Created
April 30, 2016 09:06
-
-
Save ahmetabdi/0e7b7359c087708cf76f65edf93be8bd to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <vector> | |
| #include <windows.h> | |
| #include <detours.h> | |
| #include <iostream> | |
| #include <d3d9.h> | |
| #include <d3dx9.h> | |
| #pragma comment(lib, "detours.lib") | |
| #pragma comment(lib, "d3d9.lib") | |
| #pragma comment(lib, "d3dx9.lib") | |
| #pragma intrinsic(_ReturnAddress) | |
| #define TEXT_POS_X 500.0f | |
| #define TEXT_POS_Y 280.0f | |
| typedef HRESULT(WINAPI *Prototype_Present)(LPDIRECT3DDEVICE9, CONST RECT*, CONST RECT*, HWND, CONST RGNDATA*); | |
| typedef HRESULT(WINAPI *Prototype_Reset)(LPDIRECT3DDEVICE9, D3DPRESENT_PARAMETERS*); | |
| typedef HRESULT (WINAPI* Prototype_DrawIndexedPrimitive)(LPDIRECT3DDEVICE9, D3DPRIMITIVETYPE, INT, UINT, UINT, UINT, UINT); | |
| Prototype_Present Orginal_Present; | |
| Prototype_Reset Orginal_Reset; | |
| Prototype_DrawIndexedPrimitive Orginal_DrawIndexedPrimitive; | |
| HRESULT WINAPI Hooked_Present(LPDIRECT3DDEVICE9 Device, CONST RECT *pSrcRect, CONST RECT *pDestRect, HWND hDestWindow, CONST RGNDATA *pDirtyRegion); | |
| HRESULT WINAPI Hooked_Reset(LPDIRECT3DDEVICE9 Device, D3DPRESENT_PARAMETERS *pp); | |
| HRESULT WINAPI Hooked_DrawIndexedPrimitive(LPDIRECT3DDEVICE9 Device, D3DPRIMITIVETYPE PrimType, INT BaseVertexIndex, UINT MinVertexIndex, UINT NumVertices, UINT startIndex, UINT primCount); | |
| ID3DXFont* g_Font = NULL; | |
| bool g_Init = false; | |
| int g_Index = -1; | |
| HMODULE g_HModule = 0; | |
| std::vector<void*> g_Vector; | |
| char g_Text[128] = {'\0'}; | |
| void* g_SelectedAddress = NULL; | |
| LPDIRECT3DTEXTURE9 g_Blue = NULL, | |
| g_Green = NULL; | |
| namespace Drawing | |
| { | |
| void Line(LPDIRECT3DDEVICE9 pDevice, float X, float Y, float Width, float Height, D3DCOLOR Color) | |
| { | |
| struct Vertex2D | |
| { | |
| float m_X, m_Y, m_Z, m_T; | |
| DWORD m_Color; | |
| }; | |
| Vertex2D Vertex[4]; | |
| Vertex[0].m_Color = Vertex[1].m_Color = Vertex[2].m_Color = Vertex[3].m_Color = Color; | |
| Vertex[0].m_Z = Vertex[1].m_Z = Vertex[2].m_Z = Vertex[3].m_Z = 0; | |
| Vertex[0].m_T = Vertex[1].m_T = Vertex[2].m_T = Vertex[3].m_T = 0; | |
| Vertex[0].m_X = Vertex[2].m_X = X; | |
| Vertex[0].m_Y = Vertex[1].m_Y = Y; | |
| Vertex[1].m_X = Vertex[3].m_X = X + Width; | |
| Vertex[2].m_Y = Vertex[3].m_Y = Y + Height; | |
| pDevice->SetTexture(0, NULL); | |
| pDevice->SetFVF(D3DFVF_XYZRHW|D3DFVF_DIFFUSE|D3DFVF_TEX1); | |
| pDevice->DrawPrimitiveUP(D3DPT_TRIANGLESTRIP, 2, Vertex, sizeof(Vertex2D)); | |
| } | |
| void Box(LPDIRECT3DDEVICE9 pDevice, float X, float Y, float Width, float Height, float Thickness, D3DCOLOR Color) | |
| { | |
| Line(pDevice, X + Thickness, Y + Height - Thickness, Width - (Thickness * 2), Thickness, Color); | |
| Line(pDevice, X, Y, Thickness, Height, Color); | |
| Line(pDevice, X + Thickness, Y, Width - (Thickness * 2), Thickness, Color); | |
| Line(pDevice, X + Width - Thickness, Y, Thickness, Height, Color); | |
| } | |
| void DrawString(ID3DXFont *Font, float PosX, float PosY, DWORD Color, char *Text) | |
| { | |
| if(Font == NULL) | |
| return; | |
| static RECT FontRect; | |
| SetRect(&FontRect, 0, 0, 0, 0); | |
