hook pembuatan WallHack
+3
abenkCB
luvforaba
Agoeng_Jr
7 posters
:: C++
Halaman 1 dari 1
hook pembuatan WallHack
Detour hook
- Spoiler:
- //////////////////////////////////////////////////////////////////////////////
//
// File: detours.h
// Module: detours.lib
//
// Detours for binary functions. Version 1.5 (Build 46)
//
// Copyright 1995-2001, Microsoft Corporation
//
#pragma once
#ifndef _DETOURS_H_
#define _DETOURS_H_
#pragma comment(lib, "detours")
//////////////////////////////////////////////////////////////////////////////
//
#ifndef GUID_DEFINED
#define GUID_DEFINED
typedef struct _GUID
{
DWORD Data1;
WORD Data2;
WORD Data3;
BYTE Data4[ 8 ];
} GUID;
#endif // !GUID_DEFINED
#if defined(__cplusplus)
#ifndef _REFGUID_DEFINED
#define _REFGUID_DEFINED
#define REFGUID const GUID &
#endif // !_REFGUID_DEFINED
#else // !__cplusplus
#ifndef _REFGUID_DEFINED
#define _REFGUID_DEFINED
#define REFGUID const GUID * const
#endif // !_REFGUID_DEFINED
#endif // !__cplusplus
//
//////////////////////////////////////////////////////////////////////////////
#ifdef __cplusplus
extern "C" {
#endif // __cplusplus
/////////////////////////////////////////////////// Instruction Target Macros.
//
#define DETOUR_INSTRUCTION_TARGET_NONE ((PBYTE)0)
#define DETOUR_INSTRUCTION_TARGET_DYNAMIC ((PBYTE)~0ul)
/////////////////////////////////////////////////////////// Trampoline Macros.
//
// DETOUR_TRAMPOLINE(trampoline_prototype, target_name)
//
// The naked trampoline must be at least DETOUR_TRAMPOLINE_SIZE bytes.
//
#define DETOUR_TRAMPOLINE_SIZE 32
#define DETOUR_SECTION_HEADER_SIGNATURE 0x00727444 // "Dtr\0"
#define DETOUR_TRAMPOLINE(trampoline,target) \
static PVOID __fastcall _Detours_GetVA_##target(VOID) \
{ \
return ⌖ \
} \
\
__declspec(naked) trampoline \
{ \
__asm { nop };\
__asm { nop };\
__asm { call _Detours_GetVA_##target };\
__asm { jmp eax };\
__asm { ret };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
}
#define DETOUR_TRAMPOLINE_EMPTY(trampoline) \
__declspec(naked) trampoline \
{ \
__asm { nop };\
__asm { nop };\
__asm { xor eax, eax };\
__asm { mov eax, [eax] };\
__asm { ret };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
}
/////////////////////////////////////////////////////////// Binary Structures.
//
#pragma pack(push,
typedef struct _DETOUR_SECTION_HEADER
{
DWORD cbHeaderSize;
DWORD nSignature;
DWORD nDataOffset;
DWORD cbDataSize;
DWORD nOriginalImportVirtualAddress;
DWORD nOriginalImportSize;
DWORD nOriginalBoundImportVirtualAddress;
DWORD nOriginalBoundImportSize;
DWORD nOriginalIatVirtualAddress;
DWORD nOriginalIatSize;
DWORD nOriginalSizeOfImage;
DWORD nReserve;
} DETOUR_SECTION_HEADER, *PDETOUR_SECTION_HEADER;
typedef struct _DETOUR_SECTION_RECORD
{
DWORD cbBytes;
DWORD nReserved;
GUID guid;
} DETOUR_SECTION_RECORD, *PDETOUR_SECTION_RECORD;
#pragma pack(pop)
#define DETOUR_SECTION_HEADER_DECLARE(cbSectionSize) \
{ \
sizeof(DETOUR_SECTION_HEADER),\
DETOUR_SECTION_HEADER_SIGNATURE,\
sizeof(DETOUR_SECTION_HEADER),\
(cbSectionSize),\
\
0,\
0,\
0,\
0,\
\
0,\
0,\
0,\
0,\
}
///////////////////////////////////////////////////////////// Binary Typedefs.
//
typedef BOOL (CALLBACK *PF_DETOUR_BINARY_BYWAY_CALLBACK)(PVOID pContext,
PCHAR pszFile,
PCHAR *ppszOutFile);
typedef BOOL (CALLBACK *PF_DETOUR_BINARY_FILE_CALLBACK)(PVOID pContext,
PCHAR pszOrigFile,
PCHAR pszFile,
PCHAR *ppszOutFile);
typedef BOOL (CALLBACK *PF_DETOUR_BINARY_SYMBOL_CALLBACK)(PVOID pContext,
DWORD nOrdinal,
PCHAR pszOrigSymbol,
PCHAR pszSymbol,
PCHAR *ppszOutSymbol);
typedef BOOL (CALLBACK *PF_DETOUR_BINARY_FINAL_CALLBACK)(PVOID pContext);
typedef BOOL (CALLBACK *PF_DETOUR_BINARY_EXPORT_CALLBACK)(PVOID pContext,
DWORD nOrdinal,
PCHAR pszName,
PBYTE pbCode);
typedef VOID * PDETOUR_BINARY;
typedef VOID * PDETOUR_LOADED_BINARY;
//////////////////////////////////////////////////////// Trampoline Functions.
//
PBYTE WINAPI DetourFunction(PBYTE pbTargetFunction,
PBYTE pbDetourFunction);
BOOL WINAPI DetourFunctionWithEmptyTrampoline(PBYTE pbTrampoline,
PBYTE pbTarget,
PBYTE pbDetour);
BOOL WINAPI DetourFunctionWithEmptyTrampolineEx(PBYTE pbTrampoline,
PBYTE pbTarget,
PBYTE pbDetour,
PBYTE *ppbRealTrampoline,
PBYTE *ppbRealTarget,
PBYTE *ppbRealDetour);
BOOL WINAPI DetourFunctionWithTrampoline(PBYTE pbTrampoline,
PBYTE pbDetour);
BOOL WINAPI DetourFunctionWithTrampolineEx(PBYTE pbTrampoline,
PBYTE pbDetour,
PBYTE *ppbRealTrampoline,
PBYTE *ppbRealTarget);
BOOL WINAPI DetourRemove(PBYTE pbTrampoline, PBYTE pbDetour);
////////////////////////////////////////////////////////////// Code Functions.
//
PBYTE WINAPI DetourFindFunction(PCHAR pszModule, PCHAR pszFunction);
PBYTE WINAPI DetourGetFinalCode(PBYTE pbCode, BOOL fSkipJmp);
PBYTE WINAPI DetourCopyInstruction(PBYTE pbDst, PBYTE pbSrc, PBYTE *ppbTarget);
PBYTE WINAPI DetourCopyInstructionEx(PBYTE pbDst,
PBYTE pbSrc,
PBYTE *ppbTarget,
LONG *plExtra);
///////////////////////////////////////////////////// Loaded Binary Functions.
//
HMODULE WINAPI DetourEnumerateModules(HMODULE hModuleLast);
PBYTE WINAPI DetourGetEntryPoint(HMODULE hModule);
BOOL WINAPI DetourEnumerateExports(HMODULE hModule,
PVOID pContext,
PF_DETOUR_BINARY_EXPORT_CALLBACK pfExport);
PBYTE WINAPI DetourFindPayload(HMODULE hModule, REFGUID rguid, DWORD *pcbData);
DWORD WINAPI DetourGetSizeOfPayloads(HMODULE hModule);
///////////////////////////////////////////////// Persistent Binary Functions.
//
BOOL WINAPI DetourBinaryBindA(PCHAR pszFile, PCHAR pszDll, PCHAR pszPath);
BOOL WINAPI DetourBinaryBindW(PWCHAR pwzFile, PWCHAR pwzDll, PWCHAR pwzPath);
#ifdef UNICODE
#define DetourBinaryBind DetourBinaryBindW
#else
#define DetourBinaryBind DetourBinaryBindA
#endif // !UNICODE
PDETOUR_BINARY WINAPI DetourBinaryOpen(HANDLE hFile);
PBYTE WINAPI DetourBinaryEnumeratePayloads(PDETOUR_BINARY pBinary,
GUID *pGuid,
DWORD *pcbData,
DWORD *pnIterator);
PBYTE WINAPI DetourBinaryFindPayload(PDETOUR_BINARY pBinary,
REFGUID rguid,
DWORD *pcbData);
PBYTE WINAPI DetourBinarySetPayload(PDETOUR_BINARY pBinary,
REFGUID rguid,
PBYTE pbData,
DWORD cbData);
BOOL WINAPI DetourBinaryDeletePayload(PDETOUR_BINARY pBinary, REFGUID rguid);
BOOL WINAPI DetourBinaryPurgePayloads(PDETOUR_BINARY pBinary);
BOOL WINAPI DetourBinaryResetImports(PDETOUR_BINARY pBinary);
BOOL WINAPI DetourBinaryEditImports(PDETOUR_BINARY pBinary,
PVOID pContext,
PF_DETOUR_BINARY_BYWAY_CALLBACK pfByway,
PF_DETOUR_BINARY_FILE_CALLBACK pfFile,
PF_DETOUR_BINARY_SYMBOL_CALLBACK pfSymbol,
PF_DETOUR_BINARY_FINAL_CALLBACK pfFinal);
BOOL WINAPI DetourBinaryWrite(PDETOUR_BINARY pBinary, HANDLE hFile);
BOOL WINAPI DetourBinaryClose(PDETOUR_BINARY pBinary);
/////////////////////////////////////////////// First Chance Exception Filter.
