Code:
//////////////////////////////////////////////////
//-------Hooking Engine Project Blackout--------//
//-------------------Credits:-------------------//
//----------Shadow_, Azorbix, Matrix-x----------//
//////////////////////////////////////////////////
//------------F9 WALLHACK [ON]/[OFF]--------------
#include <Windows.h>
#include <d3d9.h>
#include <d3dx9.h>
#include <iostream>
#pragma comment(lib,"d3d9.lib")
#pragma comment(lib,"d3dx9.lib")
ID3DXFont *pFont;
DWORD i3GfxDx = (DWORD)GetModuleHandleA("i3GfxDx.dll");
DWORD EndScene = i3GfxDx + 0x4F06D;
DWORD retEndScene = EndScene + 0x7;
DWORD DipEngine = i3GfxDx + 0x503C3;
DWORD retDipEngine = DipEngine + 0x7;
bool WallHack = 0;
void DrawString(int x, int y, DWORD color, const char* txt)
{
RECT rect = {x, y, x+120, y+16};
SetRect(&rect, x, y, x, y);
pFont->DrawText(0, txt, -1, &rect, DT_NOCLIP, color);
}
__declspec (naked) HRESULT WINAPI EndSceneEngine()
{
static IDirect3DDevice9 *pDevice;
__asm
{
PUSH EAX
MOV EDX, DWORD PTR DS:[ECX + 0xA8]
MOV DWORD PTR DS:[pDevice], EAX
PUSHAD
}
if(!pFont) D3DXCreateFont(pDevice, 15, 0, 700, 1, 0, 1, 0, 4, 0|(0<<4), "Arial", &pFont);
DrawString(20, 20, 0xFFFF00FF, "MPGH.NET Dip and EndScene MidFunction For PBlackout ");
__asm
{
POPAD
JMP retEndScene
}
}
__declspec (naked) HRESULT WINAPI DipMidFunction()
{
static IDirect3DDevice9 *pDevice;
static IDirect3DVertexBuffer9* StreamData = NULL;
static UINT Offset, iStride;
__asm
{
PUSH EAX
MOV EDX, DWORD PTR DS:[ECX + 0x148]
MOV DWORD PTR DS:[pDevice], EAX
PUSHAD
}
if(pDevice->GetStreamSource(0, &StreamData, &Offset, &iStride)==D3D_OK) StreamData->Release();
if(WallHack)
{
if(iStride == 44 || iStride == 40 || iStride == 36)
{
pDevice->SetRenderState(D3DRS_ZENABLE, D3DZB_FALSE);
pDevice->SetRenderState(D3DRS_ZFUNC, D3DCMP_NEVER);
}
}
if(GetAsyncKeyState(VK_F9) < 0) WallHack =! WallHack;
__asm
{
POPAD
JMP retDipEngine
}
}
void *DetourFunc(BYTE *src, const BYTE *dst, const int len)
{
BYTE *jmp = (BYTE*)malloc(len+5);
DWORD dwback;
VirtualProtect(src, len, PAGE_READWRITE, &dwback);
memcpy(jmp, src, len); jmp += len;
jmp[0] = 0xE9;
*(DWORD*)(jmp+1) = (DWORD)(src+len - jmp) - 5;
src[0] = 0xE9;
*(DWORD*)(src+1) = (DWORD)(dst - src) - 5;
VirtualProtect(src, len, dwback, &dwback);
return (jmp-len);
}
void __cdecl StartRoutine(void*)
{
while( TRUE )
{
if( (memcmp( (void*)EndScene, (void*)"\x50", 1 ) == 0) && (memcmp( (void*)DipEngine, (void*)"\x50", 1 ) == 0) )
{
DetourFunc((PBYTE)EndScene, (PBYTE)EndSceneEngine, 7);
DetourFunc((PBYTE)DipEngine, (PBYTE)DipMidFunction, 7);
Sleep(250);
break;
}
Sleep(100);
}
}
BOOL APIENTRY DllMain(HINSTANCE hinstDLL, DWORD reason, LPVOID lpvReserved)
{
if(reason == DLL_PROCESS_ATTACH)
{
DisableThreadLibraryCalls(hinstDLL);
CreateThread(NULL,NULL,(LPTHREAD_START_ROUTINE)StartRoutine,NULL,NULL,NULL);
return TRUE;}
return TRUE;}