DipEngine Hook

#include <Windows.h>
#include <d3d9.h>
#include <d3dx9.h>

#pragma comment(lib, "d3d9.lib")
#pragma comment(lib, "d3dx9.lib")

#define DipEngine 0x0062080D
DWORD retDipEngine = DipEngine + 0x7;

bool OnChams = false;

_declspec (naked) HRESULT WINAPI DipMidFunction()
{
	static LPDIRECT3DDEVICE9 pDevice;

	_asm
	{
		PUSH EAX
		MOV DWORD PTR DS:[pDevice], EAX
                MOV EAX, DWORD PTR DS:[ECX + 0x148]
		PUSHAD
	}

	if(OnChams)
	{
		pDevice->SetRenderState(D3DRS_ZENABLE, D3DZB_FALSE);
		pDevice->SetRenderState(D3DRS_AMBIENT, D3DCOLOR_ARGB(255,255,000,000));
	}

	if(GetAsyncKeyState(VK_F9)&1) OnChams =! OnChams;

	_asm
	{
		POPAD
		JMP retDipEngine
	}
}

void *DetourFunc(BYTE *src, const BYTE *dst, const int len) 
{
BYTE *jmp = (BYTE*)malloc(len+5);
DWORD dwback;
VirtualProtect(src, len, PAGE_READWRITE, &dwback);
memcpy(jmp, src, len); jmp += len;
jmp[0] = 0xE9;
*(DWORD*)(jmp+1) = (DWORD)(src+len - jmp) - 5;
src[0] = 0xE9;
*(DWORD*)(src+1) = (DWORD)(dst - src) - 5;
VirtualProtect(src, len, dwback, &dwback);
return (jmp-len);
}

void _cdecl StartRoutine(void*)
{
	while(true)
	{
		if(memcmp((void*)DipEngine, (void*)(PBYTE)"\x50", 1)==0)
		{
			Sleep(250);
			DetourFunc((PBYTE)DipEngine, (PBYTE)DipMidFunction, 7);
		}
	}
}

BOOL APIENTRY DllMain(HINSTANCE hinstDLL, DWORD reason, LPVOID lpvReserved)
{
	if(reason == DLL_PROCESS_ATTACH)
	{
		DisableThreadLibraryCalls(hinstDLL);
		CreateThread(NULL,NULL,(LPTHREAD_START_ROUTINE)StartRoutine,NULL,NULL,NULL);
		
		return TRUE;}

return TRUE;}

 8B 08 52 ?? ?? ?? ?? 52 ?? ?? ?? ?? 52 ?? ?? ?? ?? 52 ?? ?? ?? ?? 52 6A 04 50 8B 81

006207F4  |. 8B08           MOV ECX,DWORD PTR DS:[EAX]
006207F6  |. 52             PUSH EDX
006207F7  |. 8B5424 10      MOV EDX,DWORD PTR SS:[ESP+10]
006207FB  |. 52             PUSH EDX
006207FC  |. 8B5424 18      MOV EDX,DWORD PTR SS:[ESP+18]
00620800  |. 52             PUSH EDX
00620801  |. 8B5424 14      MOV EDX,DWORD PTR SS:[ESP+14]
00620805  |. 52             PUSH EDX
00620806  |. 8B5424 28      MOV EDX,DWORD PTR SS:[ESP+28]
0062080A  |. 52             PUSH EDX
0062080B  |. 6A 04          PUSH 4
0062080D  |. 50             PUSH EAX
0062080E  |. 8B81 48010000  MOV EAX,DWORD PTR DS:[ECX+148]
00620814  |. FFD0           CALL EAX