Game crashes after a few minutes when D3D is used.

[Tekkn0logik]

Well, I've written a hack which uses D3D, and it seems to work almost perfectly. However, at seemingly random times, it'll crash Combat Arms. Is this because it was detected by HackShield or what? It's crashed the game both in the lobby and in-game although it usually crashes around 1 minute after the game is started.

Here's a log which it outputs. Seems the exception happens in d3d9.dll which makes me think something's wrong with a detour. Or possibly it's just hackshield. I've tried both unpacked and packed with UPX and both turned out the same.

Code:

2010/9/8 ----- 2:8:16 - CombatArms Debug Start!

Exception code: C0000005


Fault address:  6FB015AC 01:000405AC C:\Windows\system32\d3d9.dll




EAX:00000002
EBX:03E16FE4
ECX:03E16FE0
EDX:00000000
ESI:00000060
EDI:12EBDA20


CS:EIP:001B:6FB015AC


SS:ESP:0023:0012ED5C  EBP:0012ED8C


DS:0023  ES:0023  FS:003B  GS:0000


Flags:00010206



Call stack:

Address   Frame     Logical addr  Module


Call_Static[0]: 6FB015AC  0012ED8C  0001:000405AC C:\Windows\system32\d3d9.dll

Call_Static[1]: 6FB015AC  0012EE08  0001:000405AC C:\Windows\system32\d3d9.dll

Call_Static[2]: 6FB015AC  0012EF54  0001:000405AC C:\Windows\system32\d3d9.dll

Call_Static[3]: 6FB015AC  0012EF80  0001:000405AC C:\Windows\system32\d3d9.dll

Call_Static[4]: 6FB015AC  0012F070  0001:000405AC C:\Windows\system32\d3d9.dll

Call_Static[5]: 6FB015AC  0012F258  0001:000405AC C:\Windows\system32\d3d9.dll

Call_Static[6]: 6FB015AC  0012F288  0001:000405AC C:\Windows\system32\d3d9.dll

Call_Static[7]: 6FB015AC  377E934C  0001:000405AC C:\Windows\system32\d3d9.dll




Client_Version: VER_US_2.1008.05


Player uID: 20932607


CPUSpeed: 2394 MHz

Identifier: x86 Family 6 Model 23 Stepping 10 

ProcessType: Intel Pentium (II/Pro)

VideoCard: Mobile Intel(R) 45 Express Chipset Family (Microsoft Corporation - WDDM 1.1)


System_Memory

Total: 2147483647

Use:  947384319

[debug_info_end]

2010/9/8 ----- 2:8:16 - CombatArms Debug End

And, here's all my code related to Direct3d.

Code:

HRESULT WINAPI DrawIndexedPrimitive(LPDIRECT3DDEVICE9 pDevice, D3DPRIMITIVETYPE Type, int BaseVertexIndex, UINT MinIndex, UINT NumVertices, UINT StartIndex, UINT PrimCount)
{
	HRESULT res;
	if(lightChams) {
		IDirect3DDevice9_SetRenderState(pDevice, D3DRS_ZENABLE, D3DZB_FALSE);
		SetLightChams(pDevice, 255, 255, 0, 0);
	}

	res = origDIP(pDevice, Type, BaseVertexIndex, MinIndex, NumVertices, StartIndex, PrimCount);
	if(lightChams) {
		IDirect3DDevice9_SetRenderState(pDevice, D3DRS_ZENABLE, D3DZB_TRUE);
		SetLightChams(pDevice, 255, 0, 255, 255);
	}
	return res;
}


HRESULT WINAPI EndScene(LPDIRECT3DDEVICE9 pDevice)
{
	RECT rct;
	char buf[128];
	int y = 20, k;
	PTCHack ptc;
	
	if(hFont == NULL)
		D3DXCreateFont(pDevice, 16, 0, 0, 0, 0, DEFAULT_CHARSET, OUT_DEFAULT_PRECIS, DEFAULT_QUALITY, DEFAULT_PITCH | FF_DONTCARE, "Arial", &hFont);
	
	if(menu.isEnabled) {
		D3DRECT rec = { 15, 15, 215, 315 };
		IDirect3DDevice9_Clear(pDevice, 1, &rec, D3DCLEAR_TARGET, DGRAY, 0, 0);
		
		for(k = 0; k < menu.nItems; k++) {
			ptc = menu.items[k];
			sprintf(buf, "%s: %s", ptc.name, ptc.on ? "on" : "off");
			MAKECOORD(&rct, 20, y);
			ID3DXFont_DrawText(hFont, NULL, buf, -1, &rct, DT_NOCLIP, k == menu.selection ? CYAN : RED);
			y += 20;
		}
	}

	return origEndScene(pDevice);
}

Any ideas?

