DetourCreate

[Anger5K]

Help Me DC Ban After 30 Mint


i think is detcted

Code:

void *DetourCreate(BYTE *src, CONST BYTE *dst, CONST INT len)
{
	BYTE *jmp = (BYTE *)malloc(len + 5);
	DWORD dwback;
	VirtualProtect(src, len, PAGE_READWRITE, &dwback);
	memcpy(jmp, src, len);
	jmp += len;
	jmp[0] = 0xE9;
	*(DWORD *)(jmp + 1) = (DWORD)(src + len - jmp) - 5;
	src[0] = 0xE9;
	*(DWORD *)(src + 1) = (DWORD)(dst - src) - 5;
	for(INT i = 5; i < len; i++) src[i] = 0x90;
	VirtualProtect(src, len, dwback, &dwback);

	return(jmp - len);
}

[kelvinprosv]

Hook is detected

[Anger5K]

can you share undetected

[vaisefud3]

can you share undetected

If I recall correctly crossfire checked for E9/EB jmps. You can use another method to redirect the EIP to your code, just be creative

[Anger5K]

Can you get creative with

[kelvinprosv]

If I recall correctly crossfire checked for E9/EB jmps. You can use another method to redirect the EIP to your code, just be creative

Code:

DWORD WINAPI Hook(LPVOID lpAlgs)
{
	DWORD dwD3D9 = 0;
	while (!dwD3D9) {
		Sleep(100);
		dwD3D9 = (DWORD)GetModuleHandle("d3d9.dll");
	}
	DWORD PPPDevice = FindPattern(dwD3D9, 0x128000, (PBYTE)"\xC7\x06\x00\x00\x00\x00\x89\x86\x00\x00\x00\x00\x89\x86", "xx????xx????xx"); //C7 06 ? ? ? ? 89 86 ? ? ? ? 89 86
	memcpy(&VTable, (void *)(PPPDevice + 2), 4);
	DWORD dwVTable[5] = { 0 };
	CreateDevice(dwVTable);
	oReset = (tReset)DetourCreate((PBYTE)dwVTable[0], (PBYTE)&hkReset, 5);
	oPresent = (tPresent)DetourCreate((PBYTE)dwVTable[1], (PBYTE)&hkPresent, 5);
	oEndScene = (tEndScene)DetourCreate((PBYTE)dwVTable[2], (PBYTE)&hkEndScene, 5);
	oDrawIndexedPrimitive = (tDrawIndexedPrimitive)DetourCreate((PBYTE)dwVTable[3], (PBYTE)&hkDrawIndexedPrimitive, 5);
	return FALSE;
}

Code:

#include "stdafx.h"

#pragma region Hook

typedef HRESULT(WINAPI* tReset)(LPDIRECT3DDEVICE9 pDevice, D3DPRESENT_PARAMETERS* pPresentationParameters);
tReset oReset;

typedef HRESULT(WINAPI *tPresent)(LPDIRECT3DDEVICE9 pDevice, const RECT *a, const RECT *b, HWND c, const RGNDATA *d);
tPresent oPresent;

typedef HRESULT(WINAPI *tEndScene)(LPDIRECT3DDEVICE9 pDevice);
tEndScene oEndScene;

typedef HRESULT(WINAPI* tDrawIndexedPrimitive)(LPDIRECT3DDEVICE9 pDevice, D3DPRIMITIVETYPE, int, UINT, UINT, UINT, UINT);
tDrawIndexedPrimitive oDrawIndexedPrimitive;

VOID CreateDevice(DWORD *dwVTable)
{
	LPDIRECT3D9 pD3d9;
	LPDIRECT3DDEVICE9 pD3DDevice;
	pD3d9 = Direct3DCreate9(D3D_SDK_VERSION);
	if (pD3d9 == NULL)
		return;
	D3DPRESENT_PARAMETERS pPresentParms;
	ZeroMemory(&pPresentParms, sizeof(pPresentParms));
	pPresentParms.Windowed = TRUE;
	pPresentParms.BackBufferFormat = D3DFMT_UNKNOWN;
	pPresentParms.SwapEffect = D3DSWAPEFFECT_DISCARD;
	if (FAILED(pD3d9->CreateDevice(D3DADAPTER_DEFAULT, D3DDEVTYPE_HAL, GetDesktopWindow(), D3DCREATE_SOFTWARE_VERTEXPROCESSING, &pPresentParms, &pD3DDevice)))
		return;
	DWORD *dwTable = (DWORD *)pD3DDevice;
	dwTable = (DWORD *)dwTable[0];
	dwVTable[0] = dwTable[16]; //Reset
	dwVTable[1] = dwTable[17]; //Present
	dwVTable[2] = dwTable[42]; //EndScene
	dwVTable[3] = dwTable[82]; //DrawIndexedPrimitive
}

VOID *DetourCreate(BYTE *src, const BYTE *dst, const int len)
{
	int Pointer[] = { 0xE9, 0x90 };

	BYTE *jmp = (BYTE *)malloc(len + 5);
	DWORD dwback;
	VirtualProtect(src, len, PAGE_READWRITE, &dwback);
	memcpy(jmp, src, len);
	jmp += len;
	jmp[0] = Pointer[0];
	*(DWORD *)(jmp + 1) = (DWORD)(src + len - jmp) - 5;
	src[0] = Pointer[0];
	*(DWORD *)(src + 1) = (DWORD)(dst - src) - 5;
	for (INT i = 5; i < len; i++) src[i] = Pointer[1];
	VirtualProtect(src, len, dwback, &dwback);

	return(jmp - len);
}

[Anger5K]

this detected

[vaisefud3]

Just use push/ret bruh