Results 1 to 1 of 1
  1. 12-01-2017 #1
    Goocolax
    Goocolax is offline
    Banned
    BANNED!
    Goocolax's Avatar
    Join Date
    Jun 2016
    Gender
    male
    Location
    My PC
    Posts
    350
    Reputation
    76
    Thanks
    756
    My Mood
    Drunk
    Send a message via Birdie™ to Goocolax United States

    D3D9 Hooking Issues

    [CF-ARX]
    Okay so originally I was trying to get around the block by X-Trap, as it was saying I corrupted the system functions. It detected my DLL. Now I've moved on from that, as I bypassed their block

    Now what I need help with is a weird error in my code... as you can see I have three int's defined:

    int ESCount
    int RCount
    and int DIPCount

    Now I have them set to 0 by default, and if it's equal to zero each time my detour is called, it increments it upwards by one, therefore making it never call the same code again. It then creates a message-box that is supposed to tell me "(EndScene/Reset/DrawIndexedPrimitive) Hooked!", yet none of these pop up.

    I know my code *should* be working, because it injects successfully, I built it in Release mode, linked all the D3D9 crap to the project, etc. On top of that, it says that Direct3DCreate9_VMTable was successful when called from DllMain. Any ideas what's going on guys? I'm trying to test it in a D3D9 test environment released on another site, and I tested in CF-ARX. Both say the function call was successful, but none of the hooked messages pop up after that. I'm completely stumped

    Source code v2:

    Code:
    #include <windows.h>
#include <d3dx9.h>
#include <d3d9.h>

#pragma comment(lib, "d3d9.lib")
#pragma comment(lib, "d3dx9.lib")

#define WIN32_LEAN_AND_MEAN

typedef HRESULT (WINAPI* CreateDevice_Prototype) (LPDIRECT3D9, UINT, D3DDEVTYPE, HWND, DWORD, D3DPRESENT_PARAMETERS*, LPDIRECT3DDEVICE9*);
typedef HRESULT (WINAPI* Reset_Prototype) (LPDIRECT3DDEVICE9, D3DPRESENT_PARAMETERS*);
typedef HRESULT (WINAPI* EndScene_Prototype) (LPDIRECT3DDEVICE9);
typedef HRESULT (WINAPI* DrawIndexedPrimitive_Prototype) (LPDIRECT3DDEVICE9, D3DPRIMITIVETYPE, INT, UINT, UINT, UINT, UINT);

CreateDevice_Prototype CreateDevice_Pointer = NULL;
Reset_Prototype Reset_Pointer = NULL;

EndScene_Prototype EndScene_Pointer = NULL;
DrawIndexedPrimitive_Prototype DrawIndexedPrimitive_Pointer = NULL;

HRESULT WINAPI Direct3DCreate9_VMTable (VOID);
HRESULT WINAPI CreateDevice_Detour (LPDIRECT3D9, UINT, D3DDEVTYPE, HWND, DWORD, D3DPRESENT_PARAMETERS*, LPDIRECT3DDEVICE9*);

HRESULT WINAPI Reset_Detour (LPDIRECT3DDEVICE9, D3DPRESENT_PARAMETERS*);
HRESULT WINAPI EndScene_Detour (LPDIRECT3DDEVICE9);

HRESULT WINAPI DrawIndexedPrimitive_Detour(LPDIRECT3DDEVICE9, D3DPRIMITIVETYPE, INT, UINT, UINT, UINT, UINT);

DWORD WINAPI VirtualMethodTableRepatchingLoopToCounterExtensionRepatching(LPVOID);
PDWORD Direct3D_VMTable = NULL;

int ESCount = 0;
int RCount = 0;
int DIPCount = 0;


bool WINAPI DllMain(HINSTANCE Module, DWORD Reason, LPVOID Reserved) {
	if (Reason == DLL_PROCESS_ATTACH) {
		DisableThreadLibraryCalls(Module);
		MessageBox(NULL, (LPCSTR)"Attempting to hook D3D9...", (LPCSTR)"Xareq Private", MB_OK);
		if (Direct3DCreate9_VMTable() == D3D_OK) {
			MessageBox(NULL, (LPCSTR)"Hook Successful!", (LPCSTR)"Xareq Private", MB_OK);
			return true;
		};
		MessageBox(NULL, (LPCSTR)"Hook Failed!", (LPCSTR)"Xareq Private", MB_OK);
		return false;
	};
};

HRESULT WINAPI Direct3DCreate9_VMTable(VOID) {
	LPDIRECT3D9 Direct3D_Object = Direct3DCreate9(D3D_SDK_VERSION);
	if(Direct3D_Object == NULL)
		return D3DERR_INVALIDCALL;
	Direct3D_VMTable = (PDWORD)*(PDWORD)Direct3D_Object;
	Direct3D_Object -> Release();
	DWORD Protect;
	if(VirtualProtect(&Direct3D_VMTable[16], sizeof(DWORD), PAGE_READWRITE, &Protect) != 0) {
		*(PDWORD)&CreateDevice_Pointer = Direct3D_VMTable[16];
		*(PDWORD)&Direct3D_VMTable[16] = (DWORD)CreateDevice_Detour;
		if(VirtualProtect(&Direct3D_VMTable[16], sizeof(DWORD), Protect, &Protect) == 0)
			return D3DERR_INVALIDCALL;
	}
	else {
		return D3DERR_INVALIDCALL;
	};
	return D3D_OK;
};

