Undetected DIP Hook

**NanoGold** · 08-31-2012

Hey guys , here is the updated DIP hook ...

Code:

#include <windows.h>
#include <d3d9.h>
#include <d3dx9.h>

#pragma comment(lib, "d3d9.lib")
#pragma comment(lib, "d3dx9.lib")

// NUMPAD1 => On/Off chams.
// NUMPAD2 => Change colors.

#define DIPEngine 0x004B490D
DWORD retDIPEngine = ( DIPEngine + 0x8 );

INT chams;
INT color;

#define Red     D3DCOLOR_ARGB( 255, 255, 000, 000 )
#define Green   D3DCOLOR_ARGB( 255, 000, 255, 000 )
#define Blue    D3DCOLOR_ARGB( 255, 000, 000, 255 )
#define Black   D3DCOLOR_ARGB( 255, 000, 000, 000 )

__declspec( naked ) HRESULT WINAPI DIPMidfunction( )
{
    static LPDIRECT3DDEVICE9 pDevice;

    __asm
    {
        MOV EDX, DWORD PTR DS:[EAX]
        MOV EDX, DWORD PTR DS:[EDX + 0x148]
        MOV DWORD PTR DS:[pDevice], EAX
        PUSHAD
    }

    if( GetAsyncKeyState(VK_NUMPAD1)&1 )
        chams = !chams;
 
    if( GetAsyncKeyState(VK_NUMPAD2)&1 )
        color++;
    
    if( color > 4 )
        color = 0;
    
    if( chams )
    {
        pDevice->SetRenderState( D3DRS_ZENABLE, D3DZB_FALSE );
        if( color == 1 ) pDevice->SetRenderState( D3DRS_AMBIENT, Red   );
        if( color == 2 ) pDevice->SetRenderState( D3DRS_AMBIENT, Green );
        if( color == 3 ) pDevice->SetRenderState( D3DRS_AMBIENT, Blue  );
        if( color == 4 ) pDevice->SetRenderState( D3DRS_AMBIENT, Black );
    }

    __asm
    {
        POPAD
        JMP retDIPEngine
    }
}

void *DetourCreate( BYTE *src, const BYTE *dst, const int len )
{
    BYTE *jmp =( BYTE * ) malloc( len + 5 );
    DWORD dwBack;

    VirtualProtect( src, len, PAGE_READWRITE, &dwBack );
    memcpy( jmp, src, len );    
    jmp += len;
    jmp[0] = 0xE9;
    *( DWORD * )( jmp + 1 ) = ( DWORD )( src + len - jmp ) - 5;

    src[0] = 0xE9;
    *( DWORD * )( src + 1 ) = ( DWORD )( dst - src ) - 5;
    for( int i = 5; i < len; i++ )
        src[i] = 0x90;
    VirtualProtect( src, len, dwBack, &dwBack );

    return( jmp - len );
}

DWORD WINAPI StartRoutine( LPVOID )
{
    while( TRUE )
    {
        if( memcmp( ( void * )DIPEngine, ( void * )( PBYTE )"\x8B\x10", 2 ) == 0 )
        {
            Sleep(200);
            DetourCreate( ( PBYTE )DIPEngine, ( PBYTE )DIPMidfunction, 8 );
        }
    }
 
    return 0;
}

BOOL WINAPI DllMain( HMODULE hDll, DWORD dwReason, LPVOID lpReserved )
{ 
    if( dwReason == DLL_PROCESS_ATTACH )
    {
        DisableThreadLibraryCalls( hDll );
        MessageBox( 0, "Hook DIP Engine", "Crossfire", 0 );
        CreateThread( 0, 0, (LPTHREAD_START_ROUTINE)StartRoutine, 0, 0, 0 );
    }
 
    return TRUE;
}

Code:

DrawIndexedPrimitive:

