D3D menu

[DaneCoder]

Hello its me again I need some help with my d3d menu as you can see in the photo it gets detected after I turn on the hack functions(specially the chams) but when I test it in my no menu it doesnt get detected at all and when I ask other people about this detection others said "Its the detour, not the hooking". Others said "Its not the hooking, its the detour". And others said "Detour and hooking are still working your function is detected" and its making me confuse



Im using elextro

My detour.h

Code:

LPDIRECT3DVERTEXBUFFER9 Stream_Data;
UINT m_Stride; UINT OffsetsInBytes;

typedef HRESULT(WINAPI *tDrawIndexedPrimitive)(LPDIRECT3DDEVICE9 pDevice, D3DPRIMITIVETYPE A, INT B, UINT C, UINT D, UINT E, UINT F); 
tDrawIndexedPrimitive oDrawIndexedPrimitive;

typedef HRESULT(WINAPI *oPresent) (LPDIRECT3DDEVICE9 pDevice, CONST RECT* pSourceRect,CONST RECT* pDestRect,HWND hDestWindowOverride,CONST RGNDATA* pDirtyRegion);
oPresent pPresent;

DWORD DetourCreate(DWORD SrcVA, DWORD DstVA, DWORD Size)
{
	#define SIZEOF_JMP_NEAR  5

	if(SrcVA && DstVA && Size > 0)
	{
		DWORD DetourVA = (DWORD) 
		VirtualAlloc( NULL, Size + SIZEOF_JMP_NEAR, 
		MEM_COMMIT | MEM_TOP_DOWN, PAGE_EXECUTE_READWRITE );
		
		if(DetourVA == 0)
			return(0);

		DWORD dwProtect;

		if(VirtualProtect((PVOID)SrcVA, Size, PAGE_EXECUTE_READWRITE, &dwProtect ))
		{
			for(DWORD i = 0; i < Size; i++) {
				*(PBYTE)(DetourVA + i) = *(PBYTE)(SrcVA + i);
			}

			*(PBYTE)(DetourVA + Size + 0) = 0xE9;
			*(PDWORD)(DetourVA + Size + 1) = (SrcVA - DetourVA - SIZEOF_JMP_NEAR);

	    	*(PBYTE)(SrcVA + 0) = 0xE9;
			*(PDWORD)(SrcVA + 1) = (DstVA - SrcVA - SIZEOF_JMP_NEAR);

			VirtualProtect((PVOID)SrcVA, Size, dwProtect, &dwProtect );

			VirtualProtect((PVOID)DetourVA, Size + SIZEOF_JMP_NEAR, PAGE_EXECUTE_READ, &dwProtect);

	    	return DetourVA;
		}
	}
	return(NULL);
}

PVOID D3Ddiscover(void *tbl, int size)
{
	HWND hWnd;
	VOID *pInterface = NULL;
	D3DPRESENT_PARAMETERS d3dpp; 

	if((hWnd = CreateWindowEx(NULL, WC_DIALOG, "", WS_OVERLAPPED, 0, 0, 50, 50, NULL, NULL, NULL, NULL)) == NULL)
		return FALSE;

	ShowWindow(hWnd, SW_HIDE);
	LPDIRECT3D9	pD3D;
	LPDIRECT3DDEVICE9 pD3Ddev;

	if((pD3D = Direct3DCreate9(D3D_SDK_VERSION))!=NULL) 
	{
	    ZeroMemory(&d3dpp, sizeof(d3dpp));
	    d3dpp.Windowed         = TRUE;
		d3dpp.SwapEffect       = D3DSWAPEFFECT_DISCARD;
	    d3dpp.hDeviceWindow    = hWnd;
	    d3dpp.BackBufferFormat = D3DFMT_X8R8G8B8;
	    d3dpp.BackBufferWidth  = d3dpp.BackBufferHeight = 600;
		pD3D->CreateDevice(D3DADAPTER_DEFAULT,D3DDEVTYPE_HAL,hWnd,D3DCREATE_SOFTWARE_VERTEXPROCESSING,&d3dpp,&pD3Ddev);
		if (pD3Ddev)  {
		    pInterface = (PDWORD)*(DWORD *)pD3Ddev;
			memcpy(tbl,(void *)pInterface,size);
			pD3Ddev->Release();
		}
		pD3D->Release();
	}
	DestroyWindow(hWnd);
	return pInterface;
}

HRESULT GenerateTexture(LPDIRECT3DDEVICE9 pDevice, LPDIRECT3DTEXTURE9 *D3DTexture, DWORD D3DColor)
{
	if(FAILED(pDevice->CreateTexture(8, 8, 1, 0, D3DFMT_A4R4G4B4, D3DPOOL_MANAGED, D3DTexture, NULL)))
		return E_FAIL;

