Welcome to the UnKnoWnCheaTs - Multiplayer Game Hacks and Cheats.
You have to register before you can post and see and access any of the advanced forum features, please click the register link to proceed to the registration form. To start viewing threads or posts, select a forum that you want to visit from the selection below.
I was planning on maybe releasing some hacks but atm i just don't have the time, so i'm releasing one of my undetected d3d9 bases as i have other methods to fall back on.
Reset, EndScene and DrawIndexedPrimitive are already hooked as a example..
I'm sure once you have read the source and understand it, you wont have any problems adding other member functions using d3d9.h as a reference to the device interface.
If you don't know how to use it, then you need to learn some basic C++ and Direct3D. Please don't post my stuff on other sites, you can link to this post only. And by using this source you automatically agree to not use it in any form of pay hack.
Thank you to MSDN and the DirectX Software Development Kit for their useful information.
EDIT:
Updated.
EDIT:
Updated.
EDIT:
Updated.
__________________
I've learned that something constructive comes from every defeat.
Sometimes i say things i shouldn't, and sometimes i say what other people are thinking.
Real programmer's don't document, if it was hard to write, it should be hard to understand.
First learn computer science and all the theory, next develop a programming style, then forget all that and just hack.
I am using this as a new base then I am going to moving all my hacks over to this new project...no more starter kit.
I have compiled it successfully but it crashes right after injection on either my game or the d3d demo binaries that come with the SDK (ShadowVolume.exe). I am merely trying to inject an empty-nohacks-included dlll; just want to see it attach.
Great job there Rover. One excellent contribution to the community. Hopefully now that you've released 2 and HB's as well. D3D's will start poping up all over the site with luck.
Great job there Rover. One excellent contribution to the community. Hopefully now that you've released 2 and HB's as well. D3D's will start poping up all over the site with luck.
this could definatley use more protection, not just a suggestion
but still again good work, but i would use some other form of table hooking to hook and unhook Direct3DCreate9 *hint*
this could definatley use more protection, not just a suggestion
but still again good work, but i would use some other form of table hooking to hook and unhook Direct3DCreate9 *hint*
and definatley unhook CreateDevice *doublehint*
That is upto you, i don't need to change anything... If i wanted to add protection to avoid it being detected, i would of just posted something that makes all Direct3D hacks undetected again...
I have other methods to fall back on and when PB does detect it, i'd put my money on it taking no more than 15 minutes to make it undetected again... That is were my fun comes from...
__________________
I've learned that something constructive comes from every defeat.
Sometimes i say things i shouldn't, and sometimes i say what other people are thinking.
Real programmer's don't document, if it was hard to write, it should be hard to understand.
First learn computer science and all the theory, next develop a programming style, then forget all that and just hack.
needless to say i have alot of work to do on punkbuster, it has really been cracking down recently and the regular evasion techniques wont fly. ( i suspect itll get more difficult in the future )
Still crashes. I created a new base hook with this to avoid any conflicts. I have all the correct libs referenced...so I don't think I missing anything.
Thanks gc-admin. The problem was actually a flag in VS2005 that jacked it up. I just created a new project and didn't mess with any optimization this time - seems to attached and not crash. Annoying.
Now the new problem of course. I have put various simple D3D print-to-screen goodies in this hook and have yet to see anything show up. Can you take a look and give me the heads up?
Code:
//=====================================================================================
/* Roverturbo | www.unknowncheats.com | www.darkhex.us */
//=====================================================================================
#define _CRT_SECURE_NO_WARNINGS // disable deprecated warnings
#include <windows.h>
#include <detours.h>
#include <d3d9.h>
#include <time.h> // header file for time functions