//
LPTOP_LEVEL_EXCEPTION_FILTER WINAPI
DetourFirstChanceExceptionFilter(LPTOP_LEVEL_EXCEPTION_FILTER lpTopLevelFilter);
///////////////////////////////////////////////// Create Process & Inject Dll.
//
typedef BOOL (WINAPI *PDETOUR_CREATE_PROCESS_ROUTINEA)
(LPCSTR lpApplicationName,
LPSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes,
LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles,
DWORD dwCreationFlags,
LPVOID lpEnvironment,
LPCSTR lpCurrentDirectory,
LPSTARTUPINFOA lpStartupInfo,
LPPROCESS_INFORMATION lpProcessInformation);
typedef BOOL (WINAPI *PDETOUR_CREATE_PROCESS_ROUTINEW)
(LPCWSTR lpApplicationName,
LPWSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes,
LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles,
DWORD dwCreationFlags,
LPVOID lpEnvironment,
LPCWSTR lpCurrentDirectory,
LPSTARTUPINFOW lpStartupInfo,
LPPROCESS_INFORMATION lpProcessInformation);
BOOL WINAPI DetourCreateProcessWithDllA(LPCSTR lpApplicationName,
LPSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes,
LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles,
DWORD dwCreationFlags,
LPVOID lpEnvironment,
LPCSTR lpCurrentDirectory,
LPSTARTUPINFOA lpStartupInfo,
LPPROCESS_INFORMATION lpProcessInformation,
LPCSTR lpDllName,
PDETOUR_CREATE_PROCESS_ROUTINEA
pfCreateProcessA);
BOOL WINAPI DetourCreateProcessWithDllW(LPCWSTR lpApplicationName,
LPWSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes,
LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles,
DWORD dwCreationFlags,
LPVOID lpEnvironment,
LPCWSTR lpCurrentDirectory,
LPSTARTUPINFOW lpStartupInfo,
LPPROCESS_INFORMATION lpProcessInformation,
LPCWSTR lpDllName,
PDETOUR_CREATE_PROCESS_ROUTINEW
pfCreateProcessW);
#ifdef UNICODE
#define DetourCreateProcessWithDll DetourCreateProcessWithDllW
#define PDETOUR_CREATE_PROCESS_ROUTINE PDETOUR_CREATE_PROCESS_ROUTINEW
#else
#define DetourCreateProcessWithDll DetourCreateProcessWithDllA
#define PDETOUR_CREATE_PROCESS_ROUTINE PDETOUR_CREATE_PROCESS_ROUTINEA
#endif // !UNICODE
BOOL WINAPI DetourContinueProcessWithDllA(HANDLE hProcess, LPCSTR lpDllName);
BOOL WINAPI DetourContinueProcessWithDllW(HANDLE hProcess, LPCWSTR lpDllName);
#ifdef UNICODE
#define DetourContinueProcessWithDll DetourContinueProcessWithDllW
#else
#define DetourContinueProcessWithDll DetourContinueProcessWithDllA
#endif // !UNICODE
//
//////////////////////////////////////////////////////////////////////////////
#ifdef __cplusplus
}
#endif // __cplusplus
/////////////////////////////////////////////////////////////////// Old Names.