Edit: random side question: what does the LT in LTClient stand for?

[-ExileD-]

You do know you cant hook DrawIndexedPrimitive without a HS bypass?

The LT in LTClient stand for LithTech - It's the game engine that CA runs on.

[Tekkn0logik]

You do know you cant hook DrawIndexedPrimitive without a HS bypass?

The LT in LTClient stand for LithTech - It's the game engine that CA runs on.

Well, I'd better get working on a bypass then. Is it as ridiculously hard as people make it out to be?

And thanks for the bit about lithtech, I would have never figured that out.

[Kallisti]

Well, I'd better get working on a bypass then. Is it as ridiculously hard as people make it out to be?

And thanks for the bit about lithtech, I would have never figured that out.

you dont find bypasses. You make them.
Nobody bothers sharing bypasses anymore

[CodeDemon]

you dont find bypasses. You make them.
Nobody bothers sharing bypasses anymore

I don't see him stating anywhere about finding a bypass /


Damn replying to posts on an iPod is hard.

And yes, the dip is causing your crash. I see somebody put the sticky to good use/

[-ExileD-]

Well, I'd better get working on a bypass then. Is it as ridiculously hard as people make it out to be?

And thanks for the bit about lithtech, I would have never figured that out.

Many "pro" coders such as Gordon claim it's easy. But most of us are having trouble doing it.

I'm hooking it currently and it's not Dcing at all, But my chams wont show up. So it leaves me to two things.
a - It's not hooking properly
b - The DIP is Hooking and my chams are not working/outdated.

[whit]

Many "pro" coders such as Gordon claim it's easy. But most of us are having trouble doing it.

I'm hooking it currently and it's not Dcing at all, But my chams wont show up. So it leaves me to two things.
a - It's not hooking properly
b - The DIP is Hooking and my chams are not working/outdated.

You Cant Hook Dip With Gellins Detours...

[-ExileD-]

You Cant Hook Dip With Gellins Detours...

So thats why D= Sucks.

[ac1d_buRn]

You Cant Hook Dip With Gellins Detours...

Im pretty sure you can. I think i did but i DC'd about 1-2 min in.

[whit]

Im pretty sure you can. I think i did but i DC'd about 1-2 min in.

Hmm Weird Its Like It Dont Even Hook It At All With Me../

[LightzOut]

Your going to need either an alternative hook or a bypass to use DIP.

[whit]

Your going to need either an alternative hook or a bypass to use DIP.

I Can Already Use Dip Just Saying You Cant Hook It With Gellins Detours...

[ac1d_buRn]

I Can Already Use Dip Just Saying You Cant Hook It With Gellins Detours...

[php]
DWORD DIP = vTable[82]
pDrawIndexedPrimitive = (oDrawIndexedPrimitive)DetourCreate (( BYTE* )DIP, ( BYTE* )myDrawIndexedPrimitive, DETOUR_TYPE_JMP );
[/php]

Like that?

[whit]

[php]
DWORD DIP = vTable[82]
pDrawIndexedPrimitive = (oDrawIndexedPrimitive)DetourCreate (( BYTE* )DIP, ( BYTE* )myDrawIndexedPrimitive, DETOUR_TYPE_JMP );
[/php]

Like that?

Ya That How I Was Doing It In Gellins Base But It Seemed Not Too Work So Idk...

[Gordon`]

why are you using IDirect3DDevice9_Clear when you can use pDevice->Clear, same with SetRenderState etc.

maybe the registers are fucked up, try to save then at the beginning of the function (__asm pushad) and restore them before returning at the end of the function (__asm popad)

doesnt look like hackshield is detecting something, cause then it wouldnt generate the debug file.

also check the detoursize. normally its 5 on a stdcall function (all direct3ddevice9 functions are stdcall) but it depends on how the detour is done (JMP, NOP NOP JMP, PUSH RET, etc)