Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


need tips for hook d3d9

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
nvz
Newbie cheater
Reputation: 0

Joined: 02 Jul 2016
Posts: 21

PostPosted: Thu Aug 31, 2017 5:08 am    Post subject: need tips for hook d3d9 Reply with quote

hi, i am trying to hook d3d9 in a game (single player, no cheating), i am using the code of the d3dprologger.dll, it has the source code avalaible. The dll is very good and works perfectly on 99% percent of the games, except obviously in the one i am trying to mod. However the only problem is to draw on screen, the dll injects correctly and i can use code like:

pDevice->SetRenderState(D3DRS_ZENABLE, D3DZB_FALSE);

to disable z buffering, and it works correctly in the game. I think they draw
the backbuffer in some unusual way, so the things that i draw on the screen
dont show. Any tips on how to proceed? I think i should be able for example
to draw some models in the same color, but i dont know yet the correct code.
Back to top
View user's profile Send private message
atom0s
Moderator
Reputation: 198

Joined: 25 Jan 2006
Posts: 8516
Location: 127.0.0.1

PostPosted: Thu Aug 31, 2017 6:33 pm    Post subject: Reply with quote

Drawing is best done in either EndScene or Present. Also keep in mind that games can use multiple BeginScene/EndScene calls per frame so you cannot rely on hooking EndScene and assuming that it's the last call in the chain.

Something you can do is test what the rendering surface is and compare it to the back buffer to ensure the rendering is happening to the back buffer.

Code:
HRESULT __stdcall newIDirect3DDevice8::EndScene(void)
{
    // Obtain the render target..
    if (SUCCEEDED(this->m_Direct3DDevice8->GetBackBuffer(0, D3DBACKBUFFER_TYPE_MONO, &this->m_BackBuffer)) &&
        SUCCEEDED(this->m_Direct3DDevice8->GetRenderTarget(&this->m_RenderTarget)))
    {
        if (this->m_BackBuffer == this->m_RenderTarget)
        {
            // Do your rendering here..
        }
    }

    // Cleanup the objects..
    SAFE_RELEASE(this->m_RenderTarget);
    SAFE_RELEASE(this->m_BackBuffer);
 
    //End the scene..
    return this->m_Direct3DDevice8->EndScene();
}


Another method is just drawing your code inside of present before it is actually called. Hook Present, do your drawing code first, then call the original Present function.

These are the two methods I use personally and have never had issues. The method I choose depends on the game and how rendering works for certain things. And if I plan to extend my stuff to include enhanced effects and such.

_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
nvz
Newbie cheater
Reputation: 0

Joined: 02 Jul 2016
Posts: 21

PostPosted: Sat Sep 02, 2017 3:18 am    Post subject: Reply with quote

ok, so i created a test application and traced the code after:

d3ddev->Present(NULL, NULL, NULL, NULL);

in cheat engine it shows that it goes to:
d3d9.Direct3DShaderValidatorCreate9+AAB5 - 8B FF - mov edi,edi

then i injected there the code that draws text and it works well. Is this
what i should do with the game? (the font is already created in my
test application). Thanks for the help!

pushad
push [Win32Project1.fontColor]
mov eax,[Win32Project1.m_font]

mov edx,MyMemory

//text position
mov [edx],00000014
mov [edx+8],00000690
mov [edx+4],00000024
mov [edx+0c],000000DC

push 00
push edx
push -01
//text string
push Win32Project1.exe+317C

mov ecx,[eax]
push 00
push eax
call dword ptr [ecx+38]

popad
Back to top
View user's profile Send private message
atom0s
Moderator
Reputation: 198

Joined: 25 Jan 2006
Posts: 8516
Location: 127.0.0.1

PostPosted: Sat Sep 02, 2017 8:39 pm    Post subject: Reply with quote

Whichever works best for you and your end goal. There are a lot of different ways to hook Direct3D related games, each have their benefits and downsides in terms of their use. One of the bigger issues tends to be avoiding anti-cheat detecting when doing Direct3D hooks.

Other options you have are:
- VTable hooking.
- Direct3D wrapping via injection (ie. Hook Direct3DCreate9 and wrap/override the returned pointer.)
- Direct3D proxying by creating a fake d3d9.dll to place in the games folder.
- Mid-function hooking.
- Game engine hooking.

Most anti-cheats have relaxed on the detection of these types of things since some can be used for legit programs such as screen recording/streaming applications. But which ever option works best for you is fine.

_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
nvz
Newbie cheater
Reputation: 0

Joined: 02 Jul 2016
Posts: 21

PostPosted: Sun Sep 03, 2017 4:31 am    Post subject: Reply with quote

update: i used cheat engine to create a font and drawing it, i put the code
in the "d3d present", which on my computer is:
d3d9.Direct3DShaderValidatorCreate9+AABC

it works correctly in my test app, in Tabletop Simulator and in Moebius, but
still doesnt in my game (don bradman cricket 14, which has a lot of antipiracy stuff, but i dont think it has any anticheat). In some of these games d3dx9.dll was not avalaible, so i had first to inject the d3dprologger.dll to make it appear (dont know how this stuff works).

Also i noticed that one of the game that i tested (i think it was COD4), wasnt using the "d3d present" code at
d3d9.Direct3DShaderValidatorCreate9+AABC

maybe there are other address? however don bradman 14 certainly uses
that address, indeed if i "nop" that code the images freezes until i restore the original code. I am a little clueless: the game is accessing my code, it reads my string, but nothing is drawn. It seems it is still able to draw somewhere. Even if i disable all the graphics (it's easy, the game uses LUA), all i see is a black screen.
Back to top
View user's profile Send private message
nvz
Newbie cheater
Reputation: 0

Joined: 02 Jul 2016
Posts: 21

PostPosted: Mon Sep 04, 2017 4:02 am    Post subject: Reply with quote

ok, managed to get it working, very happy about that.

It seems that the "d3d present" for this game was at:
d3d9.Direct3DShaderValidatorCreate9+AB8D - 8B FF - mov edi,edi

i hooked it at d3d9.Direct3DShaderValidatorCreate9+ABF3
and it works very well it seems, i can draw the text.

It seems this address is in vTable[38], not sure what function is though.
The "d3d present" address i think is at vTable[17].
Atomos do you think the various "hook dll" avalaible would have found this address automatically?
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites