Getting D3D Device in d3d9.dll

**kmanev073** · 09-12-2012

Hello,
I just realized that with engine hook you can only make hacks with strides 40 and 44 atleast for my hook... and i was wondering how to get the d3d device from d3d9.dll ?

this is the code on my PC... any way the device should be the last push

so if the DIP address is 0x6E97BE28... ftw this is the last push before the DIP address...

really confused can someone explain ?

Code:

6E80B6B1     8BFF           MOV EDI,EDI
6E80B6B3   . 55             PUSH EBP
6E80B6B4   . 8BEC           MOV EBP,ESP
6E80B6B6   . 6A FF          PUSH -1
6E80B6B8   . 68 28BE976E    PUSH d3d9.6E97BE28
6E80B6BD   . 64:A1 00000000 MOV EAX,DWORD PTR FS:[0]
6E80B6C3   . 50             PUSH EAX
6E80B6C4   . 83EC 20        SUB ESP,20
6E80B6C7   . 53             PUSH EBX
6E80B6C8   . 56             PUSH ESI
6E80B6C9   . 57             PUSH EDI
6E80B6CA   . A1 5092986E    MOV EAX,DWORD PTR DS:[6E989250]
6E80B6CF   . 33C5           XOR EAX,EBP
6E80B6D1   . 50             PUSH EAX

**tianz** · 09-12-2012

u find DIP right...
open your crossfire.. in login menu alt+tab.. open ollydbg.. file and attach your crossfire.. klik right.. view cshell.. ctrl + B.. (if xtrap detected u need crossfirebypass)
hex :
8B 10 8B 92 ?? ?? ?? ?? 51 8B 4C 24 ?? 55 51 6A ?? 6A ?? 50 FF D2 8B 43 ?? 8B 8C 24

example :

004B4A37 8B01 MOV EAX,DWORD PTR DS:[ECX]
004B4A39 8B4C24 18 MOV ECX,DWORD PTR SS:[ESP+18]
004B4A3D 8B10 MOV EDX,DWORD PTR DS:[EAX] <===== This DIP enggin 004B4A3D and 8B10 *
004B4A3F 8B92 48010000 MOV EDX,DWORD PTR DS:[EDX+148] <===== MOV EDX,DWORD PTR DS:[EDX+148]
004B4A45 51 PUSH ECX
004B4A46 8B4C24 20 MOV ECX,DWORD PTR SS:[ESP+20]
004B4A4A 55 PUSH EBP

* Example for if( memcmp( ( VOID * )DIPEngine, ( VOID * )( PBYTE )"\x8B\x10", 2 ) == 0 )
if this helps you. click thanks ..

**kmanev073** · 09-12-2012

Originally Posted by tianz

u find DIP right...
open your crossfire.. in login menu alt+tab.. open ollydbg.. file and attach your crossfire.. klik right.. view cshell.. ctrl + B.. (if xtrap detected u need crossfirebypass)
hex :
8B 10 8B 92 ?? ?? ?? ?? 51 8B 4C 24 ?? 55 51 6A ?? 6A ?? 50 FF D2 8B 43 ?? 8B 8C 24

example :

004B4A37 8B01 MOV EAX,DWORD PTR DS:[ECX]
004B4A39 8B4C24 18 MOV ECX,DWORD PTR SS:[ESP+18]
004B4A3D 8B10 MOV EDX,DWORD PTR DS:[EAX] <===== This DIP enggin 004B4A3D and 8B10 *
004B4A3F 8B92 48010000 MOV EDX,DWORD PTR DS:[EDX+148] <===== MOV EDX,DWORD PTR DS:[EDX+148]
004B4A45 51 PUSH ECX
004B4A46 8B4C24 20 MOV ECX,DWORD PTR SS:[ESP+20]
004B4A4A 55 PUSH EBP

* Example for if( memcmp( ( VOID * )DIPEngine, ( VOID * )( PBYTE )"\x8B\x10", 2 ) == 0 )
if this helps you. click thanks ..

wtf :S are you talking about :S:S:S this binary is incrossfire.exe + i asked for the device not where to hook :S

**Shartob1** · 09-12-2012

Originally Posted by tianz

u find DIP right...
open your crossfire.. in login menu alt+tab.. open ollydbg.. file and attach your crossfire.. klik right.. view cshell.. ctrl + B.. (if xtrap detected u need crossfirebypass)
hex :
8B 10 8B 92 ?? ?? ?? ?? 51 8B 4C 24 ?? 55 51 6A ?? 6A ?? 50 FF D2 8B 43 ?? 8B 8C 24

example :

004B4A37 8B01 MOV EAX,DWORD PTR DS:[ECX]
004B4A39 8B4C24 18 MOV ECX,DWORD PTR SS:[ESP+18]
004B4A3D 8B10 MOV EDX,DWORD PTR DS:[EAX] <===== This DIP enggin 004B4A3D and 8B10 *
004B4A3F 8B92 48010000 MOV EDX,DWORD PTR DS:[EDX+148] <===== MOV EDX,DWORD PTR DS:[EDX+148]
004B4A45 51 PUSH ECX
004B4A46 8B4C24 20 MOV ECX,DWORD PTR SS:[ESP+20]
004B4A4A 55 PUSH EBP

* Example for if( memcmp( ( VOID * )DIPEngine, ( VOID * )( PBYTE )"\x8B\x10", 2 ) == 0 )
if this helps you. click thanks ..

Wow, very userfull.. thanks!
and then you can help me? how to find Weapon manager and source no recoil for D3D menu!
Thanks before, if you help me.. i will put credit in my hack!

**tianz** · 09-12-2012

03E986AD D998 380C0000 FSTP DWORD PTR DS:[EAX+C38] <========== ReloadAnimRatio
03E986C6 8B0D C87B9A04 MOV ECX,DWORD PTR DS:[49A7BC8]<========== WeaponMgr
03E98624 D99A 3C0C0000 FSTP DWORD PTR DS:[EDX+C3C] <========== WeaponAnimRatio

For crossfire INDO

**derh.acker** · 09-12-2012

You only need assembly knowledge...

**giniyat101** · 09-12-2012

you are very confusing .. u first say engine hook and then say dip address is 0x6E97BE28 then try to find device pointer? wtf ?
the device pointer is not static, you can call CreateDevice 50 times and obtain 50 different device and why the fuck do u even need it?

**kmanev073** · 09-12-2012

Originally Posted by giniyat101

you are very confusing .. u first say engine hook and then say dip address is 0x6E97BE28 then try to find device pointer? wtf ?
the device pointer is not static, you can call CreateDevice 50 times and obtain 50 different device and why the fuck do u even need it?

you never understand me... i just want a pointer to it so i can make wallhack :| @derh.acker yep

it was in ESI

Thread: Getting D3D Device in d3d9.dll

Thread Tools

Display

Getting D3D Device in d3d9.dll

The Following 2 Users Say Thank You to tianz For This Useful Post:

The Following User Says Thank You to tianz For This Useful Post:

The Following 2 Users Say Thank You to giniyat101 For This Useful Post:

Similar Threads

[Help] I was trying To Make A D3D But I got d3d9.dll Error!!

[CoD:MW2] Getting the D3D Device pointer

System32 d3d9.dll?

[Request] d3d9.dll for XP

Can someone Upload d3d9.dll