//
#define ContinueProcessWithDll DetourContinueProcessWithDll
#define ContinueProcessWithDllA DetourContinueProcessWithDllA
#define ContinueProcessWithDllW DetourContinueProcessWithDllW
#define CreateProcessWithDll DetourCreateProcessWithDll
#define CreateProcessWithDllA DetourCreateProcessWithDllA
#define CreateProcessWithDllW DetourCreateProcessWithDllW
#define DETOUR_TRAMPOLINE_WO_TARGET DETOUR_TRAMPOLINE_EMPTY
#define DetourBinaryPurgePayload DetourBinaryPurgePayloads
#define DetourEnumerateExportsForInstance DetourEnumerateExports
#define DetourEnumerateInstances DetourEnumerateModules
#define DetourFindEntryPointForInstance DetourGetEntryPoint
#define DetourFindFinalCode DetourGetFinalCode
#define DetourFindPayloadInBinary DetourFindPayload
#define DetourGetSizeOfBinary DetourGetSizeOfPayloads
#define DetourRemoveWithTrampoline DetourRemove
#define PCREATE_PROCESS_ROUTINE PDETOUR_CREATE_PROCESS_ROUTINE
#define PCREATE_PROCESS_ROUTINEA PDETOUR_CREATE_PROCESS_ROUTINEA
#define PCREATE_PROCESS_ROUTINEW PDETOUR_CREATE_PROCESS_ROUTINEW
//
//////////////////////////////////////////////// Detours Internal Definitions.
//
#ifdef __cplusplus
#ifdef DETOURS_INTERNAL
//////////////////////////////////////////////////////////////////////////////
//
#ifdef IMAGEAPI // defined by IMAGEHLP.H
typedef LPAPI_VERSION (NTAPI *PF_ImagehlpApiVersionEx)(LPAPI_VERSION AppVersion);
typedef BOOL (NTAPI *PF_SymInitialize)(IN HANDLE hProcess,
IN LPSTR UserSearchPath,
IN BOOL fInvadeProcess);
typedef DWORD (NTAPI *PF_SymSetOptions)(IN DWORD SymOptions);
typedef DWORD (NTAPI *PF_SymGetOptions)(VOID);
typedef BOOL (NTAPI *PF_SymLoadModule)(IN HANDLE hProcess,
IN HANDLE hFile,
IN PSTR ImageName,
IN PSTR ModuleName,
IN DWORD BaseOfDll,
IN DWORD SizeOfDll);
typedef BOOL (NTAPI *PF_SymGetModuleInfo)(IN HANDLE hProcess,
IN DWORD dwAddr,
OUT PIMAGEHLP_MODULE ModuleInfo);
typedef BOOL (NTAPI *PF_SymGetSymFromName)(IN HANDLE hProcess,
IN LPSTR Name,
OUT PIMAGEHLP_SYMBOL Symbol);
typedef BOOL (NTAPI *PF_BindImage)(IN LPSTR pszImageName,
IN LPSTR pszDllPath,
IN LPSTR pszSymbolPath);
typedef struct _DETOUR_SYM_INFO
{
HANDLE hProcess;
HMODULE hImageHlp;
PF_ImagehlpApiVersionEx pfImagehlpApiVersionEx;
PF_SymInitialize pfSymInitialize;
PF_SymSetOptions pfSymSetOptions;
PF_SymGetOptions pfSymGetOptions;
PF_SymLoadModule pfSymLoadModule;
PF_SymGetModuleInfo pfSymGetModuleInfo;
PF_SymGetSymFromName pfSymGetSymFromName;
PF_BindImage pfBindImage;
} DETOUR_SYM_INFO, *PDETOUR_SYM_INFO;
PDETOUR_SYM_INFO DetourLoadImageHlp(VOID);
#endif // IMAGEAPI
//////////////////////////////////////////////////////////////////////////////
//
class CDetourEnableWriteOnCodePage
{
public:
CDetourEnableWriteOnCodePage(PBYTE pbCode, LONG cbCode = DETOUR_TRAMPOLINE_SIZE)
{
m_pbCode = pbCode;
m_cbCode = cbCode;
m_dwOldPerm = 0;
m_hProcess = GetCurrentProcess();
if (m_pbCode && m_cbCode) {
