Results 1 to 5 of 5
  1. 08-10-2015 #1
    cmc5414
    cmc5414 is offline
    Newbie
    MPGH Member
    cmc5414's Avatar
    Join Date
    Oct 2011
    Gender
    female
    Posts
    29
    Reputation
    10
    Thanks
    199
    Send a message via Birdie™ to cmc5414 United States

    HOOK graphics driver wallhack

    Support for other games, the need to modify the model ID

    Code:
      if ( D3DHookFunc1.Stride==40 ////   ///Support for other games, the need to modify the model ID
   ||  D3DHookFunc1.Stride==44 
   ||  D3DHookFunc1.Stride==36 
   ||  D3DHookFunc1.Stride==32 
   || D3DHookFunc1.Stride==64)

    and

    Code:
     if (D3DHookFunc2.Stride==40 || D3DHookFunc2.Stride==44 || D3DHookFunc2.Stride==36 || D3DHookFunc2.Stride==32 || D3DHookFunc2.Stride==64)  ///Modified model ID
    Code:
    #include <Windows.h>
#include "stdafx.h"
#include "d3d9types.h"
#include "d3dumddi.h"
#include "d3d9.h"

typedef HRESULT APIENTRY _OpenAdapter(D3DDDIARG_OPENADAPTER *pAdapterData);
HRESULT APIENTRY WarpDdiCreateDevice(
	HANDLE hAdapter,
	D3DDDIARG_CREATEDEVICE *pDeviceData);
void HookThread();

typedef struct _D3D_HookFunc
{
	PFND3DDDI_DRAWINDEXEDPRIMITIVE DrawIndexedPrimitive;
    PFND3DDDI_SETRENDERSTATE SetRenderState;
    PFND3DDDI_SETSTREAMSOURCE SetStreamSource;
    PFND3DDDI_CREATEQUERY CreateQuery;
	DWORD Stride;

}D3D_HookFunc;


BOOL APIENTRY DllMain( HMODULE hModule,
                       DWORD  ul_reason_for_call,
                       LPVOID lpReserved
					 )
{
	switch (ul_reason_for_call)
	{
	case DLL_PROCESS_ATTACH:
		CreateThread(NULL,NULL,(LPTHREAD_START_ROUTINE)&HookThread,NULL,0,NULL);
	case DLL_THREAD_ATTACH:
	case DLL_THREAD_DETACH:
	case DLL_PROCESS_DETACH:
		break;
	}
	return TRUE;
}






void *DetourFunction(BYTE *src, const BYTE *dst, const int len) 
{
	BYTE *jmp = (BYTE*)VirtualAlloc(0,len+5,MEM_COMMIT,64);
	//BYTE *jmp = (BYTE*)malloc(len+5);
	DWORD dwBack;

	VirtualProtect(src, len, PAGE_EXECUTE_READWRITE, &dwBack);
	memcpy(jmp, src, len);	
	jmp += len;
	jmp[0] = 0xE9;
	*(DWORD*)(jmp+1) = (DWORD)(src+len - jmp) - 5;
	src[0] = 0xE9;
	*(DWORD*)(src+1) = (DWORD)(dst - src) - 5;
	for (int i=5; i<len; i++)  src[i]=0x90;
	VirtualProtect(src, len, dwBack, &dwBack);
	return (jmp-len);

}

_OpenAdapter *OldOpenAdapter;

PFND3DDDI_CREATEDEVICE DdiCreateDevice = NULL;
PFND3DDDI_PRESENT DdiPresent = NULL;
//PFND3DDDI_PRESENT1 DdiPresent1= NULL;
PFND3DDDI_LOCK DdiLock = NULL;
PFND3DDDI_CREATERESOURCE DdiCreateResource = NULL;
//PFND3DDDI_CREATERESOURCE2 DdiCreateResource2 = NULL;
PFND3DDDI_UNLOCK DdiUnlock = NULL;
PFND3DDDI_BLT DdiBlt = NULL;


