Hi, I downloaded KOS and using Roverturbos D3D9 inteface hook I made this wallhack, as I can only really do D3D this is it, I hope this can be a platform on which you guys can build on and share.
Most characters are logged but as the game has a LOD feature I couldn't log all of them.
Credits: Roverturbo, Me and everyone else who has contributed to this wallhack
PHP Code:
#include <windows.h>
#include <d3d9.h>
#pragma comment(lib, "d3d9.lib")
#include <d3dx9.h>
#pragma comment(lib, "d3dx9.lib")
float ScreenCenterX = 0.0f;
float ScreenCenterY = 0.0f;
bool Xhair;
bool Chams;
int texnum;
int m_Stride;
LPDIRECT3DTEXTURE9 Red,Yellow,Green,Blue,Purple,Pink,Orange,Black,White;
D3DCOLOR colRed = D3DCOLOR_XRGB(255, 0, 0);
D3DVIEWPORT9 g_ViewPort;
typedef HRESULT (WINAPI* CreateDevice_Prototype) (LPDIRECT3D9, UINT, D3DDEVTYPE, HWND, DWORD, D3DPRESENT_PARAMETERS*, LPDIRECT3DDEVICE9*);
typedef HRESULT (WINAPI* Reset_Prototype) (LPDIRECT3DDEVICE9, D3DPRESENT_PARAMETERS*);
typedef HRESULT (WINAPI* EndScene_Prototype) (LPDIRECT3DDEVICE9);
typedef HRESULT (WINAPI* DrawIndexedPrimitive_Prototype)(LPDIRECT3DDEVICE9, D3DPRIMITIVETYPE, INT, UINT, UINT, UINT, UINT);
CreateDevice_Prototype CreateDevice_Pointer = NULL;
Reset_Prototype Reset_Pointer = NULL;
EndScene_Prototype EndScene_Pointer = NULL;
DrawIndexedPrimitive_Prototype DrawIndexedPrimitive_Pointer = NULL;
HRESULT WINAPI Direct3DCreate9_VMTable (VOID);
HRESULT WINAPI CreateDevice_Detour (LPDIRECT3D9, UINT, D3DDEVTYPE, HWND, DWORD, D3DPRESENT_PARAMETERS*, LPDIRECT3DDEVICE9*);
HRESULT WINAPI Reset_Detour (LPDIRECT3DDEVICE9, D3DPRESENT_PARAMETERS*);
HRESULT WINAPI EndScene_Detour (LPDIRECT3DDEVICE9);
HRESULT WINAPI DrawIndexedPrimitive_Detour(LPDIRECT3DDEVICE9, D3DPRIMITIVETYPE, INT, UINT, UINT, UINT, UINT);
DWORD WINAPI VirtualMethodTableRepatchingLoopToCounterExtensionRepatching(LPVOID);
PDWORD Direct3D_VMTable = NULL;
BOOL WINAPI DllMain(HINSTANCE hinstModule, DWORD dwReason, LPVOID lpvReserved)
{
if(dwReason == DLL_PROCESS_ATTACH)
{
DisableThreadLibraryCalls(hinstModule);
if(Direct3DCreate9_VMTable() == D3D_OK)
return TRUE;
}
return FALSE;
}
HRESULT WINAPI Direct3DCreate9_VMTable(VOID)
{
LPDIRECT3D9 Direct3D_Object = Direct3DCreate9(D3D_SDK_VERSION);
if(Direct3D_Object == NULL)
return D3DERR_INVALIDCALL;
Direct3D_VMTable = (PDWORD)*(PDWORD)Direct3D_Object;
Direct3D_Object->Release();
DWORD dwProtect;
if(VirtualProtect(&Direct3D_VMTable[16], sizeof(DWORD), PAGE_READWRITE, &dwProtect) != 0)
{
*(PDWORD)&CreateDevice_Pointer = Direct3D_VMTable[16];
