Code:
#include <windows.h>
#include <d3d9.h>
#include <d3dx9.h>
#pragma comment(lib, "d3d9.lib")
#pragma comment(lib, "d3dx9.lib")
#define PresentEngine 0x004C41AF
DWORD retPresentEngine = ( PresentEngine + 0x5 );
#define Red D3DCOLOR_ARGB( 255, 255, 000, 000 )
#define Green D3DCOLOR_ARGB( 255, 000, 255, 000 )
#define Blue D3DCOLOR_ARGB( 255, 000, 000, 255 )
#define Black D3DCOLOR_ARGB( 255, 000, 000, 000 )
LPD3DXFONT Font;
VOID StartFont( LPDIRECT3DDEVICE9 pDevice )
{
if( Font )
{
Font->Release();
Font = NULL;
}
if( !Font )
{
D3DXCreateFont( pDevice,
14,
0,
FW_BOLD,
1,
0,
DEFAULT_CHARSET,
OUT_DEFAULT_PRECIS,
DEFAULT_QUALITY,
DEFAULT_PITCH | FF_DONTCARE,
"Arial",
&Font );
}
}
VOID WriteText( LPDIRECT3DDEVICE9 pDevice, INT x, INT y, DWORD color, CHAR *text )
{
RECT rect;
SetRect( &rect, x, y, x, y );
Font->DrawText( NULL, text, -1, &rect, DT_NOCLIP | DT_LEFT, color );
}
__declspec( naked ) HRESULT WINAPI PresentMidfunction( )
{
static LPDIRECT3DDEVICE9 pDevice;
__asm
{
MOV ECX, DWORD PTR DS:[EAX]
MOV EDX, DWORD PTR DS:[ECX + 0x44]
MOV DWORD PTR DS:[pDevice], EAX
PUSH 0
PUSHAD
}
StartFont( pDevice );
if( Font )
WriteText( pDevice, 300, 300, Red, "CrossFire: Hook Present Engine" );
__asm
{
POPAD
JMP retPresentEngine
}
}
VOID *DetourCreate( BYTE *src, CONST BYTE *dst, CONST INT len )
{
BYTE *jmp =( BYTE * ) malloc( len + 5 );
DWORD dwBack;
VirtualProtect( src, len, PAGE_READWRITE, &dwBack );
memcpy( jmp, src, len );
jmp += len;
jmp[0] = 0xE9;
*( DWORD * )( jmp + 1 ) = ( DWORD )( src + len - jmp ) - 5;
src[0] = 0xE9;
*( DWORD * )( src + 1 ) = ( DWORD )( dst - src ) - 5;
for( INT i = 5; i < len; i++ )
src[i] = 0x90;
VirtualProtect( src, len, dwBack, &dwBack );
return( jmp - len );
}
DWORD WINAPI StartRoutine( LPVOID )
{
while( TRUE )
{
if( memcmp( ( VOID * )PresentEngine, ( VOID * )( PBYTE )"\x8B\x51", 2 ) == 0 )
{
Sleep( 100 );
DetourCreate( ( PBYTE )PresentEngine, ( PBYTE )PresentMidfunction, 5 );
}
Sleep( 50 );
}
return 0;
}
BOOL WINAPI DllMain( HMODULE hDll, DWORD dwReason, LPVOID lpReserved )
{
if( dwReason == DLL_PROCESS_ATTACH )
{
DisableThreadLibraryCalls( hDll );
MessageBox( 0, "Hook Present Engine", "Crossfire", 0 );
CreateThread( 0, 0, (LPTHREAD_START_ROUTINE)StartRoutine, 0, 0, 0 );
}
return TRUE;
}