General
Reply With Quoteoreoprin (02-28-2015)
Thread: Simple Hook EndScene
Results 1 to 2 of 2
-
01-20-2015 #1
- Join Date
- Nov 2011
- Gender
- Location
- Posts
- 2,136
- Reputation
242- Thanks
- 12,562
Simple Hook EndScene
Hello guys, I will post a simple method of EndScene for this game..
With this, you can do a menu, esp..
Screen Shoot
Code:#include <windows.h> #include <d3d9.h> #include <d3dx9.h> #include <stdio.h> #pragma comment(lib, "d3d9.lib") #pragma comment(lib, "d3dx9.lib") DWORD dwEndscene_hook; DWORD dwEndscene_ret; DWORD *vTable; LPD3DXFONT pFont; int text; VOID WriteText( LPDIRECT3DDEVICE9 pDevice, INT x, INT y, DWORD color, CHAR *text ) { RECT rect; SetRect( &rect, x, y, x, y ); pFont->DrawText( NULL, text, -1, &rect, DT_NOCLIP | DT_LEFT, color ); } void WriteMemory(void *address, void *bytes, int byteSize) { DWORD NewProtection; VirtualProtect(address, byteSize, PAGE_EXECUTE_READWRITE, &NewProtection); memcpy(address, bytes, byteSize); VirtualProtect(address, byteSize, NewProtection, &NewProtection); } VOID WINAPI EndScene(LPDIRECT3DDEVICE9 pDevice) { if( pFont ) { pFont->Release(); pFont = NULL; } if( !pFont ) { D3DXCreateFont( pDevice, 14,0,FW_BOLD,1,0,DEFAULT_CHARSET,OUT_DEFAULT_PRECIS,DEFAULT_QUALITY,DEFAULT_PITCH | FF_DONTCARE,"Arial",&pFont ); } WriteText( pDevice, 15, 80, D3DCOLOR_ARGB(255,255,000,000), "My Private Hook" ); } __declspec(naked) void MyEndscene( ) { static LPDIRECT3DDEVICE9 pDevice; __asm { mov dword ptr ss:[ebp - 10], esp; mov esi, dword ptr ss:[ebp + 0x8]; mov pDevice, esi; } EndScene(pDevice); __asm { jmp dwEndscene_ret; } } bool Mask(const BYTE* pData, const BYTE* bMask, const char* szMask) { for(;*szMask;++szMask,++pData,++bMask) if(*szMask=='x' && *pData!=*bMask ) return false; return (*szMask) == NULL; } DWORD FindPattern(DWORD dwAddress,DWORD dwLen,BYTE *bMask,char * szMask) { for(DWORD i=0; i<dwLen; i++) if(Mask((BYTE*)(dwAddress + i), bMask, szMask)) return (DWORD)(dwAddress+i); return 0; } void MakeJMP(BYTE *pAddress, DWORD dwJumpTo, DWORD dwLen) { DWORD dwOldProtect, dwBkup, dwRelAddr; VirtualProtect(pAddress, dwLen, PAGE_EXECUTE_READWRITE, &dwOldProtect); dwRelAddr = (DWORD) (dwJumpTo - (DWORD) pAddress) - 5; *pAddress = 0xE9; *((DWORD *)(pAddress + 0x1)) = dwRelAddr; for(DWORD x = 0x5; x < dwLen; x++) *(pAddress + x) = 0x90; VirtualProtect(pAddress, dwLen, dwOldProtect, &dwBkup); return; } void MyHook( void ) { DWORD hD3D = NULL; while (!hD3D) hD3D = (DWORD)GetModuleHandle("d3d9.dll"); DWORD PPPDevice = FindPattern(hD3D, 0x128000, (PBYTE)"\xC7\x06\x00\x00\x00\x00\x89\x86\x00\x00\x00\x00\x89\x86", "xx????xx????xx"); WriteMemory( &vTable, (void *)(PPPDevice + 2), 4); dwEndscene_hook = vTable[42] + 0x2A; dwEndscene_ret = dwEndscene_hook + 0x6; while(1) { Sleep(100); MakeJMP((PBYTE)dwEndscene_hook, (DWORD)MyEndscene, 6); } } BOOL WINAPI DllMain(HINSTANCE hModule, DWORD dwReason, LPVOID lpvReserved) { if (dwReason == DLL_PROCESS_ATTACH) { DisableThreadLibraryCalls(hModule); CreateThread(NULL, NULL, (LPTHREAD_START_ROUTINE)MyHook, NULL, NULL, NULL); } return TRUE; }
Credits
Hacker Fail, ZeaS, Shad0w_• Member Level 1 since November, 2011
• Contributor since March, 2015
• Game Hacking Team : 06/14/2017
-
The Following User Says Thank You to Hacker Fail For This Useful Post:
-
01-22-2015 #2вою зауÑ
- Join Date
- Jan 2014
- Gender
- Location
- Posts
- 4,526
- Reputation
4549- Thanks
- 17,403
Good release. Thanks for posting Credits.
Originally Posted by Hacker Fail
Hello guys, I will post a simple method of EndScene for this game..
With this, you can do a menu, esp..
