I Like Chicken
10th September 2004, 16:30
First up I'd like to thank Fux0r for his brillant fmod source, I don't care wtf mage says I know it's Fux0r's.
Anyways, this is just a basic guide on how to change the hook of your hack to get around a d3d8.dll export kick.
To do this you'll need the fmod source which you can grab from here http://www.mpcdownloads.com/_mpc_d0wn_h4x_/AAO/FMOD%20v1.3%20Source%20Code.rar
There are two main files to edit, hookworks.cpp and evilhack.cpp both of which are in the dll section. This guide prosumes you using the bc23 as thats what I use so it might not work for other sources.
Once youv'e got the Fmod source, open up the file called hookworks.cpp Select all the content in that file and copy it to clipboard.
Next, open up your hookworks.cpp (from your bc23 source) Select all the text in it replace it with the text you have on the clipboard.
Just above where it says d3d8.dll hooks add this :
unsigned char *pData;
DWORD OldProtect;
char OriginalCode[8];
DWORD FakeError = 0;
volatile long int bScreenshot = 0;
//*************************** DDRAW Anti Screenshot patch
void UnHookDDrawCreate()
{
VirtualProtect(pData, 8, PAGE_READWRITE, &OldProtect);
memcpy(pData, OriginalCode, 8);
VirtualProtect(pData, 8, OldProtect, NULL);
}
void __stdcall DirectDrawCreateHook()
{
#ifdef TESTMODE
fprintf(GameInfo.m_pLogFile, "PB SCREENSHOT\n");
#endif
DWORD LogoDisplayTime = GetTickCount() - GameInfo.m_LogoStartTime;
if (LogoDisplayTime > 60000)
GameInfo.m_bSpyWareWarn = true;
}
void HookDDrawCreate()
{
char RedirectionCode[] =
"\x50" // push eax
"\xB8\x00\x00\x00\x00" // mov eax, 0x00000000
"\xFF\xE0" // jmp eax
;
goto skip;
_asm
{
jumper:
pushad
call DirectDrawCreateHook
popad
pop eax
mov eax, FakeError
retn
}
skip:
unsigned int pHook;
_asm mov pHook, offset jumper;
RedirectionCode[2] = pHook & 0xFF;
RedirectionCode[3] = (pHook >> 8) & 0xFF;
RedirectionCode[4] = (pHook >> 16) & 0xFF;
RedirectionCode[5] = (pHook >> 24) & 0xFF;
pData = (unsigned char*)GetProcAddress(GetModuleHandle("DDRAW"), "DirectDrawCreate");
VirtualProtect(pData, 8, PAGE_READWRITE, &OldProtect);
memcpy(OriginalCode, pData, 8);
memcpy(pData, RedirectionCode, 8);
VirtualProtect(pData, 8, OldProtect, NULL);
if (FakeError != 0x00)
return;
srand(time(NULL));
int temp = rand() / (RAND_MAX / 6);
DWORD FakeErrorList[] =
{
DDERR_DIRECTDRAWALREADYCREATED,
DDERR_GENERIC,
DDERR_INVALIDDIRECTDRAWGUID,
DDERR_INVALIDPARAMS,
DDERR_NODIRECTDRAWHW,
DDERR_OUTOFMEMORY,
};
FakeError = FakeErrorList[temp];
}
Also, at the top you may have to replace all the include and define fuctions with this:
#define hookworks_cpp
#include "HookWorks.h"
#include <stdlib.h>
#include <stdio.h>
#include <time.h>
#include <ddraw.h>
#undef hookworks_cpp
extern CGameInfo GameInfo;
extern IDirect3DDevice8 *pD3DDevice8; //Original Device pointer
extern NewIDirect3DDevice8 *pMyD3DDevice8; //Wrapped Device pointer
extern IDirect3D8 *pD3D8; //Original Device pointer
extern NewIDirect3D8 *pMyD3D8; //Wrapped Device pointer
extern HHOOK hMessageHook;
extern LRESULT CALLBACK MessageProc(int code, WPARAM wParam, LPARAM lParam);
That's it for hookworks.cpp now it's evilhack.cpp time.
Again, open up the fmod source. Open evilhack.cpp and search for this :
bool CheckForAutoFire()
Copy everything above this to clipboard.
Now open up your bc23 evilhack.cpp, and agin search for bool CheckForAutoFire()
and replace all the code above it with the text you have copied to clipboard.
You'll need to add this to the start where it includes all the files.:
extern void HookDDrawCreate();
extern void UnHookDDrawCreate();
That's pretty much it, you'll need to change your loader to load the new dll you made, which may require a new loader, I suggest replacing the bc23 loader with the 1.6.2 loader. Then all you have to do is search for d3d8.dll (evilhack.dll in 1.6.2 loader) and replace it with your dll name. Happy hacking! :classic:
Oh yeah, don't forget to add fux0r to your credits for his wonderful hook.