	WORD Color = ((WORD)((D3DColor >> 28) & 0xF) << 12)
				|(WORD)(((D3DColor >> 20) & 0xF) <<  8)
				|(WORD)(((D3DColor >> 12) & 0xF) << 04)
				|(WORD)(((D3DColor >> 04) & 0xF) << 00);

	D3DLOCKED_RECT pRect;
	(*D3DTexture)->LockRect(NULL, &pRect, NULL, NULL);
	WORD *pBits = (PWORD)pRect.pBits;

	for(INT i=0; i<8*8; i++)
		*pBits++ = Color;

	(*D3DTexture)->UnlockRect(NULL);

	return S_OK;
}

My hook

Code:

INT D3D(VOID)
{
	HINSTANCE hD3D; DWORD vTable[105];
	hD3D = NULL;

	do {
		hD3D = GetModuleHandle("d3d9.dll");
		if(!hD3D) Sleep(10);
	} while(!hD3D);

	if(D3Ddiscover((PVOID) &vTable[0], 420) == 0) return NULL;
	{
		pPresent = (oPresent)DetourCreate((DWORD)vTable[17], (DWORD)myPresent,12);
		oDrawIndexedPrimitive = (tDrawIndexedPrimitive)DetourCreate((DWORD)vTable[82], (DWORD)&DrawIndexedPrimitive, 5);

		Sleep(100);
	}
	return FALSE;
}

[TheG36]

Weapon Binder = Detected.

Your detours came with the base so that means it's already patched, detour is patched that's why the hook doesn't work.

[V3n0x]

try 2 use other base it might work

@TheG36 Weapon Binder Detected i thought its still working ??

[TheG36]

try 2 use other base it might work

@TheG36 Weapon Binder Detected i thought its still working ??

Here in Ph you'll receive a GG error.

[V3n0x]

Here in Ph you'll receive a GG error.

oh i see

[DaneCoder]

Weapon Binder = Detected.

Your detours came with the base so that means it's already patched, detour is patched that's why the hook doesn't work.

So you're saying that I only need to update my detour?

[TheG36]

So you're saying that I only need to update my detour?

Yes and good luck

[DaneCoder]

Edit: Still getting detected

Used this detour:

Code:

DWORD DetourCreate( DWORD  SrcVA, DWORD  DstVA, DWORD  Size )
{
	/*Credits for this detour to croner*/
#define SIZEOF_JMP_NEAR  5

	if ( SrcVA && DstVA && Size > 0 )
	{
		DWORD DetourVA = (DWORD) 
			VirtualAlloc( NULL, Size + SIZEOF_JMP_NEAR, 
			MEM_COMMIT | MEM_TOP_DOWN, PAGE_EXECUTE_READWRITE );
		
		if ( DetourVA == 0 )
			return (0);

		DWORD dwProtect;
		if ( VirtualProtect( (VOID*)SrcVA, Size, PAGE_EXECUTE_READWRITE, &dwProtect ) )
		{
			for ( DWORD i=0; i < Size; i++ ) {
				*(BYTE*)( DetourVA + i ) = *(BYTE*)( SrcVA + i );
			}
			
			*(BYTE*)( DetourVA + Size + 0 ) = 0xE9;
			*(DWORD*)( DetourVA + Size + 1 ) = ( SrcVA - DetourVA - SIZEOF_JMP_NEAR );

	    	*(BYTE*)( SrcVA + 0 ) = 0xE9;
			*(DWORD*)( SrcVA + 1 ) = ( DstVA - SrcVA - SIZEOF_JMP_NEAR );

			VirtualProtect( (VOID*)SrcVA, Size, dwProtect, &dwProtect );

			VirtualProtect( (VOID*)DetourVA, Size + 
				SIZEOF_JMP_NEAR, PAGE_EXECUTE_READ, &dwProtect );

	    	return DetourVA;
		}
	}
	return (0);
}




PVOID D3Ddiscover(void *tbl, int size)
{

	
	HWND				  hWnd;
	void				  *pInterface=0 ;
	D3DPRESENT_PARAMETERS d3dpp; 

	if ((hWnd=CreateWindowEx(NULL,WC_DIALOG,"",WS_OVERLAPPED,0,0,50,50,NULL,NULL,NULL,NULL))==NULL) return 0;
	ShowWindow(hWnd, SW_HIDE);

	LPDIRECT3D9			pD3D;
	LPDIRECT3DDEVICE9	pD3Ddev;
	if ((pD3D = Direct3DCreate9(D3D_SDK_VERSION))!=NULL) 