if (!FlushInstructionCache(m_hProcess, pbCode, cbCode)) {
return;
}
if (!VirtualProtect(pbCode,
cbCode,
PAGE_EXECUTE_READWRITE,
&m_dwOldPerm)) {
return;
}
}
}
~CDetourEnableWriteOnCodePage()
{
if (m_dwOldPerm && m_pbCode && m_cbCode) {
DWORD dwTemp = 0;
if (!FlushInstructionCache(m_hProcess, m_pbCode, m_cbCode)) {
return;
}
if (!VirtualProtect(m_pbCode, m_cbCode, m_dwOldPerm, &dwTemp)) {
return;
}
}
}
BOOL SetPermission(DWORD dwPerms)
{
if (m_dwOldPerm && m_pbCode && m_cbCode) {
m_dwOldPerm = dwPerms;
return TRUE;
}
return FALSE;
}
BOOL IsValid(VOID)
{
return m_pbCode && m_cbCode && m_dwOldPerm;
}
private:
HANDLE m_hProcess;
PBYTE m_pbCode;
LONG m_cbCode;
DWORD m_dwOldPerm;
};
//////////////////////////////////////////////////////////////////////////////
//
inline PBYTE DetourGenMovEax(PBYTE pbCode, UINT32 nValue)
{
*pbCode++ = 0xB8;
*((UINT32*&)pbCode)++ = nValue;
return pbCode;
}
inline PBYTE DetourGenMovEbx(PBYTE pbCode, UINT32 nValue)
{
*pbCode++ = 0xBB;
*((UINT32*&)pbCode)++ = nValue;
return pbCode;
}
inline PBYTE DetourGenMovEcx(PBYTE pbCode, UINT32 nValue)
{
*pbCode++ = 0xB9;
*((UINT32*&)pbCode)++ = nValue;
return pbCode;
}
inline PBYTE DetourGenMovEdx(PBYTE pbCode, UINT32 nValue)
{
*pbCode++ = 0xBA;
*((UINT32*&)pbCode)++ = nValue;
return pbCode;
}
inline PBYTE DetourGenMovEsi(PBYTE pbCode, UINT32 nValue)
{
*pbCode++ = 0xBE;
*((UINT32*&)pbCode)++ = nValue;
return pbCode;
}
inline PBYTE DetourGenMovEdi(PBYTE pbCode, UINT32 nValue)
{
*pbCode++ = 0xBF;
*((UINT32*&)pbCode)++ = nValue;
return pbCode;
}
inline PBYTE DetourGenMovEbp(PBYTE pbCode, UINT32 nValue)
{
*pbCode++ = 0xBD;
*((UINT32*&)pbCode)++ = nValue;
return pbCode;
}
inline PBYTE DetourGenMovEsp(PBYTE pbCode, UINT32 nValue)
{
*pbCode++ = 0xBC;
*((UINT32*&)pbCode)++ = nValue;
return pbCode;
}
inline PBYTE DetourGenPush(PBYTE pbCode, UINT32 nValue)
{
*pbCode++ = 0x68;
*((UINT32*&)pbCode)++ = nValue;
return pbCode;
}
inline PBYTE DetourGenPushad(PBYTE pbCode)
{
*pbCode++ = 0x60;
return pbCode;
}
inline PBYTE DetourGenPopad(PBYTE pbCode)
{
*pbCode++ = 0x61;
return pbCode;
}
inline PBYTE DetourGenJmp(PBYTE pbCode, PBYTE pbJmpDst, PBYTE pbJmpSrc = 0)
{
if (pbJmpSrc == 0) {
pbJmpSrc = pbCode;
}
*pbCode++ = 0xE9;
*((INT32*&)pbCode)++ = pbJmpDst - (pbJmpSrc + 5);
return pbCode;
}
inline PBYTE DetourGenCall(PBYTE pbCode, PBYTE pbJmpDst, PBYTE pbJmpSrc = 0)
{
if (pbJmpSrc == 0) {
pbJmpSrc = pbCode;
}
*pbCode++ = 0xE8;
*((INT32*&)pbCode)++ = pbJmpDst - (pbJmpSrc + 5);
return pbCode;
}
inline PBYTE DetourGenBreak(PBYTE pbCode)
{
*pbCode++ = 0xcc;
return pbCode;
}
inline PBYTE DetourGenRet(PBYTE pbCode)
{
*pbCode++ = 0xc3;
return pbCode;
}
inline PBYTE DetourGenNop(PBYTE pbCode)
{
*pbCode++ = 0x90;
return pbCode;
}
#endif DETOURS_INTERAL
#endif // __cplusplus
#endif // _DETOURS_H_
//
//////////////////////////////////////////////////////////////// End of File.