| Font->DrawTextA(0, Text, -1, &FontRect, DT_CALCRECT, Color); | |
| int Width = FontRect.right - FontRect.left; | |
| int Height = FontRect.bottom - FontRect.top; | |
| FontRect.right = FontRect.left + Width; | |
| FontRect.bottom = FontRect.top + Height; | |
| FontRect.left = (LONG)PosX; | |
| FontRect.top = (LONG)PosY; | |
| Font->DrawTextA(0, Text, -1, &FontRect, DT_NOCLIP, Color); | |
| } | |
| } | |
| DWORD FindDevice(DWORD Len) | |
| { | |
| DWORD dwObjBase = 0; | |
| dwObjBase = (DWORD)LoadLibrary("d3d9.dll"); | |
| while (dwObjBase++ < dwObjBase + Len) | |
| { | |
| if ( (*(WORD*)(dwObjBase + 0x00)) == 0x06C7 | |
| && (*(WORD*)(dwObjBase + 0x06)) == 0x8689 | |
| && (*(WORD*)(dwObjBase + 0x0C)) == 0x8689 | |
| ) { dwObjBase += 2; break; } | |
| } | |
| return( dwObjBase ); | |
| } | |
| DWORD GetDeviceAddress(int VTableIndex) | |
| { | |
| PDWORD VTable; | |
| *(DWORD*)&VTable = *(DWORD*)FindDevice(0x128000); | |
| return VTable[VTableIndex]; | |
| } | |
| void HookThread() | |
| { | |
| Orginal_Present = (Prototype_Present)DetourFunction((PBYTE)GetDeviceAddress(17), (PBYTE)Hooked_Present); | |
| Orginal_Reset = (Prototype_Reset)DetourFunction((PBYTE)GetDeviceAddress(16), (PBYTE)Hooked_Reset); | |
| Orginal_DrawIndexedPrimitive = (Prototype_DrawIndexedPrimitive)DetourFunction((PBYTE)GetDeviceAddress(82), (PBYTE)Hooked_DrawIndexedPrimitive); | |
| while(true) | |
| { | |
| if(GetAsyncKeyState(VK_PAUSE) &1) | |
| { | |
| FreeLibraryAndExitThread(g_HModule, 0); | |
| return; | |
| } | |
| else if(GetAsyncKeyState(VK_RIGHT) &1) | |
| { | |
| if(g_Index != g_Vector.size() - 1) | |
| { | |
| g_Index++; | |
| g_SelectedAddress = g_Vector[g_Index]; | |
| } | |
| } | |
| else if(GetAsyncKeyState(VK_LEFT) &1) | |
| { | |
| if(g_Index >= 0) | |
| { | |
| g_Index--; | |
| g_SelectedAddress = g_Vector[g_Index]; | |
| if(g_Index == -1) | |
| g_SelectedAddress = NULL; | |
| } | |
| } | |
| Sleep(100); | |
| } | |
| } | |
| BOOL WINAPI DllMain(HINSTANCE hInsatnce, DWORD dwReason, LPVOID lpReserved) | |
| { | |
| if(dwReason == DLL_PROCESS_ATTACH) | |
| { | |
| g_HModule = hInsatnce; | |
| EXECUTETHREADHEREPLS(0, 0, (LPTHREAD_START_ROUTINE)HookThread, 0, 0, 0); | |
| } | |
| else if(dwReason == DLL_PROCESS_DETACH) | |
| { | |
| if(g_Font != NULL) | |
| { | |
| g_Font->OnLostDevice(); | |
| g_Font->OnResetDevice(); | |
| g_Font->Release(); | |
| g_Font = NULL; | |
| } | |
| DetourRemove((PBYTE)Orginal_Present, (PBYTE)Hooked_Present); | |
| DetourRemove((PBYTE)Orginal_Reset, (PBYTE)Hooked_Reset); | |
| DetourRemove((PBYTE)Orginal_DrawIndexedPrimitive, (PBYTE)Hooked_DrawIndexedPrimitive); | |
| } | |
| return TRUE; | |
| } | |
| bool IsAddressPresent(void* Address) | |
| { | |
| for(auto it = g_Vector.begin(); it != g_Vector.end(); ++it) | |
| { | |
| if(*it == Address) | |
| return true; | |
| } | |
| return false; | |
| } | |
| HRESULT GenerateTexture(LPDIRECT3DDEVICE9 pDevice, IDirect3DTexture9 **ppD3Dtex, DWORD colour32) | |
| { | |
| if( FAILED(pDevice->CreateTexture(8, 8, 1, 0, D3DFMT_A4R4G4B4, D3DPOOL_MANAGED, ppD3Dtex, NULL)) ) | |
| return E_FAIL; | |
| WORD colour16 = ((WORD)((colour32>>28)&0xF)<<12) | |
| |(WORD)(((colour32>>20)&0xF)<<8) | |
| |(WORD)(((colour32>>12)&0xF)<<4) | |
| |(WORD)(((colour32>>4)&0xF)<<0); | |