HRESULT WINAPI CreateDevice_Detour(
	LPDIRECT3D9 Direct3D_Object,
	UINT Adapter,
	D3DDEVTYPE DeviceType,
	HWND FocusWindow,
	DWORD BehaviorFlags,
	D3DPRESENT_PARAMETERS* PresentationParameters, 
    LPDIRECT3DDEVICE9* Returned_Device_Interface
) {
	HRESULT Returned_Result = CreateDevice_Pointer(
	Direct3D_Object,
	Adapter,
	DeviceType,
	FocusWindow,
	BehaviorFlags, 
	PresentationParameters,
	Returned_Device_Interface
	);
	DWORD Protect;
	if(VirtualProtect(&Direct3D_VMTable[16], sizeof(DWORD), PAGE_READWRITE, &Protect) != 0) {
		*(PDWORD)&Direct3D_VMTable[16] = *(PDWORD)&CreateDevice_Pointer;
		CreateDevice_Pointer = NULL;
		if(VirtualProtect(&Direct3D_VMTable[16], sizeof(DWORD), Protect, &Protect) == 0) {
			return D3DERR_INVALIDCALL;
		};
	}
	else {
		return D3DERR_INVALIDCALL;
	};
	if(Returned_Result == D3D_OK) {
		Direct3D_VMTable = (PDWORD)*(PDWORD)*Returned_Device_Interface;
		*(PDWORD)&Reset_Pointer = (DWORD)Direct3D_VMTable[16];
		*(PDWORD)&EndScene_Pointer = (DWORD)Direct3D_VMTable[42];
		*(PDWORD)&DrawIndexedPrimitive_Pointer = (DWORD)Direct3D_VMTable[82];
		if(CreateThread(NULL, 0, VirtualMethodTableRepatchingLoopToCounterExtensionRepatching, NULL, 0, NULL) == NULL)
			return D3DERR_INVALIDCALL;
	};
	return Returned_Result;
};

HRESULT WINAPI Reset_Detour(LPDIRECT3DDEVICE9 Device_Interface, D3DPRESENT_PARAMETERS* PresentationParameters)
{
	_asm NOP;
	_asm PUSHAD;
		if (RCount == 0) {
			RCount = (RCount + 1);
			MessageBox(NULL, (LPCSTR)"Reset Hooked!", (LPCSTR)"Xareq Private", MB_OK);
		};
	_asm POPAD;
	return Reset_Pointer(Device_Interface, PresentationParameters);
};

HRESULT WINAPI EndScene_Detour(LPDIRECT3DDEVICE9 Device_Interface)
{
	_asm NOP;
	_asm PUSHAD;
		D3DCOLOR Color = D3DCOLOR_XRGB(255, 255, 255);
		D3DRECT Rectangle = {15, 15, 30, 30};
		Device_Interface -> Clear(1, &Rectangle,  (D3DCLEAR_TARGET | D3DCLEAR_TARGET), Color, 0, 0);
		if (ESCount == 0) {
			ESCount = (ESCount + 1);
			MessageBox(NULL, (LPCSTR)"EndScene hooked!", (LPCSTR)"Xareq Private", MB_OK);
		};
	_asm POPAD;
  return EndScene_Pointer(Device_Interface);
};

HRESULT WINAPI DrawIndexedPrimitive_DetouredCode(LPDIRECT3DDEVICE9 Device_Interface, UINT Stride) {
	_asm NOP;
	_asm PUSHAD;
		if (DIPCount == 0) {
			DIPCount = (DIPCount + 1);
			MessageBox(NULL, (LPCSTR)"Reset Hooked!", (LPCSTR)"Xareq Private", MB_OK);
		};
	_asm  POPAD;
};

HRESULT WINAPI DrawIndexedPrimitive_Detour(
	LPDIRECT3DDEVICE9 Device_Interface,
	D3DPRIMITIVETYPE Type,
	INT BaseIndex,
	UINT MinIndex,
	UINT NumVertices,
	UINT StartIndex,
	UINT PrimitiveCount
) {
	LPDIRECT3DVERTEXBUFFER9 Stream_Data;
	UINT Offset = 0;
	UINT Stride = 0;
	if(Device_Interface -> GetStreamSource(0, &Stream_Data, &Offset, &Stride) == D3D_OK) {
		Stream_Data->Release();
	};
	DrawIndexedPrimitive_DetouredCode(Device_Interface, Stride);
	return DrawIndexedPrimitive_Pointer(Device_Interface, Type, BaseIndex, MinIndex, NumVertices, StartIndex, PrimitiveCount);
};

DWORD WINAPI VirtualMethodTableRepatchingLoopToCounterExtensionRepatching(LPVOID Parameter) {
	UNREFERENCED_PARAMETER(Parameter); 
	while (true) {
		Sleep(50);
		*(PDWORD)&Direct3D_VMTable[16] = (DWORD)Reset_Detour;
		*(PDWORD)&Direct3D_VMTable[42] = (DWORD)EndScene_Detour;
		*(PDWORD)&Direct3D_VMTable[82] = (DWORD)DrawIndexedPrimitive_Detour;
	};
	return 1;
};
    Last edited by Goocolax; 12-02-2017 at 10:04 AM. Reason: THREAD REWRITE
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Similar Threads

  1. Writememory d3d9 hook
    By deve48 in forum C++/C Programming
    Replies: 2
    Last Post: 03-30-2011, 01:00 PM
  2. [Release] NEW Public D3D9 Hook [22/07/10]
    By D3athBringer in forum WarRock - International Hacks
    Replies: 158
    Last Post: 07-25-2010, 11:52 PM
  3. D3D9 Hook problem [solved]
    By why06 in forum C++/C Programming
    Replies: 12
    Last Post: 03-28-2010, 08:02 PM
  4. D3D9 hook undetected
    By systemfiles in forum PunkBuster
    Replies: 1
    Last Post: 11-28-2009, 01:12 AM
  5. D3D9 Hooking
    By Someguytwo in forum C++/C Programming
    Replies: 9
    Last Post: 01-18-2008, 10:31 AM