onlinegamehacking@forumn.com


    [Release]D3Dhook

    Share
    avatar
    OGHgamer
    PROGRAMMER
    PROGRAMMER

    Posts : 64
    Join date : 2012-11-02

    [Release]D3Dhook

    Post by OGHgamer on Fri Jun 28, 2013 2:01 pm





    How To Make A D3D Hook [ Complete Tutorial ]
    First of all i m not like those who afraid on giving a hook..i don't care about this i care bout helping people
    First of all include those [they may have smth rong if any corrections i suggest @Swag to tell me]
    Code:
    #include <windows.h>
    #include <stdio.h>
    #include <stdlib.h>
    #include <d3d9.h>
    #include <d3dx9.h>

    okay first lets start naked function 
    Code:
    DWORD* DIP_hook = NULL;
    DWORD DIP_return
    = NULL;

    bool wallhack = true;

    void myDIP(LPDIRECT3DDEVICE9 pDevice, D3DPRIMITIVETYPE Type,INT BaseVertexIndex,UINT MinVertexIndex,UINT NumVertices,UINT startIndex,UINT primCount)
    {
    IDirect3DVertexBuffer9* pStreamData = NULL;
    UINT iOffsetInBytes
    ,iStride;
    pDevice
    ->GetStreamSource(0,&pStreamData,&iOffsetInBytes,&iStride);

    if(wallhack)
    if ((iStride==40)||(iStride==44))
    {
    pDevice
    ->SetRenderState(D3DRS_ZENABLE, D3DZB_FALSE );
    pDevice
    ->SetRenderState(D3DRS_ZFUNC, D3DCMP_NEVER);
    }
    }

    _declspec
    (naked) void dwmyDIP()
    {
    __asm
    {
    //Call myDIP
    MOV EAX
    , DWORD PTR [ESP+40];
    PUSH EAX
    ;
    MOV EAX
    , DWORD PTR [ESP+40];
    PUSH EAX
    ;
    MOV EAX
    , DWORD PTR [ESP+40];
    PUSH EAX
    ;
    MOV EAX
    , DWORD PTR [ESP+40];
    PUSH EAX
    ;
    MOV EAX
    , DWORD PTR [ESP+40];
    PUSH EAX
    ;
    MOV EAX
    , DWORD PTR [ESP+40];
    PUSH EAX
    ;
    MOV EAX
    , DWORD PTR [ESP+40];
    PUSH EAX
    ;
    CALL myDIP
    ;
    ADD ESP
    , 28;
    Then Restore EAX original value:
    Code:
    MOV EAX,DWORD PTR FS:[0];
    Then put back the Original code:
    Code:
    PUSH EAX;
    SUB ESP
    ,0x20;
    Then Return ur JMP Back:
    Code:
    JMP DIP_return;
    Then Close ur naked Function:
    Code:
     }
    }
    Then We Find The Pattern For Our Wall Hack:
    Code:
    DWORD FindPattern(DWORD dwAddress,DWORD dwLen,BYTE *bMask,char * szMask)
    {
    for(DWORD i=0; i<dwLen; i++)
    if (bCompare((BYTE*)(dwAddress+i),bMask,szMask)) return (DWORD)(dwAddress+i);
    return 0;
    }
    Then We start our 5 Bytes Hunting:
    Code:
    void MakeJMP(BYTE *pAddress, DWORD dwJumpTo, DWORD dwLen)
    {
    DWORD dwOldProtect
    , dwBkup, dwRelAddr;
    Then we give the paged memory read/write permissions:
    Code:
     VirtualProtect(pAddress, dwLen, PAGE_EXECUTE_READWRITE, &dwOldProtect);
    Then We calculate the distance between our address and our target location and subtract the 5bytes, which is the size of the JMP:
    Code:
     dwRelAddr = (DWORD) (dwJumpTo - (DWORD) pAddress) - 5;
    Then We overwrite the byte at pAddress with the jmp opcode (0xE9):
    Code:
     *pAddress = 0xE9;
    Then We overwrite the next 4 bytes (which is the size of a DWORD) with the dwRelAddr:
    Code:
    *((DWORD *)(pAddress + 0x1)) = dwRelAddr;

    Then we overwrite the remaining bytes with the NOP opcode (0x90):
    Code:
    for(DWORD x = 0x5; x < dwLen; x++) *(pAddress + x) = 0x90;
    Then we restore the paged memory permissions saved in dwOldProtect:
    Code:
    VirtualProtect(pAddress, dwLen, dwOldProtect, &dwBkup);
    Then We close the JMPHook:
    Code:
      
     return;

    }
    Then Create Our Hack Thread:thx to @ShaShiMi for telling me how to put the wallhack
    Code:
    void WallHack()
    {
    LoadLibraryA("d3d9.dll");
    DWORD D3D9
    , adr, *VTable;
    do
    {
    D3D9
    = (DWORD)LoadLibraryA("d3d9.dll");
    Sleep(100);
    } while (D3D9 == NULL);

    adr
    = FindPattern(D3D9, 0x128000, (PBYTE)"\xC7\x06\x00\x00\x00\x00\x89\x86\x00\x00\x00\x00\x89\x8", "xx????xx????xx");
    if (adr) {
    memcpy
    (&VTable,(void *)(adr+2),4);

    MakeJMP((BYTE *)0x4FF51658, (DWORD)dwmyDIP, 0x6);
    DWORD dwJMPback
    = 0x4FF51658;
    }
    }
    Then Finally The DLLMAIN:
    Code:
     //then put one ur self Smile

    Credits to:
    ShaShiMi
    Classfied™️
    Trismund
    PHO Team 


      Current date/time is Mon Nov 20, 2017 9:22 am