DX9 Hook by ~FALLEN~

[~FALLEN~]

Should be undetected, don't know, haven't used this in a while. Have fun (: *Yes you can port this to d3d8 if you know how*

Tools : Ollydbg & IDA
Credits : ~FALLEN~
Coded in : C++

Code:

struct sStack
{
	sStack* PreviousStack;
	DWORD ReturnAddress;
	void* Arguments[ 127 ];//Maximum number of arguments to pass to a function
};

DWORD SCPtr = 0;//Table[19]
DWORD SCRet = 0;//On xp - Start of EndScene Function + 0xB9 - Vista / 7 - Start of EndScene Function + 0x9E

void __fastcall hkSceneCapture( void* ECX, void* EDX, signed int Capture )
{
	IDirect3DDevice9* pDevice;//Device interface pointer
	sStack* Stack;//Stack handling structure
	__asm
	{
	  MOV Stack, ESP
	  pushad//Preserve all General-Registers
	  pushfd//Preserve EFlags
	}
	if( Stack->ReturnAddress == SCRet )
	{
	  if( ( pDevice = Stack->PreviousStack->Arguments[ 0 ] ) != NULL )
	  {
	    //DoShit
	  }
	}
	__asm
	{
	  popfd//Restore EFlags
	  popad//Restore All General-Registers
	}
	return ( ( void( __thiscall* )( void*, signed int ) SCPtr )( ThisPtr, Capture );//Give control back to SceneCapture
}

DWORD Table = FindPattern( D3DModuleHandle, 0x105000, (PBYTE)"\xC7\x06\x00\x00\x00\x00\xC7\x46\x00\x0B\x00\x00\x00\x8B\xC6" ), "xx????xx?x???xx" );//CD3DDIDX7 SCPtr = this[19]

[R4v0r]

Nice, finally something propper released for A.V.A!

[oyasuna.dev]

Don't see anything wrong. Haven't been active with AVA so I'm not sure what changes they have made, but this looks like it would work.

[~FALLEN~]

Don't see anything wrong. Haven't been active with AVA so I'm not sure what changes they have made, but this looks like it would work.

Nothing is wrong with it, I did however simplify it. You can do this with classes and it would be more organized of course. Probably a tad faster too because it wouldn't have to go out into the .bss section to retrieve the global variables. It can be made faster, but the speed difference wouldn't be noticeable...

[oyasuna.dev]

Nothing is wrong with it, I did however simplify it. You can do this with classes and it would be more organized of course. Probably a tad faster too because it wouldn't have to go out into the .bss section to retrieve the global variables. It can be made faster, but the speed difference wouldn't be noticeable...

True, but if your looking from a performance standpoint then there are 2 key variables you try to accomplish: Speed (along with complexity), and Memory usage. I know I had a third, but I forget. Now if you increase the speed, you will use more memory but for a shorter amount of time. Not sure if I'm being clear cause I had a point in my head, but now I forget.

[~FALLEN~]

True, but if your looking from a performance standpoint then there are 2 key variables you try to accomplish: Speed (along with complexity), and Memory usage. I know I had a third, but I forget. Now if you increase the speed, you will use more memory but for a shorter amount of time. Not sure if I'm being clear cause I had a point in my head, but now I forget.

Not necessarily, if you do things more efficiently you can get faster code with less memory usage, to be honest it tends to go hand in hand with clean and well preforming code. Don't leak, don't clutter, etc, and you're good to go really...

What you said may be true if you are using say a garbage collector or a virtualized language such as java ( java gets converted to byte code which is then interpreted by a VM ) .Net languages use a garbage collector, etc. In general though, C++ ( when coded right, and with the right optimizations ) won't hold your hand and as I said, if done right, can give you some really great performance.

[Jabberwock]

What's the matter with performance... This code you provided would probably be done in a spilt second. What's there to be worry about?

[~FALLEN~]

What's the matter with performance... This code you provided would probably be done in a spilt second. What's there to be worry about?

Nothing, like I said performance wouldn't be a significant difference as there's only two global's in constant use.
However if you were using say 10,000 - 100,000 global's, you would notice, but at that point I would be asking you "why the fuck are you using so many variables?" lol. XD

[oyasuna.dev]

Nothing, like I said performance wouldn't be a significant difference as there's only two global's in constant use.
However if you were using say 10,000 - 100,000 global's, you would notice, but at that point I would be asking you "why the fuck are you using so many variables?" lol. XD

Very good point.

[u.A.v.A]

unstable .___.

need a few changes

[~FALLEN~]

unstable .___.

need a few changes

No it's not, the code is perfectly stable and doesn't need to be changed. it's something you are doing. Make sure your handling your interfaces correctly.

[RobinC]

Made This working in d3d8 and worked

[SzaQal]

it's unstable but working - just add some lines of code... i will try to find some adressess inn ava - but ollydbg is detected, i will try find some basig debuggers or create my own idk

[~FALLEN~]

it's unstable but working - just add some lines of code... i will try to find some adressess inn ava - but ollydbg is detected, i will try find some basig debuggers or create my own idk

it's not unstable... Make sure you reset any interfaces you create.... I used this hook for over 2 years without anything problems, the only difference in the one I used is it was part of one of my classes. Make sure you're rehooking if it gets unhooked, and make sure you have write access to change the vtable. Its common sense really. Its stable.

-edit-
The only way I can the hook itself **possibly** becoming unstable is if you use byte patching, aka detours. Even then, if you aren't using crappy detours I would imagine it would work fine ( assuming the detour function is saving the original operations )

[SzaQal]

whats ur IDE?