Thread: HOOKD3DAPI

Results 1 to 6 of 6
  1. #1
    Shimmy-'s Avatar
    Join Date
    Aug 2010
    Gender
    female
    Posts
    62
    Reputation
    10
    Thanks
    0

    HOOKD3DAPI

    Code:
    HOOKD3DAPI(EndScene, 42)
    if(*(DWORD*)GetAddressPtr(42) != (DWORD)&hkEndScene) { \
    pEndScene = (EndScene_t) *(DWORD*)GetAddressPtr(42); \
    *(DWORD*)GetAddressPtr(42) = (DWORD)&hkEndScene; \
    *(DWORD*)GetD3DHSApi(42) = (DWORD)&hkEndScene; \
    }
    I am having trouble understanding this code. Can someone explain what it means?

  2. #2
    Revolvium's Avatar
    Join Date
    Jul 2010
    Gender
    male
    Posts
    32
    Reputation
    10
    Thanks
    12
    This is a define. Basically it replaces a certain string of your code with another. This is a bit hard to understand, so here is an example:
    Code:
    #define myOutputDebugString add_log
    Now, what this does is everytime your compiler sees myOutputDebugString, it will replace that string token(Basically that entire word) in the document and replace it with add_log, but you won't be able to see it, it will be done automatically. Now it seems like it isnt that useful, after all you can just use quick replace. But you see, you can do much more with it.

    [code]
    #define MAX(a, b) ((a) > (b) ? (a) : (b))
    [code]
    The code above is a pretty standard macro. It returns the max of two variables. So basically it allows to make complicated tedious code quite neat. If you wish to know more, or a more technical/correct version of what I said check out MSDN: The #define Directive (C/C++)
    And a less technical, but more acurate, explained better cppreference here: #define [C++ Reference]

    Now lets take a look at this one:
    Code:
    #define HOOKD3DAPI(a, b) \      //This is the define, and its two parameters
    if(*(DWORD*)GetAddressPtr(b) != (DWORD)&hk##a) { \  //Checks if current Address pointer is not equal to the current hooked address pointer. If its not...
    p##a = (a##_t) *(DWORD*)GetAddressPtr(b); \ //Set our return to the current function
    *(DWORD*)GetAddressPtr(b) = (DWORD)&hk##a; \ //Write over their d3d function with our own
    *(DWORD*)GetD3DHSApi(b) = (DWORD)&hk##a; \ //Get the same API from HS and write over it with our own. 
    }
    So in your code...
    Code:
    HOOKD3DAPI(EndScene, 42)
    if(*(DWORD*)GetAddressPtr(42) != (DWORD)&hkEndScene) { \
    pEndScene = (EndScene_t) *(DWORD*)GetAddressPtr(42); \
    *(DWORD*)GetAddressPtr(42) = (DWORD)&hkEndScene; \
    *(DWORD*)GetD3DHSApi(42) = (DWORD)&hkEndScene; \
    }
    Line 1: The define. Since HookD3DAPI is defined already theres no need to write out all the stuff below it. But I understand that someone has just replaced the a and b in the original function with the names of the current functions to make it easier to read. So, if you were making this an ACTUAL function, make sure to eliminate the first line.

    Line 2: This is the check. Get the current address pointer for Endscene (42 is the offset for endscene) and compare it with our own hooked function. If its not the same...

    Line 3: Set our return to the original endscene. This is why we call pEndscene(params) at the end of our hooked function.

    Line 4: Write over endscene's address with our own. This successfully allows us to add our own instructions in because when Endscene is called, instead of using the original Endscene, the new address links it directly to our own function.

    Line 5: Since HS has a copy of the original Endscene address, we must also change HS's version to match our new hooked function. That is why we retrieve the Endscene api from HS and write over it with our own again, to prevent detection.

    Now I realize this is a lot to process. You might not know C++. All I ask is that you don't start out running. Learn basic syntax then mature gradually into this. You learn more that way and you learn faster that way. Best of luck to you.
    Last edited by Revolvium; 08-09-2010 at 12:51 PM.

  3. The Following 5 Users Say Thank You to Revolvium For This Useful Post:

    ac1d_buRn (08-09-2010),Braco22 (08-09-2010),Shimmy- (08-09-2010),Zoom (08-10-2010),··Fvestrgenrl·· (08-09-2010)

  4. #3
    Shimmy-'s Avatar
    Join Date
    Aug 2010
    Gender
    female
    Posts
    62
    Reputation
    10
    Thanks
    0
    Thanks I understand the code more now.

    if(*(DWORD*)GetAddressPtr(42) != (DWORD)&hkEndScene) { \

    This means that:
    If addresspointer 42 does not equal to current EndScene pointer, do code..


    How can you get the current EndScene pointer?

  5. #4
    Revolvium's Avatar
    Join Date
    Jul 2010
    Gender
    male
    Posts
    32
    Reputation
    10
    Thanks
    12
    Quote Originally Posted by Shimmy- View Post
    Thanks I understand the code more now.
    if(*(DWORD*)GetAddressPtr(42) != (DWORD)&hkEndScene) { \
    This means that:
    If addresspointer 42 does not equal to current EndScene pointer, do code..

    How can you get the current EndScene pointer?
    Gordon was kind enough to provide us with the function GetAddressPointer(int index). The index being the offset. The address pointer 42 doesnt make sense. It gets the AddressPointer of endscene by using the offset 42. Though I don't think I can post his code here out of respect to him, as I dont think he wishes to post it here or he would have done so already.

  6. The Following User Says Thank You to Revolvium For This Useful Post:

    Shimmy- (08-09-2010)

  7. #5
    Shimmy-'s Avatar
    Join Date
    Aug 2010
    Gender
    female
    Posts
    62
    Reputation
    10
    Thanks
    0
    Ok thanks for all your help. I will work it out myself now.

  8. #6
    Zoom's Avatar
    Join Date
    May 2009
    Gender
    male
    Location
    Your going on my 24/7 DDoS hit list.
    Posts
    8,561
    Reputation
    127
    Thanks
    5,912
    My Mood
    Happy
    /Solved
    /Closed
    -Rest in peace leechers-

    Your PM box is 100% full.