE);
pDevice->SetRenderState(D3DRS_ZFUNC,D3DCMP_NEVER);
pDevice->SetTexture(0,Yellow);
pDrawIndexedPrimitive(pDevice, pType, nMinIndex, nNumVertices, nStartIndex, nPrimitiveCount);
pDevice->SetRenderState(D3DRS_ZENABLE, D3DZB_TRUE);
pDevice->SetRenderState(D3DRS_ZFUNC,D3DCMP_LESSEQUAL);
pDevice->SetTexture(0,Red);
}
if (nNumVertices == 171 && nPrimitiveCount == 143) // Smoke Grenade =============== //
{
pDevice->SetRenderState(D3DRS_ZENABLE, D3DZB_FALSE);
pDevice->SetRenderState(D3DRS_ZFUNC,D3DCMP_NEVER);
pDevice->SetTexture(0,Orange);
pDrawIndexedPrimitive(pDevice, pType, nMinIndex, nNumVertices, nStartIndex, nPrimitiveCount);
pDevice->SetRenderState(D3DRS_ZENABLE, D3DZB_TRUE);
pDevice->SetRenderState(D3DRS_ZFUNC,D3DCMP_LESSEQUAL);
pDevice->SetTexture(0,Orange);
}
if (nNumVertices == 271 && nPrimitiveCount == 257) // VX Grenade =============== //
{
pDevice->SetRenderState(D3DRS_ZENABLE, D3DZB_FALSE);
pDevice->SetRenderState(D3DRS_ZFUNC,D3DCMP_NEVER);
pDevice->SetTexture(0,Green);
pDrawIndexedPrimitive(pDevice, pType, nMinIndex, nNumVertices, nStartIndex, nPrimitiveCount);
pDevice->SetRenderState(D3DRS_ZENABLE, D3DZB_TRUE);
pDevice->SetRenderState(D3DRS_ZFUNC,D3DCMP_LESSEQUAL);
pDevice->SetTexture(0,Green);
}
if (nNumVertices == 338 && nPrimitiveCount == 339) // RGD-5 Grenade =============== //
{
pDevice->SetRenderState(D3DRS_ZENABLE, D3DZB_FALSE);
pDevice->SetRenderState(D3DRS_ZFUNC,D3DCMP_NEVER);
pDevice->SetTexture(0,Red);
pDrawIndexedPrimitive(pDevice, pType, nMinIndex, nNumVertices, nStartIndex, nPrimitiveCount);
pDevice->SetRenderState(D3DRS_ZENABLE, D3DZB_TRUE);
pDevice->SetRenderState(D3DRS_ZFUNC,D3DCMP_LESSEQUAL);
pDevice->SetTexture(0,Red);
}
if (m_Stride==40 && // Equipment =============== //
(texnum==13200212)|| // Delta Force Helmet
(texnum==13200212)|| // Delta Force Helmet 2
(texnum==34700538)|| // Delta Force Gas Mask
(texnum==19500352)|| // Delta Force Balaclava
(texnum==84900778)|| // Delta Force Clan BDU
(texnum==27500442)|| // Delta Force Body Armor
(texnum==42800576)|| // Delta Force Body Armor 2
(texnum==52100658)|| // Delta Force Tactical Vest
(texnum==12200196)|| // Spetsnaz Helmet
(texnum==27100464)|| // Spetsnaz Gas Mask
(texnum==33600552)|| // Spetsnaz Body Armor
(texnum==44100646)|| // Spetsnaz Tactical Vest
(texnum==17800292)|| // GIGN Red Bandana
(texnum==21300290)|| // GIGN Helmet
(texnum==2800036)|| // GIGN Helmet Lens
(texnum==35700558)|| // GIGN Gas Mask
(texnum==22100396)|| // GIGN Balaclava
(texnum==29700492)|| // GIGN Body Armor
(texnum==11200188)|| // ROKMC Beret
(texnum==12000194)|| // ROKMC Helmet
(texnum==29800450)|| // ROKMC Gas Mask
(texnum==27100394)|| // ROKMC Body Armor
(texnum==28700374)|| // ROKMC X Harness
(texnum==34700470)|| // ROKMC X Harness
(texnum==5100056)|| // ROKMC Pouch
(texnum==9900163)|| // ROKMC Left Arm
(texnum==18300163)|| // ROKMC Right Arm
(texnum==16400266)|| // GSG9 Red Bandana
(texnum==16200243)|| // GSG9 Helmet
(texnum==31900466)|| // GSG9 Gas Mask
(texnum==19300342)|| // GSG9 Balaclava
(texnum==83600752)|| // GSG9 Clan BDU
(texnum==33400477)|| // GSG9 Body Armor
(texnum==10500163)|| // GSG9 Rolled Up Sleeves
(texnum==38100666)|| // GSG9 Tactical Knee Pads
