Code:
UINT m_Stride;
D3DPRIMITIVETYPE Type;
INT BaseVertexIndex;
UINT MinVertexIndex;
UINT NumVertices;
UINT startIndex;
UINT primCount;
#define RED2 D3DCOLOR_ARGB(100, 255, 000, 000)
DWORD dwOldZEnable = D3DZB_TRUE;
LPDIRECT3DTEXTURE9 White2,Red2,Green2,Blue2,Black2,Purple2,Grey2,Yellow2,Orange2;
LPDIRECT3DVERTEXBUFFER9 StreamData;
UINT OffsetInBytes;
typedef HRESULT (WINAPI* tPresent)(LPDIRECT3DDEVICE9 pDevice,CONST RECT *pSourceRect, CONST RECT *pDestRect, HWND hDestWindowOverride, CONST RGNDATA *pDirtyRegion);
tPresent oPresent;
typedef HRESULT (WINAPI* tReset)(LPDIRECT3DDEVICE9 pDevice,D3DPRESENT_PARAMETERS* Parametri);
tReset oReset;
typedef HRESULT (WINAPI* oDrawIndexedPrimitive) ( LPDIRECT3DDEVICE9 pDevice,D3DPRIMITIVETYPE Type,INT BaseVertexIndex,UINT MinVertexIndex,UINT NumVertices,UINT startIndex,UINT primCount );
oDrawIndexedPrimitive pDrawIndexedPrimitive;
void CreateDev(DWORD * dwVTable){
LPDIRECT3D9 pD3d9 = NULL;
LPDIRECT3DDEVICE9 pD3DDevice = NULL;
pD3d9 = Direct3DCreate9(D3D_SDK_VERSION);
if(pD3d9 == NULL){
return;
}
D3DPRESENT_PARAMETERS pPresentParms;
ZeroMemory(&pPresentParms,sizeof(pPresentParms));
pPresentParms.Windowed = TRUE;
pPresentParms.BackBufferFormat = D3DFMT_UNKNOWN;
pPresentParms.SwapEffect = D3DSWAPEFFECT_DISCARD;
if(FAILED(pD3d9->CreateDevice(D3DADAPTER_DEFAULT,D3DDEVTYPE_HAL,GetDesktopWindow(),D3DCREATE_SOFTWARE_VERTEXPROCESSING,&pPresentParms,&pD3DDevice))){
return;
}
DWORD * dwTable = ( DWORD* )pD3DDevice;
dwTable = ( DWORD* ) dwTable[0];
dwVTable[0] = dwTable[16];
dwVTable[1] = dwTable[17];
}
void *Salta(BYTE *src,const BYTE *dst,const int len){
BYTE *jmp = (BYTE*)malloc(len+5);
DWORD dwback;
VirtualProtect(src, len, PAGE_READWRITE, &dwback);
memcpy(jmp, src, len); jmp += len;
jmp[0] = 0xE9;
*(DWORD*)(jmp+1) = (DWORD)(src+len - jmp) - 5;
src[0] = 0xE9;
*(DWORD*)(src+1) = (DWORD)(dst - src) - 5;
VirtualProtect(src, len, dwback, &dwback);
return (jmp-len);
}
HRESULT WINAPI hkReset(LPDIRECT3DDEVICE9 pDevice, D3DPRESENT_PARAMETERS* Parametri){
_asm NOP;
d3dfont->OnLostDevice();
HRESULT hTorna = oReset(pDevice, Parametri);
if(SUCCEEDED(hTorna)){
d3dfont->OnResetDevice();
}
return hTorna;
}
class cHelper
{
public:
DWORD FindDevice(DWORD Len);
VOID HideDLL(HINSTANCE hModule);
void EraseHeader(HINSTANCE hModule);
VOID StarLog(HMODULE hDll);
VOID __cdecl cHelper::WriteLog (const char *fmt, ...);
CHAR* Decrypt(const char* plaintext);
CHAR* Encrypt(const char* plaintext);
CHAR * GetTime();
BOOL CheckVersion();
INT URLGetPage(char *link, char *buffer, int maxsize);
BOOL cHelper::_cCompareHost( char *HostName );
private:
CHAR * GetDirectoryFile(char *filename);
};
DWORD cHelper::FindDevice(DWORD Len)
{
DWORD dwObjBase = 0;
dwObjBase = (DWORD)LoadLibrary("D3D9.DLL");
while (dwObjBase++ < dwObjBase + Len)
{
if ( (*(WORD*)(dwObjBase + 0x00)) == 0x06C7
&& (*(WORD*)(dwObjBase + 0x06)) == 0x8689
&& (*(WORD*)(dwObjBase + 0x0C)) == 0x8689
) { dwObjBase += 2; break; }
}
return( dwObjBase );
}
HRESULT WINAPI myDrawIndexedPrimitive(LPDIRECT3DDEVICE9 pDevice, D3DPRIMITIVETYPE Type, INT BaseVertexIndex, UINT MinVertexIndex, UINT NumVertices, UINT startIndex, UINT primCount)
{
//THIS IS TO DRAW BASIC CHAMS -
if(pDevice->GetStreamSource(0,&StreamData,&OffsetInBytes,&m_Stride) == D3D_OK)
{
StreamData->Release();
}
//the chams --> white ok?
