Thread: DIP Hook. Go RQ

Page 1 of 4 123 ... LastLast
Results 1 to 15 of 53
  1. #1
    pashak's Avatar
    Join Date
    Nov 2009
    Gender
    male
    Posts
    350
    Reputation
    29
    Thanks
    42

    DIP Hook. Go RQ

    Hi guys,
    I found this code on a site posted by _shadow and I thought I would share it with ya'll!

    Hope it helps!




    Code:
    #include "DIPHOOK.h"
    
    #define safe_release(x) if(x != NULL){ x->Release(); x = NULL;}
    
    void Dx9Hook( LPCSTR D3D9 );
    INT Thread_XD3DXINIT( );
    LPDIRECT3DDEVICE9 pDevice; 
    DWORD * VTable;
    
    BYTE DIPOpCodes[7];
    DWORD dwDIP_hook, dwDIP_ret;
    BYTE ImJumpingBack = 0x00;
    D3DPRIMITIVETYPE PrimitiveType;
    INT BaseIndex;
    LPD3DXFONT pFont;
    UINT MinIndex, NumVertices, StartIndex, PrimitiveCount, Device_Interface;
    HRESULT (WINAPI* DrawIndexedPrimitive_Pointer) (LPDIRECT3DDEVICE9, D3DPRIMITIVETYPE, INT, UINT, UINT, UINT, UINT);
    LPDIRECT3DVERTEXBUFFER9 Stream_Data;
    LPDIRECT3DDEVICE9 g_pDevice=NULL;
    UINT Offset = 0, m_Stride = 0;
    IDirect3DTexture9* texBack=NULL,*texFront=NULL;
    
    void SetLightChams(float A, float R, float G, float B, IDirect3DDevice9 *pDevice)
    {
        D3DMATERIAL9 pMaterial;
        ZeroMemory(&pMaterial, sizeof(D3DMATERIAL9));
    	pDevice->SetRenderState(D3DRS_LIGHTING, TRUE); //Enable Lighting
    	//Ambient
    	pMaterial.Ambient.a     =  (A/255);
        pMaterial.Ambient.r     =  (R/255);
        pMaterial.Ambient.g     =  (G/255);
        pMaterial.Ambient.b     =  (B/255);
    	//Diffuse
    	pMaterial.Diffuse.a     = (A/255);
        pMaterial.Diffuse.r     = (R/255);
        pMaterial.Diffuse.g     = (G/255);
        pMaterial.Diffuse.b     = (B/255);
    	//Specular
    	pMaterial.Specular.a = (A/255);
    	pMaterial.Specular.r = (R/255);
        pMaterial.Specular.g = (G/255);
        pMaterial.Specular.b = (B/255);
        pDevice->SetMaterial(&pMaterial);
    }
    
    void DoDIP(LPDIRECT3DDEVICE9 pDevice)
    {
    	if(pDevice->GetStreamSource(0, &Stream_Data, &Offset, &m_Stride) == D3D_OK)
    		Stream_Data->Release();
    
    	if (g_pDevice != pDevice)
    	{
    		safe_release(g_pDevice)
    		g_pDevice = pDevice;
    		safe_release(texBack)
    		safe_release(texFront)
    	}
    
    	if (texBack == NULL)
    	{
    		GenerateTexture(pDevice, &texBack, 0xff0000ff);
    	}
    
    	if (texFront == NULL)
    	{
    		GenerateTexture(pDevice, &texFront, 0xff00ff00);
    	}
    
    	if( m_Stride == 44 ||  m_Stride == 36 || m_Stride == 32 || m_Stride == 36 || m_Stride == 40 || m_Stride == 42 ) 
    	{		
    		DWORD dwOldZEnable = D3DZB_TRUE;
    		pDevice->SetTexture(0,0);
    		pDevice->SetTexture(0, texBack);
    		pDevice->GetRenderState(D3DRS_ZENABLE, &dwOldZEnable);
    		pDevice->SetRenderState(D3DRS_ZENABLE, D3DZB_FALSE);
    		pDIP(pDevice, PrimitiveType, BaseIndex, MinIndex, NumVertices, StartIndex, PrimitiveCount);
    		pDevice->SetRenderState(D3DRS_ZENABLE, dwOldZEnable);
    		pDevice->SetTexture(0,0);
    		pDevice->SetTexture(0, texFront);/* try? hmm hold
    		DWORD dwOldZEnable = D3DZB_TRUE;
    		pDevice->GetRenderState(D3DRS_ZENABLE, &dwOldZEnable);
    		pDevice->SetRenderState(D3DRS_ZENABLE, D3DZB_FALSE);
    		pDevice->SetRenderState(255,0,0,255, pDevice);
    		pDIP(pDevice, PrimitiveType, BaseIndex, MinIndex, NumVertices, StartIndex, PrimitiveCount);		
    		pDevice->SetRenderState(D3DRS_ZENABLE, D3DZB_TRUE);
    		pDevice->SetRenderState(D3DRS_AMBIENT, D3DCOLOR_ARGB(255,0,255,0));*/
    	}
    }
    
