General
Reply With QuoteJhem (07-27-2014),WhiteHat PH (11-27-2014),xaezer (07-14-2015)
Thread: DIP and EndScene Hook
Results 1 to 8 of 8
-
07-26-2014 #1Newbie
- Join Date
- Jun 2013
- Gender
- Posts
- 30
- Reputation
10- Thanks
- 13
- My Mood
-
DIP and EndScene Hook
Hi, this is a simple hook for project blackout
Sorry for the bad wallhack, I do not know the Correct "iStride"Code:////////////////////////////////////////////////// //-------Hooking Engine Project Blackout--------// //-------------------Credits:-------------------// //----------Shadow_, Azorbix, Matrix-x----------// ////////////////////////////////////////////////// //------------F9 WALLHACK [ON]/[OFF]-------------- #include <Windows.h> #include <d3d9.h> #include <d3dx9.h> #include <iostream> #pragma comment(lib,"d3d9.lib") #pragma comment(lib,"d3dx9.lib") ID3DXFont *pFont; DWORD i3GfxDx = (DWORD)GetModuleHandleA("i3GfxDx.dll"); DWORD EndScene = i3GfxDx + 0x4F06D; DWORD retEndScene = EndScene + 0x7; DWORD DipEngine = i3GfxDx + 0x503C3; DWORD retDipEngine = DipEngine + 0x7; bool WallHack = 0; void DrawString(int x, int y, DWORD color, const char* txt) { RECT rect = {x, y, x+120, y+16}; SetRect(&rect, x, y, x, y); pFont->DrawText(0, txt, -1, &rect, DT_NOCLIP, color); } __declspec (naked) HRESULT WINAPI EndSceneEngine() { static IDirect3DDevice9 *pDevice; __asm { PUSH EAX MOV EDX, DWORD PTR DS:[ECX + 0xA8] MOV DWORD PTR DS:[pDevice], EAX PUSHAD } if(!pFont) D3DXCreateFont(pDevice, 15, 0, 700, 1, 0, 1, 0, 4, 0|(0<<4), "Arial", &pFont); DrawString(20, 20, 0xFFFF00FF, "MPGH.NET Dip and EndScene MidFunction For PBlackout "); __asm { POPAD JMP retEndScene } } __declspec (naked) HRESULT WINAPI DipMidFunction() { static IDirect3DDevice9 *pDevice; static IDirect3DVertexBuffer9* StreamData = NULL; static UINT Offset, iStride; __asm { PUSH EAX MOV EDX, DWORD PTR DS:[ECX + 0x148] MOV DWORD PTR DS:[pDevice], EAX PUSHAD } if(pDevice->GetStreamSource(0, &StreamData, &Offset, &iStride)==D3D_OK) StreamData->Release(); if(WallHack) { if(iStride == 44 || iStride == 40 || iStride == 36) { pDevice->SetRenderState(D3DRS_ZENABLE, D3DZB_FALSE); pDevice->SetRenderState(D3DRS_ZFUNC, D3DCMP_NEVER); } } if(GetAsyncKeyState(VK_F9) < 0) WallHack =! WallHack; __asm { POPAD JMP retDipEngine } } void *DetourFunc(BYTE *src, const BYTE *dst, const int len) { BYTE *jmp = (BYTE*)malloc(len+5); DWORD dwback; VirtualProtect(src, len, PAGE_READWRITE, &dwback); memcpy(jmp, src, len); jmp += len; jmp[0] = 0xE9; *(DWORD*)(jmp+1) = (DWORD)(src+len - jmp) - 5; src[0] = 0xE9; *(DWORD*)(src+1) = (DWORD)(dst - src) - 5; VirtualProtect(src, len, dwback, &dwback); return (jmp-len); } void __cdecl StartRoutine(void*) { while( TRUE ) { if( (memcmp( (void*)EndScene, (void*)"\x50", 1 ) == 0) && (memcmp( (void*)DipEngine, (void*)"\x50", 1 ) == 0) ) { DetourFunc((PBYTE)EndScene, (PBYTE)EndSceneEngine, 7); DetourFunc((PBYTE)DipEngine, (PBYTE)DipMidFunction, 7); Sleep(250); break; } Sleep(100); } } BOOL APIENTRY DllMain(HINSTANCE hinstDLL, DWORD reason, LPVOID lpvReserved) { if(reason == DLL_PROCESS_ATTACH) { DisableThreadLibraryCalls(hinstDLL); CreateThread(NULL,NULL,(LPTHREAD_START_ROUTINE)StartRoutine,NULL,NULL,NULL); return TRUE;} return TRUE;}
Credits:
Shadow_
Azorbix
Matrix-x
Last edited by Matrix-X; 07-27-2014 at 08:05 AM.
