[Help] Endscene hook crashes game

**alant1337** · 12-18-2015

Hello,
I'm trying to hook the EndScene function, but for some reason the game crashes. I've already hooked DrawIndexedPrimitive to make a wallhack with chams and it works perfectly, but as soon as i try to hook endscene the game crashes. Here is the code of the main:

Code:

#define _CRT_SECURE_NO_WARNINGS 
#define _CRT_NON_CONFORMING_SWPRINTFS
#include "Header.h"

BOOL APIENTRY DllMain(HMODULE hModule,
	DWORD  ul_reason_for_call,
	LPVOID lpReserved
	)
{
	switch (ul_reason_for_call)
	{
	case DLL_PROCESS_ATTACH:
		HANDLE tmpHandle;
		MyInstance = hModule;
		tmpHandle = CreateThread(0, 0, (LPTHREAD_START_ROUTINE)&hookthread, 0, 0, 0);
		break;

	case DLL_PROCESS_DETACH:
		break;
	}
	return TRUE;
}

HRESULT __stdcall EndSceneHook(LPDIRECT3DDEVICE9 Device)
{
	DrawRect(Device, 10, 10, 200, 200, txtPink);
	return OrigEndScene(Device);
}

HRESULT __stdcall DrawIndexedPrimitiveHook(IDirect3DDevice9* Device, D3DPRIMITIVETYPE Type, INT BaseVertexIndex, UINT MinIndex, UINT NumVertices, UINT StartIndex, UINT PrimitiveCount)
{
	if (DIPInit)
	{
		swprintf(PathBuffer, 512, L"%s\\RedTex.png", DllPath);
		D3DXCreateTextureFromFileEx(Device, PathBuffer, D3DX_DEFAULT, D3DX_DEFAULT, D3DX_DEFAULT, 0, D3DFMT_A8R8G8B8, D3DPOOL_DEFAULT, D3DX_FILTER_NONE, D3DX_FILTER_NONE, 0, NULL, NULL, &RedTexture);
		swprintf(PathBuffer, 512, L"%s\\GreenTex.png", DllPath);
		D3DXCreateTextureFromFileEx(Device, PathBuffer, D3DX_DEFAULT, D3DX_DEFAULT, D3DX_DEFAULT, 0, D3DFMT_A8R8G8B8, D3DPOOL_DEFAULT, D3DX_FILTER_NONE, D3DX_FILTER_NONE, 0, NULL, NULL, &GreenTexture);
		DIPInit = false;
	}
	if (LOGS)
	{
		Device->SetRenderState(D3DRS_ZENABLE, false);
		Device->SetTexture(0, GreenTexture);
		OrigDrawIndexedPrimitive(Device, Type, BaseVertexIndex, MinIndex, NumVertices, StartIndex, PrimitiveCount);
		Device->SetRenderState(D3DRS_ZENABLE, true);
		Device->SetTexture(0, RedTexture);
	}

	return OrigDrawIndexedPrimitive(Device, Type, BaseVertexIndex, MinIndex, NumVertices, StartIndex, PrimitiveCount);
}

HRESULT __stdcall ResetHook(IDirect3DDevice9* Device, D3DPRESENT_PARAMETERS* Params)
{
	if (!DIPInit)
	{
		RedTexture->Release();
		GreenTexture->Release();
	}

	DIPInit = true;


