How To Make A D3D Hook [ Complete Tutorial ]

[Dead(H)ell]

First of all i m not like those who afraid on giving a hook..i don't care about this i care bout helping people

---

First of all include those [they may have smth rong if any corrections i suggest @Swag to tell me]

Code:

#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
#include <d3d9.h>
#include <d3dx9.h>

---

okay first lets start naked function

Code:

DWORD* DIP_hook = NULL;
DWORD DIP_return = NULL;

bool  wallhack = true;

void myDIP(LPDIRECT3DDEVICE9 pDevice, D3DPRIMITIVETYPE Type,INT BaseVertexIndex,UINT MinVertexIndex,UINT NumVertices,UINT startIndex,UINT primCount)
{
    IDirect3DVertexBuffer9* pStreamData = NULL;
    UINT iOffsetInBytes,iStride;
    pDevice->GetStreamSource(0,&pStreamData,&iOffsetInBytes,&iStride);

    if(wallhack)
    if ((iStride==40)||(iStride==44))
    {
        pDevice->SetRenderState(D3DRS_ZENABLE, D3DZB_FALSE );
        pDevice->SetRenderState(D3DRS_ZFUNC,   D3DCMP_NEVER);
    }
}

_declspec(naked) void dwmyDIP()
{
    __asm
    {
        //Call myDIP
        MOV EAX, DWORD PTR [ESP+40];
        PUSH EAX;
        MOV EAX, DWORD PTR [ESP+40];
        PUSH EAX;
        MOV EAX, DWORD PTR [ESP+40];
        PUSH EAX;
        MOV EAX, DWORD PTR [ESP+40];
        PUSH EAX;
        MOV EAX, DWORD PTR [ESP+40];
        PUSH EAX;
        MOV EAX, DWORD PTR [ESP+40];
        PUSH EAX;
        MOV EAX, DWORD PTR [ESP+40];
        PUSH EAX;
        CALL myDIP;
        ADD ESP, 28;

Then Restore EAX original value:

Code:

MOV EAX,DWORD PTR FS:[0];

Then put back the Original code:

Code:

PUSH EAX;
        SUB ESP,0x20;

Then Return ur JMP Back:

Code:

JMP DIP_return;

Then Close ur naked Function:

Code:

    }
}

Then We Use The bCompare() Method:

Code:

bool bCompare(const BYTE* pData, const BYTE* bMask, const char* szMask)
{
    for(;*szMask;++szMask,++pData,++bMask)
        if(*szMask=='x' && *pData!=*bMask)   return 0;
    return (*szMask) == NULL;
}

Then We Find The Pattern For Our Wall Hack:

Code:

DWORD FindPattern(DWORD dwAddress,DWORD dwLen,BYTE *bMask,char * szMask)
{
    for(DWORD i=0; i<dwLen; i++)
        if (bCompare((BYTE*)(dwAddress+i),bMask,szMask))  return (DWORD)(dwAddress+i);
    return 0;
}

Then We start our 5 Bytes Hunting:

Code:

void MakeJMP(BYTE *pAddress, DWORD dwJumpTo, DWORD dwLen)
{
    DWORD dwOldProtect, dwBkup, dwRelAddr;

Then we give the paged memory read/write permissions:

Code:

    VirtualProtect(pAddress, dwLen, PAGE_EXECUTE_READWRITE, &dwOldProtect);

Then We calculate the distance between our address and our target location and subtract the 5bytes, which is the size of the JMP:

Code:

    dwRelAddr = (DWORD) (dwJumpTo - (DWORD) pAddress) - 5;

Then We overwrite the byte at pAddress with the jmp opcode (0xE9):

Code:

    *pAddress = 0xE9;

Then We overwrite the next 4 bytes (which is the size of a DWORD) with the dwRelAddr:

Code:

    *((DWORD *)(pAddress + 0x1)) = dwRelAddr;

Then we overwrite the remaining bytes with the NOP opcode (0x90):

Code:

    for(DWORD x = 0x5; x < dwLen; x++) *(pAddress + x) = 0x90;

Then we restore the paged memory permissions saved in dwOldProtect:

Code:

    VirtualProtect(pAddress, dwLen, dwOldProtect, &dwBkup);

Then We close the JMPHook:

Code:

    return;

}

Then Create Our Hack Thread:thx to @giniyat101 for the wall hack and to @Coder[Vb10e] for telling me how to put the wallhack

Code:

void WallHack()
{
    LoadLibraryA("d3d9.dll");
    DWORD D3D9, adr, *VTable;
    do
    {
        D3D9 = (DWORD)LoadLibraryA("d3d9.dll");
        Sleep(100);
    } while (D3D9 == NULL);

    adr = FindPattern(D3D9, 0x128000, (PBYTE)"\xC7\x06\x00\x00\x00\x00\x89\x86\x00\x00\x00\x00\x89\x8", "xx????xx????xx");
    if (adr) {
        memcpy(&VTable,(void *)(adr+2),4);

    MakeJMP((BYTE *)0x4FF51658, (DWORD)dwmyDIP, 0x6);
    DWORD dwJMPback = 0x4FF51658;
    }
}

Then Finally The DLLMAIN:

Code:

//you put one ur self :)

---

credits to:
@giniyat101
@Brimir
@Coder[Vb10e]

---

@Scata
@Royku
@Hero
@Jigsaw
worthes a sticky again?

[[MPGH]Austin]

GJ, and I've talked with hero. Not gonna sticky, you already have one. If you want this stickied combine the other one and this thread.

[Dead(H)ell]

GJ, and I've talked with hero. Not gonna sticky, you already have one. If you want this stickied combine the other one and this thread.

ok,i ll think bout that and ty

GJ, and I've talked with hero. Not gonna sticky, you already have one. If you want this stickied combine the other one and this thread.

@Scata remove the first sticky and stick this one its better than the first & not easy to get

[DeepShyt]

@Scata remove the first sticky and stick this one its better than the first & not easy to get

Can you help me make one d3d hook please.. my msn is deepshytmpgh@hotmail.com

[Reflex-]

Can you help me make one d3d hook please.. my msn is deepshytmpgh@hotmail.com

If you follow the Tutorial.

[Coder[Vb10e]]

@Dead(H)ell (i hope you did not stoled my hook, cause thats the string i made) good tutorial btw

[CFhackerfree]

LOL i have a Hook with DIp Pointer and my 2. hook without any pointers ^^
nice job

[Skrillex]

nice good job

[-iFaDy..*]

Good Job

[Swag]

Very good job

[Dead(H)ell]

@Dead(H)ell (i hope you did not stoled my hook, cause thats the string i made) good tutorial btw

no i swear i didnt..i just used ur hok to update the addies but the hook is from another forum dats wy i credited u

[Coder[Vb10e]]

no i swear i didnt..i just used ur hok to update the addies but the hook is from another forum dats wy i credited u

ok , nice tut it helps many pp

[MysteryCoder]

ok , nice tut it helps many pp

Bro I Need Your Help, I Think Hugo Send You A Message, So Please Can You Help Me?

---------- Post added at 07:31 PM ---------- Previous post was at 07:22 PM ----------

Cool Job Dude

[ramo]

Perfect tut - WOW Job
@Dead(H)ell open ur mail

[goold1]

i can use it for d3d menu ?