-
The Following 3 Users Say Thank You to Matrix-X For This Useful Post:
-
07-27-2014 #2
I love myself 나도 너를 사랑해 
- Join Date
- Mar 2012
- Gender
- Location
- Posts
- 5,150
- Reputation
1220- Thanks
- 7,392
- My Mood
-
Great job, but detected.
-
07-27-2014 #3Member
- Join Date
- Apr 2013
- Gender
- Posts
- 147
- Reputation
- 10
- Thanks
- 6
- My Mood
-
i think it old hook and has been fixed bt dev
-
11-29-2014 #4We Like Beaches
- Join Date
- Aug 2012
- Gender
- Location
- Posts
- 1,350
- Reputation
- 25
- Thanks
- 3,099
- My Mood
-
Where is the D3D9.dll ? and why i3GfxDx.dll ? sorry for asking!
Originally Posted by Matrix-X
-
11-29-2014 #5
I love myself 나도 너를 사랑해
- Join Date
- Mar 2012
- Gender
- Location
- Posts
- 5,150
- Reputation
- 1220
- Thanks
- 7,392
- My Mood
-
i3GfxDx.dll is one of PointBlank DLLs where you can hook the DIP/ES/RESET/PRESENT and etc. Originally Posted by WhiteHat PH
-
The Following User Says Thank You to Jhem For This Useful Post:
WhiteHat PH (12-05-2014)
-
12-02-2014 #6
I'm not lazy, I just really enjoy doing nothing. 
- Join Date
- Apr 2013
- Gender
- Location
- Posts
- 521
- Reputation
- 71
- Thanks
- 5,650
- My Mood
-
so when i hook endscene as example and i give out the return address of it [ebp+04], then I'll get to a call in the pb executable which is pointing to some function in the i3GfxDx.dll ? Originally Posted by Jhem
i3GfxDx.dll is one of PointBlank DLLs where you can hook the DIP/ES/RESET/PRESENT and etc.
because in games like crossfire the calls are pointing directly at the function in d3d9.dll
▲
-
12-05-2014 #7Novice
- Join Date
- Oct 2013
- Gender
- Location
- Posts
- 48
- Reputation
- 10
- Thanks
- 6
- My Mood
-
Thanks for sharing !!
PIKACHUUUUUUU DANCE
" I play Hack For Fun ,
NOT need hack to play "
BlackShot Online Melee Grand Master archieve
-
12-22-2014 #8Novice
- Join Date
- Dec 2014
- Gender
- Posts
- 53
- Reputation
- 10
- Thanks
- 0
- My Mood
-
thanks bro
Similar Threads
-
[Discussion] What is DIP? And what is EndScene?
By DevilGhost in forum CrossFire Hack Coding / Programming / Source CodeReplies: 25Last Post: 01-09-2012, 03:53 AM -
EndScene Hook Test
By Departure in forum Combat Arms Coding Help & DiscussionReplies: 16Last Post: 12-05-2010, 08:50 PM -
Mudding: Mud, Dip, and Nascar. MPGH's Explination
By Shakugan no Shana in forum GeneralReplies: 10Last Post: 10-22-2010, 09:50 PM -
D3D EndScene Hook dont work
By inmate in forum C++/C ProgrammingReplies: 8Last Post: 07-20-2010, 06:10 AM -
CA Menu Pointer And Game Hooks
By Syko_0 in forum Combat Arms Hack Coding / Programming / Source CodeReplies: 10Last Post: 03-05-2010, 08:01 PM