#include <stdio.h> //header file for (sprintf)
#pragma comment(lib, "d3d9.lib")
#pragma comment(lib, "d3dx9.lib") //D3DXCreateLine needs this
#include <d3dx9.h> //header file for crosshair stuff
#include "d3d9font.h" //header file for default d3d font class
// disable annoying warnings
#pragma warning (disable: 4312) //conversion from 'unsigned long' to 'unsigned long *' of greater size
#pragma warning (disable: 4311) //pointer truncation from 'HRESULT
#pragma warning (disable: 4099) //disable debug warning (detours.pdb)
#pragma warning (disable: 4244) //disable conversion from 'DWORD' to 'FLOAT', possible loss of data (crosshair function)
// vars for another simple print text to screen
bool FontCreated = false;
CD3DFont *pD3DFont;
// vars for time and date stuff
char cTimeAndDate[80];
time_t tValue;
// vars for screen resolution stuff
D3DVIEWPORT9 oViewport;
char cResolution[101];
//vars for framerate
float fFps = 0.0f;
float fLastTickCount = 0.0f;
float fCurrentTickCount;
char cFrameRate[50] = {0};
//vars for drawing a simple crosshair
ID3DXLine *pLine;
D3DXVECTOR2 XhairUp [1];
D3DXVECTOR2 XhairDwn [1];
D3DXVECTOR2 XhairLft [1];
D3DXVECTOR2 XhairRgt [1];
bool DrawXhair = true;
//=====================================================================================
typedef HRESULT (WINAPI* BeginScene_t)(LPDIRECT3DDEVICE9 pDevice);
BeginScene_t pBeginScene;
HRESULT WINAPI nBeginScene(LPDIRECT3DDEVICE9 pDevice)
{
pDevice->GetViewport(&oViewport); //setup viewport
D3DXCreateLine(pDevice, &pLine); //setup crosshair
if(!FontCreated) //setup font for simple text to screen
{
FontCreated = true;
pD3DFont = new CD3DFont("Arial", 8);
pD3DFont->InitDeviceObjects(pDevice);
pD3DFont->RestoreDeviceObjects();
}
return pBeginScene(pDevice);
}
//=====================================================================================
typedef HRESULT (WINAPI* EndScene_t)(LPDIRECT3DDEVICE9 pDevice);
EndScene_t pEndScene;
HRESULT WINAPI nEndScene(LPDIRECT3DDEVICE9 pDevice)
{
fCurrentTickCount = clock() * 0.001f;
++fFps;
if((fCurrentTickCount - fLastTickCount) > 1.0f)
{
fLastTickCount = fCurrentTickCount;
sprintf(cFrameRate, "[ FPS: %d ]", int(fFps)); //print framerate
fFps = 0;
}
sprintf(cResolution, "[ %d x %d ]", oViewport.Width, oViewport.Height); //print screen res
tValue = time(NULL);
strftime(cTimeAndDate, sizeof(cTimeAndDate), "[ %a - %b %d - %i:%m %p ]", localtime(&tValue)); //print local time
//draw crosshair in center of sceen
if (DrawXhair)
{
if(pLine)
{
pLine->SetWidth( 1.0 );// Width
pLine->SetAntialias( true );// AA
pLine->SetGLLines( true );// OpenGL Style Lines
XhairUp[0].x = (oViewport.Width/2);
XhairUp[0].y = (oViewport.Height/2);
XhairUp[1].x = (oViewport.Width/2);
XhairUp[1].y = (oViewport.Height/2) - 8;
pLine->Begin( );
pLine->Draw( XhairUp, 2, D3DCOLOR_XRGB( 0, 255, 0 ) );
pLine->End( );
XhairDwn[0].x = (oViewport.Width/2);
XhairDwn[0].y = (oViewport.Height/2);
XhairDwn[1].x = (oViewport.Width/2);
XhairDwn[1].y = (oViewport.Height/2) + 8;
pLine->Begin( );
pLine->Draw( XhairDwn, 2, D3DCOLOR_XRGB( 0, 255, 0 ) );
pLine->End( );
XhairLft[0].x = (oViewport.Width/2);
XhairLft[0].y = (oViewport.Height/2);
XhairLft[1].x = (oViewport.Width/2) - 8;
XhairLft[1].y = (oViewport.Height/2);
pLine->Begin( );
pLine->Draw( XhairLft, 2, D3DCOLOR_XRGB( 0, 255, 0 ) );
pLine->End( );
XhairRgt[0].x = (oViewport.Width/2);
XhairRgt[0].y = (oViewport.Height/2);
XhairRgt[1].x = (oViewport.Width/2) + 8;
XhairRgt[1].y = (oViewport.Height/2);
pLine->Begin( );
pLine->Draw( XhairRgt, 2, D3DCOLOR_XRGB( 0, 255, 0 ) );
pLine->End( );
}
}
pD3DFont->DrawText(oViewport.Width/2,oViewport.Height/2,D3DCOLOR_ARGB(255,255,0,0),"D3D successfully hooked", D3DFONT_FILTERED); //print in center of screen
return pEndScene(pDevice);
}
//=====================================================================================
typedef HRESULT (WINAPI* DrawIndexedPrimitive_t)(LPDIRECT3DDEVICE9 pDevice, D3DPRIMITIVETYPE pType,
int iBaseIndex, unsigned int uiMinIndex, unsigned int uiNumVertices,
unsigned int uiStartIndex, unsigned int uiPrimitiveCount);
DrawIndexedPrimitive_t pDrawIndexedPrimitive;
HRESULT WINAPI nDrawIndexedPrimitive(LPDIRECT3DDEVICE9 pDevice, D3DPRIMITIVETYPE pType, int iBaseIndex,
unsigned int uiMinIndex, unsigned int uiNumVertices, unsigned int uiStartIndex,
unsigned int uiPrimitiveCount)
{
return pDrawIndexedPrimitive(pDevice, pType, iBaseIndex, uiMinIndex, uiNumVertices, uiStartIndex, uiPrimitiveCount);
}
//=====================================================================================
