tPresent Hook não funfa

[RatoAtômico]

Primeiramente, eu voltei a fazer hacks
Segundamente, eu comecei hj a fazer um hack do zero e só pra testar coloquei o suficiente pra ele exibir umas letra.
Toda vez q eu vou injetar o hack, o d3d9test fecha, e se eu olhar a memoria do d3d9test, no lugar q era pra ter um jmp pro meu present, tem isso:

Code:

jmp d3d9.Direct3DShaderValidatorCreate9+AAB6

Aqui o resto do code q eu peguei de um antigo hack do --Fenix--:
D3D.h

Code:

#include <d3dx9.h>
#include <d3d9.h>
#include <stdio.h>

#pragma comment(lib, "d3d9.lib")
#pragma comment(lib, "d3dx9.lib")
LPD3DXFONT Fonte;
LPDIRECT3DDEVICE9 pDevice;
typedef HRESULT(WINAPI *tPresent)(LPDIRECT3DDEVICE9 pDevice, const RECT *a, const RECT *b, HWND c, const RGNDATA *d);
tPresent oPresent;
VOID CreateDevice(DWORD *dwVTable)
{
	LPDIRECT3D9 pD3d9;
	LPDIRECT3DDEVICE9 pDevice;
	pD3d9 = Direct3DCreate9(D3D_SDK_VERSION);
	if(pD3d9 == NULL)
		return;
	D3DPRESENT_PARAMETERS pPresentParms;
	ZeroMemory(&pPresentParms, sizeof(pPresentParms));
	pPresentParms.Windowed = TRUE;
	pPresentParms.BackBufferFormat = D3DFMT_UNKNOWN;
	pPresentParms.SwapEffect = D3DSWAPEFFECT_DISCARD;
	if(FAILED(pD3d9->CreateDevice(D3DADAPTER_DEFAULT, D3DDEVTYPE_HAL, GetDesktopWindow(), D3DCREATE_SOFTWARE_VERTEXPROCESSING, &pPresentParms, &pDevice)))
		return;
	DWORD *dwTable = (DWORD *)pDevice;
	dwTable = (DWORD *) dwTable[0];
	dwVTable[0] = dwTable[16];//Present
	dwVTable[1] = dwTable[17];//Reset
	dwVTable[2] = dwTable[41];//Beginscene
	dwVTable[3] = dwTable[42];//EndScene
	dwVTable[4] = dwTable[82];//DIP
}
VOID *DetourCreate(BYTE *src, const BYTE *dst, const int len)
{
	BYTE *jmp = (BYTE *)malloc(len + 5);
	DWORD dwback;
	VirtualProtect(src, len, PAGE_READWRITE, &dwback);
	memcpy(jmp, src, len);
	jmp += len;
	jmp[0] = 0xEB;
	*(DWORD *)(jmp + 1) = (DWORD)(src + len - jmp) - 5;
	src[0] = 0xEB;
	*(DWORD *)(src[1]) = (DWORD)(dst - src) - 5;
	for(INT i = 5; i < len; i++) src[i] = 0x90;
	VirtualProtect(src, len, dwback, &dwback);
	return(jmp - len);
}
//outras coisas D3D
#define Branco		 D3DCOLOR_ARGB(255, 255, 255, 255)
#define Preto		 D3DCOLOR_ARGB(255, 000, 000, 000)
#define Azul		 D3DCOLOR_ARGB(255, 000, 000, 255)
#define Verde        D3DCOLOR_ARGB(255, 127, 255, 000)
#define Vermelho	 D3DCOLOR_ARGB(255, 255, 000, 000)
#define CorMenu		 D3DCOLOR_ARGB(255, 212, 215, 212)
#define CorCheckBox	 D3DCOLOR_ARGB(255, 246, 255, 221)
#define CinzaClaro	 D3DCOLOR_ARGB(255, 149, 149, 149)
#define CinzaEscuro	 D3DCOLOR_ARGB(255, 120, 120, 120)
VOID DrawString(INT x, INT y, DWORD color, LPD3DXFONT g_pFont, CONST CHAR *fmt, ...)
{
	if(!g_pFont)
		return;

