sat 24 (02-13-2011)
Hey,
im trying to make some chams for that game and got a problem:
i successfully hook DIP (Draw Indexed Primitive) but its getting unhooked by HS so i want rehooking it.
I tried to wait till my msgbox called by DIP when i press a key does not appear so i know that HS unhooked it. then i press another key to activate my rehook, but then it crashs. I think that it should work because im using croner's B8 Detour, in wr that also worked a long time (idk if it now does).
I hope you got some solutions
sat 24 (02-13-2011)
You use the correct VTable?
“Those who control the past, control the future: who controls the present controls the past” ~ George Orwell
Its me, Dreamgun
paozero12 (03-14-2011)
hook it on the vtable?
the game also has a wrapper function
Code:Names in i3GfxDx, item 1183 Address=006B8D80 Section=.text Type=Export Name=?DrawIndexedPrim@i3RenderContext@@QAEPAVi3Shader@@pav2@W4I3G_PRIMITIVE@@II@Z 006B8D80 > 56 PUSH ESI 006B8D81 57 PUSH EDI 006B8D82 8B7C24 18 MOV EDI,DWORD PTR SS:[ESP+18] 006B8D86 8BF1 MOV ESI,ECX 006B8D88 FF86 50090000 INC DWORD PTR DS:[ESI+950] 006B8D8E 01BE 4C090000 ADD DWORD PTR DS:[ESI+94C],EDI 006B8D94 A1 CCC77F00 MOV EAX,DWORD PTR DS:[?m_pCaps@i3RenderContext@@1PAVi3GfxCaps@@A] 006B8D99 83B8 58010000 00 CMP DWORD PTR DS:[EAX+158],0 006B8DA0 74 0E JE SHORT i3GfxDx.006B8DB0 006B8DA2 8B4C24 0C MOV ECX,DWORD PTR SS:[ESP+C] 006B8DA6 6A 00 PUSH 0 006B8DA8 51 PUSH ECX 006B8DA9 8BCE MOV ECX,ESI 006B8DAB E8 70E5FFFF CALL i3GfxDx.?SelectShader@i3RenderContext@@QAEXPAVi3Shader@@H@Z 006B8DB0 8B4C24 14 MOV ECX,DWORD PTR SS:[ESP+14] 006B8DB4 8B86 60540000 MOV EAX,DWORD PTR DS:[ESI+5460] 006B8DBA 8B10 MOV EDX,DWORD PTR DS:[EAX] 006B8DBC 8B92 48010000 MOV EDX,DWORD PTR DS:[EDX+148] 006B8DC2 57 PUSH EDI 006B8DC3 51 PUSH ECX 006B8DC4 8B4E 24 MOV ECX,DWORD PTR DS:[ESI+24] 006B8DC7 8B89 80020000 MOV ECX,DWORD PTR DS:[ECX+280] 006B8DCD 51 PUSH ECX 006B8DCE 8B4C24 1C MOV ECX,DWORD PTR SS:[ESP+1C] 006B8DD2 6A 00 PUSH 0 006B8DD4 6A 00 PUSH 0 006B8DD6 51 PUSH ECX 006B8DD7 50 PUSH EAX //pDevice 006B8DD8 FFD2 CALL EDX //dip 006B8DDA 8B86 70520000 MOV EAX,DWORD PTR DS:[ESI+5270] 006B8DE0 5F POP EDI 006B8DE1 5E POP ESI 006B8DE2 C2 1000 RETN 10
i love all the new people know so much and i dont
Source Filmmaker Animator/Poster Maker
Former Minecraft Minion
Film Enthusiast
TF2 Player
So i'm hooking the correct vTable and rehook works but its crashing after about 15 mins ... just while i'm playing nothing special idk if it's trying to rehook in this moment.
i'm using memcmp to check if HS unhooked my DIP, can this be a reason for a crash?
i'm just wondering because once it works a certain time and then it crashs...
// Edit: BTW if it crashs, BugTrap says "ACCESS_VIOLATION" in d3d9.dll
U may have to post ur dip code in order for us to see what is happing and make sure add a log and see if dip is hooked or not
Okay..
i'm hooking DIP with Croner's B8 Detour (don't know if i should post here anyways it works).
Then i start another function for my rehook:Code:DWORD DIP = vtbl[82]; pDrawIndexedPrimitive = (oDrawIndexedPrimitive) DetourCreateB8((DWORD)DIP, (DWORD)myDrawIndexedPrimitive, 7);
Rehook works ..Code:while(true) { if(memcmp((void *)DIP,(void*)*private,*private*) == 0 ) { pDrawIndexedPrimitive = (oDrawIndexedPrimitive) DetourCreateB8((DWORD)DIP, (DWORD)myDrawIndexedPrimitive, 7); } Sleep(500); }
So my DIP:
Yeah, that it, hope you will find something wrong^^Code:HRESULT WINAPI myDrawIndexedPrimitive(LPDIRECT3DDEVICE9 pDevice, D3DPRIMITIVETYPE pType D3DparamX ,UINT nMinIndex, UINT nNumVertices, UINT nStartIndex, UINT nPrimitiveCount ) { if(color == false) { GenerateTexture1(pDevice, &txtRed, texRed); // textures for chams GenerateTexture1(pDevice, &txtGreen, texGreen); color = true; } if(pDevice->GetStreamSource(0, &StreamBuffer, &OffsetInBytes, &m_Stride) == D3D_OK) { if(getstrides == false) { StreamBuffer->Release(); getstrides = true; // need to get strides without SetStreamSource } if(GetAsyncKeyState(VK_NUMPAD1)) { wallhack =! wallhack; Sleep(50); } if(GetAsyncKeyState(VK_NUMPAD2)) { chams =! chams; Sleep(50); } // This is just a simple method to activate and deactivate wallhack/chams. if(wallhack == true) { if(m_Stride == *private*) { pDevice->SetRenderState(D3DRS_ZENABLE, D3DZB_FALSE); } else { pDevice->SetRenderState(D3DRS_ZENABLE, TRUE); } } else { if(m_Stride == 44) { pDevice->SetRenderState(D3DRS_ZENABLE, TRUE); } else { pDevice->SetRenderState(D3DRS_ZENABLE, TRUE); } } if(chams == true) { if(m_Stride == *private*) { pDevice->SetRenderState( D3DRS_ZENABLE,false ); pDevice->SetRenderState( D3DRS_FILLMODE,D3DFILL_SOLID ); pDevice->SetTexture( 0, txtRed ); pDrawIndexedPrimitive(pDevice,pType D3DparamvalX,nMinIndex,nNumVertices,nStartIndex,nPrimitiveCount); pDevice->SetRenderState( D3DRS_ZENABLE, true ); pDevice->SetRenderState( D3DRS_FILLMODE,D3DFILL_SOLID ); pDevice->SetTexture( 0, txtGreen ); } } return pDrawIndexedPrimitive(pDevice,pType D3DparamvalX,nMinIndex,nNumVertices,nStartIndex,nPrimitiveCount); }
// Edit:
Screen of BugTrap:
https://www.ab lo ad . de/img/bugtrapmehv.png
And DIP is hooked (chams is activ) when it crashs..
Last edited by Andyi; 02-12-2011 at 10:18 AM.
guess you must review your
all system hook bypass/hooks target/offset,SC Attack to PBlackout.i3exec and file dll d3dx9
....
Last edited by goblox; 02-22-2011 at 06:12 PM.
<========================
learning...learning and learning...
========================>
goblox my main problem is posted in another thread in pb hack coding/source