*(PDWORD)&Direct3D_VMTable[16] = (DWORD)CreateDevice_Detour;
if(VirtualProtect(&Direct3D_VMTable[16], sizeof(DWORD), dwProtect, &dwProtect) == 0)
return D3DERR_INVALIDCALL;
}
else
return D3DERR_INVALIDCALL;
return D3D_OK;
}
HRESULT GenerateTexture(IDirect3DDevice9 *pD3Ddev, IDirect3DTexture9 **ppD3Dtex, DWORD colour32)
{
if( FAILED(pD3Ddev->CreateTexture(8, 8, 1, 0, D3DFMT_A4R4G4B4, D3DPOOL_MANAGED, ppD3Dtex, NULL)) )
return E_FAIL;
WORD colour16 = ((WORD)((colour32>>28)&0xF)<<12)
|(WORD)(((colour32>>20)&0xF)<<8)
|(WORD)(((colour32>>12)&0xF)<<4)
|(WORD)(((colour32>>4)&0xF)<<0);
D3DLOCKED_RECT d3dlr;
(*ppD3Dtex)->LockRect(0, &d3dlr, 0, 0);
WORD *pDst16 = (WORD*)d3dlr.pBits;
for(int xy=0; xy < 8*8; xy++)
*pDst16++ = colour16;
(*ppD3Dtex)->UnlockRect(0);
return S_OK;
}
HRESULT WINAPI CreateDevice_Detour(LPDIRECT3D9 Direct3D_Object, UINT Adapter, D3DDEVTYPE DeviceType, HWND FocusWindow,
DWORD BehaviorFlags, D3DPRESENT_PARAMETERS* PresentationParameters,
LPDIRECT3DDEVICE9* Returned_Device_Interface)
{
HRESULT Returned_Result = CreateDevice_Pointer(Direct3D_Object, Adapter, DeviceType, FocusWindow, BehaviorFlags,
PresentationParameters, Returned_Device_Interface);
DWORD dwProtect;
if(VirtualProtect(&Direct3D_VMTable[16], sizeof(DWORD), PAGE_READWRITE, &dwProtect) != 0)
{
*(PDWORD)&Direct3D_VMTable[16] = *(PDWORD)&CreateDevice_Pointer;
CreateDevice_Pointer = NULL;
if(VirtualProtect(&Direct3D_VMTable[16], sizeof(DWORD), dwProtect, &dwProtect) == 0)
return D3DERR_INVALIDCALL;
}
else
return D3DERR_INVALIDCALL;
if(Returned_Result == D3D_OK)
{
Direct3D_VMTable = (PDWORD)*(PDWORD)*Returned_Device_Interface;
*(PDWORD)&Reset_Pointer = (DWORD)Direct3D_VMTable[16];
*(PDWORD)&EndScene_Pointer = (DWORD)Direct3D_VMTable[42];
*(PDWORD)&DrawIndexedPrimitive_Pointer = (DWORD)Direct3D_VMTable[82];
if(CreateThread(NULL, 0, VirtualMethodTableRepatchingLoopToCounterExtensionRepatching, NULL, 0, NULL) == NULL)
return D3DERR_INVALIDCALL;
}
return Returned_Result;
}
HRESULT WINAPI Reset_Detour(LPDIRECT3DDEVICE9 Device_Interface, D3DPRESENT_PARAMETERS* PresentationParameters)
{
return Reset_Pointer(Device_Interface, PresentationParameters);
}
HRESULT WINAPI EndScene_Detour(LPDIRECT3DDEVICE9 Device_Interface)
{
Device_Interface->GetViewport(&g_ViewPort);
ScreenCenterX = (float)g_ViewPort.Width / 2;
ScreenCenterY = (float)g_ViewPort.Height / 2;
GenerateTexture(Device_Interface, &Red, D3DCOLOR_ARGB (255,255,0 ,0 ));
GenerateTexture(Device_Interface, &Yellow, D3DCOLOR_ARGB (255,255,255,0 ));