(texnum==9600172)|| // SAS Boonie Hat
(texnum==14200236)|| // SAS Helmet
(texnum==37800552)|| // SAS Gas Mask
(texnum==28100486)|| // SAS Balaclava
(texnum==62400752)|| // SAS Clan BDU
(texnum==27900456)|| // SAS Body Armor
(texnum==45700654)|| // SAS Tactical Vest
(texnum==39800532)|| // SAS Tactical Vest 2
(texnum==9200100)|| // SAS Holster
(texnum==4800040)|| // SAS Magazine Pouch
(texnum==4000044)|| // SAS Pouch
(texnum==6500110) || // KSF Boonie Hat
(texnum==12900208)|| // KSF Helmet
(texnum==29600448)|| // KSF Gas Mask
(texnum==31100398)|| // KSF Sunglasses
(texnum==84700776)|| // KSF Clan BDU
(texnum==600004)|| // KSF Clan BDU Logo
(texnum==36500606)|| // KSF Body Armor
(texnum==63100646)|| // KSF Tactical Vest
(texnum==19800163)|| // KSF Rolled Up Sleeves
(texnum==7000066)|| // KSF Holster
(texnum==10400190)|| // SRG Beret
(texnum==23800294)|| // SRG Deer Head
(texnum==11600180)|| // SRG NIJ IIIA Helmet
(texnum==17100278)|| // SRG Red Bandana
(texnum==14600198)|| // SRG Battle Cap
(texnum==18200266)|| // SRG Helmet
(texnum==19100106)|| // SRG Gas Mask
(texnum==54300350)|| // SRG Sunglasses
(texnum==30800380)|| // SRG Mid Class Sunglasses
(texnum==79300995)|| // SRG Clan BDU 1
(texnum==13300138)|| // SRG Clan BDU 2
(texnum==300001)|| // SRG Clan BDU 3
(texnum==1200012)|| // SRG Clan BDU Logo
(texnum==10900110)|| // SRG Bulletproof Vest
(texnum==6200064)|| // SRG Holster
(texnum==22700250)) // SRG Pouch
(texnum==2800036)|| // Force Recon Helmet Lens
(texnum==35700558)|| // Force Recon Gas Mask
(texnum==22100396)|| // Force Recon Balaclava
(texnum==29700492)|| // Force Recon Body Armor
(texnum==11200188)|| // Force Recon Beret
(texnum==12000194)|| // Force Recon Helmet
(texnum==29800450)|| // Force Recon Gas Mask
(texnum==27100394)|| // Force Recon Body Armor
(texnum==28700374)|| // Force Recon X Harness
(texnum==34700470)|| // Force Recon X Harness
(texnum==5100056)|| // Force Recon Pouch
(texnum==9900163)|| // Force ReconLeft Arm
(texnum==18300163)|| // Force Recon Right Arm
(nNumVertices == 448 && nPrimitiveCount == 776);
{
pDevice->SetRenderState(D3DRS_ZENABLE, D3DZB_FALSE);
pDevice->SetRenderState(D3DRS_ZFUNC,D3DCMP_NEVER);
pDevice->SetTexture(0,Orange);
pDrawIndexedPrimitive(pDevice, pType, nMinIndex, nNumVertices, nStartIndex, nPrimitiveCount);
pDevice->SetRenderState(D3DRS_ZENABLE, D3DZB_TRUE);
pDevice->SetRenderState(D3DRS_ZFUNC,D3DCMP_LESSEQUAL);
pDevice->SetTexture(0,Red);
}
if (Guns)
{
texnum = (nNumVertices*100000)+nPrimitiveCount;
if (m_Stride==40 && // Guns =============== //
(texnum==187200968)|| // GALIL
(texnum==187200968)|| // GALIL 2
(texnum==149701124)|| // UZI
(texnum==193701304)|| // M249
(texnum==232501431)|| // SIG551
(texnum==161500751)|| // FA-MAS
(texnum==107400724)|| // FR-F2
(texnum==141600900)|| // AN94
(texnum==145900805)|| // G36C
(texnum==42200339)|| // K1
(texnum==23400116)|| // K1 2
(texnum==17500073)|| // K1 3
(texnum==3200012)|| // K1 4
(texnum==2300012)|| // K1 5
(texnum==71900459)|| // MP5
(texnum==1800008)|| // MP5 2
(texnum==20300084)|| // MP5 3
(texnum==16700083)|| // MP5 4
(texnum==79100469)|| // M4A1
(texnum==12000044)|| // M4A1 2
(texnum==16800062)|| // M4A1 3
