™️ Welcome And SwiftGamerz ™️™️[-] The User Has Not IN SwiftGamerz Please Register.[-] Existing expected to log in first.[-] Many Public Hacks In Our Forum[-] Register for your User. (There are More Applications).Thankz ~ ~ For ALL SwiftGamerz
™️ Welcome And SwiftGamerz ™️™️[-] The User Has Not IN SwiftGamerz Please Register.[-] Existing expected to log in first.[-] Many Public Hacks In Our Forum[-] Register for your User. (There are More Applications).Thankz ~ ~ For ALL SwiftGamerz
Would you like to react to this message? Create an account in a few clicks or log in to continue.


 
PortalHomeLatest imagesRegisterLog in

 :: FORUM LEARN/TEACH :: Visual C++ / C#Share | 
 

 Shad0w_ Hotpatch Base

View previous topic View next topic Go down 
AuthorMessage
___RJ___
___RJ___
Moderator
Moderator

Posts : 15
Join date : 2012-01-18
Age : 32
Location : Cebu

Shad0w_ Hotpatch Base Empty
PostSubject: Shad0w_ Hotpatch Base   Shad0w_ Hotpatch Base Icon_minitimeFri Jan 27, 2012 4:38 pm
Quote :
HotPatch Detouring
With comments and thanks

Work on XP, Vista Win
Unicode




This is basic to intermediate level coding.
Detour EndScene, in this case for D3D9.dll
This code is for learning purposes, feel free to ask for help.
I commented alot in here, if anything is wrong please let me know.
Thanks and Credits in Manager.h

Good explaination of hotpatching with source code:
http://www.gamedeception.net/threads/17215-Hotpatching

Manager.h


Code:
//  ----------------------------------------  ////  Shad0w_ November 2010                    //
//  ----------------------------------------  //
//  uc-forum.com                              //
//  GameDeception.com                        //
//  WarHax.Com                                //
//  delta-h.net                              //
//  ----------------------------------------  //
//  Some of the code here is public and not  //
//  created by me. Thanks to those who        //
//  have and still are helping me learn these //
//  new skills and code. I hope my releases  //
//  can help others in the same way.          //
//  ----------------------------------------  //
//  Azorbix - so much open source code        //
//  Roverturbo - so much open source code    //
//  p4tr1ck - so much open source code        //
//  learn_more - helps me out alot            //
//  ZeaS - he shares info and ideas          //
//  fatboy88 - helping me too many times      //
//  bobbysing - hotpatching                  //
//  hans211 - good ideas and a nice guy      //
//  DeepBlueSea - flawless victory            //
//  Nov - replied to my crash problem        //
//  NeoIII - suggested ideas                  //
//  _GHOSTER_ - he is 1337 as fuk            //
//  Kryptech - shares code and helpful        //
//  Fyyre - cool open source stuff            //
//  Croner - good rce guy and coder          //
//  Chazzwazza - Hadesmem is cool            //
//  Thanks also to anyone I forgot ;(        //
//  Thanks as always to the following man:    //
//  Osama bin Mohammed bin Awad bin Laden    //
//  ----------------------------------------  //



//  ----------------------------------------  //
//  Files to be included                      //
//  ----------------------------------------  //

#include
#include

//  ----------------------------------------  //
//  Thread: Thread_XD3DXINIT                  //
//  For DirectX Functions and operations      //
//  ----------------------------------------  //

int Thread_XD3DXINIT( );

//  ----------------------------------------  //
//  Class: Framework                          //
//  Helper functions & Memory Ops            //
//  ----------------------------------------  //

class Framework
{
public:

    VOID WriteMemory(PVOID dwAdd, VOID *val, INT bytes);
    VOID WriteFloat(DWORD dwAdd, FLOAT Value);
    VOID WriteInteger(DWORD dwAdd, INT Value);
    CHAR* ReadText(DWORD dwAdd);
   
    DWORD *FindDevice(DWORD Base, DWORD Len);
    DWORD FindPattern(DWORD dwdwAdd,DWORD dwLen,BYTE *bMask,char * szMask);