Screen Shoot
Code:#include <windows.h> #include <d3d9.h> #include <d3dx9.h> #include <stdio.h> #pragma comment(lib, "d3d9.lib") #pragma comment(lib, "d3dx9.lib") DWORD dwEndscene_hook; DWORD dwEndscene_ret; DWORD *vTable; LPD3DXFONT pFont; int text; VOID WriteText( LPDIRECT3DDEVICE9 pDevice, INT x, INT y, DWORD color, CHAR *text ) { RECT rect; SetRect( &rect, x, y, x, y ); pFont->DrawText( NULL, text, -1, &rect, DT_NOCLIP | DT_LEFT, color ); } void WriteMemory(void *address, void *bytes, int byteSize) { DWORD NewProtection; VirtualProtect(address, byteSize, PAGE_EXECUTE_READWRITE, &NewProtection); memcpy(address, bytes, byteSize); VirtualProtect(address, byteSize, NewProtection, &NewProtection); } VOID WINAPI EndScene(LPDIRECT3DDEVICE9 pDevice) { if( pFont ) { pFont->Release(); pFont = NULL; } if( !pFont ) { D3DXCreateFont( pDevice, 14,0,FW_BOLD,1,0,DEFAULT_CHARSET,OUT_DEFAULT_PRECIS,DEFAULT_QUALITY,DEFAULT_PITCH | FF_DONTCARE,"Arial",&pFont ); } WriteText( pDevice, 15, 80, D3DCOLOR_ARGB(255,255,000,000), "My Private Hook" ); } __declspec(naked) void MyEndscene( ) { static LPDIRECT3DDEVICE9 pDevice; __asm { mov dword ptr ss:[ebp - 10], esp; mov esi, dword ptr ss:[ebp + 0x8]; mov pDevice, esi; } EndScene(pDevice); __asm { jmp dwEndscene_ret; } } bool Mask(const BYTE* pData, const BYTE* bMask, const char* szMask) { for(;*szMask;++szMask,++pData,++bMask) if(*szMask=='x' && *pData!=*bMask ) return false; return (*szMask) == NULL; } DWORD FindPattern(DWORD dwAddress,DWORD dwLen,BYTE *bMask,char * szMask) { for(DWORD i=0; i<dwLen; i++) if(Mask((BYTE*)(dwAddress + i), bMask, szMask)) return (DWORD)(dwAddress+i); return 0; } void MakeJMP(BYTE *pAddress, DWORD dwJumpTo, DWORD dwLen) { DWORD dwOldProtect, dwBkup, dwRelAddr; VirtualProtect(pAddress, dwLen, PAGE_EXECUTE_READWRITE, &dwOldProtect); dwRelAddr = (DWORD) (dwJumpTo - (DWORD) pAddress) - 5; *pAddress = 0xE9; *((DWORD *)(pAddress + 0x1)) = dwRelAddr; for(DWORD x = 0x5; x < dwLen; x++) *(pAddress + x) = 0x90; VirtualProtect(pAddress, dwLen, dwOldProtect, &dwBkup); return; } void MyHook( void ) { DWORD hD3D = NULL; while (!hD3D) hD3D = (DWORD)GetModuleHandle("d3d9.dll"); DWORD PPPDevice = FindPattern(hD3D, 0x128000, (PBYTE)"\xC7\x06\x00\x00\x00\x00\x89\x86\x00\x00\x00\x00\x89\x86", "xx????xx????xx"); WriteMemory( &vTable, (void *)(PPPDevice + 2), 4); dwEndscene_hook = vTable[42] + 0x2A; dwEndscene_ret = dwEndscene_hook + 0x6; while(1) { Sleep(100); MakeJMP((PBYTE)dwEndscene_hook, (DWORD)MyEndscene, 6); } } BOOL WINAPI DllMain(HINSTANCE hModule, DWORD dwReason, LPVOID lpvReserved) { if (dwReason == DLL_PROCESS_ATTACH) { DisableThreadLibraryCalls(hModule); CreateThread(NULL, NULL, (LPTHREAD_START_ROUTINE)MyHook, NULL, NULL, NULL); } return TRUE; }
Credits
Hacker Fail, ZeaS, Shad0w_
THE EYES OF THE DAVESTAPO ARE UPON YOU. ANY WRONG YOU DO WE ARE GONNA SEE, WHEN YOU'RE ON MPGH, LOOK BEHIND YOU, 'CAUSE THATS WHERE WE GONNA BE
Similar Threads
-
Hooking EndScene
By konsowa7 in forum Combat Arms Coding Help & DiscussionReplies: 1Last Post: 06-22-2012, 08:20 AM -
[Release] A simple Hooking class
By 258456 in forum CrossFire Hack Coding / Programming / Source CodeReplies: 13Last Post: 02-23-2012, 07:37 AM -
[Question] Hook EndScene
By Departure in forum Combat Arms Coding Help & DiscussionReplies: 30Last Post: 12-05-2010, 06:02 PM -
Hook EndScene
By inmate in forum C++/C ProgrammingReplies: 1Last Post: 07-18-2010, 05:24 AM -
[Release] Simple Hook V1
By MugNuf in forum Combat Arms Hacks & CheatsReplies: 17Last Post: 07-03-2010, 08:18 PM