DIP midfunction hook

[Xlilzoosk8rX]

NOTE: This is not my work just found it and thought i would share with MPGH.

Code:

DWORD dwDrawIndexedPrimitive_EngineCall = 0x006A3AEA;
DWORD dwDrawIndexedPrimitive_CaveJumpBack = dwDrawIndexedPrimitive_EngineCall + 0x8;

Code:

__declspec(naked) void __cdecl DrawIndexedPrimitive_CodeCave()
{
    static LPDIRECT3DDEVICE9 pDevice;
    static D3DPRIMITIVETYPE PrimType = D3DPT_TRIANGLELIST; //constant parameter 4
    static UINT MinIndex, nNumVertices, StartIndex, nPrimitiveCount;
    static INT BaseVertexIndex;
    
    __asm
    {
        MOV ECX, DWORD PTR DS:[EAX]
        MOV pDevice, EAX; 
        MOV EDX, DWORD PTR DS:[ECX+0x148]
        PUSHAD
        MOV ECX, [EBP + 0x18]
        MOV BaseVertexIndex, ECX 
        MOV ECX, [EBP + 0x8]
        MOV MinIndex, ECX      
        MOV ECX, [EBP + 0x10]
        MOV nNumVertices, ECX  
        MOV ECX, [EBP + 0xC]
        MOV StartIndex, ECX    
        MOV ECX, [EBP + 0x14]
        MOV nPrimitiveCount, ECX
    }


    //Second DIP call
    pDevice->DrawIndexedPrimitive(PrimType, BaseVertexIndex,  MinIndex, nNumVertices, StartIndex, nPrimitiveCount);


    __asm
    {
        POPAD
        JMP dwDrawIndexedPrimitive_CaveJumpBack;
    }
}

hook when in-game

Code:

DWORD CALLBACK DIPHook(LPVOID)
{
    while(1)
    {    
        if(*(int*)0x377B11B0 == 1)
            DetourCreate((PBYTE)dwDrawIndexedPrimitive_EngineCall, (PBYTE)DrawIndexedPrimitive_CodeCave, 8);
        else
            memcpy((void*)dwDrawIndexedPrimitive_EngineCall, (PBYTE)"\x8B\x08\x8B\x91\x48\x01\x00\x00", 8);

        Sleep(500);
    }

    return 0;
}

create thread when injected:

Code:

CreateThread(NULL, NULL, DIPHook, NULL, NULL, NULL);

please correct me if i credited wrwing person(s)

Credit to:
CodeDemon
Crash
donoob
fatboy88
Gellin
Marko
mmbob
NOOB
Scimmy
whit
i think thats everyone now
(Thanks @[POWER]

[[POWER]]

Credits

• CodeDemon
• Crash
• donoob
• fatboy88
• Gellin
• Marko
• mmbob
• NOOB
• Scimmy
• whit

[supercarz1991]

quit leeching shit you noob

[Xlilzoosk8rX]

its not leeched you dick i gave credits

[supascimmy]

obvious leech is obvious from one of my threads

[freedompeace]

You forgot the code to `DetourCreate()`..

[topblast]

You forgot the code to `DetourCreate()`..

Changes addy to {0xE9, Your Function}
Change Return to {Replaced Bytes , 0xE9 , Addy +length}

[matypatty]

you're a stupid dumb ass. I want to -rep you more.

[Tonylx4]

He said he didn't make it so why are you hating?

[FukoBackup]

He said he didn't make it so why are you hating?

Why the fuck are you begging for minion in your signature

[freedompeace]

Changes addy to {0xE9, Your Function}
Change Return to {Replaced Bytes , 0xE9 , Addy +length}

Regardless, if a code sample is going to be posted, all the code should be posted - leaving out functions that sample code depends on is counteracting the entire idea of a code snippet - this isn't some trivial 2 line function (what you said in the quote doesn't is ambiguous and has no real helpful value, as, again, it is incomplete -- length of what? addy of what?).

[matypatty]

I still hate this kid.... Why leach this...

[-Dimensions-]

Leeched, this should be removed. Even if you did give credits, it was originally found on another forum and therefore its leeched.

[CoderNever]

The credits for this is only

donoob - Posting his CA DIP Mid Function Other Players.
Crash - Finding GameStatus

It doesn't take all the coders listed to add parems to Donoobs' code.

[[POWER]]

The credits for this is only

donoob - Posting his CA DIP Mid Function Other Players.
Crash - Finding GameStatus

It doesn't take all the coders listed to add parems to Donoobs' code.

scimmy can credit whoever he wants to credit.