Hooking in assembly.

[Void]

Sup homies. \:

Yeah, was bored, made a hack sort of thing in assembly 'cause I'm badass.

Had to find the d3d9 include files on the MASM32 forum, not too hard. There are some things in the includes that need changes, but nothing I used here need those changes. I saw a lot of stuff in the ID3DXFont class that needed changing so I didn't use those functions here.

This basically contains a hooking function I wrote myself, and an example of how to use it. I used it on the direct3d9 environment, the address I put there is obviously not going to be the same so don't even try... Yup, if it works, the environment window should be cleared to a yellow.

SAWP AJ? <3

[highlight=asm]
.386
.model flat,stdcall
option casemap:none

include\masm32\include\windows.inc
include\masm32\include\user32.inc
include\masm32\include\kernel32.inc
include\masm32\include\d3dx9.inc

includelib\masm32\lib\user32.lib
includelib\masm32\lib\kernel32.lib
includelib\masm32\lib\dx\d3d9.lib
includelib\masm32\lib\dx\d3dx9.lib



.data

Message db "Injection successfull",0

OldProtect dd 0
allocJump db 10 DUP(0)
ES_Address dd 0


.code

hEndScene proc pDeviceWORD

mov eax,pDevice
mov eax,[eax]


push 0
push 1
push 16760576 ;color ( in base 10 )
push D3DCLEAR_TARGET
push NULL
push 0
push pDevice

assume eaxtr STIDirect3DDevice9
call [eax].Clear
assume eax: nothing

push pDevice
call ES_Address
ret

hEndScene endp

HookFunc proc targetFuncWORD, newFuncWORD

mov eax, offset OldProtect
mov ebx,[eax]
xor eax,eax

push offset OldProtect
push PAGE_EXECUTE_READWRITE
push 4096
push targetFunc
call VirtualProtect

.if eax
mov eax,offset allocJump
mov ebx,targetFunc

push edi
;move 5 bytes into allocJump
mov edi,0
_loop:
mov ecx,[ebx+edi]
mov [eax+edi],ecx
inc edi
cmp edi,5
jne _loop
pop edi

push ebx
add eax,5
mov ebx,233
mov [eax],ebx
pop ebx

add eax,1
mov ecx,offset allocJump
sub ebx,ecx
sub ebx,5

mov [eax],ebx

mov ebx,targetFunc
mov ecx,newFunc

sub ecx,ebx
sub ecx,5

mov edx,233
mov [ebx],edx

add ebx,1
mov [ebx],ecx

mov eax,offset allocJump

.endif

ret
HookFunc endp

DllMain proc hInst:HINSTANCE, dwReasonWORD, uselessWORD
.if dwReason == DLL_PROCESS_ATTACH
push hEndScene
push 4FE571B0h
call HookFunc
mov ES_Address,eax

push MB_OK
push offset Message
push offset Message
push 0
call MessageBoxA

.endif

mov eax,1
ret

DllMain endp
end DllMain

[/highlight]