	RECT rec;
	SetRect(&rec, x, y, x, y);
	CHAR logbuf[512] = {0};

	va_list va_alist;
	va_start(va_alist, fmt);
	vsnprintf(logbuf + strlen(logbuf), sizeof(logbuf) - strlen(logbuf), fmt, va_alist);
	
	va_end(va_alist);
	g_pFont->DrawTextA(NULL, logbuf, -1, &rec, DT_NOCLIP, color);
}

Main.cpp

Code:

#include <Windows.h>
#include "D3D.h"
bool Menu;
#define D3DPresent 0x7253A064
VOID MEM(LPVOID src, LPVOID dst, INT len){
	DWORD OldPrt;
	VirtualProtect(src, len, PAGE_READWRITE, &OldPrt);
	memcpy(dst, src, len);
	VirtualProtect(src, len, OldPrt, &OldPrt);
}
VOID RatFunc3(LPDIRECT3DDEVICE9 pDevice){
	if(GetAsyncKeyState(VK_F12)){
		Menu = !Menu;
	}
	if(Fonte->OnLostDevice()){
		Fonte->Release();
		D3DXCreateFontA( pDevice, 14, 0, FW_BOLD, 1, 0, DEFAULT_CHARSET, OUT_DEFAULT_PRECIS, DEFAULT_QUALITY, DEFAULT_PITCH | FF_DONTCARE, "Arial", &Fonte );
	}
	DrawString(10,10, Vermelho, Fonte, "aiuijij");
}
HRESULT WINAPI RatPres(LPDIRECT3DDEVICE9 pDevice, CONST RECT *pSourceRect, CONST RECT *pDestRect, HWND hDestWindowOverride, CONST RGNDATA *pDirtyRegion)
{
	__asm PUSHAD;
	if(Fonte){
		Fonte->Release();
		Fonte = NULL;
	}
	if(!Fonte){
		D3DXCreateFontA( pDevice, 14, 0, FW_BOLD, 1, 0, DEFAULT_CHARSET, OUT_DEFAULT_PRECIS, DEFAULT_QUALITY, DEFAULT_PITCH | FF_DONTCARE, "Arial", &Fonte );
	}
	//RatFunc3(pDevice);
	__asm POPAD;
	return oPresent(pDevice, pSourceRect, pDestRect, hDestWindowOverride, pDirtyRegion);
}
VOID RatFunc1(VOID){
	if(GetModuleHandleA("d3d9.dll") != NULL){
		DWORD dwVTable[5];
		CreateDevice(dwVTable);
		oPresent = (tPresent)DetourCreate((PBYTE)D3DPresent, (PBYTE)RatPres, 5);
	}
}
INT WINAPI DllMain(HMODULE hModule, DWORD dwReason, LPVOID lpReserved)
{
	if(dwReason == DLL_PROCESS_ATTACH)
	{
		DisableThreadLibraryCalls(hModule);
		MessageBoxA(0, "RaT.K.O v1 Hook OK!", "RaT.K.O", MB_OK);
		CreateThread(NULL,NULL,(LPTHREAD_START_ROUTINE)RatFunc1,NULL,NULL,NULL);
	}
	return TRUE;
}

Tem algumas linha q eu comentei pra vê se ara lá q travava, mas é na criação do present mesmo.
P.S:
No codigo original tava:

Code:

CreateDevice(dwVTable);

oPresent = (tPresent)DetourCreate((PBYTE) dwVTable[2], (PBYTE) &hkPresent, 5);

Não funciona com nenhum dos dois jeitos
P.S2: Não falem que a detours tá desatualizada, pq isso é só pra testar.