HRESULT APIENTRY WarpOpenAdapter(D3DDDIARG_OPENADAPTER *pAdapterData)
{
	
	HRESULT ret = OldOpenAdapter(pAdapterData);
	
	if (ret == S_OK && pAdapterData->pAdapterFuncs->pfnCreateDevice)
	{
		DdiCreateDevice = pAdapterData->pAdapterFuncs->pfnCreateDevice;
		pAdapterData->pAdapterFuncs->pfnCreateDevice = WarpDdiCreateDevice;
	}
	return ret;
} 



BOOL DetourOpenAdapter()

{
	PVOID OpenAdapter;

	OpenAdapter = (PVOID)GetProcAddress(GetModuleHandleA("nvd3dum.dll"), "OpenAdapter");
	if (OpenAdapter == NULL)
	{
		OpenAdapter = (PVOID)GetProcAddress(GetModuleHandleA("aticfx32.dll"), "OpenAdapter");
	}

	if (OpenAdapter)
	{
		
		OldOpenAdapter=(_OpenAdapter *)DetourFunction(( PBYTE )OpenAdapter,( PBYTE ) &WarpOpenAdapter,9);

		
	}

	return OpenAdapter != NULL;
}



D3DDDI_DEVICEFUNCS* pDeviceFuncs;
HRESULT WINAPI nDrawIndexedPrimitive(PVOID pDevice, D3DDDIARG_DRAWINDEXEDPRIMITIVE* pDrawIndexedPrimitive);
DWORD NewStride=0;
DWORD fangwei1;
DWORD fangwei2=500;


void HookThread()
{
	BOOL IsHook;
	IsHook=FALSE;
	while (IsHook==FALSE)
	{
		IsHook=DetourOpenAdapter();
	}
	while (TRUE)
	{
		if (GetAsyncKeyState (VK_F2)&1) 
		{
			NewStride++;
			fangwei1=fangwei1+500;
			fangwei2=fangwei2+500;
			Sleep(100);
		}
		if (GetAsyncKeyState (VK_F3)&1) 
		{
			NewStride--;
			fangwei1=fangwei1-500;
			fangwei2=fangwei2-500;
			Sleep(100);
		}
		if (GetAsyncKeyState (VK_F4)&1) 
		{
			char str[256];
			itoa(NewStride,str,10);
			MessageBoxA(0,str,0,0);
			
		}

		Sleep(100);
	}
	

}




D3D_HookFunc D3DHookFunc1={};
D3D_HookFunc D3DHookFunc2={};



HRESULT WINAPI nSetStreamSource1(PVOID pDevice, D3DDDIARG_SETSTREAMSOURCE* pSetStreamSource)
{
	if (pSetStreamSource->Stream==0)
	{
		D3DHookFunc1.Stride=pSetStreamSource->Stride;
	}
	
	return D3DHookFunc1.SetStreamSource(pDevice,pSetStreamSource);
}


HRESULT WINAPI nDrawIndexedPrimitive1(PVOID pDevice, D3DDDIARG_DRAWINDEXEDPRIMITIVE* pDrawIndexedPrimitive)
{
	D3DDDIARG_RENDERSTATE tmp;
 	tmp.State=D3DDDIRS_ZENABLE;
 	tmp.Value=0;
	
   if ( D3DHookFunc1.Stride==40 ////   ///Modified model ID
   ||  D3DHookFunc1.Stride==44 
   ||  D3DHookFunc1.Stride==36 
   ||  D3DHookFunc1.Stride==32 
   || D3DHookFunc1.Stride==64)
   
	{
		
			tmp.State=D3DDDIRS_ZENABLE;
			tmp.Value=0;
			D3DHookFunc1.SetRenderState(pDevice,&tmp);
			D3DHookFunc1.DrawIndexedPrimitive( pDevice, pDrawIndexedPrimitive);


			tmp.State=D3DDDIRS_ZENABLE;
			tmp.Value=1;
			D3DHookFunc1.SetRenderState(pDevice,&tmp);

		

	}


return D3DHookFunc1.DrawIndexedPrimitive( pDevice, pDrawIndexedPrimitive);
	
