While making my first version of my trainer i ended up using 'static' offsets for hacks that were found in rendDx9.dll, as it seemed to work most of the time while only using it on this computer, to my dismay iv found that on occasion the base of rend.dll is moving and on using my hacks its crashign the game.

So to remidy this problem i want to add in a segment of code that returns the base of renddx9 and use that to get the dynamic offsets for certian hacks (this is a pretty common thing to do). My problem is that i dont really know how to go about this and that i cant seem to find any example code or commands that people have used in c++ to do this. At the moment im just using that 'MPC template' to get the game handle and such.


Iv also been looking into making an ingame menu for my hack, i want to know if it is at all possible to display text over the top of a fullscreen game without having to hook the game in anyway? (as i dont know anything about hooking or d3d stuff yet - and i want to see if i can do it without having to do a lot of reading and researching)
If anyone can tell me a method of doing it ill be able to read into it and figure it out, i just need a starting point.

Thanks,
Travis

Well as for finding out the base address, I dont know if there are any c++ examples on MPC, but there is a VB one(which I dont know the link to, dont mind me I am a bit too drunk to search right now). They both use the same api which in short is the CreateToolhelp32Snapshot api. Throw CreateToolhelp32Snapshot into a google search and I am sure you can figure out how it works.

As for the ingame menu. That is done by hooking directx in most cases. They use dx to draw the menu onto the screen.

Alright thanks for that, i should be able to figure it out easy enought.

Is there any tuts on say GD about the basics of hooking BF2? As opposed to all i can find which are just bits of source, i think i had a source for SEHing and stuff and had that running but i never knew what i was really doing theory wise.

Id like it if someone could pm me or get on msn or something and talk over the theory of the technique if u dont want to share it here for some reason, i think that might be why there are no 'how to hook dx in bf2' tutorials. Id just like to hear about the basic stuff, so i understand enought to do it myself, and to perhaps figure out my own way of doing it for future use. I dont need someone to say 'heres the code go copy and paste'

The main point would be for PB, im sure i could maybe put together some DX hooking stuff, but id like to know what PB detects and any known alternative methods someone wouldnt mind sharing, just the basics, from bf2 so i can use similar things in bf2142 and be able enough to continue to make undeteced stuff myself.

I do sort of want a quick easy way into DX stuff with a solid enough base of knowledge. I want to get into the d3d and put my c++ and basic dx knowledge into practise and code some cool stuff, doing memory hacks isnt really about codeing just reverse engineering, it doesnt seem as rewarding as opposed to coding a decent aimbot, cool ingame menu, or esp hacks.

Thanks for any input,
Travis

You can do SEH if you are using the EADownloader version of the game as that anti-piracy portion(pace) does not set breakpoints and watch results like the anti-piracy in DVD version(Safe-Disc).

Search around, you will be able to find the directx starter kit which has a menu built in. Do some edits and you got a dx hack. However, its making the dx hook undetected that is tricky.

ok well i jumped on msdn and used what muhko had in his trainer template to come up with this code segment:


char *gameRend = "RendDx9.dll";
HANDLE hModuleSnap;
MODULEENTRY32 me32;

hModuleSnap = CreateToolhelp32Snapshot( TH32CS_SNAPMODULE, pid );

if( !Module32First( hModuleSnap, &me32 ) )
{
CloseHandle( hModuleSnap ); // Must clean up the snapshot object!
return( FALSE );
}


do
{
PidTest=strcmp(gameRend, me32.szModule);
if(PidTest==0)
{
rendBase=(DWORD)me32.modBaseAddr;
}

} while( Module32Next( hModuleSnap, &me32 ) );
CloseHandle( hModuleSnap );




When i debug this code and step through it, i get to a point where the me.32szModule = "RendDx9.dll" but it doesnt trigger my if statement:
PidTest=strcmp(gameRend, me32.szModule);

and rendBase never gets assigned anything.

In the trainer its using the same setup for finding the bf2142.exe process, i dont see why this one isnt working

Any help would be great

**UPDATE**

Well i was 100% sure i had the "RendDx9.dll" file name down properly, i comapred the module name returned in the module listing to what i had about 6 times and didnt see it, so for future reference its RendDX9.dll not RendDx9.dll :P damn case sensitive c++ !

All is well that ends well :tired:

Thanks,
Trav