Page 1 of 2 12 LastLast
Results 1 to 15 of 18
  1. #1
    Void's Avatar
    Join Date
    Sep 2009
    Gender
    male
    Location
    Inline.
    Posts
    3,198
    Reputation
    205
    Thanks
    1,445
    My Mood
    Mellow

    Hooking members of IDirect3DDevice9

    Hello.

    I think this is my second contribution to this section, hopefully it turns out to be useful.

    I wrote up sort of a snippet on how to hook functions that are part of the IDirect3DDevice9 class. I won't be giving much explanation outside of the code tags since I commented mostly everything.

    First I should let you know I'm using a detour function I found somewhere. I'll post it for you guys so you don't get confused, since I'm not using Microsoft's detour library.

    Explanations are in the code, it's all commented.

    Detour.h:
    [highlight=cpp]
    void *DetourFunc(BYTE *src, const BYTE *dst, const int len)
    {
    BYTE *jmp = (BYTE*)malloc(len+5);
    DWORD dwBack;

    VirtualProtect(src, len, PAGE_READWRITE, &dwBack);

    memcpy(jmp, src, len);
    jmp += len;
    jmp[0] = 0xE9;

    *(DWORD*)(jmp+1) = (DWORD)(src+len - jmp) - 5;
    src[0] = 0x90; //50
    src[1] = 0x90; // 58
    src[2] = 0xE9;

    *(DWORD*)(&src[3]) = (DWORD)(dst - src) - 7;

    for (int i=7; i<len; i++) src[i] = 0x90;
    VirtualProtect(src, len, dwBack, &dwBack);

    return (jmp-len);
    }
    [/highlight]

    And here's Main:
    [highlight=cpp]
    #include <windows.h>
    #include "Detour.h"
    #include <d3d9.h>

    /* Type definition for our function to store the original EndScene, this way we don't
    have to do a long annoying cast when detouring. */
    typedef HRESULT(__stdcall* Real_EndScene)(LPDIRECT3DDEVICE9);

    /* This is the function we are going to store the original EndScene in. We're going to
    need the real function so that we can return properly at the end of our hooked function
    otherwise we're most likely to get errors */
    Real_EndScene oEndScene = NULL;

    /* This is the function we are detouring the original function to. Before we call and
    return normally, we can basically do whatever we want in between. This function is part
    of the IDirect3DDevice9 class. Every function's first parameter in a class is always 'This'
    So the first parameter is IDirect3DDevice9* or LPDIRECT3DDEVICE9. Now we can call other
    functions of this class easily. */
    HRESULT __stdcall hook_EndScene(LPDIRECT3DDEVICE9 pDevice)
    {
    MessageBox(NULL,"Hooked","Hooked",MB_OK);

    /* Return using original function. */
    return oEndScene(pDevice);
    }

    DWORD GetPointerDereference(int index)
    {
    /* Using the device pointer, we can easily find addresses for the functions that are
    part of the class. There are 2 ways of doing this, the dereference operator or
    inline assembly. Example 1: */

    DWORD *DevicePointer = **(DWORD***)0x40CE08;
    return DevicePointer[index];
    }

    DWORD GetPointerInlineAssembly(int index)
    {
    DWORD DevicePointer = 0x40CE08;

    /* This method is a little more confusing, obviously. But with a bit of knowledge in
    assembly this shouldn't be a problem. I actually find that dereferencing in assembly
    is cleaner than C++, and less of an eye sore when trying to figure out what it does.

    It basically does the same thing. First, dereferencing DevicePointer and putting the value
    in EAX. Dereference EAX and store it in EBX, etc..

    Addresses store 1 byte, since addresses are 4 bytes and we're looking for the address to
    a function, we have to multiply the index number by 4, then add the result to ecx, then
    dereference to get the address.

    Example: If we were to do GetPointerInlineAssembly(42), we aren't adding 42 to ecx,
    we're adding 168.

