Sup homies. \:
Yeah, was bored, made a hack sort of thing in assembly 'cause I'm badass.
Had to find the d3d9 include files on the MASM32 forum, not too hard. There are some things in the includes that need changes, but nothing I used here need those changes. I saw a lot of stuff in the ID3DXFont class that needed changing so I didn't use those functions here.
This basically contains a hooking function I wrote myself, and an example of how to use it. I used it on the direct3d9 environment, the address I put there is obviously not going to be the same so don't even try... Yup, if it works, the environment window should be cleared to a yellow.
SAWP AJ? <3
[highlight=asm]
.386
.model flat,stdcall
option casemap:none
include\masm32\include\windows.inc
include\masm32\include\user32.inc
include\masm32\include\kernel32.inc
include\masm32\include\d3dx9.inc
includelib\masm32\lib\user32.lib
includelib\masm32\lib\kernel32.lib
includelib\masm32\lib\dx\d3d9.lib
includelib\masm32\lib\dx\d3dx9.lib
.data
Message db "Injection successfull",0
OldProtect dd 0
allocJump db 10 DUP(0)
ES_Address dd 0
.code
hEndScene proc pDeviceWORD
mov eax,pDevice
mov eax,[eax]
push 0
push 1
push 16760576 ;color ( in base 10 )
push D3DCLEAR_TARGET
push NULL
push 0
push pDevice
assume eaxtr STIDirect3DDevice9
call [eax].Clear
assume eax: nothing
push pDevice
call ES_Address
ret
hEndScene endp
HookFunc proc targetFuncWORD, newFuncWORD
mov eax, offset OldProtect
mov ebx,[eax]
xor eax,eax
push offset OldProtect
push PAGE_EXECUTE_READWRITE
push 4096
push targetFunc
call VirtualProtect
.if eax
mov eax,offset allocJump
mov ebx,targetFunc
push edi
;move 5 bytes into allocJump
mov edi,0
_loop:
mov ecx,[ebx+edi]
mov [eax+edi],ecx
inc edi
cmp edi,5
jne _loop
pop edi
push ebx
add eax,5
mov ebx,233
mov [eax],ebx
pop ebx
add eax,1
mov ecx,offset allocJump
sub ebx,ecx
sub ebx,5
mov [eax],ebx
mov ebx,targetFunc
mov ecx,newFunc
sub ecx,ebx
sub ecx,5
mov edx,233
mov [ebx],edx
add ebx,1
mov [ebx],ecx
mov eax,offset allocJump
.endif
ret
HookFunc endp
DllMain proc hInst:HINSTANCE, dwReasonWORD, uselessWORD
.if dwReason == DLL_PROCESS_ATTACH
push hEndScene
push 4FE571B0h
call HookFunc
mov ES_Address,eax
push MB_OK
push offset Message
push offset Message
push 0
call MessageBoxA
.endif
mov eax,1
ret
DllMain endp
end DllMain
[/highlight]
Last edited by NextGen1; 02-07-2011 at 06:03 PM.
Assembly is so beautiful o.o...
Languages: C, C++, x86 ASM, PHP, Lua
therofl (11-01-2010)
What happened to our posts? D:
Oh well, I agree with you razor.
therofl (11-01-2010)
Can someone please enlighten me on what .if eax means :/ its hla isnt it?
EWWWWWW :P
Last edited by hobosrock696; 10-27-2010 at 06:38 PM.
therofl (11-01-2010)
Mmmmm I see the assembler just pops in its own instructions there. I apologize learned with nasm. I was under the impression masm stood for microsoft assembler but I could very well be wrong.
EDIT: I am wrong Dx
Is this the same concept as coding for linux? (pushing args onto the stack in reverse order and calling a c function) From the assembly book I read I got a very hostile image of windows as a platform to code for in assembly.
Last edited by hobosrock696; 10-27-2010 at 07:18 PM.
__cdecl calling convention requires pushing args on the stack in reverse order, calling the function, and cleaning up the stack (add esp,howManyBytesWerePushed)
Platform independent.
MASM = Macro Assembler, notably for the neat integration of high-level macros in a low-level language.
Also I've had no problem writing assembly for either platform. People just have excessive opinions.
Last edited by -Raz0r-; 10-27-2010 at 11:36 PM.
Languages: C, C++, x86 ASM, PHP, Lua
Astral Witch (12-28-2010)
therofl (11-01-2010)
:|
I could have sworn stdcall relies on the callee (Function being called) to clean up the stack, as opposed to cdecl where the caller does that.
x86 calling conventions - Wikipedia, the free encyclopedia
Languages: C, C++, x86 ASM, PHP, Lua
therofl (11-01-2010)
why is it that almost everyone of void's threads or anyonelse , therofl has thanked them?
"out out , brief candle" life is a matter of seconds.
Light travels faster than sound. That's why most people seem bright until you hear them speak.