#include "stdafx.h"
#include <d3d9.h>
#include <D3dx9core.h>
#include<fstream>
#include<iostream>
using namespace std;
#pragma comment(lib, "D3D9.lib")
#pragma comment(lib, "D3Dx9.lib")
void GameD3D_HOOK();
IDirect3D9 * _stdcall New_Direct3DCreate9(UINT SDKVersion);
HRESULT _stdcall New_CreateDevice(
LPDIRECT3D9 pDx9,
UINT Adapter,
D3DDEVTYPE DeviceType,
HWND hFocusWindow,
DWORD BehaviorFlags,
D3DPRESENT_PARAMETERS * pPresentsentationParameters,
IDirect3DDevice9 ** pPresentturnedDeviceInterface
);
LPDIRECT3D9 m_pD3D = NULL; //Direct3D对象的接口指针
void * pDirect3DCreate9 = NULL;//Direct3DCreate9函数地址指针
void * pCreateDevice = NULL;//IDirect3D9::CreateDevice函数地址指针
void * pPresent = NULL;//IDirect3DDevice9::Present函数地址指针
BYTE Direct3DCreate_Begin[5];//用于保存Direct3DCreate9入口的5字节
BYTE CreateDevice_Begin[5];//用于保存IDirect3D9::CreateDevice入口的字节
BYTE Present_Begin[5];//用于保存IDirect3DDevice9::Present入口的5字节
void GameD3D_HOOK()
{
//hook Direct3DCreate9
MessageBoxW(GetForegroundWindow(), L"hook GameD3D_HOOK", L"HookDLL", MB_OK);
pDirect3DCreate9 = GetProcAddress(GetModuleHandle(L"d3d9.dll"), "Direct3DCreate9");
DWORD oldpro = 0;
memcpy(Direct3DCreate_Begin, pDirect3DCreate9, 5);
bool bRet = VirtualProtect(pDirect3DCreate9, 5, PAGE_EXECUTE_READWRITE, &oldpro);
*(BYTE*)pDirect3DCreate9 = 0xe9;
*(DWORD*)((BYTE*)pDirect3DCreate9 + 1) = (DWORD)New_Direct3DCreate9 - (DWORD)pDirect3DCreate9 - 5;
}
//当运行到Direct3DCreate9时跳转到这里
IDirect3D9 * _stdcall New_Direct3DCreate9(
UINT SDKVersion
)
{
MessageBoxW(GetForegroundWindow(), L"hook New_Direct3DCreate9", L"HookDLL", MB_OK);
__asm pushad
memcpy(pDirect3DCreate9, Direct3DCreate_Begin, 5);//首先还原入口的5个字节
m_pD3D = Direct3DCreate9(SDKVersion);
cout << m_pD3D << endl;
if (m_pD3D)
{
DWORD* vTable = (DWORD*)(*(DWORD*)m_pD3D);
//pCreateDevice = (void*)&vTable[16];//获得IDirect3D9::CreateDevice的地址指针
pCreateDevice = (void*)*(DWORD*)(*(DWORD*)m_pD3D + 0x40);
//pCreateDevice = (void*)*(DWORD*)(*(DWORD*)m_pD3D + 0x40);//获得IDirect3D9::CreateDevice的地址指针
DWORD oldpro = 0;
memcpy(CreateDevice_Begin , pCreateDevice, 5);//保存IDirect3D9::CreateDevice入口5个字节
//pCreateDevice = New_CreateDevice;
bool bRet = VirtualProtect(pCreateDevice, sizeof(DWORD), PAGE_EXECUTE_READWRITE, &oldpro);
*(BYTE*)pCreateDevice = 0xe9;
*(DWORD*)((BYTE*)pCreateDevice + 1) = (DWORD)New_CreateDevice - (DWORD)pCreateDevice - 5;
}
else
{
}
__asm popad
return m_pD3D;
}
//hook CreateDevice
HRESULT _stdcall New_CreateDevice(
LPDIRECT3D9 pDx9,
UINT Adapter,
D3DDEVTYPE DeviceType,
HWND hFocusWindow,
DWORD BehaviorFlags,
D3DPRESENT_PARAMETERS * pPresentsentationParameters,
IDirect3DDevice9 ** pPresentturnedDeviceInterface
)
{
...
}
8 个解决方案
#1
《深度探索C++对象模型》
《C++反汇编与逆向分析技术揭秘》
《C++反汇编与逆向分析技术揭秘》
#2
反汇编查看了的,得到的原来的CreateDevice的偏移地址应该是对的 ~但是就是没有跳转到新的函数中去
#3
权限问题?
进程上下文问题?
参考WinAPIOverride源代码中相关片断?
进程上下文问题?
参考WinAPIOverride源代码中相关片断?
#4
LZ,我也遇到一样的问题。我的现象是对于自己写的简单的D3D程序和一些游戏,通过debugview看到进入自定义CreateDevice函数,对于另外一些游戏不可以。你是不是已经解决了?
#5
还没有呢~
#6
那你有没有什么思路啊?
#7
楼主,我的问题解决了,是我要hook的游戏调用d3d11,不是d3d9
#8
好吧 ~恭喜~
#1
《深度探索C++对象模型》
《C++反汇编与逆向分析技术揭秘》
《C++反汇编与逆向分析技术揭秘》
#2
反汇编查看了的,得到的原来的CreateDevice的偏移地址应该是对的 ~但是就是没有跳转到新的函数中去
#3
权限问题?
进程上下文问题?
参考WinAPIOverride源代码中相关片断?
进程上下文问题?
参考WinAPIOverride源代码中相关片断?
#4
LZ,我也遇到一样的问题。我的现象是对于自己写的简单的D3D程序和一些游戏,通过debugview看到进入自定义CreateDevice函数,对于另外一些游戏不可以。你是不是已经解决了?
#5
还没有呢~
#6
那你有没有什么思路啊?
#7
楼主,我的问题解决了,是我要hook的游戏调用d3d11,不是d3d9
#8
好吧 ~恭喜~