	{
>CreateDevice(D3DADAPTER_DEFAULT,D3DDEVTYPE_HAL,hWnd,D3DCREATE_SOFTWARE_VERTEXPROCESSING,&d3dpp,&pD3Ddev);
		if (pD3Ddev)  {
		    pInterface = (PDWORD)*(DWORD *)pD3Ddev;
			memcpy(tbl,(void *)pInterface,size);
			pD3Ddev->Release();
		}
		pD3D->Release();
	}
	DestroyWindow(hWnd);
	return pInterface;
}
	PIMAGE_DOS_HEADER pDoH; 
	PIMAGE_NT_HEADERS pNtH;
	DWORD i, ersize, protect;

	if (!hModule) return;
	
	// well just to make clear what we doing
	pDoH = (PIMAGE_DOS_HEADER)(hModule);

	pNtH = (PIMAGE_NT_HEADERS)((LONG)hModule + ((PIMAGE_DOS_HEADER)hModule)->e_lfanew);

	ersize = sizeof(IMAGE_DOS_HEADER);
	if ( VirtualProtect(pDoH, ersize, PAGE_READWRITE, &protect) )
	{
		for ( i=0; i < ersize; i++ )
				*(BYTE*)((BYTE*)pDoH + i) = 0;
	}

	ersize = sizeof(IMAGE_NT_HEADERS);
	if ( pNtH && VirtualProtect(pNtH, ersize, PAGE_READWRITE, &protect) )
	{
		for ( i=0; i < ersize; i++ )
				*(BYTE*)((BYTE*)pNtH + i) = 0;
	}
	return;
}


void HideModule(HINSTANCE hModule)/*Credits to Thanatos aka Surpintine for his hide module function*/
{
	DWORD dwPEB_LDR_DATA = 0;
	_asm
	{
		pushad;
		pushfd;
		mov eax, fs:[30h]             
		mov eax, [eax+0Ch]               
		mov dwPEB_LDR_DATA, eax	

		InLoadOrderModuleList:
			mov esi, [eax+0Ch]	     
			mov edx, [eax+10h]	     

		LoopInLoadOrderModuleList: 
		    lodsd		         
			mov esi, eax	
			mov ecx, [eax+18h]  
			cmp ecx, hModule	
			jne SkipA		 
		    mov ebx, [eax]	  
		    mov ecx, [eax+4]  
		    mov [ecx], ebx    
		    mov [ebx+4], ecx	  
			jmp InMemoryOrderModuleList 

		SkipA:

		LoopInMemoryOrderModuleList: 
			lodsd
			mov esi, eax
			mov ecx, [eax+10h]
			cmp ecx, hModule
			jne SkipB
			mov ebx, [eax] 
			mov ecx, [eax+4]
			mov [ecx], ebx
			mov [ebx+4], ecx
			jmp InInitializationOrderModuleList

		SkipB:
			cmp edx, esi
			jne LoopInMemoryOrderModuleList

		InInitializationOrderModuleList:
			mov eax, dwPEB_LDR_DATA
			mov esi, [eax+1Ch]	  
			mov edx, [eax+20h]	  

		LoopInInitializationOrderModuleList: 
			lodsd
			mov esi, eax		
			mov ecx, [eax+08h]
			cmp ecx, hModule		
			jne SkipC
			mov ebx, [eax] 
			mov ecx, [eax+4]
			mov [ecx], ebx
			mov [ebx+4], ecx
			jmp Finished

		SkipC:
			cmp edx, esi
			jne LoopInInitializationOrderModuleList

		Finished:
			popfd;
			popad;
	}
}

[AeroMan]

For the people that say it's the detour and not hooking: GTFO.
You hook using detours, meaning hooking -> detouring.
When you use a menu you use present and reset to right?
Those can also be detected.
Try it step by step.

i made a small diagram:

i hope this helps somewhat

[V3n0x]

@Alex_Agnew nice diagram

[emiedumalasa]

Hello its me again I need some help with my d3d menu as you can see in the photo it gets detected after I turn on the hack functions(specially the chams)

actually even you don't turn on the hack functions, you will still getting detected, because you're using vtable and the you way you hook the d3d9.dll, the detour is not detected, because I used detour E9 in menu/no menu d3d base but I'm not using vtable, so that if you want to make the menu undetected, here's the tips, try not to used vtable or used another hook, edit your menu classes.
here's the proof:

[V3n0x]

thats nice

[DaneCoder]

actually even you don't turn on the hack functions, you will still getting detected, because you're using vtable and the you way you hook the d3d9.dll, the detour is not detected, because I used detour E9 in menu/no menu d3d base but I'm not using vtable, so that if you want to make the menu undetected, here's the tips, try not to used vtable or used another hook, edit your menu classes.
here's the proof:

But your proof is old, why? Look closely at the event kill.

[DaneCoder]

For the people that say it's the detour and not hooking: GTFO.
You hook using detours, meaning hooking -> detouring.
When you use a menu you use present and reset to right?
Those can also be detected.
Try it step by step.

i made a small diagram:

i hope this helps somewhat

Should i tell you guys who told that to me?

[TheG36]

Should i tell you guys who told that to me?

Yes please, inform us