    Note: The multiplication in assembly as shown below makes everything a little harder to
    understand, you don't have to multiply inside the braces. You can multiply the
    index before even starting the inline assembly.

    index *= 4;
    __asm
    {

    }
    */

    __asm
    {
    mov eax,[DevicePointer]
    mov ebx,[eax]
    mov ecx,[ebx]

    mov eax,index
    mov ebx,4
    mul ebx

    mov edx,[ecx+eax]
    mov DevicePointer,edx
    }
    return DevicePointer;
    }

    void Hook()
    {
    /* We can't hook Direct3D function if the module isn't loaded yet can we? (: */
    while(!GetModuleHandle("d3d9.dll"))
    {
    Sleep(100);
    }

    /* Make sure the value isn't 0 when dereferencing ( in the GetPointer function )
    otherwise you're function is going to be trying to read the value at address
    0x00000000, most likely to get an access violation error.
    */

    while( *(DWORD*)0x40CE08 == 0)
    {
    Sleep(100);
    }

    //Detouring
    oEndScene = (Real_EndScene)DetourFunc((PBYTE)GetPointerInlineA ssembly(42),(PBYTE)hook_EndScene,5);

    }

    /* The usual DllMain function */
    bool __stdcall DllMain(HINSTANCE hInstance,DWORD reason, void* useless)
    {
    if(reason == DLL_PROCESS_ATTACH)
    {
    CreateThread(0,0,(LPTHREAD_START_ROUTINE)Hook,0,0, 0);
    }

    if(reason == DLL_PROCESS_DETACH)
    {
    //clean up
    }
    return true;
    }
    [/highlight]

    I didn't explain how to get the device pointer, maybe I'll make a small tutorial on how to get it, too bad a tutorial using olly would kind of have to be visual otherwise it's hard to understand.

    Anyway, I did that from scratch and made it as simple as possible so that it would be the least confusing possible. I gave 2 methods on how to get the virtual addresses from the device pointer.

    Note: Using this method, you need the device pointer, not the device address itself since it's dynamic. I used the d3d9 test environment, although it doesn't give you the device pointer, I was able to get it myself.

    So yeah.. that's about it. Giving credits to Why06 for explaining the 'mul' instruction I used in the inline assembly.

    If you find an mistakes, please notify me. Thanks.

    Good luck.
    Last edited by NextGen1; 02-07-2011 at 06:07 PM.

  2. The Following 11 Users Say Thank You to Void For This Useful Post:

    'Bruno (10-29-2010),crushed (03-17-2010),lilneo (10-20-2010),Minos43 (03-15-2010),NTvalk (07-07-2013),powerfear (03-17-2010),Retoxified (03-19-2010),whit (11-09-2010),why06 (03-15-2010),why06jz (03-19-2010),|-|3|_][({}PT3R12 (03-15-2010)

  3. #2
    |-|3|_][({}PT3R12's Avatar
    Join Date
    Nov 2008
    Gender
    male
    Location
    UnkwOwnS
    Posts
    449
    Reputation
    12
    Thanks
    472
    My Mood
    Twisted
    Comments!

    Nice job ;D

  4. #3
    Void's Avatar
    Join Date
    Sep 2009
    Gender
    male
    Location
    Inline.
    Posts
    3,198
    Reputation
    205
    Thanks
    1,445
    My Mood
    Mellow
    Yes, I felt like commenting while writing the code. It seemed much easier on my side, rather than having to rethink everything over while typing up the post.

  5. The Following User Says Thank You to Void For This Useful Post:

    powerfear (03-17-2010)

  6. #4
    why06's Avatar
    Join Date
    Jul 2009
    Gender
    male
    Location
    IBM
    Posts
    4,304
    Reputation
    170
    Thanks
    2,203
    My Mood
    Flirty
    Very nice David, well as expected. I will read later to busy takin over MPGH.

