Static addies is a big no no.
You're better off changing the pointer in the vtable or hooking the address that the vtable tells you.
Ok, I have this working D3D Hook for MW2:
The red code, is the pointer to EndScene, which I obtained by opening d3d9.dll in my System32 folder. I attempted using the device pointer in Hell_Demon's tutorial. I found it, implemented it, and it crashed.Code:#include <windows.h> #include <d3d9.h> #include "detours.h" #pragma comment(lib,"detours.lib") #pragma comment(lib,"d3d9.lib") typedef HRESULT(__stdcall* Real_EndScene)(LPDIRECT3DDEVICE9); Real_EndScene oEndScene = NULL; const D3DCOLOR textRed = D3DCOLOR_ARGB(255, 255, 0, 0); void DrawRect (LPDIRECT3DDEVICE9 pDevice, int X, int Y, int L, int H, D3DCOLOR color) { D3DRECT rect = {X, Y, X+L, Y+H}; pDevice->Clear(1, &rect, D3DCLEAR_TARGET, color, 0, 0); } HRESULT __stdcall hook_EndScene(LPDIRECT3DDEVICE9 pDevice) { DrawRect(pDevice, 10, 10, 20, 20, textRed); return oEndScene(pDevice); } void Hook() { while(!GetModuleHandle("d3d9.dll")) { Sleep(100); } while( *(DWORD*)0x4FE571B0 == 0) { Sleep(100); } MessageBox(NULL,L"Hooked",L"Successful",0); oEndScene = (Real_EndScene)DetourFunction((PBYTE)0x4FE571B0,(PBYTE)hook_EndScene); } bool __stdcall DllMain(HINSTANCE hInstance,DWORD reason, void* useless) { if(reason == DLL_PROCESS_ATTACH) { CreateThread(0,0,(LPTHREAD_START_ROUTINE)Hook,0,0,0); } if(reason == DLL_PROCESS_DETACH) { } return true; }
Is there a difference between using the DevicePointer and the EndScene address I found in the dll? When should I use a certain method?
"The best way to predict your future is to create it."
Contributions I made:
DirectX E-Books
Hacking Tools
Hacking into a PC
Need Help?
Send me a PM, or send me a email at : aanthonyz10@gmail.com
Click My Dragon:
Static addies is a big no no.
You're better off changing the pointer in the vtable or hooking the address that the vtable tells you.
Ah we-a blaze the fyah, make it bun dem!
Everything always goes back to the vtable...wdf is that?
"The best way to predict your future is to create it."
Contributions I made:
DirectX E-Books
Hacking Tools
Hacking into a PC
Need Help?
Send me a PM, or send me a email at : aanthonyz10@gmail.com
Click My Dragon:
"Every gun that is made, every warship launched, every rocket fired signifies, in the final sense, a theft from those who hunger and are not fed, those who are cold and are not clothed. This world in arms is not spending money alone. It is spending the sweat of its laborers, the genius of its scientists, the hopes of its children. The cost of one modern heavy bomber is this: a modern brick school in more than 30 cities. It is two electric power plants, each serving a town of 60,000 population. It is two fine, fully equipped hospitals. It is some fifty miles of concrete pavement. We pay for a single fighter plane with a half million bushels of wheat. We pay for a single destroyer with new homes that could have housed more than 8,000 people. This is, I repeat, the best way of life to be found on the road the world has been taking. This is not a way of life at all, in any true sense. Under the cloud of threatening war, it is humanity hanging from a cross of iron."- Dwight D. Eisenhower
Ok, so I found the device pointer for MW2. Now how do I get the VTable with that?
I know I have to turn VTable into this: VTable[], so I can use the function numbers, but can anyone give me an explanation on how to do it and an example?
"The best way to predict your future is to create it."
Contributions I made:
DirectX E-Books
Hacking Tools
Hacking into a PC
Need Help?
Send me a PM, or send me a email at : aanthonyz10@gmail.com
Click My Dragon:
Taken from my old AlterIW MW2 hack:
As you can see, the IDirect3DDevice9 pointer points to the vtableCode:DWORD *VirtualTable; while(*(DWORD*)0x06737268 == NULL) { Sleep(1000); } pDevice = *(IDirect3DDevice9**)0x06737268; //673BAE8; VirtualTable = **(DWORD***)0x06737268; //673BAE8;
Ah we-a blaze the fyah, make it bun dem!
0x06737268 is your device pointer right?
Can you explain these last two lines in more detail please?
What is with the 673BAE8?
One last thing, what is with all the * asterisks???
How would you declare pDevice, would you do this?Code:pDevice = *(IDirect3DDevice9**)0x06737268; //673BAE8; VirtualTable = **(DWORD***)0x06737268; //673BAE8;
Then implement it like this?Code:DWORD *pDevice;
So would this be a almost working code?Code:#include <windows.h> #include <d3d9.h> #include "detours.h" #pragma comment(lib,"detours.lib") #pragma comment(lib,"d3d9.lib") DWORD *pDevice = *(IDirect3DDevice9**)0x4FE571B0; DWORD *VirtualTable = **(DWORD***)0x4FE571B0; typedef HRESULT(__stdcall* Real_EndScene)(LPDIRECT3DDEVICE9); Real_EndScene oEndScene = NULL; const D3DCOLOR textRed = D3DCOLOR_ARGB(255, 255, 0, 0); void DrawRect (LPDIRECT3DDEVICE9 pDevice, int X, int Y, int L, int H, D3DCOLOR color) { D3DRECT rect = {X, Y, X+L, Y+H}; pDevice->Clear(1, &rect, D3DCLEAR_TARGET, color, 0, 0); } HRESULT __stdcall hook_EndScene(LPDIRECT3DDEVICE9 pDevice) { DrawRect(pDevice, 10, 10, 20, 20, textRed); if(GetAsyncKeyState(VK_INSERT)) {pDevice-> SetRenderState (D3DRS_FILLMODE, D3DFILL_SOLID);} if(GetAsyncKeyState(VK_CONTROL)) {pDevice->SetRenderState(D3DRS_FILLMODE, D3DFILL_WIREFRAME);} return oEndScene(pDevice); } void Hook() { while(!GetModuleHandle("d3d9.dll")) { Sleep(100); } while( *(DWORD*)0x4FE571B0 == 0) //Device Pointer { Sleep(100); } MessageBox(NULL,"Hooked","Successful",0); oEndScene = (Real_EndScene)DetourFunction((PBYTE)VirtualTable[42],(PBYTE)hook_EndScene); //42 for EndScene } bool __stdcall DllMain(HINSTANCE hInstance,DWORD reason, void* useless) { if(reason == DLL_PROCESS_ATTACH) { CreateThread(0,0,(LPTHREAD_START_ROUTINE)Hook,0,0,0); } if(reason == DLL_PROCESS_DETACH) { } return true; }
"The best way to predict your future is to create it."
Contributions I made:
DirectX E-Books
Hacking Tools
Hacking into a PC
Need Help?
Send me a PM, or send me a email at : aanthonyz10@gmail.com
Click My Dragon:
/fixedCode:#include <windows.h> #include <d3d9.h> #include "detours.h" #pragma comment(lib,"detours.lib") #pragma comment(lib,"d3d9.lib") IDirect3DDevice9 *pDevice; DWORD *VirtualTable; typedef HRESULT(__stdcall* Real_EndScene)(LPDIRECT3DDEVICE9); Real_EndScene oEndScene = NULL; const D3DCOLOR textRed = D3DCOLOR_ARGB(255, 255, 0, 0); void DrawRect (LPDIRECT3DDEVICE9 pDevice, int X, int Y, int L, int H, D3DCOLOR color) { D3DRECT rect = {X, Y, X+L, Y+H}; pDevice->Clear(1, &rect, D3DCLEAR_TARGET, color, 0, 0); } HRESULT __stdcall hook_EndScene(LPDIRECT3DDEVICE9 pDevice) { DrawRect(pDevice, 10, 10, 20, 20, textRed); if(GetAsyncKeyState(VK_INSERT)) {pDevice-> SetRenderState (D3DRS_FILLMODE, D3DFILL_SOLID);} if(GetAsyncKeyState(VK_CONTROL)) {pDevice->SetRenderState(D3DRS_FILLMODE, D3DFILL_WIREFRAME);} return oEndScene(pDevice); } void Hook() { while(!GetModuleHandle("d3d9.dll")) { Sleep(100); } while( *(DWORD*)0x4FE571B0 == 0) //Device Pointer { Sleep(100); } pDevice = *(IDirect3DDevice9**)0x4FE571B0; VirtualTable = **(DWORD***)0x4FE571B0;//or *(DWORD**)pDevice; if you prefer. MessageBox(NULL,"Hooked","Successful",0); oEndScene = (Real_EndScene)DetourFunction((PBYTE)VirtualTable[42],(PBYTE)hook_EndScene); //42 for EndScene } bool __stdcall DllMain(HINSTANCE hInstance,DWORD reason, void* useless) { if(reason == DLL_PROCESS_ATTACH) { CreateThread(0,0,(LPTHREAD_START_ROUTINE)Hook,0,0,0); } if(reason == DLL_PROCESS_DETACH) { } return true; }
Ah we-a blaze the fyah, make it bun dem!
aanthonyz (03-29-2011)
I want to see if I got the concept down.
So basically, you give the device pointer to pDevice, and create the Virtual Table out of that. So does that mean that Device Pointer and Virtual Table are the same?
If they are, couldnt I just say:
Then not declare a pDevice at all?Code:VirtualTable = *(IDirect3DDevice9**)0x4FE571B0;
One more question wont the pDevice I declared, mess with the pDevice in my other functions, or are they supposed to be the same?
"The best way to predict your future is to create it."
Contributions I made:
DirectX E-Books
Hacking Tools
Hacking into a PC
Need Help?
Send me a PM, or send me a email at : aanthonyz10@gmail.com
Click My Dragon:
If you don't know what the asterisks are, perhaps you should do some reading on pointers. It's very important to know about them when it comes to things like this.
Donate:
BTC: 1GEny3y5tsYfw8E8A45upK6PKVAEcUDNv9
Handy Tools/Hacks:
Extreme Injector v3.7.3
A powerful and advanced injector in a simple GUI.
Can scramble DLLs on injection making them harder to detect and even make detected hacks work again!
Minion Since: 13th January 2011
Moderator Since: 6th May 2011
Global Moderator Since: 29th April 2012
Super User/Unknown Since: 23rd July 2013
'Game Hacking' Team Since: 30th July 2013
--My Art--
[Roxas - Pixel Art, WIP]
[Natsu - Drawn]
[Natsu - Coloured]
All drawings are coloured using Photoshop.
--Gifts--
[Kyle]
Hell_Demon (03-30-2011),Melodia (03-30-2011)
The device pointer points to the virtual table. You'll need pDevice to be able to execute functions of the IDirect3DDevice9 class. The vtable isn't supposed to be used by us if we'd be good programmers(we'd have no reason to need the vtable)
They're supposed to be the same ^^Originally Posted by aanthonyz
Ah we-a blaze the fyah, make it bun dem!