(texnum==2400008)|| // M4A1 4
(texnum==600002)|| // M4A1 5
(texnum==12800050)|| // M4A1 6
(texnum==2600010)|| // M4A1 7
(texnum==4200014)|| // M4A1 8
(texnum==1400008)|| // M4A1 9
(texnum==80600442)|| // M16A2
(texnum==13400052)|| // M16A2 2
(texnum==17600066)|| // M16A2 3
(texnum==5400018)|| // M16A2 4
(texnum==46200348)|| // STEYR_AUG
(texnum==27000133)|| // STEYR_AUG 2
(texnum==4100025)|| // STEYR_AUG 3
(texnum==1200006)|| // STEYR_AUG 4
(texnum==400002)|| // STEYR_AUG 5
(texnum==46800367)|| // PSG-1
(texnum==9600042)|| // PSG-1 2
(texnum==18800092)|| // PSG-1 3
(texnum==16900071)|| // PSG-1 4
(texnum==3400012)|| // PSG-1 5
(texnum==800004)|| // PSG-1 6
(texnum==40500383)|| // K2
(texnum==15800089)|| // K2 2
(texnum==2200012)|| // K2 3
(texnum==7000034)|| // K2 4
(texnum==60700349)|| // P90
(texnum==5500033)|| // P90 2
(texnum==47700227)|| // P90 3
(texnum==10300047)|| // P90 4
(texnum==3800014)|| // P90 5
(texnum==50300349)|| // AK-74
(texnum==14700071)|| // AK-74 2
(texnum==13100061)|| // AK-74 3
(texnum==194501145)|| // MG36
(texnum==116000670)|| // DESERT EAGLE
(texnum==182101089)|| // MR73
(texnum==62500454)|| // REMINGTON M870
(texnum==95200571)|| // BENELLI M1
(texnum==40700334)|| // GLOCK 23
(texnum==71500449)|| // BERETTA M92F
(texnum==11000044)|| // BERETTA M92F 2
(texnum==16500075)|| // BERETTA M92F 3
(texnum==4400020)|| // BERETTA M92F 4
(texnum==2800014)|| // BERETTA M92F 5
(texnum==92000543)|| // COLT 45
(texnum==239001276)) // DRAGONUV
{
pDevice->SetRenderState(D3DRS_ZENABLE, D3DZB_FALSE);
pDevice->SetRenderState(D3DRS_ZFUNC,D3DCMP_NEVER);
pDevice->SetTexture(0,Yellow);
pDrawIndexedPrimitive(pDevice, pType, nMinIndex, nNumVertices, nStartIndex, nPrimitiveCount);
pDevice->SetRenderState(D3DRS_ZENABLE, D3DZB_TRUE);
pDevice->SetRenderState(D3DRS_ZFUNC,D3DCMP_LESSEQUAL);
pDevice->SetTexture(0,Blue);
}
}
/*Logger;
if(m_Stride==40){
while(GetAsyncKeyState(VK_NUMPAD1)&1) arrc--; //Used as manual index for adding textures to delarray
while(GetAsyncKeyState(VK_NUMPAD3)&1) arrc++;
bool alrdy=false;
bool inarr=false;
if(texarray[arrc]==texnum)
if(delarray==texarray[arrc])
alrdy=true;
for(int i=0;i<dcount;i++) //sees if said texture is in delarray
if(delarray==texnum)
inarr=true;
if(texarray[arrc]==texnum || inarr){ //If true, color model differently
LPDIRECT3DTEXTURE8 texCol;
DWORD dwOldZEnable = D3DZB_TRUE;
pDevice->SetTexture(0, NULL);
pDevice->GetRenderState(D3DRS_ZENABLE, &dwOldZEnable);
pDevice->SetRenderState(D3DRS_ZENABLE, D3DZB_FALSE);
if(alrdy) //Different colors for selected models that are already being logged (For removal from array)
texCol=Blue;
else
texCol=Red;
pDevice->SetTexture(0, texCol);
pDrawIndexedPrimitive(pDevice, pType, nMinIndex, nNumVertices, nStartIndex, nPrimitiveCount);
pDevice->SetRenderState(D3DRS_ZENABLE, dwOldZEnable);
}
}
if(GetAsyncKeyState(VK_F5)&1) add_log("Logged tesx: %i", texarray[arrc]); //F5 will print currently selected texnum to logfile
if(GetAsyncKeyState(VK_F6)&1) { //For adding/removing textures to array
bool inarr=true;
for(int k=0;k<dcount;k++){
if(delarray[k]==texarray[arrc])
{
inarr=false;//Found selected texture to already exist
delarray[k]=0;//Delete texture