    "Every gun that is made, every warship launched, every rocket fired signifies, in the final sense, a theft from those who hunger and are not fed, those who are cold and are not clothed. This world in arms is not spending money alone. It is spending the sweat of its laborers, the genius of its scientists, the hopes of its children. The cost of one modern heavy bomber is this: a modern brick school in more than 30 cities. It is two electric power plants, each serving a town of 60,000 population. It is two fine, fully equipped hospitals. It is some fifty miles of concrete pavement. We pay for a single fighter plane with a half million bushels of wheat. We pay for a single destroyer with new homes that could have housed more than 8,000 people. This is, I repeat, the best way of life to be found on the road the world has been taking. This is not a way of life at all, in any true sense. Under the cloud of threatening war, it is humanity hanging from a cross of iron."
    - Dwight D. Eisenhower

  7. #5
    |-|3|_][({}PT3R12's Avatar
    Join Date
    Nov 2008
    Gender
    male
    Location
    UnkwOwnS
    Posts
    449
    Reputation
    12
    Thanks
    472
    My Mood
    Twisted
    Quote Originally Posted by why06 View Post
    Very nice David, well as expected. I will read later to busy takin over MPGH.
    Ahhh... Google beat you there. They are almost 50% till they take over the UNIVERSE! :O


    I don't annotate things unless asked... Ahh that reminds me, i have to annotate for HW! ahahaha Ironic.

  8. #6
    Arhk's Avatar
    Join Date
    Dec 2008
    Gender
    male
    Location
    Engineering
    Posts
    3,618
    Reputation
    35
    Thanks
    217
    My Mood
    Amused
    To sleepy to keep up I'll read later ~
    "If the world hates you, keep in mind that it hated me first." John 15:18

  9. #7
    Void's Avatar
    Join Date
    Sep 2009
    Gender
    male
    Location
    Inline.
    Posts
    3,198
    Reputation
    205
    Thanks
    1,445
    My Mood
    Mellow
    Quote Originally Posted by Arhk View Post
    To sleepy to keep up I'll read later ~
    I'm heart broken, two people who won't read my only contribution. ):

    -sadface-

  10. The Following User Says Thank You to Void For This Useful Post:

    powerfear (03-17-2010)

  11. #8
    why06's Avatar
    Join Date
    Jul 2009
    Gender
    male
    Location
    IBM
    Posts
    4,304
    Reputation
    170
    Thanks
    2,203
    My Mood
    Flirty
    Yeh I'll add it to the list once I finish reading it o_O... didn't have time last night. lawl or this morning tbh.

    "Every gun that is made, every warship launched, every rocket fired signifies, in the final sense, a theft from those who hunger and are not fed, those who are cold and are not clothed. This world in arms is not spending money alone. It is spending the sweat of its laborers, the genius of its scientists, the hopes of its children. The cost of one modern heavy bomber is this: a modern brick school in more than 30 cities. It is two electric power plants, each serving a town of 60,000 population. It is two fine, fully equipped hospitals. It is some fifty miles of concrete pavement. We pay for a single fighter plane with a half million bushels of wheat. We pay for a single destroyer with new homes that could have housed more than 8,000 people. This is, I repeat, the best way of life to be found on the road the world has been taking. This is not a way of life at all, in any true sense. Under the cloud of threatening war, it is humanity hanging from a cross of iron."
    - Dwight D. Eisenhower

  12. #9
    crushed's Avatar
    Join Date
    Oct 2009
    Gender
    male
    Location
    My name is Jay. k?
    Posts
    415
    Reputation
    10
    Thanks
    113
    My Mood
    Sneaky
    Know you gon' get high as fak as long as the plane's witcha. Let them major situtations alone and became richer.

    On-topic. Good job, out of me and zeco, you're the only one who stuck to coding.
    zeco's too busy hunting rabbits, and I'm screwed with Physics. ♥

  13. #10
    zeco's Avatar
    Join Date
    Jul 2009
    Gender
    male
    Location
    Canada
    Posts
    683
    Reputation
    12
    Thanks
    78
    My Mood
    Cynical
    Quote Originally Posted by crushed View Post
    Know you gon' get high as fak as long as the plane's witcha. Let them major situtations alone and became richer.

    On-topic. Good job, out of me and zeco, you're the only one who stuck to coding.
    zeco's too busy hunting rabbits, and I'm screwed with Physics. ♥
    HEY! I still code! Well. I am still exploring stuff. Recently I've mostly been doing network programming, so I am rusty on everything else. Oh and File IO.

