How to get DIP Pointer address

[Ryuesi]

Hello guys !!
I Will release a tut for how to get DIP Function address From olly

What do you need

Olly
d3d9.dll "From C:\Windows\system32"

Step 1

Open d3d9.dll with olly and right click > Search for > Binary String

View B04OC2.png on ScreenSnapr

Step 2

Write at Hex + 0E this binary

Code:

C7 06 ?? ?? ?? ?? 89 86 ?? ?? ?? ?? 89 86

View HufI5u.png on ScreenSnapr

Step 3

Then u will get a code like that

Code:

4FE50F3C  |. C706 286CDE4F  MOV DWORD PTR DS:[ESI],d3d9.4FDE6C28

Take the address you have get "4FDE6C28"
now we should search for [4FDE6C28+82.*4]
by Click CTRL + G

Step 4

Then you will found code like that

Code:

4FE58845  |. 6A FF          PUSH -1
4FE58847  |. 68 5816F54F    PUSH d3d9.4FF51658                       ;  SE handler installation
4FE5884C  |. 64:A1 00000000 MOV EAX,DWORD PTR FS:[0]
4FE58852  |. 50             PUSH EAX

4FF51658 That's the Dip Address

Thank + Rep if i helped you .
@giniyat101For Teach me that
Good bye

[darkness99]

thank you :P

---------- Post added at 05:32 PM ---------- Previous post was at 05:24 PM ----------

after that i will make naked asm and include D3D SDK ?

[[N.O]N.A.M.E]

GJ!

[darkness99]

thank you :P

---------- Post added at 05:32 PM ---------- Previous post was at 05:24 PM ----------

after that i will make naked asm and include D3D SDK ?

i found the crossfire eu DIP now ...

what to do ? i added naked asm and add code then what have i do to add it ? void class d3d hacks ?

---------- Post added at 05:49 PM ---------- Previous post was at 05:41 PM ----------



now ?

Code:

__declspec(naked) void DrawIndexedPrimitive ( )
{

_asm
{
mov eax,dword ptr [ebp + 0x8]
mov pDevice,eax
pushad
call Render
popad
push    -1
push    73A3B9E8
mov     eax, dword ptr fs:[0]
push eax
jmp DIP
}
}

[Genkidesu]

just use oldschool sigscanner, way faster.

[XarutoUsoCrack]

lol this tutorial its OOOOOOOOOOOOOOOOOOLLLLLLLLLLLLLLLLLLDDDDDDDDDDDDDD DDDDDDDDd

yu can use d3d9 test to

[giniyat101]

good job

[Swag]

Good tutorial..
Good job

[Assassin's Creed]

i found the crossfire eu DIP now ...

what to do ? i added naked asm and add code then what have i do to add it ? void class d3d hacks ?

---------- Post added at 05:49 PM ---------- Previous post was at 05:41 PM ----------



now ?

Code:

__declspec(naked) void DrawIndexedPrimitive ( )
{

_asm
{
mov eax,dword ptr [ebp + 0x8]
mov pDevice,eax
pushad
call Render
popad
push    -1
push    73A3B9E8
mov     eax, dword ptr fs:[0]
push eax
jmp DIP
}
}

there isnt a crossfire NA DIP and another one for EU they are both the same lol
anyway Thx

[-iFaDy..*]

Very Good Tutorial still need a tutorial for Mid Fonction Hook - Nice Tutorial

---------- Post added 03-21-2012 at 12:07 AM ---------- Previous post was 03-20-2012 at 11:20 PM ----------

omgg Learned Very Much From THis , going to make hook soooon !

[Dragon(H)ell]

really idk
but i think Mid Func patched with last x trap update

[DaRk]

there isnt a crossfire NA DIP and another one for EU they are both the same lol
anyway Thx

yea they both use d3d9 so it's doesn't change

[-iFaDy..*]

/req Sticky - Very Useful.

[darlwis]

I think the CF DIP Addie is this:
4FF51658h
Credits:
@ToXiC Coder,He pass me it on MSN.

[dicky88smd]

BTW i found that, i think NA have same with INDO "4FF51658"

@darlwis you say the addy is "4FF51658h" well can you explain to me where come form "h"