break;//Cancel loop
}
}
if(inarr==true)
{
delarray[dcount]=texarray[arrc];//Add texture
dcount++;
}
}
if(GetAsyncKeyState(VK_F7)&1){
int total=1;
add_log("omfg values?!? {");
for(int x=0;x<dcount;x++)//Loops through all recorded variables and prints them in a nice array based format
if(delarray[x]){
add_log("%i,",delarray[x]); //add_log2==add_log but without endl
total++;
}
add_log("}; %i variables in array",total);
}
bool found = false; //THIS PART CREDITS TO KRYPTEC
for(int y=0; y<arraycounter; y++) //THIS IS HIS LOGGING FUNCTION
{
if(texnum==texarray[y])found=true; //I JUST CREATED AN INTERFACE FOR IT
}
if(!found && arraycounter < 1000)
{
texarray[arraycounter]=texnum;
arraycounter++;
}*/
HRESULT res = pDrawIndexedPrimitive(pDevice, pType, nMinIndex, nNumVertices, nStartIndex, nPrimitiveCount);
return res;
}
//=====================================Dip_End===========================================================================//
//=====================================Sss_Start==========================================================================//
typedef HRESULT ( WINAPI* oSetStreamSource ) ( LPDIRECT3DDEVICE8 pDevice, UINT nStreamNumber, LPDIRECT3DVERTEXBUFFER8 pStreamData, UINT nStride );
oSetStreamSource pSetStreamSource;
HRESULT WINAPI mySetStreamSource(LPDIRECT3DDEVICE8 pDevice, UINT nStreamNumber, LPDIRECT3DVERTEXBUFFER8 pStreamData, UINT nStride)
{
if(nStreamNumber==0)
m_Stride = nStride;
return pSetStreamSource(pDevice, nStreamNumber, pStreamData, nStride);
}
//====================================Sss_End============================================================================//
//====================================Svp_Start==========================================================================//
typedef HRESULT (WINAPI* oSetViewport)(LPDIRECT3DDEVICE8 pDevice,CONST D3DVIEWPORT8* pViewport);
oSetViewport pSetViewport;
HRESULT WINAPI mySetViewport(LPDIRECT3DDEVICE8 pDevice,CONST D3DVIEWPORT8* pViewport)
{
ScreenCenterX = ( float )pViewport->Width / 2;
ScreenCenterY = ( float )pViewport->Height / 2;
return pSetViewport(pDevice,pViewport);
}
//===================================Svp_End=============================================================================//
typedef HRESULT ( WINAPI* oBeginScene ) ( LPDIRECT3DDEVICE8 pDevice );
oBeginScene pBeginScene;
HRESULT WINAPI myBeginScene(LPDIRECT3DDEVICE8 pDevice)
{
return pBeginScene(pDevice);
}
///////////
///Reset///
///////////
typedef HRESULT(WINAPI* oReset)(LPDIRECT3DDEVICE8 pDevice, D3DPRESENT_PARAMETERS* pPresentationParameters);
oReset pReset;
HRESULT WINAPI myReset(LPDIRECT3DDEVICE8 pDevice, D3DPRESENT_PARAMETERS* pPresentationParameters)
{
_asm NOP;
HRESULT hRet = pReset(pDevice, pPresentationParameters);
return hRet;
}
/////////////////////////////////////////////////////////////////
////////////////////////VTABLEHOOK///////////////////////////////
/////////////////////////////////////////////////////////////////
DWORD dwWait(LPVOID lpArgs)
{
DWORD SoldierBase = NULL;
for (;SoldierBase == NULL;Sleep(100))
SoldierBase = (DWORD)GetModuleHandle("soldierfront.exe");
for (;pGameDevice == NULL; Sleep(500));
{
DWORD dwProtect;
