 Direct3D9 Interface Hooking
By: Roverturbo I was planning on maybe releasing some hacks but atm i just don't have the time, so i'm releasing one of my undetected d3d9 bases as i have other methods to fall back on.
BeginScene, EndScene, DrawIndexedPrimitive and SetStreamSource are already hooked as a example..
I'm sure once you have read the source and understand it, you wont have any problems adding other member functions using d3d9.h as a reference to the device interface. Code: //=====================================================================================
/* Roverturbo | www.unknowncheats.com | www.darkhex.us */
#include <windows.h>
#include <detours.h>
#include <d3d9.h>
#pragma comment(lib, "d3d9.lib")
//=====================================================================================
typedef HRESULT (WINAPI* BeginScene_t)(LPDIRECT3DDEVICE9 pDevice);
BeginScene_t pBeginScene;
HRESULT WINAPI nBeginScene(LPDIRECT3DDEVICE9 pDevice)
{
return pBeginScene(pDevice);
}
//=====================================================================================
typedef HRESULT (WINAPI* EndScene_t)(LPDIRECT3DDEVICE9 pDevice);
EndScene_t pEndScene;
HRESULT WINAPI nEndScene(LPDIRECT3DDEVICE9 pDevice)
{
return pEndScene(pDevice);
}
//=====================================================================================
typedef HRESULT (WINAPI* DrawIndexedPrimitive_t)(LPDIRECT3DDEVICE9 pDevice, D3DPRIMITIVETYPE pType,
int iBaseIndex, unsigned int uiMinIndex, unsigned int uiNumVertices,
unsigned int uiStartIndex, unsigned int uiPrimitiveCount);
DrawIndexedPrimitive_t pDrawIndexedPrimitive;
HRESULT WINAPI nDrawIndexedPrimitive(LPDIRECT3DDEVICE9 pDevice, D3DPRIMITIVETYPE pType, int iBaseIndex,
unsigned int uiMinIndex, unsigned int uiNumVertices, unsigned int uiStartIndex,
unsigned int uiPrimitiveCount)
{
return pDrawIndexedPrimitive(pDevice, pType, iBaseIndex, uiMinIndex, uiNumVertices, uiStartIndex, uiPrimitiveCount);
}
//=====================================================================================
typedef HRESULT (WINAPI* SetStreamSource_t)(LPDIRECT3DDEVICE9 pDevice, unsigned int uiStreamNumber,
LPDIRECT3DVERTEXBUFFER9 pStreamData, unsigned int uiOffsetInBytes,
unsigned int uiStride);
SetStreamSource_t pSetStreamSource;
HRESULT WINAPI nSetStreamSource(LPDIRECT3DDEVICE9 pDevice, unsigned int uiStreamNumber,
LPDIRECT3DVERTEXBUFFER9 pStreamData, unsigned int uiOffsetInBytes,
unsigned int uiStride)
{
return pSetStreamSource(pDevice, uiStreamNumber, pStreamData, uiOffsetInBytes, uiStride);
}
//=====================================================================================
typedef HRESULT (WINAPI* CreateDevice_t)(void* pDirect3D, unsigned int uiAdapter, D3DDEVTYPE pDeviceType,
HWND hFocusWindow, unsigned long ulBehaviorFlags,
D3DPRESENT_PARAMETERS* pPresentationParameters,
LPDIRECT3DDEVICE9* ppReturnedDeviceInterface);
CreateDevice_t pCreateDevice;
HRESULT WINAPI nCreateDevice(void* pDirect3D, unsigned int uiAdapter, D3DDEVTYPE pDeviceType, HWND hFocusWindow,
unsigned long ulBehaviorFlags, D3DPRESENT_PARAMETERS* pPresentationParameters,
LPDIRECT3DDEVICE9* ppReturnedDeviceInterface)
{
HRESULT hrReturn = pCreateDevice(pDirect3D, uiAdapter, pDeviceType, hFocusWindow, ulBehaviorFlags,
pPresentationParameters, ppReturnedDeviceInterface);
if(hrReturn == D3D_OK)
{
unsigned long* pInterface = (unsigned long*)*(unsigned long*)*ppReturnedDeviceInterface;
pBeginScene = (BeginScene_t)DetourFunction((unsigned char*)pInterface[41],
(unsigned char*)&nBeginScene);
pEndScene = (EndScene_t)DetourFunction((unsigned char*)pInterface[42],
(unsigned char*)&nEndScene);
pDrawIndexedPrimitive = (DrawIndexedPrimitive_t)DetourFunction((unsigned char*)pInterface[82],
(unsigned char*)&nDrawIndexedPrimitive);
pSetStreamSource = (SetStreamSource_t)DetourFunction((unsigned char*)pInterface[100],
(unsigned char*)&nSetStreamSource);
}
return hrReturn;
}
//=====================================================================================
DETOUR_TRAMPOLINE(LPDIRECT3D9 WINAPI pDirect3DCreate9(unsigned int SDKVersion), Direct3DCreate9);
LPDIRECT3D9 WINAPI nDirect3DCreate9(unsigned int SDKVersion)
{
LPDIRECT3D9 pDirect3D = pDirect3DCreate9(SDKVersion);
if(pDirect3D != NULL)
{
unsigned long* ulObject = (unsigned long*)pDirect3D;
ulObject = (unsigned long*)ulObject[0];
*(unsigned long*)&pCreateDevice = ulObject[16];
unsigned long ulProtect;
VirtualProtect(&ulObject[16], 4, PAGE_EXECUTE_READWRITE, &ulProtect);
*(unsigned long*)&ulObject[16] = (unsigned long)nCreateDevice;
VirtualProtect(&ulObject[16], 4, ulProtect, &ulProtect);
}
DetourRemove((unsigned char*)pDirect3DCreate9, (unsigned char*)nDirect3DCreate9);
return pDirect3D;
}
//=====================================================================================
unsigned int APIENTRY DllMain(HMODULE hModule, unsigned long ulReason, void* vpReserved)
{
if(ulReason == DLL_PROCESS_ATTACH)
{
unsigned int uiReturn = DetourFunctionWithTrampoline((unsigned char*)pDirect3DCreate9,
(unsigned char*)nDirect3DCreate9);
return uiReturn;
}
return 0;
}
If you don't know how to use it then you need to learn some basic c++ and direct3d...
Please don't post my stuff on other sites, you can link to this post only...
By using this source you automatically agree to not use it in any form of pay hack...
Finally, thanks to msdn, directx sdk and google. |
Linear Mode