- Spoiler:
- #include <windows.h>
#include <d3d9.h>
#include <d3dx9.h>
typedef HRESULT (WINAPI* tEndScene)(LPDIRECT3DDEVICE9 pDevice);
tEndScene pEndScene = NULL;
D3DCOLOR txtPink = D3DCOLOR_ARGB(255,255, 0, 255);
void Funktionen();
void *DetourFunc(BYTE *src, const BYTE *dst, const int len);
void Rechteck (LPDIRECT3DDEVICE9 Device_t, int X, int Y, int L, int H, D3DCOLOR color)
{
D3DRECT rect = {X, Y, X+L, Y+H};
Device_t->Clear(1, &rect, D3DCLEAR_TARGET, color, 0, 0);
}
HRESULT __stdcall hkEndScene(LPDIRECT3DDEVICE9 pDevice)
{
Rechteck (pDevice, 10, 10, 200, 200, txtPink);
return pEndScene(pDevice);
}
void Funktionen()
{
HMODULE hModule = NULL;
while( !hModule )
{
hModule = GetModuleHandleA( "d3d9.dll" );
Sleep( 100 );
}
DWORD dwOffset;
dwOffset = 0x7542CE09 - (DWORD)hModule;
pEndScene = (tEndScene )DetourFunc((PBYTE) ((DWORD)hModule+dwOffset) ,(PBYTE)hkEndScene, 5);
}
int WINAPI DllMain(HINSTANCE hInst,DWORD reason,LPVOID reserved)
{
switch(reason)
{
case DLL_PROCESS_ATTACH:
CreateThread(0, 0, (LPTHREAD_START_ROUTINE) Funktionen, 0, 0, 0);
break;
}
return true;
}
void *DetourFunc(BYTE *src, const BYTE *dst, const int len)
{
BYTE *jmp = (BYTE*)malloc(len+5);
DWORD dwback;
VirtualProtect(src, len, PAGE_READWRITE, &dwback);
memcpy(jmp, src, len); jmp += len;
jmp[0] = 0xE9;
*(DWORD*)(jmp+1) = (DWORD)(src+len - jmp) - 5;
src[0] = 0xE9;
*(DWORD*)(src+1) = (DWORD)(dst - src) - 5;
VirtualProtect(src, len, dwback, &dwback);
return (jmp-len);
}
Midfunction Hook
Hook.h
- Spoiler:
- // Manager.h Header File - By Shad0w_ //
// Containing Useful functions and classes //
// Shad0w_Base Does contain a lot of public //
// source code from both uc-forum.com and //
// gamedeception.net, feel free to use but //
// remember to credit myself and these sites //
// Thanks to those who helped with this: //
// learn_more //
// ZeaS //
// Thanks also to the following: //
// Azorbix - so much open source code //
// Roverturbo - so much open source code //
// fatboy88 - helping me too many times //
// ----------------------------- //
// File Includes //
// ----------------------------- //
#include <windows.h>
#include <d3d9.h>
// ----------------------------- //
// Class: Framework //
// Helper functions & Memory Ops //
// ----------------------------- //
class Framework
{
public:
VOID WriteMemory(PVOID dwAdd, VOID *val, INT bytes);
VOID WriteFloat(DWORD dwAdd, FLOAT Value);
VOID WriteInteger(DWORD dwAdd, INT Value);
CHAR* ReadText(DWORD dwAdd);
DWORD FindPattern(DWORD dwdwAdd,DWORD dwLen,BYTE *bMask,char * szMask);
HINSTANCE lGetModuleHandle(LPCWSTR szModule);
private:
BOOL bCompare(const BYTE* pData, const BYTE* bMask, const char* szMask);
};
extern Framework *FrmWrk;
// ----------------------------- //
// Thread: Thread_XD3DXINIT //
// DirectX Functions Hooked here //
// ----------------------------- //
INT Thread_XD3DXINIT( );
// ----------------------------- //
// VOID Dx9Hook //
// The purpose of this function //
// is to find the vtable and //
// copy all the offsets into our //
// VTable array. We also get the //
// right alignment for our hook. //
// ----------------------------- //
void Dx9Hook( LPCWSTR D3D9 );
- Spoiler:
- #include "Hook.h"
// ----------------------------- //
// BOOL DllMain //
// Entry Point of our dll //
// ----------------------------- //
BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{
if( fdwReason == 1 ) //1 = On inject to process//
{
CreateThread(NULL, NULL, (LPTHREAD_START_ROUTINE)Thread_XD3DXINIT, NULL, NULL, NULL);
//Thread_XD3DXINIT is now starting to execute code in a new thread//
return TRUE;
}
return FALSE;
}
- Spoiler:
- #include "Hook.h"
Framework *FrmWrk;
VOID Framework::WriteMemory(PVOID dwAdd, void *val, int bytes)
{
DWORD d, ds;
VirtualProtect(dwAdd, bytes, PAGE_EXECUTE_READWRITE, &d);
memcpy(dwAdd, val, bytes);
VirtualProtect(dwAdd,bytes,d,&ds);
}
VOID Framework::WriteFloat(DWORD dwAdd,float Value)
{
*(float*)dwAdd = Value;
}
VOID Framework::WriteInteger(DWORD dwAdd, int Value)
{
*(int*)dwAdd = Value;
}
CHAR* Framework::ReadText(DWORD dwAdd)
{
CHAR* Text = (CHAR*)dwAdd; //reversal of WriteText...