VirtualProtect((void*)(SoldierBase + 0x??????), 4, PAGE_EXECUTE_READWRITE, &dwProtect);
memcpy(&pGameDevice, (void*)(SoldierBase + 0x??????), 4);
VirtualProtect((void*)(SoldierBase + 0x??????), 4, dwProtect, NULL);
}
return false;
}
HRESULT WINAPI myGetDevice( LPDIRECT3DDEVICE8 pDevice )
{
HRESULT result = pEndScene( pDevice );
DetourRemove( (PBYTE)pBeginScene, (PBYTE)myGetDevice );
DWORD* pdwNewDevice = (DWORD*)pDevice;
pdwNewDevice = (DWORD*)pdwNewDevice[0];
pReset = (oReset)DetourFunction((PBYTE)pdwNewDevice[14],(PBYTE)myReset);
pBeginScene = (oBeginScene)DetourFunction((PBYTE)pdwNewDevice[34], (PBYTE)myBeginScene);
pEndScene = (oEndScene)DetourFunction((PBYTE)pdwNewDevice[35], (PBYTE)myEndScene);
pDrawIndexedPrimitive = (oDrawIndexedPrimitive)DetourFunction((PBYTE)pdwNewDevice[71], (PBYTE)myDrawIndexedPrimitive);
pSetStreamSource = (oSetStreamSource)DetourFunction((PBYTE)pdwNewDevice[83], (PBYTE)mySetStreamSource);
pSetViewport=(oSetViewport)DetourFunction((PBYTE)pdwNewDevice[40],(PBYTE)mySetViewport);
return result;
}
void CallMeOnInject(void)
{
pEndScene = (oEndScene)DetourFunction,(dwEndScene, (PBYTE)myGetDevice);
}
bool WINAPI DllMain(HMODULE hModule, DWORD dwReason, LPVOID lpReserved)
{
if(dwReason == DLL_PROCESS_ATTACH)
{
CreateThread(NULL, NULL, (LPTHREAD_START_ROUTINE)dwWait, NULL, NULL, NULL);
}
return true;
}
See i Run on vista, and the only method of hooking that i know for Vista is
"Virtual Table Hooking"
I have no idea on how to find the games device pointer so i can hook it!
(the 0x??????'s)
I would appreciate it if someone can help me locate the static device pointer!
The game im trying to rend on is SoldierFront.
I posted the whole source because i hate snippets.......
Also if there is a easier method of hooking on vista then please! Let me know.
TY!
[Edited by - sphere90 on January 24, 2009 10:52:02 AM]
You could scan the memory of the process for calls that use the device pointer (such as DrawPrimitive), and trace back the pointer from there. Note that this requires expert-level assembly/hacking skills and it still isn't easy in any case, as you cannot even be sure that the pointer is actually static.
Vista makes things like this even more difficult because it has a feature which randomizes the address space offsets of system libraries in order to prevent process injection (like what your program does). I don't remember off-hand if the D3D dll:s are protected by this; they probably are, seeing as they are part of the Windows system.
Vista makes things like this even more difficult because it has a feature which randomizes the address space offsets of system libraries in order to prevent process injection (like what your program does). I don't remember off-hand if the D3D dll:s are protected by this; they probably are, seeing as they are part of the Windows system.
you were not kidding about "hacking"
your texnum model for identifying models and their render paramters is beyond comical..
looks like you've secured a long lastint future in program maintainance.
your texnum model for identifying models and their render paramters is beyond comical..
looks like you've secured a long lastint future in program maintainance.