    So far I've made a sent packet logger, and half a receive packet logger :/

  14. #11
    why06's Avatar
    Join Date
    Jul 2009
    Gender
    male
    Location
    IBM
    Posts
    4,304
    Reputation
    170
    Thanks
    2,203
    My Mood
    Flirty
    Meh I should have read this by now, but been so occupied lately. I'll add it to tut list tomorrow, rather or not I read it. D:

    @zeco: hi ... you and AJ decide to come back on same day or something?

    "Every gun that is made, every warship launched, every rocket fired signifies, in the final sense, a theft from those who hunger and are not fed, those who are cold and are not clothed. This world in arms is not spending money alone. It is spending the sweat of its laborers, the genius of its scientists, the hopes of its children. The cost of one modern heavy bomber is this: a modern brick school in more than 30 cities. It is two electric power plants, each serving a town of 60,000 population. It is two fine, fully equipped hospitals. It is some fifty miles of concrete pavement. We pay for a single fighter plane with a half million bushels of wheat. We pay for a single destroyer with new homes that could have housed more than 8,000 people. This is, I repeat, the best way of life to be found on the road the world has been taking. This is not a way of life at all, in any true sense. Under the cloud of threatening war, it is humanity hanging from a cross of iron."
    - Dwight D. Eisenhower

  15. #12
    Void's Avatar
    Join Date
    Sep 2009
    Gender
    male
    Location
    Inline.
    Posts
    3,198
    Reputation
    205
    Thanks
    1,445
    My Mood
    Mellow
    The comments look discouraging to read, I should've typed it up in the post instead.

  16. #13
    zeco's Avatar
    Join Date
    Jul 2009
    Gender
    male
    Location
    Canada
    Posts
    683
    Reputation
    12
    Thanks
    78
    My Mood
    Cynical
    Quote Originally Posted by why06 View Post
    Meh I should have read this by now, but been so occupied lately. I'll add it to tut list tomorrow, rather or not I read it. D:

    @zeco: hi ... you and AJ decide to come back on same day or something?
    Well AJ said he was going on to MPGH, so I was just checking to make sure he isn't saying something behind my back >_>


    @David: I think the comments are fine ;/ Anyone who doesn't like reading comments doesn't deserve to be a programmer <_<

  17. #14
    crushed's Avatar
    Join Date
    Oct 2009
    Gender
    male
    Location
    My name is Jay. k?
    Posts
    415
    Reputation
    10
    Thanks
    113
    My Mood
    Sneaky
    Quote Originally Posted by zeco View Post
    Well AJ said he was going on to MPGH, so I was just checking to make sure he isn't saying something behind my back >_>


    @David: I think the comments are fine ;/ Anyone who doesn't like reading comments doesn't deserve to be a programmer <_<
    I completely agree, therefore you do not deserve to be a programmer.

  18. #15
    why06jz's Avatar
    Join Date
    Jul 2009
    Gender
    male
    Posts
    295
    Reputation
    14
    Thanks
    54
    Omg. that was cool as hell. Nice tutorial. Finally read it, now I will add.
    btw so the LPDIRECT3DDEVICE9 is always a DWORD**?

    let me think about: well I know pDevice is atleast a DWORD*, but it only points to the DIRECT3DDEVICE object, and the device object is a pointer to the array or members so it would always be atleast a DWORD** unless you found the wrong address. :P
    Very nice David, will add once I get powahs back. ;l

  19. The Following User Says Thank You to why06jz For This Useful Post:

    Hell_Demon (04-23-2010)

Page 1 of 2 12 LastLast

Similar Threads

  1. Members
    By Dmx in forum General
    Replies: 12
    Last Post: 09-06-2008, 08:13 PM
  2. true mpgh members
    By iverson954360 in forum Spammers Corner
    Replies: 16
    Last Post: 12-11-2006, 05:13 PM
  3. members butttt0n
    By EleMentX in forum General
    Replies: 6
    Last Post: 06-16-2006, 11:18 PM
  4. Some sites by members
    By A7X Oblivian in forum General
    Replies: 16
    Last Post: 03-20-2006, 06:07 AM
  5. 2000th Member Reached!
    By arunforce in forum News & Announcements
    Replies: 5
    Last Post: 01-03-2006, 06:19 AM