zoukankan      html  css  js  c++  java
  • Hooking EndScene

    Hey guys, umm i was trying to hook endscene using detours and i used a method that i hooked many other functions with before but it just doesnt seem to work.
    Here is what i have:

    Code:
    DWORD ThreadID;
    LPDIRECT3DDEVICE9 pDEVICE;
    D3DCOLOR fontRed = D3DCOLOR_ARGB(255, 255, 0, 0);
    Hacks hack;
    
    HRESULT (APIENTRY *oEndScene)(LPDIRECT3DDEVICE9 pDevice);
    
    HRESULT APIENTRY dEndScene(LPDIRECT3DDEVICE9 pDevice)
    {
        DrawBorderBox(50, 50, 200 , 200, 10, fontRed, pDevice);
        
        return oEndScene(pDevice);
    }
    
    void APIENTRY HookAPI(LPVOID param)
    {
        HANDLE Endsceneaddy = GetProcAddress(GetModuleHandleA("d3d9.dll"),"EndScene");
    
        if (Endsceneaddy)
        {
            oEndScene = (HRESULT (WINAPI *)(LPDIRECT3DDEVICE9 pDevice))(DetourFunction((PBYTE)Endsceneaddy,(PBYTE)dEndScene));
        }
    };
    
    
    
    bool __stdcall DllMain(HINSTANCE hinst,  DWORD _Reason, _In_opt_ LPVOID _Reserved)
    {
        DisableThreadLibraryCalls(hinst);
    
        CreateThread(0,0,(LPTHREAD_START_ROUTINE)HookAPI,0,0,&ThreadID);
    
        return true;
    }
    
    void Hacks::DrawBorderBox( int x, int y, int w, int h, int thickness, D3DCOLOR Colour, IDirect3DDevice9 *pDevice)
    {
        //Top horiz line
        DrawFilledRect( x, y, w, thickness,  Colour, pDevice );
        //Left vertical line
        DrawFilledRect( x, y, thickness, h, Colour, pDevice );
        //right vertical line
        DrawFilledRect( (x + w), y, thickness, h, Colour, pDevice );
        //bottom horiz line
        DrawFilledRect( x, y + h, w+thickness, thickness, Colour, pDevice );
    }
    
    
    //We receive the 2-D Coordinates the colour and the device we want to use to draw those colours with
    void Hacks::DrawFilledRect(int x, int y, int w, int h, D3DCOLOR color, IDirect3DDevice9* dev)
    {
        //We create our rectangle to draw on screen
        D3DRECT BarRect = { x, y, x + w, y + h }; 
        //We clear that portion of the screen and display our rectangle
        dev->Clear(1, &BarRect, D3DCLEAR_TARGET | D3DCLEAR_TARGET, color, 0, 0);
    }

    I have no idea y this code does not seem to work
    Please help me 
    Thanks,
    Konsowa.

    Answer:

    What learn_more said..

    You would have to do something on the lines of Create a Device and get the EndScene address or you could retrieve it with a Byte Pattern such as

    Code C++
    Patterns.AddPattern( "DirectX9 VirtualTable",      (PBYTE)"xC7x06x00x00x00x00x89x86x00x00x00x00x89x86", "xx????xx????xx", NULL, "d3d9.dll" );
    
    Functions.MemoryCopy( &Renderer_DX9.m_VTable, (void*)( Patterns.FindPatternByName( "DirectX9 VirtualTable" ).m_Address + 2 ), 4 );
    void APIENTRY HookAPI(LPVOID param)
    {
        HANDLE Endsceneaddy = GetProcAddress(GetModuleHandleA("d3d9.dll"),"EndScene");
    
        if (Endsceneaddy)
        {
            oEndScene = (HRESULT (WINAPI *)(LPDIRECT3DDEVICE9 pDevice))(DetourFunction((PBYTE)Endsceneaddy,(PBYTE)dEndScene));
        }
    };

    that code not retrieve correct EndScene address because EndScene not exported in d3d9.dll

    try this:

    Code:
    bool bCompare(const BYTE* pData, const BYTE* bMask, const char* szMask)
    {
        for(;*szMask;++szMask,++pData,++bMask)
            if(*szMask=='x' && *pData!=*bMask ) 
                return false;
    
        return (*szMask) == NULL;
    }
    DWORD FindPattern(DWORD dwAddress,DWORD dwLen,BYTE *bMask,char * szMask)
    {
        for(DWORD i=0; i < dwLen; i++)
            if( bCompare( (BYTE*)( dwAddress+i ),bMask,szMask) )
                return (DWORD)(dwAddress+i);
    
        return 0;
    }
    
    DWORD EndSceneaddy;
    void APIENTRY HookAPI(LPVOID param)
    {
        DWORD* vtbl = 0;     
        DWORD table = FindPattern((DWORD)GetModuleHandle("d3d9.dll"), 0x128000,     (PBYTE)"xC7x06x00x00x00x00x89x86x00x00x00x00x89x86", "xx????xx????xx");
        memcpy(&vtbl, (void*)(table+2), 4);
        EndSceneaddy = vtbl[42];    
        if (Endsceneaddy)
        {
            oEndScene = (HRESULT (WINAPI *)(LPDIRECT3DDEVICE9 pDevice))(DetourFunction((PBYTE)Endsceneaddy,(PBYTE)dEndScene));
        }
    
    }

    it's a different way of doing the same,
    but that is not going to work with GetProcAddress either,
    if you want the addresses of these functions you will have to create a dummy dx device, and get them from the vtable (more than enough examples around for that)

    They are virtual functions which is why they aren't exported.
    You can also do a simple vtable hook on them depending on A/C.

    I love that question 

    Seems you can't do a straight up VMT hook so explore other hook methods of functions to hook. If we all said here is our undetected hook for a game it would then become detected. It all depends on game and A/C used so you need to get creative and come up with your own.

    不满足现状,用于挑战高峰!
  • 相关阅读:
    开启Nginx代理HTTPS功能
    Linux查找运行程序主目录
    Linux命令记录
    Eclipse 安装 阿里P3C编码规范插件
    Elasticsearch(ES)(版本7.x)数据更新后刷新策略RefreshPolicy
    JS小技巧
    改变窗口或屏幕大小时调用function
    毛玻璃效果 | fifter
    position: sticky;不一样失效原因
    mysql 修改密码问题 5.6,5.7 (配置方式的skip-grant-tables可能不行,推荐命令行方式)
  • 原文地址:https://www.cnblogs.com/meyon/p/4009363.html
Copyright © 2011-2022 走看看