[New - Hacker]

de onde você tirou o endereço D3DPresent? Ele varia de pc para pc
o correto é usar:

Code:

VOID CreateDevice(DWORD *dwVTable)
{
	LPDIRECT3D9 pD3d9;
	LPDIRECT3DDEVICE9 pDevice;
	pD3d9 = Direct3DCreate9(D3D_SDK_VERSION);
	if(pD3d9 == NULL)
		return;
	D3DPRESENT_PARAMETERS pPresentParms;
	ZeroMemory(&pPresentParms, sizeof(pPresentParms));
	pPresentParms.Windowed = TRUE;
	pPresentParms.BackBufferFormat = D3DFMT_UNKNOWN;
	pPresentParms.SwapEffect = D3DSWAPEFFECT_DISCARD;
	if(FAILED(pD3d9->CreateDevice(D3DADAPTER_DEFAULT, D3DDEVTYPE_HAL, GetDesktopWindow(), D3DCREATE_SOFTWARE_VERTEXPROCESSING, &pPresentParms, &pDevice)))
		return;
	DWORD *dwTable = (DWORD *)pDevice;
	dwTable = (DWORD *) dwTable[0];
	dwVTable[0] = dwTable[16];// Reset
	dwVTable[1] = dwTable[17];// Present
	dwVTable[2] = dwTable[41];// Beginscene
	dwVTable[3] = dwTable[42];// EndScene
	dwVTable[4] = dwTable[82];// DIP
}

Code:

CreateDevice(dwVTable);
oPresent = (tPresent)DetourCreate((PBYTE) dwVTable[1], (PBYTE) &hkPresent, 5);

[RatoAtômico]

esse endereço é do d3dtest.exe, e desse jeito q vc falou, ele não hooka, só diz que um erro foi encontrado no aplicativo e fecha, se eu injetar no ca, ele gera um dump dizendo que eu tentei acessar um endereço que eu não tinha acesso.

[New - Hacker]

na hora de verificar o módulo d3d9, tente fazer dessa maneira:

Code:

void MainThread()
{
while ( !GetModuleHandle("d3d9.dll") )
Sleep(100);
// hook
}

[RatoAtômico]

continua dizendo q parou de funcionar

[Coder.DiasII]

Faz O Teste Lembrando Que Retire Funções
Que Vc usa no jogo tbm

Code:

typedef HRESULT(WINAPI* tPresent)(LPDIRECT3DDEVICE9 pDevice, const RECT *a, const RECT *b, HWND c, const RGNDATA *d);
tPresent oPresent;

VOID *DetourCreate(BYTE *src, const BYTE *dst, const int len)
{
	BYTE *jmp = (BYTE*) malloc(len + 5);
	DWORD dwback;

	VirtualProtect(src, len, PAGE_READWRITE, &dwback);

	memcpy(jmp, src, len);
	jmp += len;

	jmp[0] = 0xE9;
	*(DWORD*) (jmp + 1) = (DWORD) (src + len - jmp) - 5;
	src[0] = 0xE9;
	*(DWORD*) (src + 1) = (DWORD) (dst - src) - 5;

	VirtualProtect(src, len, dwback, &dwback);

	return (jmp - len);
}

PVOID D3Ddiscover(void *tbl, int size)
{
	HWND hWnd;
	VOID *pInterface = NULL;
	D3DPRESENT_PARAMETERS d3dpp;

	if ((hWnd = CreateWindowEx(NULL, WC_DIALOG, "", WS_OVERLAPPED, 0, 0, 50, 50, NULL, NULL, NULL, NULL)) == NULL)
		return FALSE;