    HINSTANCE lGetModuleHandle(LPCWSTR szModule);

private:
    BOOL bCompare(const BYTE* pData, const BYTE* bMask, const char* szMask);
};
 extern Framework *FrmWrk;


Direct3D.cpp

Code:
#include "Manager.h"HMODULE D3D9;

DWORD * VTable_PTR;
DWORD * VTable;

DWORD ReturnAddress;

//  ----------------------------------------  //
//  Function: Hotpatch + about Hotpatching    //
//  Basically we take advantage of the old    //
//  Windows hotpatching methods, and the 5    //
//  NOPs before each function which is not    //
//  for padding! Some ACs may still scan the  //
//  first two bytes, but they shouldn't!      //
//  scanning the first two bytes would give  //
//  them a false positive every time windows  //
//  did do a hotpatch.                        //
//  Thanks to bobbysing and hans211 for info  //
//  ----------------------------------------  //

DWORD HotPatch(DWORD dwAddress, DWORD dwFunction)
{
    //  ----------------------------------------  //
    //  Original bytes that were in place.          //
    //  We use this to make sure we are in the    //
    //  right place and that the operation hasnt  //
    //  already been done.                        //
    //  ----------------------------------------  //
    BYTE OriginalBytes[] = { 0x90, 0x90, 0x90, 0x90, 0x90, 0x8b, 0xff};
    //  ----------------------------------------  //
    //  NewBytes that we want to right in place.  //
    //  ASM: JMP 0x00000000 JMP SHORT <->        //
    //  ----------------------------------------  //
    BYTE NewBytes[] = { 0xe9, 0x00, 0x00, 0x00, 0x00, 0xeb, 0xf9};
    //  ----------------------------------------  //
    //  Get ready to overwrite the NOPS          //
    //  ----------------------------------------  //
    dwAddress -= 5;
    //  ----------------------------------------  //
    //  Check the OriginalBytes are still there  //
    //  ----------------------------------------  //
    if (memcmp((void *)dwAddress,(void *)OriginalBytes, 7) != 0)
    {
        //  ----------------------------------------  //
        //  Error, Debug printing here if you want    //
        //  ----------------------------------------  //
        return 0;
    }
    //  ----------------------------------------  //
    //  Calculate the address for HookEndscene    //
    //  ----------------------------------------  //
    *(DWORD*)(&NewBytes[1]) = (dwFunction - dwAddress) - 5;
    //  ----------------------------------------  //
    //  Write the offset after the JMP            //
    //  ----------------------------------------  //
    FrmWrk->WriteMemory((void *)dwAddress, (void *)NewBytes, 7);
    //  ----------------------------------------  //
    //  Address to continue after our hook        //
    //  ----------------------------------------  //
    return (dwAddress + 7);
}

//  ----------------------------------------  //
//  Hooked Function: HookEndscene              //
//  LPDIRECT3DDEVICE9::EndScene @ D3D9.DLL    //
//  ----------------------------------------  //

__declspec(naked) void HookEndscene( )
{
    //  ----------------------------------------  //
    //  Push the registers to the stack          //
    //  ----------------------------------------  //
    __asm PUSHAD;
    //  ----------------------------------------  //
    //  Return the values to the registers        //
    //  ----------------------------------------  //
    __asm POPAD;
    //  ----------------------------------------  //
    //  go back the original program code        //
    //  ----------------------------------------  //
    __asm JMP ReturnAddress;
}

//  ----------------------------------------  //
//  Thread: Thread_XD3DXINIT                  //
//  For DirectX Functions and operations      //
//  ----------------------------------------  //

int Thread_XD3DXINIT( )
{
    //  ----------------------------------------  //
    //  Get the d3d9.dll module                  //
    //  ----------------------------------------  //
    D3D9 = FrmWrk->lGetModuleHandle(L"d3d9.dll");
    //  ----------------------------------------  //
    //  use byte matching for the device offset  //
    //  Thanks to Croner                          //
    //  ----------------------------------------  //
    VTable_PTR = FrmWrk->FindDevice((DWORD) D3D9, 0x128000);
    //  ----------------------------------------  //
    //  Get our table of offsets                  //
    //  ----------------------------------------  //
    *(DWORD *) &VTable = *(DWORD *) VTable_PTR;
    //  ----------------------------------------  //
    //  Hook endscene and save the return address //
    //  ----------------------------------------  //
    ReturnAddress = HotPatch( VTable[42], (DWORD)HookEndscene);
    //  ----------------------------------------  //
    //  Our work is done!                        //
    //  ----------------------------------------  //
    return 0; }


