Clean Punkbuster Screen shots tut 2

[llvengancell]

Hi,

Here is a way for returning clean PB screenshots.

First we have to find the DirectDrawCreate call in pbcl.dll ( I used IDA Pro ), it should look like that:
PHP Code:
.text:1000C030 mov edx, [esp+560h+wndpl.rcNormalPosition.bottom]
.text:1000C034 mov ecx, [esp+560h+wndpl.rcNormalPosition.top]
.text:1000C038 push edi ; pUnkOuter
.text:1000C039 lea eax, [esp+564h+lpDD]
.text:1000C03D push eax ; lplpDD
.text:1000C03E sub edx, ecx
.text:1000C040 push edi ; lpGUID
.text:1000C041 mov [ebp+1Eh], dx
.text:1000C045 mov [esp+56Ch+var_534], edi
.text:1000C049 mov [esp+56Ch+lpDD], edi
.text:1000C04D call DirectDrawCreate
Then scroll up to the begining of the function that calls DirectDrawCreate, and find from where its called from:
PHP Code:
.text:1000B920 ; int __stdcall sub_1000B920(int,int,__int16,__int16,int,char *hWnd,int)
PHP Code:
.text:1000EDF2 push eax ; hWnd
.text:1000EDF3 push ecx ; int
.text:1000EDF4 mov ecx, [ebp+118h]
.text:1000EDFA push esi ; __int16
.text:1000EDFB push edi ; __int16
.text:1000EDFC push ebx ; int
.text:1000EDFD push edx ; int
.text:1000EDFE mov [esp+0AB4h+var_A84], 0B0h
.text:1000EE06 call sub_1000B920
Then scroll up to the beginning of the function:
PHP Code:
.text:1000E030 ; int __fastcall sub_1000E030(int,int,int,int,unsigned int)
Now we can detour it:
PHP Code:
typedef int ( *PBScreenshotSetup_t )( int iArg1 , int iArg2, int iArg3, int iArg4, unsigned int uiArg5 );
PBScreenshotSetup_t pPBScreenshotSetup = 0;

int _PBScreenshotSetup( int iArg1 , int iArg2, int iArg3, int iArg4, unsigned int uiArg5 )
{
int iReturn;

return pPBScreenshotSetup( iArg1 , iArg2, iArg3, iArg4, uiArg5 );
}

void Hook( )
{
DWORD dwPbclBase = ( DWORD )GetModuleHandle( "pbcl.dll" );

pPBScreenshotSetup = ( PBScreenshotSetup_t )DetourFunction( ( BYTE * )( dwPbclBase + 0xE030 ), ( BYTE * )_PBScreenshotSetup, 6 );
}
Now here is how to manage a clean screenshot using a modulo:
PHP Code:
bool bSafeScreen = true;

int _PBScreenshotSetup( int iArg1 , int iArg2, int iArg3, int iArg4, unsigned int uiArg5 )
{
bSafeScreen = false;

static int iRequest = 0;

iRequest++;

int iReturn;

if( iRequest <= 1 )
iReturn = 2;
else
{
iReturn = 2;

if( iRequest % 16 == 1 )
{
iReturn = pPBScreenshotSetup( iArg1 , iArg2, iArg3, iArg4, uiArg5 );

bSafeScreen = true;

iRequest = 0;
}
}

return iReturn;
}
Usage:
PHP Code:
if( bSafeScreen )
{
// Apply your visual modifications
}
You can pause the screenshot function less or more by editing the modulo value (16).

This code is 100% working for up to date FarCry 1.4 punkbuster client.

Thanks to Roverturbo for the "iReturn = 2;" idea

!!! Global hardware ban if detected, so use it at your own risk !!!


Regards.

[Design]

STOP SPAMMING NOW!!!!!!!