| D3DLOCKED_RECT d3dlr; | |
| (*ppD3Dtex)->LockRect(0, &d3dlr, 0, 0); | |
| WORD *pDst16 = (WORD*)d3dlr.pBits; | |
| for(int xy=0; xy < 8*8; xy++) | |
| *pDst16++ = colour16; | |
| (*ppD3Dtex)->UnlockRect(0); | |
| return S_OK; | |
| } | |
| HRESULT WINAPI Hooked_Present(LPDIRECT3DDEVICE9 Device, CONST RECT *pSrcRect, CONST RECT *pDestRect, HWND hDestWindow, CONST RGNDATA *pDirtyRegion) | |
| { | |
| if(!g_Init) | |
| { | |
| if(g_Font == NULL) | |
| D3DXCreateFontA(Device, 21, 0, true, 1, false, DEFAULT_CHARSET, OUT_DEFAULT_PRECIS, ANTIALIASED_QUALITY, DEFAULT_PITCH | FF_DONTCARE, "Arial", &g_Font); | |
| memset(g_Text, 0, sizeof(g_Text)); | |
| GenerateTexture(Device, &g_Blue, D3DCOLOR_ARGB(255, 0, 0, 255)); | |
| GenerateTexture(Device, &g_Green, D3DCOLOR_ARGB(255, 0, 255, 0)); | |
| g_Init = !g_Init; | |
| } | |
| D3DVIEWPORT9 VP; | |
| memset(&VP, 0, sizeof(D3DVIEWPORT9)); | |
| Device->GetViewport(&VP); | |
| float X = (float)VP.Width / 800; | |
| float Y = (float)VP.Height / 600; | |
| Drawing::Box(Device, X * TEXT_POS_X - 10.0f, Y * TEXT_POS_Y + 23.0f, 300.0f, 82.0f, 4.0f, D3DCOLOR_ARGB(200, 255, 0, 0)); | |
| Drawing::DrawString(g_Font, X * TEXT_POS_X, Y * TEXT_POS_Y, D3DCOLOR_ARGB(200, 255, 0, 0), "Momo5000's Return Address Logger"); | |
| memset(g_Text, 0, sizeof(g_Text)); | |
| sprintf_s(g_Text, sizeof(g_Text), "Vector size: %d", g_Vector.size()); | |
| Drawing::DrawString(g_Font, X * TEXT_POS_X, Y * TEXT_POS_Y + 25.0f, D3DCOLOR_ARGB(200, 0, 0, 255), g_Text); | |
| memset(g_Text, 0, sizeof(g_Text)); | |
| sprintf_s(g_Text, sizeof(g_Text), "Selected Index: %d", g_Index); | |
| Drawing::DrawString(g_Font, X * TEXT_POS_X, Y * TEXT_POS_Y + 50.0f, D3DCOLOR_ARGB(200, 0, 0, 255), g_Text); | |
| memset(g_Text, 0, sizeof(g_Text)); | |
| sprintf_s(g_Text, sizeof(g_Text), "Selected Address: [0x%X]", g_SelectedAddress); | |
| Drawing::DrawString(g_Font, X * TEXT_POS_X, Y * TEXT_POS_Y + 75.0f, D3DCOLOR_ARGB(200, 0, 0, 255), g_Text); | |
| return Orginal_Present(Device, pSrcRect, pDestRect, hDestWindow, pDirtyRegion); | |
| } | |
| HRESULT WINAPI Hooked_Reset(LPDIRECT3DDEVICE9 Device, D3DPRESENT_PARAMETERS *pp) | |
| { | |
| if(g_Font != NULL) | |
| { | |
| g_Font->OnLostDevice(); | |
| g_Font->OnResetDevice(); | |
| } | |
| return Orginal_Reset(Device, pp); | |
| } | |
| HRESULT WINAPI Hooked_DrawIndexedPrimitive(LPDIRECT3DDEVICE9 Device, D3DPRIMITIVETYPE PrimType, INT BaseVertexIndex, UINT MinVertexIndex, UINT NumVertices, UINT startIndex, UINT primCount) | |
| { | |
| void* ReturnAddress = _ReturnAddress(); | |
| if(!IsAddressPresent(ReturnAddress)) | |
| g_Vector.push_back(ReturnAddress); | |
| if(ReturnAddress != NULL && g_SelectedAddress != NULL && ReturnAddress == g_SelectedAddress) | |
| { | |
| Device->SetRenderState(D3DRS_ZENABLE, FALSE); | |
| Device->SetTexture(0, g_Blue); | |
| Orginal_DrawIndexedPrimitive(Device, PrimType, BaseVertexIndex, MinVertexIndex, NumVertices, startIndex, primCount); | |
| Device->SetRenderState(D3DRS_ZENABLE, TRUE); | |
| Device->SetTexture(0, g_Green); | |
| } | |
| return Orginal_DrawIndexedPrimitive(Device, PrimType, BaseVertexIndex, MinVertexIndex, NumVertices, startIndex, primCount); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment