Results 1 to 14 of 14

Threaded View

  1. 06-29-2014 #1
    Jhem
    Jhem is offline
    I love myself
    나도 너를 사랑해
    Former Staff
    Premium Member
    Jhem's Avatar
    Join Date
    Mar 2012
    Gender
    male
    Location
    167,646,447
    Posts
    5,150
    Reputation
    1220
    Thanks
    7,395
    My Mood
    Stressed
    Send a message via Birdie™ to Jhem Philippines

    Undetected EndScene Hook for AssaultFire

    Actually this is undetected for AssaultFire, thanks to _Shadows & creator of FindPatter,mask,Detour & etc.
    This is for Windows 7 only.

    Main.h
    Code:
    bool Match(const BYTE* pData, const BYTE* bMask, const char* szMask)
{
    for(;*szMask;++szMask,++pData,++bMask)
        if(*szMask=='x' && *pData!=*bMask ) 
            return false;
    return (*szMask) == NULL;
}

DWORD FindPattern(DWORD dwAddress,DWORD dwLen,BYTE *bMask,char * szMask)
{
    for(DWORD i=0; i<dwLen; i++)
        if(Match((BYTE*)(dwAddress + i), bMask, szMask))
            return (DWORD)(dwAddress+i);
    return 0;
}

void Detour(BYTE *pAddress, DWORD dwJumpTo, DWORD dwLen)
{
    DWORD dwOldProtect, dwBkup, dwRelAddr;
    VirtualProtect(pAddress, dwLen, PAGE_EXECUTE_READWRITE, &dwOldProtect);
    dwRelAddr = (DWORD) (dwJumpTo - (DWORD) pAddress) - 5;
    *pAddress = 0xE9;
    *((DWORD *)(pAddress + 0x1)) = dwRelAddr;
    for(DWORD x = 0x5; x < dwLen; x++) *(pAddress + x) = 0x90;
	VirtualProtect(pAddress, dwLen, dwOldProtect, &dwBkup);
    return;
}
    Main.h
    Code:
    #include <windows.h>
#include "Main.h"
#include <d3d9.h>
#include <d3dx9.h>
#pragma comment(lib, "d3d9.lib")
#pragma comment(lib, "d3dx9.lib")

DWORD dwEndscene_hook = NULL;
DWORD dwEndscene_ret = NULL;

LPD3DXFONT pFont;

VOID WriteText( LPDIRECT3DDEVICE9 pDevice, INT x, INT y, DWORD color, CHAR *text )
{    
    RECT rect;
    SetRect( &rect, x, y, x, y );
    pFont->DrawText( NULL, text, -1, &rect, DT_NOCLIP | DT_LEFT, color );
}
VOID WINAPI JhemEndScence(LPDIRECT3DDEVICE9 pDevice)
{
	if( pFont )
    {
        pFont->Release();
        pFont = NULL;
    }
    if( !pFont )
    {
        D3DXCreateFont( pDevice, 14,0,FW_BOLD,1,0,DEFAULT_CHARSET,OUT_DEFAULT_PRECIS,DEFAULT_QUALITY,DEFAULT_PITCH | FF_DONTCARE,"Arial",&pFont );
    }
	if( pFont )
        WriteText( pDevice, 15, 15, D3DCOLOR_ARGB(255,255,000,000), "MPGH Jhem \n MPGH.net" );

}

__declspec(naked) void MyEndscene()
{
    __asm
    {
			MOV DWORD PTR SS : [EBP - 0x10], ESP
            MOV ESI, DWORD PTR SS : [EBP + 0x8]
            XOR EBX, EBX                       
            PUSHFD
            PUSHAD
            PUSH[EBP + 0x8]
            CALL JhemEndScence;
			POPAD
            POPFD
            CMP ESI, EBX                       
            jmp dwEndscene_ret;               
    }
}

void HookThread(void)
{
	DWORD hD3D = (DWORD)LoadLibrary("d3d9.dll");
	DWORD *vtbl;

	DWORD adr = FindPattern(hD3D, 0x128000, (PBYTE)"\xC7\x06\x00\x00\x00\x00\x89\x86\x00\x00\x00\x00\x89\x86", "xx????xx????xx");
	if(adr)
	{
		memcpy(&vtbl,(void*)(adr + 2),4);
		dwEndscene_hook = vtbl[42] + 0x2A;
		dwEndscene_ret = dwEndscene_hook + 0x0A;
		Detour((PBYTE)dwEndscene_hook,(DWORD)MyEndscene,0x0A);
	}
}
BOOL WINAPI DllMain(HINSTANCE hModule, DWORD dwReason, LPVOID lpvReserved)
{
    if (dwReason == DLL_PROCESS_ATTACH)
    {
        DisableThreadLibraryCalls(hModule);
        CreateThread(NULL, NULL, (LPTHREAD_START_ROUTINE)HookThread, NULL, NULL, NULL);
    }
    return TRUE;
}

    Screen shot:
    Last edited by Jhem; 06-29-2014 at 11:39 PM.

  2. The Following 3 Users Say Thank You to Jhem For This Useful Post:

    Coder.Fail (07-02-2014),DaneCoder (07-12-2014),remzkee0903 (07-28-2014)
« Previous Thread | Next Thread »