    __declspec( naked ) void MyDIP(LPDIRECT3DDEVICE9 pDevice)
    {
    	__asm 
    	{
    		MOV EDI,DWORD PTR SS:[EBP+0x8] 
    		XOR EBX,EBX 
    		MOV pDevice, EDI; 
    		PUSHFD 
    		PUSHAD
    		MOV EAX,DWORD PTR SS:[EBP+0x20]
    		MOV DWORD PTR DS:[PrimitiveCount], EAX
    		MOV ECX,DWORD PTR SS:[EBP+0x1C]
    		MOV DWORD PTR DS:[StartIndex], ECX
    		MOV EDX,DWORD PTR SS:[EBP+0x18]
    		MOV DWORD PTR DS:[NumVertices], EDX
    		MOV EAX,DWORD PTR SS:[EBP+0x14]
    		MOV DWORD PTR DS:[MinIndex], EAX
    		MOV ECX,DWORD PTR SS:[EBP+0x10]
    		MOV DWORD PTR DS:[BaseIndex], ECX
    		MOV EDX,DWORD PTR SS:[EBP+0x0C]
    		MOV DWORD PTR DS:[PrimitiveType], EDX
    		MOV EAX,DWORD PTR SS:[EBP+0x08]
    		MOV DWORD PTR DS:[Device_Interface], EAX
    
    		// Get DIP Pointer
    		MOV ECX,DWORD PTR DS:[EDI]// pDevice
    		MOV EAX,DWORD PTR DS:[ECX+0x148]// DIP pointer
    		MOV DWORD PTR SS:[pDIP],EAX// need this
    	}
     
     
    	if( ImJumpingBack )
    		goto Jumpback;
    	ImJumpingBack = 0x01;
    
    	DoDIP(pDevice);
    
    	ImJumpingBack = 0x00;
    	Jumpback:
    	__asm
    	{
    		POPAD
    		POPFD
    		CMP EDI,EBX //replace patched code
    		jmp dwDIP_ret; //jump back to normal DIP
    	}
    
    }
    
    
    //Then make a thread
    bool IsGameReadyForHook(void)
    {
    	if( GetModuleHandle( "d3d9.dll"     ) != NULL )
            return true;
    
        return false;
    }
    INT Thread_XD3DXINIT(  )
    {
    	while(!IsGameReadyForHook() )
    		Sleep(100);
    	
        Dx9Hook("d3d9.dll");
    	WriteOpCode((void *)DIPOpCodes, (void *)"\x8B\x7D\x08\x33\xDB\x3B\xFB", 7);
    	while( 1 )
    	 {
    		Sleep( 1000 );
    		if(memcmp((void *)DIPOpCodes, (void *)dwDIP_hook, 7) == 0 )
    		DetourCreate((PBYTE)dwDIP_hook, (PBYTE)MyDIP, DETOUR_TYPE_NOP_NOP_JMP);  
    	 } 
        return NULL;
    }
    bool bCompare(const BYTE* pData, const BYTE* bMask, const char* szMask)
    {
        for(;*szMask;++szMask,++pData,++bMask)
            if(*szMask=='x' && *pData!=*bMask)   return 0;
        return (*szMask) == NULL;
    }
    
    DWORD FindPattern(DWORD dwdwAdd,DWORD dwLen,BYTE *bMask,char * szMask)
    {
        for(DWORD i=0; i<dwLen; i++)
            if (bCompare((BYTE*)(dwdwAdd+i),bMask,szMask))  return (DWORD)(dwdwAdd+i);
        return 0;
    }
    
    //then your hook that goes in thread:
    