typedef HRESULT (WINAPI* SetStreamSource_t)(LPDIRECT3DDEVICE9 pDevice, unsigned int uiStreamNumber,
LPDIRECT3DVERTEXBUFFER9 pStreamData, unsigned int uiOffsetInBytes,
unsigned int uiStride);
SetStreamSource_t pSetStreamSource;
HRESULT WINAPI nSetStreamSource(LPDIRECT3DDEVICE9 pDevice, unsigned int uiStreamNumber,
LPDIRECT3DVERTEXBUFFER9 pStreamData, unsigned int uiOffsetInBytes,
unsigned int uiStride)
{
return pSetStreamSource(pDevice, uiStreamNumber, pStreamData, uiOffsetInBytes, uiStride);
}
//=====================================================================================
typedef HRESULT (WINAPI* CreateDevice_t)(void* pDirect3D, unsigned int uiAdapter, D3DDEVTYPE pDeviceType,
HWND hFocusWindow, unsigned long ulBehaviorFlags,
D3DPRESENT_PARAMETERS* pPresentationParameters,
LPDIRECT3DDEVICE9* ppReturnedDeviceInterface);
CreateDevice_t pCreateDevice;
HRESULT WINAPI nCreateDevice(void* pDirect3D, unsigned int uiAdapter, D3DDEVTYPE pDeviceType, HWND hFocusWindow,
unsigned long ulBehaviorFlags, D3DPRESENT_PARAMETERS* pPresentationParameters,
LPDIRECT3DDEVICE9* ppReturnedDeviceInterface)
{
HRESULT hrReturn = pCreateDevice(pDirect3D, uiAdapter, pDeviceType, hFocusWindow, ulBehaviorFlags,
pPresentationParameters, ppReturnedDeviceInterface);
if(hrReturn == D3D_OK)
{
unsigned long* pInterface = (unsigned long*)*(unsigned long*)*ppReturnedDeviceInterface;
pBeginScene = (BeginScene_t)DetourFunction((unsigned char*)pInterface[41],
(unsigned char*)&nBeginScene);
pEndScene = (EndScene_t)DetourFunction((unsigned char*)pInterface[42],
(unsigned char*)&nEndScene);
pDrawIndexedPrimitive = (DrawIndexedPrimitive_t)DetourFunction((unsigned char*)pInterface[82],
(unsigned char*)&nDrawIndexedPrimitive);
pSetStreamSource = (SetStreamSource_t)DetourFunction((unsigned char*)pInterface[100],
(unsigned char*)&nSetStreamSource);
}
return hrReturn;
}
//=====================================================================================
DETOUR_TRAMPOLINE(LPDIRECT3D9 WINAPI pDirect3DCreate9(unsigned int SDKVersion), Direct3DCreate9);
LPDIRECT3D9 WINAPI nDirect3DCreate9(unsigned int SDKVersion)
{
LPDIRECT3D9 pDirect3D = pDirect3DCreate9(SDKVersion);
if(pDirect3D != NULL)
{
unsigned long* ulObject = (unsigned long*)pDirect3D;
ulObject = (unsigned long*)ulObject[0];
*(unsigned long*)&pCreateDevice = ulObject[16];
unsigned long ulProtect;
VirtualProtect(&ulObject[16], 4, PAGE_EXECUTE_READWRITE, &ulProtect);
*(unsigned long*)&ulObject[16] = (unsigned long)nCreateDevice;
VirtualProtect(&ulObject[16], 4, ulProtect, &ulProtect);
}
DetourRemove((unsigned char*)pDirect3DCreate9, (unsigned char*)nDirect3DCreate9);
return pDirect3D;
}
//=====================================================================================
unsigned int APIENTRY DllMain(HMODULE hModule, unsigned long ulReason, void* vpReserved)
{
if(ulReason == DLL_PROCESS_ATTACH)
{
unsigned int uiReturn = DetourFunctionWithTrampoline((unsigned char*)pDirect3DCreate9,
(unsigned char*)nDirect3DCreate9);
return uiReturn;
}
return 0;
}
Unless you use your draw text function to print the contents of cFrameRate, cResolution and cTimeAndDate then you wont see anything... You construct the strings using sprintf and strftime but you never use them...
From looking at your additions i see you trying to print text one time... Does the below work?
pD3DFont = new CD3DFont("Arial", 8);
pD3DFont->InitDeviceObjects(pDevice);
pD3DFont->RestoreDeviceObjects();
Hmm...does Roverturbo's hook do some resetting as a part of his detouring that is say, different than Azorbix'x starter kit? This would make sense since the starter kit works simply by setting up the font in BeginScene() and printing it in EndScene() and Roverturbo's requires the Reset() to be hooked as well.
Hmm, you shouldn't need to hook reset to get any font to work...
The reason most people hook reset is because when you press alt + tab to minimize the game window all video memory resources are released and the device is reset.
Calling the ID3DXFONT interface functions OnLostDevice and OnResetDevice in reset will re-acquire resources when the window is restored stopping a lock up occurring.
__________________
I've learned that something constructive comes from every defeat.
Sometimes i say things i shouldn't, and sometimes i say what other people are thinking.
Real programmer's don't document, if it was hard to write, it should be hard to understand.
First learn computer science and all the theory, next develop a programming style, then forget all that and just hack.