return Text;
}
BOOL Framework::bCompare(const BYTE* pData, const BYTE* bMask, const char* szMask)
{
for(;*szMask;++szMask,++pData,++bMask)
if(*szMask=='x' && *pData!=*bMask) return 0;
return (*szMask) == NULL;
}
DWORD Framework::FindPattern(DWORD dwdwAdd,DWORD dwLen,BYTE *bMask,char * szMask)
{
for(DWORD i=0; i<dwLen; i++)
if (this->bCompare((BYTE*)(dwdwAdd+i),bMask,szMask)) return (DWORD)(dwdwAdd+i);
return 0;
}
HINSTANCE Framework::lGetModuleHandle(LPCWSTR szModule) // szModule Nama Game
{
HINSTANCE hModule = NULL;
if(!(hModule = GetModuleHandle(szModule)))
{
hModule = LoadLibrary(szModule);
}
return hModule;
}
- Spoiler:
- #include "Hook.h"
// ----------------------------- //
// LPDIRECT3DDEVICE9 m_pD3Ddev //
// The device should not be //
// defined locally in the naked //
// function as this would cause //
// issues. Credits to learn_more //
// for this information. //
// ----------------------------- //
LPDIRECT3DDEVICE9 m_pD3Ddev;
// ----------------------------- //
// DWORD * VTable //
// This will contain an array of //
// offsets for the dx functions. //
// ----------------------------- //
DWORD * VTable;
// ----------------------------- //
// DWORD dwEndscene_hook //
// Contains offset to jmp from, //
// Allowing program to flow into //
// our dll. //
// ----------------------------- //
// DWORD dwEndscene_ret //
// Contains offset to ret to, //
// Allowing program to flow back //
// into the orginal code. //
// ----------------------------- //
DWORD dwEndscene_hook, dwEndscene_ret;
// ----------------------------- //
// BYTE EndSceneOpCodes[6] //
// This holds the overwritten //
// bytes from the games code. //
// ----------------------------- //
BYTE EndSceneOpCodes[6];
// ----------------------------- //
// Hook: MyEndscene //
// Code injected //
// Module: D3D9.DLL //
// Offset: EndScene + 0x2A (W7) //
// ----------------------------- //
__declspec(naked) void MyEndscene( )
{
__asm
{
mov dword ptr ss:[ebp - 10], esp;
mov esi, dword ptr ss:[ebp + 0x8]; //replace patched code
mov m_pD3Ddev, esi; //Get the device
}
__asm
{
jmp dwEndscene_ret; //jump back to normal endscene
}
}
// ----------------------------- //
// Thread: Thread_XD3DXINIT //
// DirectX Functions Hooked here //
// ----------------------------- //
INT Thread_XD3DXINIT( )
{
Dx9Hook(L"d3d9.dll");
FrmWrk->WriteMemory((void *)EndSceneOpCodes, (void *)"\x89\x65\xF0\x8B\x75\x08", 6);
/*while( 1 )
{
Sleep( 1000 );
if(memcmp((void *)Endscene_opcodes, (void *)dwEndscene_hook, 6) == 0 )
Detour(dwEndscene_hook, MyEndscene);
}*/
return NULL;
}
// ----------------------------- //
// VOID Dx9Hook //
// The purpose of this function //
// is to find the vtable and //
// copy all the offsets into our //
// VTable array. We also get the //
// right alignment for our hook. //
// ----------------------------- //
VOID Dx9Hook( LPCWSTR D3D9 )
{
DWORD hD3D = NULL;
while (!hD3D) hD3D = (DWORD)FrmWrk->lGetModuleHandle(D3D9);
DWORD PPPDevice = FrmWrk->FindPattern(hD3D, 0x128000, (PBYTE)"szModule", "mask");
memcpy( &VTable, (VOID *)(PPPDevice + 2), 4);
dwEndscene_hook = VTable[42] + 0x2A;
dwEndscene_ret = dwEndscene_hook + 0x6;
}
_____Klo berguna alangkah baiknya.. ++++___
Re: hook pembuatan WallHack
@ TS
Ini SC buat XP apa 7 OM....
