here's my code, it show's hooked in the messagebox of the process but it seems to crash right after it and i can't get the CreateDevice hook working to , can anyone help? :>
Code:
#include"stdafx.h"
#include<stdio.h>
#include<windows.h>
#include<winsock2.h>
#include<d3d9.h>
#include<d3dx9.h>
#pragma comment(lib, "ws2_32.lib")
#pragma comment (lib, "d3d9.lib")
#pragmacomment (lib, "d3dx9.lib")
char FileName[64];
char Buffer[65];
char OutBuffer[64];
DWORD Written;
SOCKET HookedSocket;
RECT textbox;
LPD3DXFONT dxfont;
int MyMessageBoxA(HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType);
HRESULT _stdcall MyCreateDevice(THIS_ UINT Adapter,D3DDEVTYPE DeviceType,HWND hFocusWindow,DWORD BehaviorFlags,D3DPRESENT_PARAMETERS* pPresentationParameters,IDirect3DDevice9* ppReturnedDeviceInterface);
DWORD HookFunction(LPCSTR lpModule, LPCSTR lpFuncName, LPVOID lpFunction, unsignedchar *lpBackup);
BOOL UnHookFunction(LPCSTR lpModule, LPCSTR lpFuncName, unsignedchar *lpBackup);
void InjectFunc();
BYTE hook[6];
HANDLE Console;
LPDIRECT3DDEVICE9 d3ddev;
LPDIRECT3D9 d3d;
BOOL APIENTRY DllMain( HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
InjectFunc();
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
void InjectFunc()
{
//HookFunction("user32.dll", "MessageBoxA", MyMessageBoxA, hook);
d3d = Direct3DCreate9(D3D_SDK_VERSION); //Setup
HookFunction("d3d9.dll", "CreateDevice", MyCreateDevice, hook);
}
HRESULT _stdcall MyCreateDevice(THIS_ UINT Adapter,D3DDEVTYPE DeviceType,HWND hFocusWindow,DWORD BehaviorFlags,D3DPRESENT_PARAMETERS* pPresentationParameters,IDirect3DDevice9* ppReturnedDeviceInterface)
{
UnHookFunction("d3d9.dll", "CreateDevice", hook);
//at this point ppReturnedDeviceInterface should be the valid device
D3DXCreateFont(ppReturnedDeviceInterface, // the D3D Device
20, // font height of 30
0, // default font width
FW_NORMAL, // font weight
1, // not using MipLevels
true, // italic font
DEFAULT_CHARSET, // default character set
OUT_DEFAULT_PRECIS, // default OutputPrecision,
DEFAULT_QUALITY, // default Quality
DEFAULT_PITCH | FF_DONTCARE, // default pitch and family
"Arial", // use Facename Arial
&dxfont); // the font object
ppReturnedDeviceInterface->Clear(0, NULL, D3DCLEAR_TARGET, D3DCOLOR_XRGB(0, 0, 0), 1.0f, 0);
ppReturnedDeviceInterface->Clear(0, NULL, D3DCLEAR_ZBUFFER, D3DCOLOR_XRGB(0, 0, 0), 1.0f, 0);
ppReturnedDeviceInterface->BeginScene();
SetRect(&textbox, 0, 0, 640, 480);
dxfont->DrawTextA(NULL,
"Test",
strlen("Test"),
&textbox,
NULL,//DT_CENTER | DT_VCENTER,
D3DCOLOR_ARGB(255, 255, 0, 0));
ppReturnedDeviceInterface->EndScene();
ppReturnedDeviceInterface->Present(NULL,NULL,NULL,NULL);
HRESULT hResult = d3d->CreateDevice(Adapter,DeviceType,hFocusWindow,BehaviorFlags,pPresentationParameters,&ppReturnedDeviceInterface);
HookFunction("d3d9.dll", "CreateDevice", MyMessageBoxA, hook);
return hResult;
}
int MyMessageBoxA(HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType)
{
UnHookFunction("user32.dll", "MessageBoxA", hook);
char msg[64];
sprintf(msg, "HOOKED!!\n%s", lpText);
int x = MessageBox(hWnd, msg, lpCaption, uType);
HookFunction("user32.dll", "MessageBoxA", MyMessageBoxA, hook);
return x;
}
DWORD HookFunction(LPCSTR lpModule, LPCSTR lpFuncName, LPVOID lpFunction, unsignedchar *lpBackup)
{
DWORD dwAddr = (DWORD)GetProcAddress(GetModuleHandle(lpModule), lpFuncName);
BYTE jmp[6] = { 0xe9, //jmp
0x00, 0x00, 0x00, 0x00, //address
0xc3
}; //retn
ReadProcessMemory(GetCurrentProcess(), (LPVOID)dwAddr, lpBackup, 6, 0);
DWORD dwCalc = ((DWORD)lpFunction - dwAddr - 5); //((to)-(from)-5)
memcpy(&jmp[1], &dwCalc, 4); //build the jmp
if(WriteProcessMemory(GetCurrentProcess(), (LPVOID)dwAddr, jmp, 6, 0))
{
return dwAddr;
}
}
BOOL UnHookFunction(LPCSTR lpModule, LPCSTR lpFuncName, unsignedchar *lpBackup)
{
DWORD dwAddr = (DWORD)GetProcAddress(GetModuleHandle(lpModule), lpFuncName);
if (WriteProcessMemory(GetCurrentProcess(), (LPVOID)dwAddr, lpBackup, 6, 0))
{
return TRUE;
}
else
{
return FALSE;
}
}