标签:style blog http color io os ar for sp
Hey guys, umm i was trying to hook endscene using detours and i used a method that i hooked many other functions with before but it just doesnt seem to work.
Here is what i have:
DWORD ThreadID; LPDIRECT3DDEVICE9 pDEVICE; D3DCOLOR fontRed = D3DCOLOR_ARGB(255, 255, 0, 0); Hacks hack; HRESULT (APIENTRY *oEndScene)(LPDIRECT3DDEVICE9 pDevice); HRESULT APIENTRY dEndScene(LPDIRECT3DDEVICE9 pDevice) { DrawBorderBox(50, 50, 200 , 200, 10, fontRed, pDevice); return oEndScene(pDevice); } void APIENTRY HookAPI(LPVOID param) { HANDLE Endsceneaddy = GetProcAddress(GetModuleHandleA("d3d9.dll"),"EndScene"); if (Endsceneaddy) { oEndScene = (HRESULT (WINAPI *)(LPDIRECT3DDEVICE9 pDevice))(DetourFunction((PBYTE)Endsceneaddy,(PBYTE)dEndScene)); } }; bool __stdcall DllMain(HINSTANCE hinst, DWORD _Reason, _In_opt_ LPVOID _Reserved) { DisableThreadLibraryCalls(hinst); CreateThread(0,0,(LPTHREAD_START_ROUTINE)HookAPI,0,0,&ThreadID); return true; } void Hacks::DrawBorderBox( int x, int y, int w, int h, int thickness, D3DCOLOR Colour, IDirect3DDevice9 *pDevice) { //Top horiz line DrawFilledRect( x, y, w, thickness, Colour, pDevice ); //Left vertical line DrawFilledRect( x, y, thickness, h, Colour, pDevice ); //right vertical line DrawFilledRect( (x + w), y, thickness, h, Colour, pDevice ); //bottom horiz line DrawFilledRect( x, y + h, w+thickness, thickness, Colour, pDevice ); } //We receive the 2-D Coordinates the colour and the device we want to use to draw those colours with void Hacks::DrawFilledRect(int x, int y, int w, int h, D3DCOLOR color, IDirect3DDevice9* dev) { //We create our rectangle to draw on screen D3DRECT BarRect = { x, y, x + w, y + h }; //We clear that portion of the screen and display our rectangle dev->Clear(1, &BarRect, D3DCLEAR_TARGET | D3DCLEAR_TARGET, color, 0, 0); }
I have no idea y this code does not seem to work
Please help me
Thanks,
Konsowa.
Answer:
What learn_more said..
You would have to do something on the lines of Create a Device and get the EndScene address or you could retrieve it with a Byte Pattern such as
Patterns.AddPattern( "DirectX9 VirtualTable", (PBYTE)"\xC7\x06\x00\x00\x00\x00\x89\x86\x00\x00\x00\x00\x89\x86", "xx????xx????xx", NULL, "d3d9.dll" ); Functions.MemoryCopy( &Renderer_DX9.m_VTable, (void*)( Patterns.FindPatternByName( "DirectX9 VirtualTable" ).m_Address + 2 ), 4 );
void APIENTRY HookAPI(LPVOID param) { HANDLE Endsceneaddy = GetProcAddress(GetModuleHandleA("d3d9.dll"),"EndScene"); if (Endsceneaddy) { oEndScene = (HRESULT (WINAPI *)(LPDIRECT3DDEVICE9 pDevice))(DetourFunction((PBYTE)Endsceneaddy,(PBYTE)dEndScene)); } };
that code not retrieve correct EndScene address because EndScene not exported in d3d9.dll
try this:
bool bCompare(const BYTE* pData, const BYTE* bMask, const char* szMask) { for(;*szMask;++szMask,++pData,++bMask) if(*szMask==‘x‘ && *pData!=*bMask ) return false; return (*szMask) == NULL; } DWORD FindPattern(DWORD dwAddress,DWORD dwLen,BYTE *bMask,char * szMask) { for(DWORD i=0; i < dwLen; i++) if( bCompare( (BYTE*)( dwAddress+i ),bMask,szMask) ) return (DWORD)(dwAddress+i); return 0; } DWORD EndSceneaddy; void APIENTRY HookAPI(LPVOID param) { DWORD* vtbl = 0; DWORD table = FindPattern((DWORD)GetModuleHandle("d3d9.dll"), 0x128000, (PBYTE)"\xC7\x06\x00\x00\x00\x00\x89\x86\x00\x00\x00\x00\x89\x86", "xx????xx????xx"); memcpy(&vtbl, (void*)(table+2), 4); EndSceneaddy = vtbl[42]; if (Endsceneaddy) { oEndScene = (HRESULT (WINAPI *)(LPDIRECT3DDEVICE9 pDevice))(DetourFunction((PBYTE)Endsceneaddy,(PBYTE)dEndScene)); } }
it‘s a different way of doing the same,
but that is not going to work with GetProcAddress either,
if you want the addresses of these functions you will have to create a dummy dx device, and get them from the vtable (more than enough examples around for that)
They are virtual functions which is why they aren‘t exported.
You can also do a simple vtable hook on them depending on A/C.
I love that question 
Seems you can‘t do a straight up VMT hook so explore other hook methods of functions to hook. If we all said here is our undetected hook for a game it would then become detected. It all depends on game and A/C used so you need to get creative and come up with your own.
标签:style blog http color io os ar for sp
原文地址:http://www.cnblogs.com/meyon/p/4009363.html
