BF3 - ESP Base For You Guys /gewd

[MarkHC]

Hey all
since this section seems to die a little, i wanted to share something with you...
I've created a little project containing examples to draw lines, rectangles, filled rectangles and text. There are even more functions to find, but you can reverse them yourself
I also included a VTable Hook on IDXGISwapChain::Present which is currently Punkbuster Undetected
So go on and copy the released classes and create some nice ESP :P
Note: There is no screenshotblocker/cleaner included, so be careful.

Credits:
- KingOrgy: some Help and Hints
- The1Domo: leaked PDBs
- MSDN
- InUrFace

FILES:

EntryPoint.cpp

Code:

#include "includes.h"

DWORD WINAPI DllMain(HMODULE hDll, DWORD dwReasonForCall, LPVOID /* lpReserved*/)
{
	static HANDLE hThread=INVALID_HANDLE_VALUE;
	static DWORD dwExitCode;
	if(dwReasonForCall==DLL_PROCESS_ATTACH)
	{
		hThread=CreateThread(NULL,0,InitThread,NULL,0,NULL);
		return (hThread!=INVALID_HANDLE_VALUE);
	}
	else if(dwReasonForCall==DLL_PROCESS_DETACH)
	{
		if(origPresent)
		{
			HookVTableFunction((PDWORD*)fb::DxRenderer::Singleton()->pSwapChain,(PBYTE)origPresent,8);
			return 1;
		}
	}
	return 0;
}


DWORD WINAPI InitThread(LPVOID /* lpReserved*/)
{
	while(fb::DxRenderer::Singleton()==0)
		Sleep(10);
	while(fb::DebugRenderer2::Singleton()==0)
		Sleep(10);
	origPresent=(tPresent)HookVTableFunction((PDWORD*)fb::DxRenderer::Singleton()->pSwapChain,(PBYTE)&hkPresent,8);
	if(origPresent)
		return 1;
	return 0;
}


HRESULT WINAPI hkPresent(IDXGISwapChain* pSwapchain, UINT arg1, UINT arg2)
{
	fb::DebugRenderer2::Singleton()->drawText(20,20,fb::Color32(255,0,0,200),"Engine Drawing! ;)", 1.f);
	fb::DebugRenderer2::Singleton()->drawLine2d(&fb::Tuple2<float>(100,100),&fb::Tuple2<float>(200,200),fb::Color32(0,255,0,255));
	fb::DebugRenderer2::Singleton()->drawLineRect2d(&fb::Tuple2<float>(50,80),&fb::Tuple2<float>(180,150),fb::Color32(0,0,255,255));
	fb::DebugRenderer2::Singleton()->drawRect2d(&fb::Tuple2<float>(200,200),&fb::Tuple2<float>(220,220),fb::Color32(0,255,255,255));
	return origPresent(pSwapchain,arg1,arg2);
}

PBYTE WINAPI HookVTableFunction(PDWORD* ppVTable, PBYTE pHook, SIZE_T iIndex)
{
	DWORD dwOld = 0;
	VirtualProtect((void*)((*ppVTable) + iIndex), 4, PAGE_EXECUTE_READWRITE, &dwOld);
	PBYTE pOrig = ((PBYTE)(*ppVTable)[iIndex]); 
	(*ppVTable)[iIndex] = (DWORD)pHook;

	VirtualProtect((void*)((*ppVTable) + iIndex), 4, dwOld, &dwOld);

	return pOrig;
}

Include.h

Code:

#ifndef __INCLUDES_HEADER__
#define __INCLUDES_HEADER__

#include <Windows.h>
#include <d3d11.h>

#include <iostream>
#include <stdarg.h>


#include "ReversedStructs.h"

PBYTE WINAPI HookVTableFunction(PDWORD* ppVTable, PBYTE pHook, SIZE_T iIndex);
DWORD WINAPI DllMain(HMODULE hDll, DWORD dwReasonForCall, LPVOID /* lpReserved*/);
DWORD WINAPI InitThread(LPVOID /* lpReserved*/);
HRESULT WINAPI hkPresent(IDXGISwapChain* pSwapChain,UINT arg1, UINT arg2);

typedef HRESULT (WINAPI * tPresent)(IDXGISwapChain*, UINT, UINT);
tPresent origPresent=NULL;

#endif //__INCLUDES_HEADER__

ReversedStructs.h

Code:

#include "includes.h"

namespace fb
{
	class Color32
	{
	public:
		union
		{
			struct
			{
				BYTE R;
				BYTE G;
				BYTE B;
				BYTE A;
			};
			DWORD dwColor;
		};

	public:
		Color32(const DWORD _Color)
		{
			dwColor=_Color;
		}

		Color32(const BYTE Red,const BYTE Green,const BYTE Blue, const BYTE Alpha)
		{
			A=Alpha;
			R=Red;
			G=Green;
			B=Blue;
		}
	};

	template <class T>
	class Tuple2
	{
	public:
		T Element1;
		T Element2;

	public:
		Tuple2(T _Element1, T _Element2)
		{
			Element1=_Element1;
			Element2=_Element2;
		}
	};

	
	class RenderScreenInfo
	{
	public:
	};

	class DxRenderer
	{
	public:
		BYTE Pad_000[0x20];				// 0x00
		UINT m_nWidth;					// 0x20
		UINT m_nHeight;					// 0x24
		BYTE Pad_001[0xB0];				// 0x28
		ID3D11Device* pDevice;			// 0xD8
		ID3D11DeviceContext* pContext;  // 0xDC
		BYTE Pad_002[0x14];				// 0xE0
		IDXGISwapChain* pSwapChain;		// 0xF4

	public:
		static DxRenderer* Singleton()
		{
			return *(DxRenderer**)0x02389C94;
		}
	};


	class DebugRenderer2
	{
	public:
		static DebugRenderer2* Singleton(void) //Credits to KingOrgy for giving me some hints
		{
			typedef fb::DebugRenderer2* (__stdcall* fb__DebugRenderManager_getThreadContext_t)(void);
			fb__DebugRenderManager_getThreadContext_t fb__DebugRenderManager_getThreadContext=(fb__DebugRenderManager_getThreadContext_t)0x004B27E0;
			return fb__DebugRenderManager_getThreadContext();
		}

		void drawText(int x, int y, Color32 color, char* text, float scale)
		{
			typedef void (__thiscall *tdrawText)(fb::DebugRenderer2*,int, int, char*, Color32,float);
			tdrawText mdrawText=(tdrawText)0x004BA0F0;
			mdrawText(this,x,y,text,color,scale);
		}

		void drawLine2d(Tuple2<float>* pos1, Tuple2<float>* pos2, Color32 color)
		{
			typedef void (__thiscall *tdrawLine2d)(fb::DebugRenderer2*,Tuple2<float>*, Tuple2<float>*, Color32);
			tdrawLine2d mdrawLine2d=(tdrawLine2d)0x004BCB70;
			mdrawLine2d(this,pos1,pos2,color);
		}

		void drawLineRect2d(Tuple2<float>* minpos, Tuple2<float>* maxpos, Color32 color)
		{
			typedef void (__thiscall *tdrawLineRect2d)(fb::DebugRenderer2*,Tuple2<float>*, Tuple2<float>*, Color32);
			tdrawLineRect2d mdrawLineRect2d=(tdrawLineRect2d)0x004BD6B0;
			mdrawLineRect2d(this,minpos,maxpos,color);
		}

		void drawRect2d(Tuple2<float>* minpos, Tuple2<float>* maxpos, Color32 color)
		{
			typedef void (__thiscall *tdrawRect2d)(fb::DebugRenderer2*,Tuple2<float>*, Tuple2<float>*, Color32);
			tdrawRect2d mdrawRect2d=(tdrawRect2d)0x004BD8C0;
			mdrawRect2d(this,minpos,maxpos,color);
		}
	};
}

PS:Forgot to mention. I didn't created this, just leeched (But I'm not a leecher )

I was going to do one ESP by myself, but I'm traveling atm so I can't

[baccs]

nice find thanks for the share

[ModexLife]

User.cfg and write ?

Where are you taking files.

[MarkHC]

User.cfg and write ?

Errmm I think you're not a programmer.. so this is not for you

[ModexLife]

You tell me how to operate?

[baccs]

You tell me how to operate?

the only way to use this is to be a programer and compile into a .dll or an .exe

unless you know how to do this the info in this thread is useless to you

[iDennis]

does it contain a toggleable button?

[batuhan98]

i know nothing about coding. can someone make a tutorial or something or explain to me what i have to do?

[hiphippie]

i know nothing about coding. can someone make a tutorial or something or explain to me what i have to do?

Have you tried looking on Google for how to compile into dll or exe files? Please do. It saves you time while you waiting for a response, and it saves the people responding time from having to explain stuff you can find on Google.

This looks like C++, I only know Java, Python, Javascript, and CSS, so this is way out of my league, but see what you can find on tutorials for C++. It's a handy language to learn.

[batuhan98]

Have you tried looking on Google for how to compile into dll or exe files? Please do. It saves you time while you waiting for a response, and it saves the people responding time from having to explain stuff you can find on Google.

This looks like C++, I only know Java, Python, Javascript, and CSS, so this is way out of my league, but see what you can find on tutorials for C++. It's a handy language to learn.

never mind. i'll just stick with the fact that i'll learn it later because it looks complicated and im sure that it IS complicated. i'll leave it for the people that understand it

[MarkHC]

Just a bump to say that this method is still undetected... I'm starting to doubt that there's a real coder on BF3 section Just saying

[briankilla4]

Just a bump to say that this method is still undetected... I'm starting to doubt that there's a real coder on BF3 section Just saying

i alerady used it and made some useful things with it.

[MarkHC]

i alerady used it and made some useful things with it.

Good to know

[mertmho1]

i alerady used it and made some useful things with it.

So release maybe?

[amazingxx]

This thread reminded me to install Visual Studio, if nothing else I thank you for that .