if(IsIngame() &&cBox[24].OnOff == 1)
{
if( (m_Stride == 36) || (m_Stride == 32) || (m_Stride == 44))
{
pDevice->SetRenderState(D3DRS_ZENABLE, 0);
pDevice->SetTexture(0,Red2);
pDrawIndexedPrimitive(pDevice, Type, BaseVertexIndex, MinVertexIndex, NumVertices, startIndex, primCount);
pDevice->SetRenderState(D3DRS_ZENABLE, 1);
pDevice->SetTexture(0,Red2);
}
}
return pDrawIndexedPrimitive(pDevice, Type, BaseVertexIndex, MinVertexIndex, NumVertices, startIndex, primCount);
}
DWORD cDetours::CreateDIP_JMP_EAX( DWORD SrcVA, DWORD DstVA, DWORD Size )
{
DWORD DetourVA, dwProtect, i;
#define SIZEOF_MOVEAX_JMPEAX 6
if ( SrcVA && DstVA && Size >= SIZEOF_MOVEAX_JMPEAX )
{
DetourVA = (DWORD) VirtualAlloc(
NULL, Size + SIZEOF_MOVEAX_JMPEAX,
MEM_COMMIT, PAGE_EXECUTE_READWRITE );
if ( DetourVA && VirtualProtect( (VOID*)SrcVA, Size, PAGE_EXECUTE_READWRITE, &dwProtect ) )
{
for ( i=0; i < Size; i++ ) {
*(BYTE*)( DetourVA + i ) = *(BYTE*)( SrcVA + i );
}
*(BYTE*)( DetourVA + Size + 0 ) = 0xB8;
*(DWORD*)( DetourVA + Size + 1 ) = ( SrcVA + Size );
*(WORD*)( DetourVA + Size + 5 ) = 0xE0FF;
*(BYTE*)( SrcVA + 0 ) = 0xB8;
*(DWORD*)( SrcVA + 1 ) = ( DstVA );
*(WORD*)( SrcVA + 5 ) = 0xE0FF;
VirtualProtect( (VOID*)SrcVA, Size, dwProtect, &dwProtect );
VirtualProtect( (VOID*)DetourVA, Size +
SIZEOF_MOVEAX_JMPEAX, PAGE_EXECUTE_READ, &dwProtect );
return DetourVA;
}
Sleep(3);
}
return (0);
}
DWORD dwVTable[82] = {0};
HRESULT WINAPI hkPresent(LPDIRECT3DDEVICE9 pDevice,CONST RECT *pSourceRect, CONST RECT *pDestRect, HWND hDestWindowOverride, CONST RGNDATA *pDirtyRegion){
_asm PUSHAD;
menu->RenderMenu(pDevice);
menu->********(pDevice);
//menu->TeleKillFull();
menu->Ghostmode1(pDevice);
_asm POPAD;
return oPresent(pDevice, pSourceRect, pDestRect, hDestWindowOverride, pDirtyRegion);
}
DWORD WINAPI Wait(LPVOID lpArgs){
DWORD dwD3D9 = NULL;
while(!dwD3D9){
Sleep(20);
dwD3D9 = (DWORD)GetModuleHandleA("d3d9.dll");
}
PDWORD VTable;
cHelper *cHelpers;
*(DWORD*)&VTable = *(DWORD*)cHelpers->FindDevice(0x128000);
if(VTable == NULL)
{
MessageBox(NULL,"D3DDevice Pointer Not Found!",0,MB_ICONSTOP);
ExitProcess(0);
}
CreateDev( dwVTable );
oReset = ( tReset ) cDetour->CreateJMP_REL(( DWORD ) dwVTable[0], ( DWORD ) &hkReset ,5);
oPresent = ( tPresent )cDetour->CreateJMP_REL(( DWORD ) dwVTable[1], ( DWORD ) &hkPresent ,5);
pDrawIndexedPrimitive=(oDrawIndexedPrimitive)cDetour->CreateJMP_EAX((DWORD)dwVTable[82],(DWORD)myDrawIndexedPrimitive,5);
while(1)
{
if(memcmp((void *)VTable[82], (void *)"\x8B\xFF", 2) == 0 )
{
pDrawIndexedPrimitive=(oDrawIndexedPrimitive)cDetour->CreateDIP_JMP_EAX((DWORD)VTable[82],(DWORD)myDrawIndexedPrimitive,12);
}
Sleep(500);
}
return 0;
}
BOOL APIENTRY DllMain( HMODULE hModule, DWORD dwReason, LPVOID lpReserved ){
if ( dwReason == DLL_PROCESS_ATTACH ){
CreateThread( NULL, NULL, &Wait, NULL, NULL, NULL );
//CreateThread(NULL, NULL,(LPTHREAD_START_ROUTINE)TELEKILL, NULL, NULL, NULL);
}
return TRUE;
Credits: AlphaVampire