Anyways, this is just a basic guide on how to change the hook of your hack to get around a d3d8.dll export kick.
To do this you'll need the fmod source which you can grab from here http://www.mpcdownloads.com/_mpc_d0wn_h4x_/AAO/FMOD%20v1.3%20Source%20Code.rar
There are two main files to edit, hookworks.cpp and evilhack.cpp both of which are in the dll section. This guide prosumes you using the bc23 as thats what I use so it might not work for other sources.
Once youv'e got the Fmod source, open up the file called hookworks.cpp Select all the content in that file and copy it to clipboard.
Next, open up your hookworks.cpp (from your bc23 source) Select all the text in it replace it with the text you have on the clipboard.
Just above where it says d3d8.dll hooks add this :
unsigned char *pData;
DWORD OldProtect;
char OriginalCode[8];
DWORD FakeError = 0;
volatile long int bScreenshot = 0;
//*************************** DDRAW Anti Screenshot patch
void UnHookDDrawCreate()
{
VirtualProtect(pData, 8, PAGE_READWRITE, &OldProtect);
memcpy(pData, OriginalCode, 8);
VirtualProtect(pData, 8, OldProtect, NULL);
}
void __stdcall DirectDrawCreateHook()
{
#ifdef TESTMODE
fprintf(GameInfo.m_pLogFile, "PB SCREENSHOT\n");
#endif
DWORD LogoDisplayTime = GetTickCount() - GameInfo.m_LogoStartTime;
if (LogoDisplayTime > 60000)
GameInfo.m_bSpyWareWarn = true;
}
void HookDDrawCreate()
{
char RedirectionCode[] =
"\x50" // push eax
"\xB8\x00\x00\x00\x00" // mov eax, 0x00000000
"\xFF\xE0" // jmp eax
;
goto skip;
_asm
{
jumper:
pushad
call DirectDrawCreateHook
popad
pop eax
mov eax, FakeError
retn
}
skip:
unsigned int pHook;
_asm mov pHook, offset jumper;
RedirectionCode[2] = pHook & 0xFF;
RedirectionCode[3] = (pHook >> 8) & 0xFF;
RedirectionCode[4] = (pHook >> 16) & 0xFF;
RedirectionCode[5] = (pHook >> 24) & 0xFF;
pData = (unsigned char*)GetProcAddress(GetModuleHandle("DDRAW"), "DirectDrawCreate");
VirtualProtect(pData, 8, PAGE_READWRITE, &OldProtect);
memcpy(OriginalCode, pData, 8);
memcpy(pData, RedirectionCode, 8);
VirtualProtect(pData, 8, OldProtect, NULL);
if (FakeError != 0x00)
return;
srand(time(NULL));
int temp = rand() / (RAND_MAX / 6);
DWORD FakeErrorList[] =
{
DDERR_DIRECTDRAWALREADYCREATED,
DDERR_GENERIC,
DDERR_INVALIDDIRECTDRAWGUID,
DDERR_INVALIDPARAMS,
DDERR_NODIRECTDRAWHW,
DDERR_OUTOFMEMORY,
};
FakeError = FakeErrorList[temp];
}
Also, at the top you may have to replace all the include and define fuctions with this:
#define hookworks_cpp
#include "HookWorks.h"
#include <stdlib.h>
#include <stdio.h>
#include <time.h>
#include <ddraw.h>
#undef hookworks_cpp
extern CGameInfo GameInfo;
extern IDirect3DDevice8 *pD3DDevice8; //Original Device pointer
extern NewIDirect3DDevice8 *pMyD3DDevice8; //Wrapped Device pointer
extern IDirect3D8 *pD3D8; //Original Device pointer
extern NewIDirect3D8 *pMyD3D8; //Wrapped Device pointer
extern HHOOK hMessageHook;
extern LRESULT CALLBACK MessageProc(int code, WPARAM wParam, LPARAM lParam);
That's it for hookworks.cpp now it's evilhack.cpp time.
Again, open up the fmod source. Open evilhack.cpp and search for this :
bool CheckForAutoFire()
Copy everything above this to clipboard.
Now open up your bc23 evilhack.cpp, and agin search for bool CheckForAutoFire()
and replace all the code above it with the text you have copied to clipboard.
You'll need to add this to the start where it includes all the files.:
extern void HookDDrawCreate();
extern void UnHookDDrawCreate();
That's pretty much it, you'll need to change your loader to load the new dll you made, which may require a new loader, I suggest replacing the bc23 loader with the 1.6.2 loader. Then all you have to do is search for d3d8.dll (evilhack.dll in 1.6.2 loader) and replace it with your dll name. Happy hacking! :classic:
Oh yeah, don't forget to add fux0r to your credits for his wonderful hook.