Results 1 to 13 of 13
  1. #1
    Void's Avatar
    Join Date
    Sep 2009
    Gender
    male
    Location
    Inline.
    Posts
    3,198
    Reputation
    205
    Thanks
    1,445
    My Mood
    Mellow

    Hooking in assembly.

    Sup homies. \:

    Yeah, was bored, made a hack sort of thing in assembly 'cause I'm badass.

    Had to find the d3d9 include files on the MASM32 forum, not too hard. There are some things in the includes that need changes, but nothing I used here need those changes. I saw a lot of stuff in the ID3DXFont class that needed changing so I didn't use those functions here.

    This basically contains a hooking function I wrote myself, and an example of how to use it. I used it on the direct3d9 environment, the address I put there is obviously not going to be the same so don't even try... Yup, if it works, the environment window should be cleared to a yellow.

    SAWP AJ? <3

    [highlight=asm]
    .386
    .model flat,stdcall
    option casemap:none

    include\masm32\include\windows.inc
    include\masm32\include\user32.inc
    include\masm32\include\kernel32.inc
    include\masm32\include\d3dx9.inc

    includelib\masm32\lib\user32.lib
    includelib\masm32\lib\kernel32.lib
    includelib\masm32\lib\dx\d3d9.lib
    includelib\masm32\lib\dx\d3dx9.lib



    .data

    Message db "Injection successfull",0

    OldProtect dd 0
    allocJump db 10 DUP(0)
    ES_Address dd 0


    .code

    hEndScene proc pDeviceWORD

    mov eax,pDevice
    mov eax,[eax]


    push 0
    push 1
    push 16760576 ;color ( in base 10 )
    push D3DCLEAR_TARGET
    push NULL
    push 0
    push pDevice

    assume eaxtr STIDirect3DDevice9
    call [eax].Clear
    assume eax: nothing

    push pDevice
    call ES_Address
    ret

    hEndScene endp

    HookFunc proc targetFuncWORD, newFuncWORD

    mov eax, offset OldProtect
    mov ebx,[eax]
    xor eax,eax

    push offset OldProtect
    push PAGE_EXECUTE_READWRITE
    push 4096
    push targetFunc
    call VirtualProtect

    .if eax
    mov eax,offset allocJump
    mov ebx,targetFunc

    push edi
    ;move 5 bytes into allocJump
    mov edi,0
    _loop:
    mov ecx,[ebx+edi]
    mov [eax+edi],ecx
    inc edi
    cmp edi,5
    jne _loop
    pop edi

    push ebx
    add eax,5
    mov ebx,233
    mov [eax],ebx
    pop ebx

    add eax,1
    mov ecx,offset allocJump
    sub ebx,ecx
    sub ebx,5

    mov [eax],ebx

    mov ebx,targetFunc
    mov ecx,newFunc

    sub ecx,ebx
    sub ecx,5

    mov edx,233
    mov [ebx],edx

    add ebx,1
    mov [ebx],ecx

    mov eax,offset allocJump

    .endif

    ret
    HookFunc endp

    DllMain proc hInst:HINSTANCE, dwReasonWORD, uselessWORD
    .if dwReason == DLL_PROCESS_ATTACH
    push hEndScene
    push 4FE571B0h
    call HookFunc
    mov ES_Address,eax

    push MB_OK
    push offset Message
    push offset Message
    push 0
    call MessageBoxA

    .endif

    mov eax,1
    ret

    DllMain endp
    end DllMain

    [/highlight]

  2. The Following 6 Users Say Thank You to Void For This Useful Post:

    -Raz0r- (10-27-2010),Astral Witch (12-28-2010),Melodia (10-26-2010),Synns (02-08-2011),therofl (11-01-2010),why06 (10-26-2010)

  3. #2
    crushed's Avatar
    Join Date
    Oct 2009
    Gender
    male
    Location
    My name is Jay. k?
    Posts
    415
    Reputation
    10
    Thanks
    113
    My Mood
    Sneaky
    I can't take to see your face with those tears run down your cheeks. But what can I do? I gotta stay true, cause deep down I'm still a G.

  4. #3
    -Raz0r-'s Avatar
    Join Date
    Aug 2010
    Gender
    male
    Location
    Australia
    Posts
    117
    Reputation
    15
    Thanks
    38
    My Mood
    Lurking
    Assembly is so beautiful o.o...
    Languages: C, C++, x86 ASM, PHP, Lua

  5. The Following User Says Thank You to -Raz0r- For This Useful Post:

    therofl (11-01-2010)

  6. #4
    Void's Avatar
    Join Date
    Sep 2009
    Gender
    male
    Location
    Inline.
    Posts
    3,198
    Reputation
    205
    Thanks
    1,445
    My Mood
    Mellow
    What happened to our posts? D:

    Oh well, I agree with you razor.

  7. The Following User Says Thank You to Void For This Useful Post:

    therofl (11-01-2010)

  8. #5
    hobosrock696's Avatar
    Join Date
    Aug 2010
    Gender
    male
    Posts
    45
    Reputation
    9
    Thanks
    1
    My Mood
    Mellow
    Can someone please enlighten me on what .if eax means :/ its hla isnt it?
    EWWWWWW :P
    Last edited by hobosrock696; 10-27-2010 at 06:38 PM.

  9. #6
    Void's Avatar
    Join Date
    Sep 2009
    Gender
    male
    Location
    Inline.
    Posts
    3,198
    Reputation
    205
    Thanks
    1,445
    My Mood
    Mellow
    Quote Originally Posted by hobosrock696 View Post
    Can someone please enlighten me on what .if eax means :/ its hla isnt it?
    EWWWWWW :P
    .if is a macro..