    DWORD * FindDevice(VOID)//Finds the Device on Injection
    {
        DWORD Base = (DWORD)LoadLibraryW(L"d3d9.dll");
        for(DWORD i = 0; i < 0x128000; i++ )
        {
          if ( (*(BYTE *)(Base+i+0x00))==0xC7
            && (*(BYTE *)(Base+i+0x01))==0x06
            && (*(BYTE *)(Base+i+0x06))==0x89
            && (*(BYTE *)(Base+i+0x07))==0x86
            && (*(BYTE *)(Base+i+0x0C))==0x89
            && (*(BYTE *)(Base+i+0x0D))==0x86 )
            return (DWORD *)(Base + i + 2);
        }
        return NULL;
    }  
    
    void Dx9Hook( LPCSTR D3D9 )
    {
    	DWORD hD3D = NULL;
        while (!hD3D) hD3D = (DWORD)GetModuleHandle(D3D9);
        DWORD PPPDevice = FindPattern(hD3D, 0x128000, (PBYTE)"\xC7\x06\x00\x00\x00\x00\x89\x86\x00\x00\x00\x00\x89\x86", "xx????xx????xx");
        memcpy( &VTable, (void *)(PPPDevice + 2), 4);
    
    	dwDIP_hook = VTable[82] + 0x2D;
    	dwDIP_ret = dwDIP_hook + 0x7;
    	*(PDWORD)&DrawIndexedPrimitive_Pointer = (DWORD)VTable[82];
    }
    
    BOOL WINAPI DllMain ( HMODULE hDll, DWORD dwReason, LPVOID lpReserved )
    {
    	DisableThreadLibraryCalls(hDll);
    	if ( dwReason == DLL_PROCESS_ATTACH )
    		CreateThread(NULL, NULL, (LPTHREAD_START_ROUTINE)Thread_XD3DXINIT, NULL, NULL, NULL);
    	
    return TRUE;
    }

    HAVE A BLESSED DAY!
    Last edited by AVGN; 05-09-2011 at 07:24 AM.

  2. The Following 9 Users Say Thank You to pashak For This Useful Post:

    Boomdocks (06-26-2011),DeadLinez (06-26-2011),Departure (05-08-2011),[MPGH]Flengo (05-08-2011),HarvBot (05-20-2012),HurleyppL (06-26-2011),kibbles18 (05-17-2011),Noobsmacker (05-08-2011),pDevice (05-16-2012)

  3. #2
    NOOB's Avatar
    Join Date
    Apr 2010
    Gender
    male
    Posts
    3,863
    Reputation
    425
    Thanks
    8,611
    FIRST?

    :3

  4. #3
    Crash's Avatar
    Join Date
    Aug 2009
    Gender
    male
    Location
    JAville
    Posts
    2,889
    Reputation
    163
    Thanks
    3,290
    My Mood
    Sleepy
    SECOND?

    :3

  5. #4
    pashak's Avatar
    Join Date
    Nov 2009
    Gender
    male
    Posts
    350
    Reputation
    29
    Thanks
    42
    comes with full chams.

  6. #5
    NOOB's Avatar
    Join Date
    Apr 2010
    Gender
    male
    Posts
    3,863
    Reputation
    425
    Thanks
    8,611
    credits to _shadow?

    :3

  7. The Following User Says Thank You to NOOB For This Useful Post:

    kotentopf (05-08-2011)

  8. #6
    Crash's Avatar
    Join Date
    Aug 2009
    Gender
    male
    Location
    JAville
    Posts
    2,889
    Reputation
    163
    Thanks
    3,290
    My Mood
    Sleepy
    Quote Originally Posted by pashak View Post
    comes with full chams.
    I thought we had the same method

    first i was all :



    then i was all :



    :3

  9. #7
    Ch40zz-C0d3r's Avatar
    Join Date
    Apr 2011
    Gender
    male
    Posts
    839
    Reputation
    44
    Thanks
    400
    My Mood
    Twisted
    Very good :/ now all have chams -_-
    Im so glad i use another 100% better hook way
    So im sure my dont get patched

    Progress with my game - "Disbanded"
    • Fixed FPS lag on spawning entities due to the ent_preload buffer!
    • Edit the AI code to get some better pathfinding
    • Fixed the view bug within the sniper scope view. The mirror entity is invisible now!
    • Added a new silencer for ALL weapons. Also fixed the rotation bugs
    • Added a ton of new weapons and the choice to choose a silencer for every weapon
    • Created a simple AntiCheat, noobs will cry like hell xD
    • The name will be Disbanded, the alpha starts on the 18th august 2014



    Some new physics fun (Serversided, works on every client)



    My new AI
    https://www.youtube.com/watch?v=EMSB1GbBVl8

    And for sure my 8 months old gameplay with 2 friends
    https://www.youtube.com/watch?v=Na2kUdu4d_k

  10. #8
    Crash's Avatar
    Join Date
    Aug 2009
    Gender
    male
    Location
    JAville
    Posts
    2,889
    Reputation
    163
    Thanks
    3,290
    My Mood
    Sleepy
    Quote Originally Posted by Ch40zz-C0d3r View Post
    Very good :/ now all have chams -_-
    Im so glad i use another 100% better hook way
    So im sure my dont get patched
    You're still a 100% idiot

  11. The Following 5 Users Say Thank You to Crash For This Useful Post:

    jerty000 (06-16-2011),Nexulous (05-08-2011),pashak (05-08-2011),topblast (05-08-2011),wraithkilla (07-07-2011)

  12. #9
    Departure's Avatar
    Join Date
    Nov 2010
    Gender
    male
    Posts
    818
    Reputation
    125
    Thanks
    1,785
    My Mood
    Doh
    I have question to d3d gurus, I have a hook set on Present and I call my DrawBox function with in the hook, it calls DrawPrimitiveUP, works fine in test9.exe but when used in combat arms I get shut down. Now the part I don't understand is how that gets detected if I am calling it from Present? I could understand if I hooked DrawPrimitiveUP and did some shit there..

  13. #10
    Stephen's Avatar
    Join Date
    Jun 2009
    Gender
    male
    Location
    Engine.exe
    Posts
    4,690
    Reputation
    184
    Thanks
    1,147
    My Mood
    Aggressive
    This directly from shadow. Someone in the thread posted it. All you did was change it around.

  14. #11
    pashak's Avatar
    Join Date
    Nov 2009
    Gender
    male
    Posts
    350
    Reputation
    29
    Thanks
    42
    Quote Originally Posted by Departure View Post
    I have question to d3d gurus, I have a hook set on Present and I call my DrawBox function with in the hook, it calls DrawPrimitiveUP, works fine in test9.exe but when used in combat arms I get shut down. Now the part I don't understand is how that gets detected if I am calling it from Present? I could understand if I hooked DrawPrimitiveUP and did some shit there..
    CA is really hard to hook DIP in thats why its shutting down, I don't know why its calling DPUP tho :/

    Quote Originally Posted by Stephen View Post
    This directly from shadow. Someone in the thread posted it. All you did was change it around.
    and released for mpgh and added chams for C & P'ing nubs
    hope you're happy

  15. #12
    Departure's Avatar
    Join Date
    Nov 2010
    Gender
    male
    Posts
    818
    Reputation
    125
    Thanks
    1,785
    My Mood
    Doh
    Quote Originally Posted by pashak View Post
    CA is really hard to hook DIP in thats why its shutting down, I don't know why its calling DPUP tho :/



    and released for mpgh and added chams for C & P'ing nubs
    hope you're happy
    Because the DrawBox function has Alpha support using a vertex


    P.s This so called "Mid Function Hooking" is called code caving in the reverse engineering world, we use code caves to inline patch targets...
    Last edited by Departure; 05-08-2011 at 10:57 AM.

  16. #13
    Stephen's Avatar
    Join Date
    Jun 2009
    Gender
    male
    Location
    Engine.exe
    Posts
    4,690
    Reputation
    184
    Thanks
    1,147
    My Mood
    Aggressive
    Quote Originally Posted by pashak View Post
    and released for mpgh and added chams for C & P'ing nubs
    hope you're happy
    But you are the C&P nub /

  17. #14
    the grim reaper's Avatar
    Join Date
    Jul 2010
    Gender
    male
    Location
    Ca Na Section
    Posts
    166
    Reputation
    19
    Thanks
    48
    My Mood
    Amazed
    hmm? should i use this? i already have my own hook
    Respect List:
    [MPGH]Dave84311
    freedompeace
    _FK127_
    Reimy
    Speedforyou
    wolffang0000



    If i helped at all please press the thanks button

  18. #15
    pashak's Avatar
    Join Date
    Nov 2009
    Gender
    male
    Posts
    350
    Reputation
    29
    Thanks
    42
    Quote Originally Posted by Stephen View Post


    But you are the C&P nub /
    cool story bro

Page 1 of 4 123 ... LastLast