Sory ane mau tanya and no Junk coz ane hanya ingin belajar dan mengenal basic.
thank
Cmiiw..
luvforaba- C4~ Member
- Jumlah posting : 1
Reputation : 1000
Join date : 11.04.11
Re: hook pembuatan WallHack
om mau tanya apa in SC jadi satu dengan D3D menu created om Z
Cmiiw
Cmiiw
abenkCB- C4~ Member
- Jumlah posting : 11
Reputation : 1000
Join date : 07.05.11
Re: hook pembuatan WallHack
@atas kok gini hasilnya ??
------ Build started: Project: walhackwin7, Configuration: Release Win32 ------
Compiling...
Framework.cpp
.\Framework.cpp(47) : error C2664: 'GetModuleHandleA' : cannot convert parameter 1 from 'LPCWSTR' to 'LPCSTR'
Types pointed to are unrelated; conversion requires reinterpret_cast, C-style cast or function-style cast
.\Framework.cpp(49) : error C2664: 'LoadLibraryA' : cannot convert parameter 1 from 'LPCWSTR' to 'LPCSTR'
Types pointed to are unrelated; conversion requires reinterpret_cast, C-style cast or function-style cast
Direct3D.cpp
.\Direct3D.cpp(83) : error C2153: hex constants must have at least one hex digit
Build log was saved at "file://d:\aplikasi dan source kode program\walhackwin7\walhackwin7\Release\BuildLog.htm"
walhackwin7 - 3 error(s), 0 warning(s)
========== Build: 0 succeeded, 1 failed, 0 up-to-date, 0 skipped ==========
pencerahan
------ Build started: Project: walhackwin7, Configuration: Release Win32 ------
Compiling...
Framework.cpp
.\Framework.cpp(47) : error C2664: 'GetModuleHandleA' : cannot convert parameter 1 from 'LPCWSTR' to 'LPCSTR'
Types pointed to are unrelated; conversion requires reinterpret_cast, C-style cast or function-style cast
.\Framework.cpp(49) : error C2664: 'LoadLibraryA' : cannot convert parameter 1 from 'LPCWSTR' to 'LPCSTR'
Types pointed to are unrelated; conversion requires reinterpret_cast, C-style cast or function-style cast
Direct3D.cpp
.\Direct3D.cpp(83) : error C2153: hex constants must have at least one hex digit
Build log was saved at "file://d:\aplikasi dan source kode program\walhackwin7\walhackwin7\Release\BuildLog.htm"
walhackwin7 - 3 error(s), 0 warning(s)
========== Build: 0 succeeded, 1 failed, 0 up-to-date, 0 skipped ==========
pencerahan
radzone- C4~ Member
- Jumlah posting : 9
Reputation : 1000
Join date : 08.05.11
Re: hook pembuatan WallHack
radzone wrote:@atas kok gini hasilnya ??
------ Build started: Project: walhackwin7, Configuration: Release Win32 ------
Compiling...
Framework.cpp
.\Framework.cpp(47) : error C2664: 'GetModuleHandleA' : cannot convert parameter 1 from 'LPCWSTR' to 'LPCSTR'
Types pointed to are unrelated; conversion requires reinterpret_cast, C-style cast or function-style cast
.\Framework.cpp(49) : error C2664: 'LoadLibraryA' : cannot convert parameter 1 from 'LPCWSTR' to 'LPCSTR'
Types pointed to are unrelated; conversion requires reinterpret_cast, C-style cast or function-style cast
Direct3D.cpp
.\Direct3D.cpp(83) : error C2153: hex constants must have at least one hex digit
Build log was saved at "file://d:\aplikasi dan source kode program\walhackwin7\walhackwin7\Release\BuildLog.htm"
walhackwin7 - 3 error(s), 0 warning(s)
========== Build: 0 succeeded, 1 failed, 0 up-to-date, 0 skipped ==========
pencerahan
Coba ke sini Gan. _______________
Re: hook pembuatan WallHack
bagian hook ini bikin lagi h nya ?
aldhy890- C4~ Member
- Jumlah posting : 4
Reputation : 1000
Join date : 08.06.11
Re: hook pembuatan WallHack
maksudnya detour hook apa tuh Om Agoeng
anjnkgila- C4~ Member
- Jumlah posting : 27
Reputation : 1000
Join date : 10.05.11
Re: hook pembuatan WallHack
kalo hook ini bikin lagi ?
aldhy890- C4~ Member
- Jumlah posting : 4
Reputation : 1000
Join date : 08.06.11
:: C++
Halaman 1 dari 1
Permissions in this forum:
Anda tidak dapat menjawab topik