004B48E3   8B35 702E6C00            MOV ESI,DWORD PTR DS:[6C2E70]=> DeviceGame
004B48E9   0FB76B 02                MOVZX EBP,WORD PTR DS:[EBX+2]
004B48ED   B8 ABAAAAAA              MOV EAX,AAAAAAAB
004B48F2   F7E2                     MUL EDX
004B48F4   0FB703                   MOVZX EAX,WORD PTR DS:[EBX]
004B48F7   8BFA                     MOV EDI,EDX
004B48F9   D1EF                     SHR EDI,1
004B48FB   894424 18                MOV DWORD PTR SS:[ESP+18],EAX
004B48FF   E8 CCC4FFFF              CALL 4B0DD0
004B4904   57                       PUSH EDI
004B4905   8BCE                     MOV ECX,ESI
004B4907   8B01                     MOV EAX,DWORD PTR DS:[ECX]
004B4909   8B4C24 18                MOV ECX,DWORD PTR SS:[ESP+18]
004B490D   8B10                     MOV EDX,DWORD PTR DS:[EAX]
004B490F   8B92 48010000            MOV EDX,DWORD PTR DS:[EDX+148]=> DrawIndexedPrimitive
004B4915   51                       PUSH ECX
004B4916   8B4C24 20                MOV ECX,DWORD PTR SS:[ESP+20]
004B491A   55                       PUSH EBP
004B491B   51                       PUSH ECX
004B491C   6A 00                    PUSH 0
004B491E   6A 04                    PUSH 4
004B4920   50                       PUSH EAX
004B4921   FFD2                     CALL EDX
004B4923   8B43 08                  MOV EAX,DWORD PTR DS:[EBX+8]
004B4926   8B8C24 3C020000          MOV ECX,DWORD PTR SS:[ESP+23C]
004B492D   834424 10 0C             ADD DWORD PTR SS:[ESP+10],0C
004B4932   894424 14                MOV DWORD PTR SS:[ESP+14],EAX
004B4936   8B4424 34                MOV EAX,DWORD PTR SS:[ESP+34]
004B493A   83C0 01                  ADD EAX,1
004B493D   3B81 C0000000            CMP EAX,DWORD PTR DS:[ECX+C0]
004B4943   894424 34                MOV DWORD PTR SS:[ESP+34],EAX
004B4947  ^0F8C D3FCFFFF            JL 4B4620
004B494D   5F                       POP EDI
004B494E   5E                       POP ESI
004B494F   5D                       POP EBP
004B4950   5B                       POP EBX
004B4951   81C4 28020000            ADD ESP,228
004B4957   C2 1400                  RETN 14

Code:

Pattern Scan for to update adress DIPEngine:

\x8B\x10\x8B\x92\x00\x00\x00\x00\x51\x8B\x4C\x24\x00\x55\x51\x6A\x00\x6A\x00\x50\xFF\xD2\x8B\x43\x00\x8B\x8C\x24
xxxx????xxxx?xxx?x?xxxxx?xxx

Code:

Binary Scan for to update adress DIPEngine:

8B 10 8B 92 ?? ?? ?? ?? 51 8B 4C 24 ?? 55 51 6A ?? 6A ?? 50 FF D2 8B 43 ?? 8B 8C 24

Credits:
WE11ington
NanoGold

**derh.acker** · 08-31-2012

I made such a hook years ago...
Now everyone uses it

3D · 08-31-2012

Thank you..

**giniyat101** · 08-31-2012

Originally Posted by derh.acker

I made such a hook years ago...
Now everyone uses it

and not using it as pros too :P

**Avene** · 08-31-2012

@NanoGold why repost ? https://www.mpgh.net/forum/242-crossf...ip-engine.html

Originally Posted by NanoGold

Hey guys , here is the updated DIP hook ...

Credits:
WE11ington
NanoGold

Credits for leeching? You're funny.

**NanoGold** · 08-31-2012

Originally Posted by Avene

@NanoGold why repost ? https://www.mpgh.net/forum/242-crossf...ip-engine.html

Credits for leeching? You're funny.

this is updated one

**bandi12** · 08-31-2012

Originally Posted by NanoGold

this is updated one dump ass

maybe and ready for patch good work :P

**Avene** · 08-31-2012

Originally Posted by NanoGold

this is updated one

Updated? You only renew the address! There was address pattern! Everyone can update it easily! Dump ass!

**[MPGH]Dave84311** · 08-31-2012

Midfunction, nothing new.

Also fuck wellington, he is trying to get other methods detected so he can get credits for posting his own methods (or reverse engineered methods). Fag much.

**kozyk** · 09-01-2012

Undetected..?

**kmanev073** · 09-01-2012

isnt this detected LOL :S

**bandi12** · 09-01-2012

Originally Posted by kmanev073

isnt this detected LOL :S

yes it is

**kozyk** · 09-01-2012

LOLOL. You sure?

**Avene** · 09-01-2012

Undetected in NA but detected for other cf versions.

**Deadeys** · 09-01-2012

I reversed the hack of Mamo's, he also uses this mehod. When I was reversing it I laught very very hard xD but now I see the source xD I even laugh harder... I never thought that it was correct what I revered.. It looked so silly... Lets do the same thing! yaya xD So useless.

That DetourCreate is so xD bad xD.. Look at the assmebly code and you will see xD.

Edit:

Omg, all copy past hacks are released xD. leecher allert!

Thread: Undetected DIP Hook

Thread Tools

Display

Undetected DIP Hook

The Following User Says Thank You to NanoGold For This Useful Post:

The Following 2 Users Say Thank You to 3D For This Useful Post:

The Following 3 Users Say Thank You to Avene For This Useful Post:

The Following 10 Users Say Thank You to Dave84311 For This Useful Post:

Similar Threads

[Release] DIP Hook. Go RQ

[Release] Dreafully slow 100% undetected DIP hook

DIP Hook

DIP Hook.

[RELEASE] UNDETECTED WARROCK HOOK (CHAMS)