Author
Yea,
Well i tried DIP by doing
unsigned long* pInterface = (unsigned long*)*(unsigned long*)*ppReturnedDeviceInterface;
add_log("DrawIndexedPrimitive = %x\n", pInterface[82]);
or
add_log("pointer =%p\n",ppReturnedDeviceInterface);
but ofcourse its going to be dynamic, can you help me through src and examples?
Btw, this isnt major hacking, its d3d hacking. This allows me to see characters through walls, by finding there strides, primcounts, and numverticies.
The wall hack code is.....
{
pDevice->SetRenderState(D3DRS_ZENABLE, D3DZB_FALSE);//disable the Z buffer(wallhack)
pDevice->SetRenderState(D3DRS_ZFUNC,D3DCMP_NEVER);
pDevice->SetTexture(0,Orange);// colour model
pDrawIndexedPrimitive(pDevice, pType, nMinIndex, nNumVertices, nStartIndex, nPrimitiveCount);// call the original to draw the model which will be seen through walls
pDevice->SetRenderState(D3DRS_ZENABLE, D3DZB_TRUE);
pDevice->SetRenderState(D3DRS_ZFUNC,D3DCMP_LESSEQUAL);
pDevice->SetTexture(0,Red);// colour model
}
}
[Edited by - sphere90 on January 23, 2009 7:24:20 PM]
Well i tried DIP by doing
unsigned long* pInterface = (unsigned long*)*(unsigned long*)*ppReturnedDeviceInterface;
add_log("DrawIndexedPrimitive = %x\n", pInterface[82]);
or
add_log("pointer =%p\n",ppReturnedDeviceInterface);
but ofcourse its going to be dynamic, can you help me through src and examples?
Btw, this isnt major hacking, its d3d hacking. This allows me to see characters through walls, by finding there strides, primcounts, and numverticies.
The wall hack code is.....
{
pDevice->SetRenderState(D3DRS_ZENABLE, D3DZB_FALSE);//disable the Z buffer(wallhack)
pDevice->SetRenderState(D3DRS_ZFUNC,D3DCMP_NEVER);
pDevice->SetTexture(0,Orange);// colour model
pDrawIndexedPrimitive(pDevice, pType, nMinIndex, nNumVertices, nStartIndex, nPrimitiveCount);// call the original to draw the model which will be seen through walls
pDevice->SetRenderState(D3DRS_ZENABLE, D3DZB_TRUE);
pDevice->SetRenderState(D3DRS_ZFUNC,D3DCMP_LESSEQUAL);
pDevice->SetTexture(0,Red);// colour model
}
}
[Edited by - sphere90 on January 23, 2009 7:24:20 PM]
This all seems more complicated than it needs to be. You don't "find" the device pointer - you hook the function that creates it.
For example, you should hook the Direct3DCreate9 function (or its D3D8 equivalent) and return a pointer to a custom IDirect3D9 interface. The implementation of this interface would just pass the calls to a real IDirect3D9, except for the calls that you want to override.
You'd want to override the IDirect3D9::CreateDevice call, so you can return your own, custom implementation of the IDirect3D9Device interface.
You can use the useful Microsoft Detours library to handle all the nasty hooking stuff for you. So all you have to do is provide custom implementations of whatever you want to hook/override. See this thread for more info on how to override D3D interfaces:
http://www.gamedev.net/community/forums/topic.asp?topic_id=359794
For example, you should hook the Direct3DCreate9 function (or its D3D8 equivalent) and return a pointer to a custom IDirect3D9 interface. The implementation of this interface would just pass the calls to a real IDirect3D9, except for the calls that you want to override.
You'd want to override the IDirect3D9::CreateDevice call, so you can return your own, custom implementation of the IDirect3D9Device interface.
You can use the useful Microsoft Detours library to handle all the nasty hooking stuff for you. So all you have to do is provide custom implementations of whatever you want to hook/override. See this thread for more info on how to override D3D interfaces:
http://www.gamedev.net/community/forums/topic.asp?topic_id=359794
Author
Im kind of getting the jist of it, still im lost a bit too. I've never hooked createdevice, always directly hooked with a d3d base. Until now. Anymore suggestions or examples?
Can you demonstrate in psuedo code?
Can you demonstrate in psuedo code?
Please stop bumping threads excessively. Also, this is not a forum for the discussion of the creation of game hacks.
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
