Help with hooking from a dll

[Anddos]

Here's my dll code , the messagebox hook works fine but now i want to get a handle to the d3d device and unsure how todo it using Hook and UnHook

Code:

#include "stdafx.h"
#include <stdio.h>
#include <d3d9.h>
#include <d3dx9.h>
#pragma comment (lib, "d3d9.lib")
#pragma comment (lib, "d3dx9.lib")
char FileName[64];
int MyMessageBoxA(HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType);
int MyCreateDevice9(UINT adapter, D3DDEVTYPE deviceType, HWND focusWindow,DWORD behaviourFlags, D3DPRESENT_PARAMETERS *presentationParameters, IDirect3DDevice9** device);
DWORD HookFunction(LPCSTR lpModule, LPCSTR lpFuncName, LPVOID lpFunction, unsigned char *lpBackup);
BOOL UnHookFunction(LPCSTR lpModule, LPCSTR lpFuncName, unsigned char *lpBackup);
void RenderScene(LPDIRECT3DDEVICE9 d3ddev);

BYTE hook[6];
LPDIRECT3D9 d3d;

BOOL APIENTRY DllMain( HMODULE hModule,
                       DWORD  ul_reason_for_call,
                       LPVOID lpReserved
					 )
{
	switch (ul_reason_for_call)
	{
	case DLL_PROCESS_ATTACH:
		GetModuleFileName(NULL,FileName,sizeof(FileName));
		MessageBox(NULL,"Injected",FileName,0);
		HookFunction("user32.dll", "MessageBoxA", MyMessageBoxA, hook); //this is a sample of runtime hook
	    MessageBox(0, "HEY", "", MB_OK);
		HookFunction("d3d9.dll", "CreateDevice", MyCreateDevice9, hook); 
	    
		
	case DLL_THREAD_ATTACH:
	case DLL_THREAD_DETACH:
	case DLL_PROCESS_DETACH:
		break;
	}
	return TRUE;
}

int MyCreateDevice9(UINT adapter, D3DDEVTYPE deviceType, HWND focusWindow,DWORD behaviourFlags, D3DPRESENT_PARAMETERS *presentationParameters, IDirect3DDevice9** device)
{
	    d3d = Direct3DCreate9(D3D_SDK_VERSION);
		UnHookFunction("d3d9.dll", "CreateDevice", hook);
		//device should be the active device in the game right?
		int x = d3d->CreateDevice(adapter,deviceType,focusWindow,behaviourFlags, presentationParameters,device);
		HookFunction("d3d9.dll", "CreateDevice", MyCreateDevice9, hook);
		return x;
}


int MyMessageBoxA(HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType)
{
        UnHookFunction("user32.dll", "MessageBoxA", hook);
		char msg[32];
		sprintf(msg, "HOOKED!!\n\n%s", lpText);
		int x = MessageBox(hWnd, msg, lpCaption, uType);
		HookFunction("user32.dll", "MessageBoxA", MyMessageBoxA, hook);
		return x;
}


DWORD HookFunction(LPCSTR lpModule, LPCSTR lpFuncName, LPVOID lpFunction, unsigned char *lpBackup)
{
	DWORD dwAddr = (DWORD)GetProcAddress(GetModuleHandle(lpModule), lpFuncName);

        BYTE jmp[6] = { 0xe9,   //jmp

                0x00, 0x00, 0x00, 0x00, //address

                0xc3

        };      //retn

		ReadProcessMemory(GetCurrentProcess(), (LPVOID)dwAddr, lpBackup, 6, 0);
		DWORD dwCalc = ((DWORD)lpFunction - dwAddr - 5);        //((to)-(from)-5)
		memcpy(&jmp[1], &dwCalc, 4);    //build the jmp
		WriteProcessMemory(GetCurrentProcess(), (LPVOID)dwAddr, jmp, 6, 0);
		return dwAddr;
}


BOOL UnHookFunction(LPCSTR lpModule, LPCSTR lpFuncName, unsigned char *lpBackup)
{

        DWORD dwAddr = (DWORD)GetProcAddress(GetModuleHandle(lpModule), lpFuncName);
		if (WriteProcessMemory(GetCurrentProcess(), (LPVOID)dwAddr, lpBackup, 6, 0))
			return TRUE;

		return FALSE;

}

void RenderScene(LPDIRECT3DDEVICE9 d3ddev)
{
	d3ddev->Clear(0, NULL, D3DCLEAR_TARGET, D3DCOLOR_XRGB(0, 0, 0), 1.0f, 0);
    d3ddev->Clear(0, NULL, D3DCLEAR_ZBUFFER, D3DCOLOR_XRGB(0, 0, 0), 1.0f, 0);

    d3ddev->BeginScene();

	d3ddev->EndScene(); 
	d3ddev->Present(NULL, NULL, NULL, NULL);
}

[Hell_Demon]

HMODULE hModule = LoadLibrary("d3d9.dll");
FARPROC d3dc9 = GetProcAddress(hModule, "Direct3DCreate9");

That's all i'll give you figure the rest our yourself

[Anddos]

well i know about that , but i want to use the device that is running the game and not create a new one , thats what hooking runtime means , you get to access the parameters that was used at compile time...

[falzarex]

Get the device pointer

[Anddos]

Care to explain how?

[falzarex]

I need to check my code lol haven't touched it in awhile
oh yeah welcome to mpgh