GenerateTexture(Device_Interface, &Green, D3DCOLOR_ARGB (255,0 ,255,0 ));
GenerateTexture(Device_Interface, &Blue, D3DCOLOR_ARGB (255,0 ,0 ,255));
GenerateTexture(Device_Interface, &Purple, D3DCOLOR_ARGB (255,102,0 ,153));
GenerateTexture(Device_Interface, &Pink, D3DCOLOR_ARGB (255,255,20 ,147));
GenerateTexture(Device_Interface, &Orange, D3DCOLOR_ARGB (255,255,165,0 ));
GenerateTexture(Device_Interface, &Black, D3DCOLOR_ARGB (255,0 ,0 ,0 ));
GenerateTexture(Device_Interface, &White, D3DCOLOR_ARGB (255,255,255,255));
if (Xhair)
{
D3DRECT rec2 = {ScreenCenterX-8, ScreenCenterY, ScreenCenterX+8, ScreenCenterY+1};
D3DRECT rec3 = {ScreenCenterX, ScreenCenterY-8, ScreenCenterX+1, ScreenCenterY+8};
Device_Interface->Clear(1, &rec2, D3DCLEAR_TARGET,colRed, 0, 0);
Device_Interface->Clear(1, &rec3, D3DCLEAR_TARGET,colRed, 0, 0);
}
if(GetAsyncKeyState(VK_F1)&1){Xhair=!Xhair;}
if(GetAsyncKeyState(VK_F2)&1){Chams=!Chams;}
return EndScene_Pointer(Device_Interface);
}
HRESULT WINAPI DrawIndexedPrimitive_Detour(LPDIRECT3DDEVICE9 Device_Interface, D3DPRIMITIVETYPE Type, INT BaseIndex,
UINT MinIndex, UINT NumVertices, UINT StartIndex, UINT PrimitiveCount)
{
LPDIRECT3DVERTEXBUFFER9 Stream_Data;
UINT Offset = 0;
UINT Stride = 0;
if(Device_Interface->GetStreamSource(0, &Stream_Data, &Offset, &Stride) == D3D_OK)
Stream_Data->Release();
texnum=(NumVertices*100000)+PrimitiveCount;
if (Chams)
{
if(m_Stride==64 &&
texnum==38100636||texnum==8600144||//Head
texnum==160502262||texnum==173701916||texnum==233202809||texnum==155102162||texnum==243202958||texnum==113501506||texnum==102201072)//Body
{
Device_Interface->SetRenderState(D3DRS_ZENABLE, D3DZB_FALSE);
Device_Interface->SetRenderState(D3DRS_ZFUNC,D3DCMP_NEVER);
Device_Interface->SetTexture(0,Pink);
DrawIndexedPrimitive_Pointer(Device_Interface, Type, BaseIndex, MinIndex, NumVertices, StartIndex, PrimitiveCount);
Device_Interface->SetRenderState(D3DRS_ZENABLE, D3DZB_TRUE);
Device_Interface->SetRenderState(D3DRS_ZFUNC,D3DCMP_LESSEQUAL);
Device_Interface->SetTexture(0,Orange);
}
}
return DrawIndexedPrimitive_Pointer(Device_Interface, Type, BaseIndex, MinIndex, NumVertices, StartIndex, PrimitiveCount);
}
DWORD WINAPI VirtualMethodTableRepatchingLoopToCounterExtensionRepatching(LPVOID Param)
{
UNREFERENCED_PARAMETER(Param);
while(1)
{
Sleep(100);
*(PDWORD)&Direct3D_VMTable[42] = (DWORD)EndScene_Detour;
*(PDWORD)&Direct3D_VMTable[82] = (DWORD)DrawIndexedPrimitive_Detour;
*(PDWORD)&Direct3D_VMTable[16] = (DWORD)Reset_Detour;
}
return 1;
}
KoS Wallhack 
Linear Mode