}

HRESULT WINAPI nCreateQuery1(PVOID pDevice, D3DDDIARG_CREATEQUERY* pCreateQuery)
{
	if (pCreateQuery->QueryType==D3DDDIQUERYTYPE_OCCLUSION)
	{
		pCreateQuery->QueryType=D3DDDIQUERYTYPE_TIMESTAMP;
	}



	return D3DHookFunc1.CreateQuery(pDevice,pCreateQuery);
}


HRESULT WINAPI nSetStreamSource2(PVOID pDevice, D3DDDIARG_SETSTREAMSOURCE* pSetStreamSource)
{
	if (pSetStreamSource->Stream==0)
	{
		D3DHookFunc2.Stride=pSetStreamSource->Stride;
	}
	return D3DHookFunc2.SetStreamSource(pDevice,pSetStreamSource);
}

HRESULT WINAPI nDrawIndexedPrimitive2(PVOID pDevice, D3DDDIARG_DRAWINDEXEDPRIMITIVE* pDrawIndexedPrimitive)
{
	D3DDDIARG_RENDERSTATE tmp;
	D3DDDIARG_SETMATERIAL Material;

  if (D3DHookFunc2.Stride==40 || D3DHookFunc2.Stride==44 || D3DHookFunc2.Stride==36 || D3DHookFunc2.Stride==32 || D3DHookFunc2.Stride==64)  ///Modified model ID
	
	{
		tmp.State=D3DDDIRS_ZENABLE;
		tmp.Value=0;
		D3DHookFunc2.SetRenderState(pDevice,&tmp);
	    D3DHookFunc2.DrawIndexedPrimitive( pDevice, pDrawIndexedPrimitive);


		tmp.State=D3DDDIRS_ZENABLE;
		tmp.Value=1;
		D3DHookFunc2.SetRenderState(pDevice,&tmp);
	}


    return D3DHookFunc2.DrawIndexedPrimitive( pDevice, pDrawIndexedPrimitive);
	
}


HRESULT WINAPI nCreateQuery2(PVOID pDevice, D3DDDIARG_CREATEQUERY* pCreateQuery)
{
	if (pCreateQuery->QueryType==D3DDDIQUERYTYPE_OCCLUSION)
	{
		pCreateQuery->QueryType=D3DDDIQUERYTYPE_TIMESTAMP;
	}


	return D3DHookFunc2.CreateQuery(pDevice,pCreateQuery);
}



HRESULT APIENTRY WarpDdiCreateDevice(
	HANDLE hAdapter,
	D3DDDIARG_CREATEDEVICE *pDeviceData)
{
	// DdiCreateDevice must not be NULL if this path hit
	HRESULT ret = DdiCreateDevice(hAdapter, pDeviceData);
	



	if (pDeviceData->pDeviceFuncs->pfnDrawIndexedPrimitive!=NULL)
	{
		if (D3DHookFunc1.DrawIndexedPrimitive==NULL && D3DHookFunc2.SetRenderState!=pDeviceData->pDeviceFuncs->pfnSetRenderState)
		{

			D3DHookFunc1.DrawIndexedPrimitive=pDeviceData->pDeviceFuncs->pfnDrawIndexedPrimitive;
			D3DHookFunc1.SetRenderState=pDeviceData->pDeviceFuncs->pfnSetRenderState;
			D3DHookFunc1.SetStreamSource=pDeviceData->pDeviceFuncs->pfnSetStreamSource;
			D3DHookFunc1.CreateQuery=pDeviceData->pDeviceFuncs->pfnCreateQuery;

			pDeviceData->pDeviceFuncs->pfnDrawIndexedPrimitive=(PFND3DDDI_DRAWINDEXEDPRIMITIVE)nDrawIndexedPrimitive1;
			pDeviceData->pDeviceFuncs->pfnSetStreamSource=(PFND3DDDI_SETSTREAMSOURCE)nSetStreamSource1;
			pDeviceData->pDeviceFuncs->pfnCreateQuery=(PFND3DDDI_CREATEQUERY)nCreateQuery1;
			
		}

		if (D3DHookFunc2.DrawIndexedPrimitive==NULL && D3DHookFunc1.SetRenderState!=pDeviceData->pDeviceFuncs->pfnSetRenderState )
		{