	return OrigReset(Device, Params);
}



DWORD WINAPI hookthread(void)
{
	GetDir(MyInstance, DllPath, 512);
	D3d9Base = (DWORD)GetModuleHandle(L"d3d9.dll");
	while (!D3d9Base)
	{
		D3d9Base = (DWORD)GetModuleHandle(L"d3d9.dll");
		Sleep(100);
	}
	DWORD TempAdd = FindPattern(D3d9Base, 0x128000, (BYTE*) "\xC7\x06\x00\x00\x00\x00\x89\x86\x00\x00\x00\x00\x89\x86", "xx????xx????xx");
	while (!TempAdd)
	{
		TempAdd = FindPattern(D3d9Base, 0x128000, (BYTE*) "\xC7\x06\x00\x00\x00\x00\x89\x86\x00\x00\x00\x00\x89\x86", "xx????xx????xx");
		Sleep(100);
	}
	D3d9VTable = (DWORD*)*(DWORD*)(TempAdd + 2);
	OrigDrawIndexedPrimitive = (DrawIndexedPrimitive_t)DetourFunc((BYTE*)D3d9VTable[82], (BYTE*)DrawIndexedPrimitiveHook, 5);
	OrigReset = (Reset_t)DetourFunc((BYTE*)D3d9VTable[16], (BYTE*)ResetHook, 5);
	OrigEndScene = (EndScene_t)DetourFunc((BYTE*)D3d9VTable[42], (BYTE*)EndSceneHook, 5);
	return 0;
}

and here of the header:

Code:

#ifndef HEADER_H
#define HEADER_H

#include <iostream>
#include <Windows.h>
#include <d3d9.h>
#include <d3dx9.h>
#include <time.h>
#include <cstdio>

DWORD WINAPI hookthread(void);

#define LOG_0 (NumVertices == 1858 && PrimitiveCount == 3034)//rust
#define LOGS (LOG_0)

///////////////////////////////////////////Hooks/////////////////////////////////////////
typedef HRESULT(__stdcall* DrawIndexedPrimitive_t)(IDirect3DDevice9*, D3DPRIMITIVETYPE, INT, UINT, UINT, UINT, UINT);
typedef HRESULT(__stdcall* Reset_t)(IDirect3DDevice9*, D3DPRESENT_PARAMETERS*);
typedef HRESULT(__stdcall* EndScene_t)(LPDIRECT3DDEVICE9);
////////////////////////////////////////////////////////////////////////////////////////



bool DIPInit = true;
IDirect3DTexture9* RedTexture;
IDirect3DTexture9* GreenTexture;

DWORD D3d9Base;
DWORD* D3d9VTable;

wchar_t DllPath[512];
wchar_t PathBuffer[512];

HINSTANCE MyInstance;

DrawIndexedPrimitive_t OrigDrawIndexedPrimitive;
Reset_t OrigReset;
EndScene_t OrigEndScene;

//drawing//
void DrawRect(LPDIRECT3DDEVICE9 Device_t, int X, int Y, int L, int H, D3DCOLOR color)
{
	D3DRECT rect = { X, Y, X + L, Y + H };
	Device_t->Clear(1, &rect, D3DCLEAR_TARGET, color, 0, 0); // bei Google gibt’s näheres
}
const D3DCOLOR txtPink = D3DCOLOR_ARGB(255, 255, 0, 255); // Alpha, Rot, Grün, Blau
//drawing end//



