Thread: Mid Hooking

Results 1 to 1 of 1
  1. 11-27-2011 #1
    Bildr
    Bildr is offline
    Leecher
    Bildr's Avatar
    Join Date
    Nov 2011
    Gender
    male
    Posts
    8
    Reputation
    10
    Thanks
    0
    Send a message via Birdie™ to Bildr New Zealand

    Mid Hooking

    Hello every one. I have a littel problem. When I do a DIP-hook. Then the game will freeze, The music contiues but the screen doesn't refresh any more...

    I did the Midhook this way:
    Code:
    DIP hook: (This is in DIP)
648DB6F0  - 0F84 1A5A6C>JE D3DHook2.57FA1110 //naked call
648DB6F6    90          NOP
648DB6F7    395E 18     CMP DWORD PTR DS:[ES>
    Code:
    Naked function:
57FA1110    60          	PUSHAD
57FA1111    9C          	PUSHFD
57FA1112    833D 2C65FA>	CMP DWORD PTR DS:[57FA652C],1
57FA1119    75 02       	JNZ SHORT 57FA111D
57FA111B    EB 21       	JMP SHORT 57FA113E
57FA111D    36:FF75 20  	PUSH DWORD PTR SS:[EBP+20]
57FA1121    36:FF75 1C  	PUSH DWORD PTR SS:[EBP+1C]
57FA1125    36:FF75 18  	PUSH DWORD PTR SS:[EBP+18]
57FA1129    36:FF75 14  	PUSH DWORD PTR SS:[EBP+14]
57FA112D    36:FF75 10 	 	PUSH DWORD PTR SS:[EBP+10]
57FA1131    36:FF75 0C  	PUSH DWORD PTR SS:[EBP+C]
57FA1135    36:FF75 08  	PUSH DWORD PTR SS:[EBP+8]
57FA1139    E8 42FFFFFF 	CALL 57FA1080 //Call my DIP
57FA113E    61          	POPAD
57FA113F    9D          	POPFD
57FA1140    36:8975 EC  	MOV DWORD PTR SS:[EBP-14],ESI //restore
57FA1144    36:8975 D4  	MOV DWORD PTR SS:[EBP-2C],ESI //restore
57FA1148    36:895D D8  	MOV DWORD PTR SS:[EBP-28],EBX //restore
57FA114C  - FF25 2465FA57       JMP DWORD PTR DS:[57FA6524]                                   ; d3d9.648DB6F7 //return back to the return address. Is this wrong? d3d9.648DB6F7 << 648DB6F7 si correct.. But "MP DWORD PTR DS:[57FA6524]"?
    Code:
    MyDIP:
57FA1080    55          PUSH EBP
57FA1081    8BEC        MOV EBP,ESP
57FA1083    83EC 0C     SUB ESP,0C
57FA1086    8B45 08     MOV EAX,DWORD PTR SS:[EBP+8]
57FA1089    8B08        MOV ECX,DWORD PTR DS:[EAX]
57FA108B    53          PUSH EBX
57FA108C    56          PUSH ESI
57FA108D    57          PUSH EDI
57FA108E    8D55 FC     LEA EDX,DWORD PTR SS:[EBP-4]
57FA1091    52          PUSH EDX
57FA1092    8D55 F8     LEA EDX,DWORD PTR SS:[EBP-8]
57FA1095    52          PUSH EDX
57FA1096    8D55 F4     LEA EDX,DWORD PTR SS:[EBP-C]
57FA1099    33F6        XOR ESI,ESI
57FA109B    52          PUSH EDX
57FA109C    56          PUSH ESI
57FA109D    50          PUSH EAX
57FA109E    8B81 940100>MOV EAX,DWORD PTR DS:[ECX+194]
57FA10A4    8975 F8     MOV DWORD PTR SS:[EBP-8],ESI
57FA10A7    8975 FC     MOV DWORD PTR SS:[EBP-4],ESI
57FA10AA    C705 2C65FA>MOV DWORD PTR DS:[57FA652C],1
57FA10B4    FFD0        CALL EAX
57FA10B6    85C0        TEST EAX,EAX
57FA10B8    75 0B       JNZ SHORT 57FA10C5
57FA10BA    8B45 F4     MOV EAX,DWORD PTR SS:[EBP-C]
57FA10BD    8B08        MOV ECX,DWORD PTR DS:[EAX]
57FA10BF    8B51 08     MOV EDX,DWORD PTR DS:[ECX+8]
57FA10C2    50          PUSH EAX
57FA10C3    FFD2        CALL EDX
57FA10C5    3975 FC     CMP DWORD PTR SS:[EBP-4],ESI
57FA10C8    8B75 20     MOV ESI,DWORD PTR SS:[EBP+20]
57FA10CB    8B7D 1C     MOV EDI,DWORD PTR SS:[EBP+1C]
57FA10CE    8B5D 18     MOV EBX,DWORD PTR SS:[EBP+18]
57FA10D1    75 19       JNZ SHORT 57FA10EC
57FA10D3    8B45 14     MOV EAX,DWORD PTR SS:[EBP+14]
57FA10D6    8B4D 10     MOV ECX,DWORD PTR SS:[EBP+10]
57FA10D9    8B55 0C     MOV EDX,DWORD PTR SS:[EBP+C]
57FA10DC    56          PUSH ESI
57FA10DD    57          PUSH EDI
57FA10DE    53          PUSH EBX
57FA10DF    50          PUSH EAX
57FA10E0    8B45 08     MOV EAX,DWORD PTR SS:[EBP+8]
57FA10E3    51          PUSH ECX
57FA10E4    52          PUSH EDX
57FA10E5    50          PUSH EAX
57FA10E6    FF15 2865FA>CALL DWORD PTR DS:[57FA6528]                                  ; d3d9.648DB6B1
57FA10EC    8B4D 14     MOV ECX,DWORD PTR SS:[EBP+14]
57FA10EF    8B55 10     MOV EDX,DWORD PTR SS:[EBP+10]
57FA10F2    8B45 0C     MOV EAX,DWORD PTR SS:[EBP+C]
57FA10F5    56          PUSH ESI
57FA10F6    57          PUSH EDI
57FA10F7    53          PUSH EBX
57FA10F8    51          PUSH ECX
57FA10F9    8B4D 08     MOV ECX,DWORD PTR SS:[EBP+8]
57FA10FC    52          PUSH EDX
57FA10FD    50          PUSH EAX
57FA10FE    51          PUSH ECX
57FA10FF    FF15 2865FA>CALL DWORD PTR DS:[57FA6528]                                  ; d3d9.648DB6B1
57FA1105    5F          POP EDI
57FA1106    5E          POP ESI
57FA1107    5B          POP EBX
57FA1108    8BE5        MOV ESP,EBP
57FA110A    5D          POP EBP
57FA110B    C2 1C00     RET 1C //return
    I copied de DIP form the internet. This is to test if it works:

    Code:
    HRESULT WINAPI DrawIndexedPrimitive_Detour(LPDIRECT3DDEVICE9 Device_Interface, D3DPRIMITIVETYPE Type, INT BaseIndex, 
	UINT MinIndex, UINT NumVertices, UINT StartIndex, UINT PrimitiveCount) {

	LPDIRECT3DVERTEXBUFFER9 Stream_Data;
	UINT Offset = 0;
	UINT Stride = 0;
	MultipleDIP = TRUE;

	if(Device_Interface->GetStreamSource(0, &Stream_Data, &Offset, &Stride) == D3D_OK)
		Stream_Data->Release();

	if(Stride == 0)
	{
		// ...
		DrawIndexedPrimitive_Pointer(Device_Interface, Type, BaseIndex, MinIndex, NumVertices, StartIndex, PrimitiveCount);
		// ...
	}

	HRESULT Result = DrawIndexedPrimitive_Pointer(Device_Interface, Type, BaseIndex, MinIndex, NumVertices, StartIndex, PrimitiveCount);

	//MultipleDIP = FALSE;
	return Result;
}
    I hooked at this place:
    Code:
    648DB6B1    8BFF        MOV EDI,EDI
648DB6B3    55          PUSH EBP
648DB6B4    8BEC        MOV EBP,ESP
648DB6B6    6A FF       PUSH -1
648DB6B8    68 28BEA464 PUSH 64A4BE28
648DB6BD    64:A1 00000>MOV EAX,DWORD PTR FS>
648DB6C3    50          PUSH EAX
648DB6C4    83EC 20     SUB ESP,20
648DB6C7    53          PUSH EBX
648DB6C8    56          PUSH ESI
648DB6C9    57          PUSH EDI
648DB6CA    A1 5092A564 MOV EAX,DWORD PTR DS>
648DB6CF    33C5        XOR EAX,EBP
648DB6D1    50          PUSH EAX
648DB6D2    8D45 F4     LEA EAX,DWORD PTR SS>
648DB6D5    64:A3 00000>MOV DWORD PTR FS:[0]>
648DB6DB    8965 F0     MOV DWORD PTR SS:[EB>
648DB6DE    8B7D 08     MOV EDI,DWORD PTR SS>
648DB6E1    33DB        XOR EBX,EBX
648DB6E3    3BFB        CMP EDI,EBX
648DB6E5    0F84 BA0300>JE 648DBAA5
648DB6EB    8D77 04     LEA ESI,DWORD PTR DS>
648DB6EE    3BDB        CMP EBX,EBX
MOV DWORD PTR SS:[EBP-14],ESI //Here I hook
MOV DWORD PTR SS:[EBP-2C],ESI //Here I hook
MOV DWORD PTR SS:[EBP-28],EBX //Here I hook
648DB6F7    395E 18     CMP DWORD PTR DS:[ES>

    Did I made a mistake here? Or is somting else the problem? Its so strange.. The game doesn't crash... The screen only freeze. I hope some one can help me. Thanks!

    Edit:
    Btw, I use a DLL for this.
    Last edited by Bildr; 11-27-2011 at 01:07 PM.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Similar Threads

  1. [Help] Mid-Hook Function Help [Solved]
    By 258456 in forum C++/C Programming
    Replies: 34
    Last Post: 11-15-2011, 10:43 AM
  2. [Help] Mid function hook
    By giniyat202 in forum CrossFire Hack Coding / Programming / Source Code
    Replies: 17
    Last Post: 08-07-2011, 04:33 AM
  3. [Release] DIP Mid-Func Hook
    By MasterXxX in forum CrossFire Hack Coding / Programming / Source Code
    Replies: 2
    Last Post: 08-02-2011, 10:11 AM
  4. WR D3D Hook - =o - 03/22/07
    By Dave84311 in forum Hack/Release News
    Replies: 14
    Last Post: 10-06-2007, 09:59 AM
  5. New Hacks Announced & Warrock DX Hook Update
    By Dave84311 in forum Hack/Release News
    Replies: 17
    Last Post: 03-02-2007, 03:54 PM