			D3DHookFunc2.DrawIndexedPrimitive=pDeviceData->pDeviceFuncs->pfnDrawIndexedPrimitive;
			D3DHookFunc2.SetRenderState=pDeviceData->pDeviceFuncs->pfnSetRenderState;
			D3DHookFunc2.SetStreamSource=pDeviceData->pDeviceFuncs->pfnSetStreamSource;
			D3DHookFunc2.CreateQuery=pDeviceData->pDeviceFuncs->pfnCreateQuery;
			pDeviceData->pDeviceFuncs->pfnDrawIndexedPrimitive=(PFND3DDDI_DRAWINDEXEDPRIMITIVE)nDrawIndexedPrimitive2;
			pDeviceData->pDeviceFuncs->pfnSetStreamSource=(PFND3DDDI_SETSTREAMSOURCE)nSetStreamSource2;
			pDeviceData->pDeviceFuncs->pfnCreateQuery=(PFND3DDDI_CREATEQUERY)nCreateQuery2;
		}
		
	}


return ret;
}

























#define DLLEXPORT_API extern "C" _declspec(dllexport)
DLLEXPORT_API void SXF()
{

}
    He is my dream Even if I'm crying please don't wake me, too
    Reply With Quote Reply With Quote
  2. 08-14-2015 #2
    Stonerdays
    Stonerdays is offline
    Banned
    BANNED!
    Stonerdays's Avatar
    Join Date
    May 2014
    Gender
    male
    Location
    WeeeeeeeD
    Posts
    486
    Reputation
    33
    Thanks
    24
    Send a message via Birdie™ to Stonerdays Jamaica ENLIGHTTTT
    Thanks for sharing.
    Reply With Quote Reply With Quote
  3. 10-07-2015 #3
    timothy78
    timothy78 is offline
    New Member
    MPGH Member
    timothy78's Avatar
    Join Date
    Apr 2011
    Gender
    male
    Location
    HK
    Posts
    18
    Reputation
    10
    Thanks
    3
    Send a message via Birdie™ to timothy78 China
    Cool.im gonna try on other langue.keep follow your post
    Reply With Quote Reply With Quote
  4. 10-18-2015 #4
    SpyLegion
    SpyLegion is offline
    Advanced Member
    MPGH Member
    SpyLegion's Avatar
    Join Date
    Dec 2014
    Gender
    male
    Location
    127.0.0.1
    Posts
    171
    Reputation
    10
    Thanks
    999
    My Mood
    Twisted
    Send a message via Birdie™ to SpyLegion Bulgaria
    Quote Originally Posted by timothy78 View Post
    Cool.im gonna try on other langue.keep follow your post
    Useless answer ! just spamming posts I can't even get it ! why you just searching category c#/c++ when you gonna try other language! rofl
    Reply With Quote Reply With Quote
  5. 11-03-2015 #5
    ioctl
    ioctl is offline
    New Member
    ioctl's Avatar
    Join Date
    Nov 2015
    Gender
    female
    Posts
    4
    Reputation
    10
    Thanks
    0
    Send a message via Birdie™ to ioctl United Kingdom
    The problem with hot patching d3d functions, is the games I have dealt with scan the functions individually to make sure they aren't being hooked. Which is why people generally resort to VMT hooking.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Similar Threads

  1. [Source Code] wallhack for HOOK graphics driver
    By cmc5414 in forum CrossFire Hack Coding / Programming / Source Code
    Replies: 3
    Last Post: 09-03-2015, 06:02 AM
  2. Can't play any games? Graphics driver/card.
    By Ne-Yo in forum Hardware & Software Support
    Replies: 4
    Last Post: 08-07-2011, 12:22 AM
  3. Modded graphics drivers gain extra FPS
    By 63OR63 in forum Call of Duty Black Ops Discussions
    Replies: 36
    Last Post: 01-29-2011, 11:03 AM
  4. hook code for WALLHACK
    By undergroundhack in forum C++/C Programming
    Replies: 9
    Last Post: 07-11-2009, 05:35 PM
  5. COD4 Graphics Driver help
    By Kuddha in forum Hardware & Software Support
    Replies: 1
    Last Post: 06-11-2008, 07:59 AM