    Theres a reason it's called Microsoft's Macro Assembler. ( I think )

  10. The Following User Says Thank You to Void For This Useful Post:

    therofl (11-01-2010)

  11. #7
    hobosrock696's Avatar
    Join Date
    Aug 2010
    Gender
    male
    Posts
    45
    Reputation
    9
    Thanks
    1
    My Mood
    Mellow
    Mmmmm I see the assembler just pops in its own instructions there. I apologize learned with nasm. I was under the impression masm stood for microsoft assembler but I could very well be wrong.

    EDIT: I am wrong Dx

    Is this the same concept as coding for linux? (pushing args onto the stack in reverse order and calling a c function) From the assembly book I read I got a very hostile image of windows as a platform to code for in assembly.
    Last edited by hobosrock696; 10-27-2010 at 07:18 PM.

  12. #8
    -Raz0r-'s Avatar
    Join Date
    Aug 2010
    Gender
    male
    Location
    Australia
    Posts
    117
    Reputation
    15
    Thanks
    38
    My Mood
    Lurking
    __cdecl calling convention requires pushing args on the stack in reverse order, calling the function, and cleaning up the stack (add esp,howManyBytesWerePushed)
    Platform independent.

    MASM = Macro Assembler, notably for the neat integration of high-level macros in a low-level language.

    Also I've had no problem writing assembly for either platform. People just have excessive opinions.
    Last edited by -Raz0r-; 10-27-2010 at 11:36 PM.
    Languages: C, C++, x86 ASM, PHP, Lua

  13. The Following User Says Thank You to -Raz0r- For This Useful Post:

    Astral Witch (12-28-2010)

  14. #9
    Void's Avatar
    Join Date
    Sep 2009
    Gender
    male
    Location
    Inline.
    Posts
    3,198
    Reputation
    205
    Thanks
    1,445
    My Mood
    Mellow
    Quote Originally Posted by -Raz0r- View Post
    __cdecl calling convention requires pushing args on the stack in reverse order, calling the function, and cleaning up the stack (add esp,howManyBytesWerePushed)
    Platform independent.

    MASM = Macro Assembler, notably for the neat integration of high-level macros in a low-level language.

    Also I've had no problem writing assembly for either platform. People just have excessive opinions.
    Same for the standard calling convention, which is the one I'm using here.

  15. The Following User Says Thank You to Void For This Useful Post:

    therofl (11-01-2010)

  16. #10
    -Raz0r-'s Avatar
    Join Date
    Aug 2010
    Gender
    male
    Location
    Australia
    Posts
    117
    Reputation
    15
    Thanks
    38
    My Mood
    Lurking
    Quote Originally Posted by Void View Post
    Same for the standard calling convention, which is the one I'm using here.
    :|
    I could have sworn stdcall relies on the callee (Function being called) to clean up the stack, as opposed to cdecl where the caller does that.

    x86 calling conventions - Wikipedia, the free encyclopedia
    Languages: C, C++, x86 ASM, PHP, Lua

  17. The Following User Says Thank You to -Raz0r- For This Useful Post:

    therofl (11-01-2010)

  18. #11
    Void's Avatar
    Join Date
    Sep 2009
    Gender
    male
    Location
    Inline.
    Posts
    3,198
    Reputation
    205
    Thanks
    1,445
    My Mood
    Mellow
    Quote Originally Posted by -Raz0r- View Post
    :|
    I could have sworn stdcall relies on the callee (Function being called) to clean up the stack, as opposed to cdecl where the caller does that.

    x86 calling conventions - Wikipedia, the free encyclopedia
    Yeah it does, the callee has to clean up when using the standard convention. I meant that even the standard convention pushes arguments in reverse order, since that's what he asked.

    Sorry 'bout that.

  19. The Following 2 Users Say Thank You to Void For This Useful Post:

    -Raz0r- (10-30-2010),therofl (11-01-2010)

  20. #12
    unspeakable's Avatar
    Join Date
    Mar 2012
    Gender
    male
    Location
    WorldWide
    Posts
    73
    Reputation
    21
    Thanks
    7
    My Mood
    Dead
    why is it that almost everyone of void's threads or anyonelse , therofl has thanked them?
    "out out , brief candle" life is a matter of seconds.

  21. #13
    'Bruno's Avatar
    Join Date
    Dec 2009
    Gender
    male
    Location
    Portugal
    Posts
    2,883
    Reputation
    290
    Thanks
    1,036
    My Mood
    Busy
    Quote Originally Posted by unspeakable View Post
    why is it that almost everyone of void's threads or anyonelse , therofl has thanked them?
    Both users are old, and i don't see why does it bother you so much that he thanks people? Why would you even VM him asking if he has nothing better to do than thank people? Its up to him..

    closed.
    Light travels faster than sound. That's why most people seem bright until you hear them speak.

Similar Threads

  1. [Release] Simple Assembly Hooking
    By gnm in forum Combat Arms Hack Coding / Programming / Source Code
    Replies: 7
    Last Post: 07-16-2011, 09:02 PM
  2. WR D3D Hook - =o - 03/22/07
    By Dave84311 in forum Hack/Release News
    Replies: 14
    Last Post: 10-06-2007, 09:59 AM
  3. D3D hooking tutorial 5 i think
    By llvengancell in forum WarRock - International Hacks
    Replies: 7
    Last Post: 06-26-2007, 03:09 PM
  4. How can i hook the punkbuster?
    By TheRedEye in forum WarRock - International Hacks
    Replies: 5
    Last Post: 05-27-2007, 12:34 PM
  5. New Hacks Announced & Warrock DX Hook Update
    By Dave84311 in forum Hack/Release News
    Replies: 17
    Last Post: 03-02-2007, 03:54 PM