Sup homies. \:
Yeah, was bored, made a hack sort of thing in assembly 'cause I'm badass.
Had to find the d3d9 include files on the MASM32 forum, not too hard. There are some things in the includes that need changes, but nothing I used here need those changes. I saw a lot of stuff in the ID3DXFont class that needed changing so I didn't use those functions here.
This basically contains a hooking function I wrote myself, and an example of how to use it. I used it on the direct3d9 environment, the address I put there is obviously not going to be the same so don't even try... Yup, if it works, the environment window should be cleared to a yellow.
SAWP AJ? <3
[highlight=asm]
.386
.model flat,stdcall
option casemap:none
include\masm32\include\windows.inc
include\masm32\include\user32.inc
include\masm32\include\kernel32.inc
include\masm32\include\d3dx9.inc
includelib\masm32\lib\user32.lib
includelib\masm32\lib\kernel32.lib
includelib\masm32\lib\dx\d3d9.lib
includelib\masm32\lib\dx\d3dx9.lib
.data
Message db "Injection successfull",0
OldProtect dd 0
allocJump db 10 DUP(0)
ES_Address dd 0
.code
hEndScene proc pDeviceWORD
mov eax,pDevice
mov eax,[eax]
push 0
push 1
push 16760576 ;color ( in base 10 )
push D3DCLEAR_TARGET
push NULL
push 0
push pDevice
assume eaxtr STIDirect3DDevice9
call [eax].Clear
assume eax: nothing
push pDevice
call ES_Address
ret
hEndScene endp
HookFunc proc targetFuncWORD, newFuncWORD
mov eax, offset OldProtect
mov ebx,[eax]
xor eax,eax
push offset OldProtect
push PAGE_EXECUTE_READWRITE
push 4096
push targetFunc
call VirtualProtect
.if eax
mov eax,offset allocJump
mov ebx,targetFunc
push edi
;move 5 bytes into allocJump
mov edi,0
_loop:
mov ecx,[ebx+edi]
mov [eax+edi],ecx
inc edi
cmp edi,5
jne _loop
pop edi
push ebx
add eax,5
mov ebx,233
mov [eax],ebx
pop ebx
add eax,1
mov ecx,offset allocJump
sub ebx,ecx
sub ebx,5
mov [eax],ebx
mov ebx,targetFunc
mov ecx,newFunc
sub ecx,ebx
sub ecx,5
mov edx,233
mov [ebx],edx
add ebx,1
mov [ebx],ecx
mov eax,offset allocJump
.endif
ret
HookFunc endp
DllMain proc hInst:HINSTANCE, dwReasonWORD, uselessWORD
.if dwReason == DLL_PROCESS_ATTACH
push hEndScene
push 4FE571B0h
call HookFunc
mov ES_Address,eax
push MB_OK
push offset Message
push offset Message
push 0
call MessageBoxA
.endif
mov eax,1
ret
DllMain endp
end DllMain
[/highlight]