DllMain.cpp


Code:
#include "Manager.h"

// ---------------------------------------- //
// BOOL DllMain //
// Entry Point of our dll //
// ---------------------------------------- //


BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{
if( fdwReason == 1 )
{
CreateThread(NULL, NULL, (LPTHREAD_START_ROUTINE)Thread_XD3DXINIT, NULL, NULL, NULL);

// ---------------------------------------- //
// Thread_XD3DXINIT is now starting to //
// executecode in a new thread //
// ---------------------------------------- //


return TRUE;
}

return FALSE;
}

Framework.cpp

Code:
#include "Manager.h"//  ----------------------------------------  //
//  Class: Framework                          //
//  Helper functions & Memory Ops            //
//  ----------------------------------------  //

//  ----------------------------------------  //
//  Pointer to the FrameWork Class            //
//  ----------------------------------------  //
Framework *FrmWrk;

VOID Framework::WriteMemory(PVOID dwAdd, void *val, int bytes)
{

    DWORD d, ds; 
    VirtualProtect(dwAdd, bytes, PAGE_EXECUTE_READWRITE, &d);
    memcpy(dwAdd, val, bytes); 
    VirtualProtect(dwAdd,bytes,d,&ds);
}

VOID Framework::WriteFloat(DWORD dwAdd,float Value)
{
    *(float*)dwAdd = Value;
}

VOID Framework::WriteInteger(DWORD dwAdd, int Value)
{
    *(int*)dwAdd = Value;
}

CHAR* Framework::ReadText(DWORD dwAdd)
{
    CHAR* Text = (CHAR*)dwAdd; //reversal of WriteText...
    return Text;
}

BOOL Framework::bCompare(const BYTE* pData, const BYTE* bMask, const char* szMask)
{
    for(;*szMask;++szMask,++pData,++bMask)
        if(*szMask=='x' && *pData!=*bMask)  return 0;
    return (*szMask) == NULL;
}

DWORD Framework::FindPattern(DWORD dwdwAdd,DWORD dwLen,BYTE *bMask,char * szMask)
{
    for(DWORD i=0; i
        if (this->bCompare((BYTE*)(dwdwAdd+i),bMask,szMask))  return (DWORD)(dwdwAdd+i);
    return 0;
}

HINSTANCE Framework::lGetModuleHandle(LPCWSTR szModule)
{
    HINSTANCE hModule = NULL;
    if(!(hModule = GetModuleHandle(szModule)))
    {
        hModule = LoadLibrary(szModule);
    }
    return hModule;
}

DWORD * Framework::FindDevice(DWORD Base, DWORD Len)
{
    unsigned long i = 0, n = 0;

    for(i = 0; i < Len; i++)
    {
        if(*(BYTE *)(Base+i+0x00) == 0xC7) n++;
        if(*(BYTE *)(Base+i+0x01) == 0x06) n++;
        if(*(BYTE *)(Base+i+0x06) == 0x89) n++;
        if(*(BYTE *)(Base+i+0x07) == 0x86) n++;   
        if(*(BYTE *)(Base+i+0x0C) == 0x89) n++;
        if(*(BYTE *)(Base+i+0x0D) == 0x86) n++;

        if(n == 6) return(DWORD *)
        (Base + i + 2);
        n = 0;
    }
    return(0); }


credits: Shadow
Back to top Go down
 

Shad0w_ Hotpatch Base

View previous topic View next topic Back to top 
Page 1 of 1

Permissions in this forum:You cannot reply to topics in this forum
 :: FORUM LEARN/TEACH :: Visual C++ / C#-