void* DetourFunc(PBYTE src, const PBYTE dst, const int len)
{
	DWORD dwback;
	BYTE* jmp = (BYTE*)malloc(len + 5);
	VirtualProtect(jmp, len + 5, PAGE_EXECUTE_READWRITE, &dwback);
	VirtualProtect(src, len, PAGE_READWRITE, &dwback);
	memcpy(jmp, src, len);
	jmp += len; jmp[0] = 0xE9;
	*(DWORD*)(jmp + 1) = (DWORD)(src + len - jmp) - 5;
	src[0] = 0xE9;
	*(DWORD*)(src + 1) = (DWORD)(dst - src) - 5;
	for (int i = 5; i < len; i++)
	{
		src[i] = 0x90;
	}
	VirtualProtect(src, len, dwback, &dwback);
	return (jmp - len);
}
bool DataCompare(const BYTE* Data, const BYTE* HexMask, const char* MatchMask)
{
	for (; *MatchMask; ++MatchMask, ++Data, ++HexMask)
	{
		if (*MatchMask == 'x' && *Data != *HexMask)
		{
			return false;
		}
	}
	return (*MatchMask) == NULL;
}
DWORD FindPattern(DWORD Address, DWORD Len, BYTE* HexMask, char* MatchMask)
{
	for (DWORD i = 0; i < Len; i++)
	{
		if (DataCompare((BYTE*)(Address + i), HexMask, MatchMask))
		{
			return (DWORD)(Address + i);
		}
	}
	return NULL;
}
unsigned int GetDir(HINSTANCE hInstance, wchar_t* Buffer, int MaxSize = 512)
{
	unsigned int Len = GetModuleFileName(hInstance, Buffer, MaxSize);
	if (Len)
	{
		while (Len && Buffer[Len] != '\\')
		{
			Len--;
		}
		if (Len)
		{
			Buffer[Len] = '\0';
		}
	}
	return Len;
}
namespace Drawing
{
	void Line(LPDIRECT3DDEVICE9 pDevice, float X, float Y, float Width, float Height, D3DCOLOR Color)
	{
		struct Vertex2D
		{
			float m_X, m_Y, m_Z, m_T;
			DWORD m_Color;
		};
		Vertex2D Vertex[4];
		Vertex[0].m_Color = Vertex[1].m_Color = Vertex[2].m_Color = Vertex[3].m_Color = Color;
		Vertex[0].m_Z = Vertex[1].m_Z = Vertex[2].m_Z = Vertex[3].m_Z = 0;
		Vertex[0].m_T = Vertex[1].m_T = Vertex[2].m_T = Vertex[3].m_T = 0;
		Vertex[0].m_X = Vertex[2].m_X = X;
		Vertex[0].m_Y = Vertex[1].m_Y = Y;
		Vertex[1].m_X = Vertex[3].m_X = X + Width;
		Vertex[2].m_Y = Vertex[3].m_Y = Y + Height;
		pDevice->SetTexture(0, NULL);
		pDevice->SetFVF(D3DFVF_XYZRHW | D3DFVF_DIFFUSE | D3DFVF_TEX1);
		pDevice->DrawPrimitiveUP(D3DPT_TRIANGLESTRIP, 2, Vertex, sizeof(Vertex2D));
	}

	void Box(LPDIRECT3DDEVICE9 pDevice, float X, float Y, float Width, float Height, float Thickness, D3DCOLOR Color)
	{
		Line(pDevice, X + Thickness, Y + Height - Thickness, Width - (Thickness * 2), Thickness, Color);
		Line(pDevice, X, Y, Thickness, Height, Color);
		Line(pDevice, X + Thickness, Y, Width - (Thickness * 2), Thickness, Color);
		Line(pDevice, X + Width - Thickness, Y, Thickness, Height, Color);
	}

	void DrawString(ID3DXFont *Font, float PosX, float PosY, DWORD Color, char *Text)
	{
		if (Font == NULL)
			return;
		static RECT FontRect;
		SetRect(&FontRect, 0, 0, 0, 0);
		Font->DrawTextA(0, Text, -1, &FontRect, DT_CALCRECT, Color);
		int Width = FontRect.right - FontRect.left;
		int Height = FontRect.bottom - FontRect.top;
		FontRect.right = FontRect.left + Width;
		FontRect.bottom = FontRect.top + Height;
		FontRect.left = (LONG)PosX;
		FontRect.top = (LONG)PosY;
		Font->DrawTextA(0, Text, -1, &FontRect, DT_NOCLIP, Color);
	}
}




#endif

I hope you guys can help me

greetings
AlanT

**hkKenshin** · 12-19-2015

Are you sure the original EndScene begins with a 5 byte opcode?
I haven't done x86 directx hooks in years but I believed ( d3d9 ) endscene was 7 or 9 bytes.

Thread: [Help] Endscene hook crashes game

Thread Tools

Display

[Help] Endscene hook crashes game

Similar Threads

[Solved] Help With This Crashing the game

[Help] Menu Script Crashes Game

[Help Request] HELP please!! CA crashes only 5 mins in game ): [Windows XP SP3]

[Help] Hook crashes the game while joining

[Help Request] problem with crashing game. help :)?