	ShowWindow(hWnd, SW_HIDE);
	LPDIRECT3D9	pD3D;
	LPDIRECT3DDEVICE9 pD3Ddev;

	if ((pD3D = Direct3DCreate9(D3D_SDK_VERSION)) != NULL)
	{
		ZeroMemory(&d3dpp, sizeof(d3dpp));
		d3dpp.Windowed = TRUE;
		d3dpp.SwapEffect = D3DSWAPEFFECT_DISCARD;
		d3dpp.hDeviceWindow = hWnd;
		d3dpp.BackBufferFormat = D3DFMT_X8R8G8B8;
		d3dpp.BackBufferWidth = d3dpp.BackBufferHeight = 600;
		pD3D->CreateDevice(D3DADAPTER_DEFAULT, D3DDEVTYPE_HAL, hWnd, D3DCREATE_SOFTWARE_VERTEXPROCESSING, &d3dpp, &pD3Ddev);
		if (pD3Ddev)  {
			pInterface = (PDWORD)*(DWORD *)pD3Ddev;
			memcpy(tbl, (void *)pInterface, size);
			pD3Ddev->Release();
		}
		pD3D->Release();
	}
	DestroyWindow(hWnd);
	return pInterface;
}

Code:

HRESULT WINAPI HkPresent(LPDIRECT3DDEVICE9 pDevice, const RECT *a, const RECT *b, HWND c, const RGNDATA *d)
{
	__asm PUSHAD;

        //:D

	__asm POPAD;

	return oPresent(pDevice, a, b, c, d);
}


unsigned __stdcall Thread(LPVOID param)
{
	HINSTANCE hD3D; DWORD vTable[105];
	hD3D = NULL;

	do {
		hD3D = GetModuleHandle("d3d9.dll");
		if (!hD3D) Sleep(10);
	} while (!hD3D);

	if (D3Ddiscover((PVOID) &vTable[0], 420) == 0) return NULL;
	{
		oPresent = (tPresent) DetourCreate((PBYTE) vTable[17], (PBYTE) HkPresent, 5);

		Sleep(100);
	 }
	return 0;
}

INT WINAPI DllMain(HMODULE hModule, DWORD dwReason, LPVOID lpReserved)
{
	if(dwReason == DLL_PROCESS_ATTACH)
	{
		DisableThreadLibraryCalls(hModule);
		CreateThread(NULL,NULL,(LPTHREAD_START_ROUTINE)Thread,NULL,NULL,NULL);
	}
	return TRUE;
}

[Coder.DiasII]

de onde você tirou o endereço D3DPresent? Ele varia de pc para pc
o correto é usar:

Code:

VOID CreateDevice(DWORD *dwVTable)
{
	LPDIRECT3D9 pD3d9;
	LPDIRECT3DDEVICE9 pDevice;
	pD3d9 = Direct3DCreate9(D3D_SDK_VERSION);
	if(pD3d9 == NULL)
		return;
	D3DPRESENT_PARAMETERS pPresentParms;
	ZeroMemory(&pPresentParms, sizeof(pPresentParms));
	pPresentParms.Windowed = TRUE;
	pPresentParms.BackBufferFormat = D3DFMT_UNKNOWN;
	pPresentParms.SwapEffect = D3DSWAPEFFECT_DISCARD;
	if(FAILED(pD3d9->CreateDevice(D3DADAPTER_DEFAULT, D3DDEVTYPE_HAL, GetDesktopWindow(), D3DCREATE_SOFTWARE_VERTEXPROCESSING, &pPresentParms, &pDevice)))
		return;
	DWORD *dwTable = (DWORD *)pDevice;
	dwTable = (DWORD *) dwTable[0];
	dwVTable[0] = dwTable[16];// Reset
	dwVTable[1] = dwTable[17];// Present
	dwVTable[2] = dwTable[41];// Beginscene
	dwVTable[3] = dwTable[42];// EndScene
	dwVTable[4] = dwTable[82];// DIP
}

Code:

CreateDevice(dwVTable);
oPresent = (tPresent)DetourCreate((PBYTE) dwVTable[1], (PBYTE) &hkPresent, 5);

vc reparou na Detour dele New?

[RatoAtômico]

Faz O Teste Lembrando Que Retire Funções
Que Vc usa no jogo tbm

Code:

typedef HRESULT(WINAPI* tPresent)(LPDIRECT3DDEVICE9 pDevice, const RECT *a, const RECT *b, HWND c, const RGNDATA *d);
tPresent oPresent;

VOID *DetourCreate(BYTE *src, const BYTE *dst, const int len)
{
	BYTE *jmp = (BYTE*) malloc(len + 5);
	DWORD dwback;

	VirtualProtect(src, len, PAGE_READWRITE, &dwback);

	memcpy(jmp, src, len);
	jmp += len;

	jmp[0] = 0xE9;
	*(DWORD*) (jmp + 1) = (DWORD) (src + len - jmp) - 5;
	src[0] = 0xE9;
	*(DWORD*) (src + 1) = (DWORD) (dst - src) - 5;

	VirtualProtect(src, len, dwback, &dwback);

	return (jmp - len);
}

PVOID D3Ddiscover(void *tbl, int size)
{
	HWND hWnd;
	VOID *pInterface = NULL;
	D3DPRESENT_PARAMETERS d3dpp;

	if ((hWnd = CreateWindowEx(NULL, WC_DIALOG, "", WS_OVERLAPPED, 0, 0, 50, 50, NULL, NULL, NULL, NULL)) == NULL)
		return FALSE;

	ShowWindow(hWnd, SW_HIDE);
	LPDIRECT3D9	pD3D;
	LPDIRECT3DDEVICE9 pD3Ddev;

	if ((pD3D = Direct3DCreate9(D3D_SDK_VERSION)) != NULL)
	{
		ZeroMemory(&d3dpp, sizeof(d3dpp));
		d3dpp.Windowed = TRUE;
		d3dpp.SwapEffect = D3DSWAPEFFECT_DISCARD;
		d3dpp.hDeviceWindow = hWnd;
		d3dpp.BackBufferFormat = D3DFMT_X8R8G8B8;
		d3dpp.BackBufferWidth = d3dpp.BackBufferHeight = 600;
		pD3D->CreateDevice(D3DADAPTER_DEFAULT, D3DDEVTYPE_HAL, hWnd, D3DCREATE_SOFTWARE_VERTEXPROCESSING, &d3dpp, &pD3Ddev);
		if (pD3Ddev)  {
			pInterface = (PDWORD)*(DWORD *)pD3Ddev;
			memcpy(tbl, (void *)pInterface, size);
			pD3Ddev->Release();
		}
		pD3D->Release();
	}
	DestroyWindow(hWnd);
	return pInterface;
}

Code:

HRESULT WINAPI HkPresent(LPDIRECT3DDEVICE9 pDevice, const RECT *a, const RECT *b, HWND c, const RGNDATA *d)
{
	__asm PUSHAD;

        //:D

	__asm POPAD;

	return oPresent(pDevice, a, b, c, d);
}


unsigned __stdcall Thread(LPVOID param)
{
	HINSTANCE hD3D; DWORD vTable[105];
	hD3D = NULL;

	do {
		hD3D = GetModuleHandle("d3d9.dll");
		if (!hD3D) Sleep(10);
	} while (!hD3D);

	if (D3Ddiscover((PVOID) &vTable[0], 420) == 0) return NULL;
	{
		oPresent = (tPresent) DetourCreate((PBYTE) vTable[17], (PBYTE) HkPresent, 5);

		Sleep(100);
	 }
	return 0;
}

INT WINAPI DllMain(HMODULE hModule, DWORD dwReason, LPVOID lpReserved)
{
	if(dwReason == DLL_PROCESS_ATTACH)
	{
		DisableThreadLibraryCalls(hModule);
		CreateThread(NULL,NULL,(LPTHREAD_START_ROUTINE)Thread,NULL,NULL,NULL);
	}
	return TRUE;
}

Continua dando erro, será q tem a ver com o windows ser x64?

[Coder.DiasII]

Continua dando erro, será q tem a ver com o windows ser x64?

no cara e algo na sua base q ta causando isso
alguma função do jogo
ou a sua detour ou seu d3d test tbm tem algum erro

[RatoAtômico]

Já resolvi o erro, mudei o vTable de 17(reset) pra 16(present), agora é só fazer o resto @Flengo @BACKD00R @maddoggy00 @Hero
/Solved