Solved DIRECTX MENU - Help

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

Chriko2502

Newbie
Full Member
Jul 18, 2013
8
172
0
Hi there,
i watched nearly all tut from Fleep and most of all work very fine...
but with the DIRECTX MENU i have a lot of trouble :)

Following code works with win7 to simply draw a filled rectangle with a borderbox.
But when i inject this code in my directx(9) game on win8. the game crahes...

because of the created logfile i think the pattern or detour function is the problem.
i tried to get this work but failed :( Perhaps someone can help me?!

Would be the happiest person in the world :D
Thx so far
Chriko2502

C++:
#define _CRT_SECURE_NO_WARNINGS 

#include <Windows.h> 
#include <cstdio> 
#include <time.h>
#include <d3d9.h> 
#include <d3dx9.h>  

const D3DCOLOR fontRed = D3DCOLOR_ARGB(255, 255, 0, 0);
const D3DCOLOR fontGreen = D3DCOLOR_ARGB(255, 0, 255, 0);
const D3DCOLOR fontBlue = D3DCOLOR_ARGB(255, 0, 0, 255);
const D3DCOLOR fontWhite = D3DCOLOR_ARGB(255, 255, 255, 255);
const D3DCOLOR fontBlack = D3DCOLOR_ARGB(255, 0, 0, 0);

HRESULT __stdcall hkEndScene(LPDIRECT3DDEVICE9 pDevice); 

typedef HRESULT(__stdcall* EndScene_t)(LPDIRECT3DDEVICE9); 
EndScene_t pEndScene;  

DWORD WINAPI HookThread();
void add_log(char* format, ...); 
void* DetourFunc(PBYTE src, const PBYTE dst, const int len);
bool bDataCompare(const BYTE* pData, const BYTE* bMask, const char* szMask);
DWORD dwFindPattern(DWORD dwAddress,DWORD dwLen,BYTE *bMask,char * szMask);  

void DrawFilledRectangle(int x, int y, int w, int h, D3DCOLOR color, IDirect3DDevice9 *d3dDevice);
void DrawBorderBox(int x, int y, int w, int h, int thickness, D3DCOLOR color, IDirect3DDevice9 *d3dDevice);

HMODULE hModD3D9 = NULL; 
FARPROC dwEndScene = NULL;
HANDLE tmpHandle = NULL;
DWORD* VTableStart = NULL;
DWORD tempadd = NULL;

BOOL WINAPI DllMain(HINSTANCE hinstDll,DWORD Reason,LPVOID Reserved) {  
	switch(Reason) {  
	case DLL_PROCESS_ATTACH:    
		add_log("==========LOG START=========="); 
		add_log("DLL Attached");    
		add_log("Creating Thread...");    
		tmpHandle = CreateThread(0, 0, (LPTHREAD_START_ROUTINE)&HookThread, 0, 0, 0);    
		if (!tmpHandle) {    
			add_log("ThreadCreation Failed!"); 
		}    break;  
	case DLL_PROCESS_DETACH:   
		add_log("DLL Detached");  
		add_log("==========LOG END==========\n\n\n");  
		break;  
	} 
	return 1;
}  

DWORD WINAPI HookThread(void) {
	add_log("Thread Created");  
	
	while (!hModD3D9) {   
		add_log("Searching d3d9.dll..."); 
		hModD3D9 = GetModuleHandle(L"d3d9.dll"); 
		Sleep(100);  
	}  
	add_log("Found d3d9.dll: %x !", hModD3D9);  

	tempadd = dwFindPattern((DWORD)hModD3D9, 0x128000, (PBYTE)"\xC7\x06\x00\x00\x00\x00\x89\x86\x00\x00\x00\x00\x89\x86", "xx????xx????xx");
	VTableStart = (DWORD*) *(DWORD*)(tempadd+2);  

	dwEndScene = (FARPROC) VTableStart[42]; 
	pEndScene = (EndScene_t) DetourFunc((PBYTE) dwEndScene, (PBYTE)hkEndScene, 5); 

	while (true)  { 
		Sleep(500); 
	} 
	return 0;
}  

void add_log(char* format, ...) { 
	HANDLE filehandle; 
	DWORD dwReadBytes;  
	char buffer[2048]; 
	char writebuffer[2048]; 
	va_list args;
	va_start(args, format);
	vsprintf (buffer, format, args);  
	filehandle = CreateFile(L"Log.txt", GENERIC_WRITE, 0, 0, OPEN_ALWAYS, 0, 0); 
	SetFilePointer(filehandle, 0, 0, FILE_END); 
	char date[18]; 
	_strdate(date); 
	date[8] = ' ';  
	_strtime(date+9);
	sprintf_s(writebuffer, 2048, "Log Added (%s): %s\r\n", date, buffer);
	WriteFile(filehandle, writebuffer, strlen(writebuffer), &dwReadBytes, 0);  
	CloseHandle(filehandle);
} 

 void* DetourFunc(PBYTE src, const PBYTE dst, const int len) { 
	 DWORD dwback; 
	 BYTE* jmp = (BYTE*)malloc(len+5); 
	 VirtualProtect(src, len, PAGE_READWRITE, &dwback); 
	 memcpy(jmp, src, len); 
	 jmp += len;  
	 jmp[0] = 0xE9; 
	 *(DWORD*)(jmp+1) = (DWORD)(src + len - jmp) - 5; 
	 src[0] = 0xE9;
	 *(DWORD*)(src+1) = (DWORD)(dst - src) - 5; 
	 VirtualProtect(src, len, dwback, &dwback); 
	 VirtualProtect(jmp-len, len+5, PAGE_EXECUTE_READWRITE, &dwback); 
	 return (jmp - len); 
 } 

bool bDataCompare(const BYTE* pData, const BYTE* bMask, const char* szMask) { 
	for(;*szMask;++szMask,++pData,++bMask)  { 
		if(*szMask=='x' && *pData!=*bMask )   {  
			return false;  
		}  
	} 
	return (*szMask) == NULL; 
}  

DWORD dwFindPattern(DWORD dwAddress,DWORD dwLen,BYTE *bMask,char * szMask) {  
	for(DWORD i=0; i < dwLen; i++)  {  
		if( bDataCompare( (BYTE*)( dwAddress+i ),bMask,szMask) )   { 
			return (DWORD)(dwAddress+i);   
		}  
	} 
	return 0; 
}  

HRESULT __stdcall hkEndScene(LPDIRECT3DDEVICE9 pDevice) { 
	//D3DRECT rect = {10, 10, 110, 110}; 
	//pDevice->Clear(1, &rect, D3DCLEAR_TARGET, fontGreen, 0, 0); 
	
	DrawFilledRectangle(55, 20, 200, 50, fontBlue, pDevice);
	DrawBorderBox(55, 20, 200, 50, 4, fontBlack, pDevice);

	return pEndScene(pDevice); 
} 


void DrawFilledRectangle(int x, int y, int w, int h, D3DCOLOR color, IDirect3DDevice9 *d3dDevice) {
	D3DRECT rct = {x , y, x + w, y + h};
	d3dDevice->Clear(1, &rct, D3DCLEAR_TARGET | D3DCLEAR_TARGET, color, 0, 0);
}

void DrawBorderBox(int x, int y, int w, int h, int thickness, D3DCOLOR color, IDirect3DDevice9 *d3dDevice){
	DrawFilledRectangle(x, y, w, thickness, color, d3dDevice);
	DrawFilledRectangle(x, y, thickness, h, color, d3dDevice);
	DrawFilledRectangle(x + w, y, thickness, h, color, d3dDevice);
	DrawFilledRectangle(x, y+h, thickness + w, thickness, color, d3dDevice);
}
 

Rake

Cesspool Admin
Administrator
Jan 21, 2014
12,140
78,998
2,394

till0sch

Respected Hacker
Dank Tier VIP
Dank Tier Donator
Oct 14, 2012
1,104
12,593
51
I have never tried using that DetourFunction. Your pattern seems fine, and the way you detour it is fine as well.

In the C/C++ section I have released a D3D9 Hook, try it out with MS Detours, if that works try it with your DetourFunction.

- What game are you doing as well?

EDIT: I just tested your code, and it seems to work just fine! I'm running Windows 7 x64, so Windows 8 might be the problem, shouldn't be since the pattern works on Windows 8 as well. Sure the game are using DirectX 9?
I got the same code base for detouring EndScene and it works on Windows 7 64 bit for me too. I guess it's Windows 8.
 

c5

Kim Kong Trasher
Dank Tier VIP
Dank Tier Donator
Jul 19, 2012
1,187
12,638
76
You want to go over the arguments you are passing to the detourfunction. That function is your badboy ;)
 
Last edited:

Chriko2502

Newbie
Full Member
Jul 18, 2013
8
172
0
EDIT: I just tested your code, and it seems to work just fine! I'm running Windows 7 x64, so Windows 8 might be the problem, shouldn't be since the pattern works on Windows 8 as well. Sure the game are using DirectX 9?
Of cause its running fine ;) And Yeah Win8 is the problem, but what to do?!


I guess it's Windows 8.
Yeah sure it is :) But what i have to do to get my filled ractengle with borderbox :D on win8?

Perhaps one of u guys can help me? Get it to work on win8 and win7? Game is not choosen yet, only wants to learn how to make a ingame menu for games... Code tested on different directx9 games.... Always working (win7)
 

till0sch

Respected Hacker
Dank Tier VIP
Dank Tier Donator
Oct 14, 2012
1,104
12,593
51
How about giving everything out on hooking? Like the address of EndScene etc...
 

Chriko2502

Newbie
Full Member
Jul 18, 2013
8
172
0
Hi, it's me again :)

i am wondering what i do wrong.... Perhaps u can help me? THX!
I want to write some stuff in my d3d hack, but the compiler says no -.-

When i uncomment the "drawtext things" code workes fine :( With them it will not...
C++:
#include <Windows.h> 
#include <cstdio> 
#include <time.h>
#include <iostream>
#include <d3d9.h> 
#include <d3dx9.h>  

const D3DCOLOR fontRed = D3DCOLOR_ARGB(255, 255, 0, 0);
const D3DCOLOR fontGreen = D3DCOLOR_ARGB(255, 0, 255, 0);
const D3DCOLOR fontBlue = D3DCOLOR_ARGB(255, 0, 0, 255);
const D3DCOLOR fontWhite = D3DCOLOR_ARGB(255, 255, 255, 255);
const D3DCOLOR fontBlack = D3DCOLOR_ARGB(255, 0, 0, 0);

HRESULT __stdcall hkEndScene(LPDIRECT3DDEVICE9 pDevice); 

typedef HRESULT(__stdcall* EndScene_t)(LPDIRECT3DDEVICE9); 
EndScene_t pEndScene;  

DWORD WINAPI HookThread();
void CreateLog(char* format, ...); 
void* DetourFunc(PBYTE src, const PBYTE dst, const int len);
bool bDataCompare(const BYTE* pData, const BYTE* bMask, const char* szMask);
DWORD dwFindPattern(DWORD dwAddress,DWORD dwLen,BYTE *bMask,char * szMask);  

void DrawFilledRectangle(int x, int y, int w, int h, D3DCOLOR color, IDirect3DDevice9 *d3dDevice);
void DrawBorderBox(int x, int y, int w, int h, int thickness, D3DCOLOR color, IDirect3DDevice9 *d3dDevice);
void DrawFont (int X, int Y, D3DCOLOR Color, char *format, ...);

HMODULE hModD3D9 = NULL; 
FARPROC dwEndScene = NULL;
HANDLE tmpHandle = NULL;
DWORD* VTableStart = NULL;
DWORD tempadd = NULL;

ID3DXFont *pFont = NULL;

BOOL WINAPI DllMain(HINSTANCE hinstDll,DWORD Reason,LPVOID Reserved) {  
	switch(Reason) {  
	case DLL_PROCESS_ATTACH:    
		CreateLog("==========LOG START=========="); 
		CreateLog("DLL Attached");    
		CreateLog("Creating Thread...");    
		tmpHandle = CreateThread(0, 0, (LPTHREAD_START_ROUTINE)&HookThread, 0, 0, 0);    
		if (!tmpHandle) {    
			CreateLog("ThreadCreation Failed!"); 
		}    break;  
	case DLL_PROCESS_DETACH:   
		CreateLog("DLL Detached");  
		CreateLog("==========LOG END==========\n\n\n");  
		break;  
	} 
	return 1;
}  

DWORD WINAPI HookThread(void) {
	CreateLog("Thread Created");  
	
	while (!hModD3D9) {   
		CreateLog("Searching d3d9.dll..."); 
		hModD3D9 = GetModuleHandle("d3d9.dll"); 
		Sleep(100);  
	}  
	CreateLog("Found d3d9.dll: %x !", hModD3D9);  

	tempadd = dwFindPattern((DWORD)hModD3D9, 0x128000, (PBYTE)"\xC7\x06\x00\x00\x00\x00\x89\x86\x00\x00\x00\x00\x89\x86", "xx????xx????xx");
	CreateLog("PatternFound!"); 
	VTableStart = (DWORD*) *(DWORD*)(tempadd+2);  

	dwEndScene = (FARPROC) VTableStart[42]; 
	pEndScene = (EndScene_t) DetourFunc((PBYTE) dwEndScene, (PBYTE)hkEndScene, 5); 

	while (true)  { 
		Sleep(500); 
	} 
	return 0;
}  

void CreateLog(char* format, ...) { 
	HANDLE filehandle; 
	DWORD dwReadBytes;  
	char buffer[2048]; 
	char writebuffer[2048]; 
	va_list args;
	va_start(args, format);
	vsprintf (buffer, format, args);  
	filehandle = CreateFile("Log.txt", GENERIC_WRITE, 0, 0, OPEN_ALWAYS, 0, 0); 
	SetFilePointer(filehandle, 0, 0, FILE_END); 
	char date[18]; 
	_strdate(date); 
	date[8] = ' ';  
	_strtime(date+9);
	sprintf_s(writebuffer, 2048, "Log Added (%s): %s\r\n", date, buffer);
	WriteFile(filehandle, writebuffer, strlen(writebuffer), &dwReadBytes, 0);  
	CloseHandle(filehandle);
} 

 void* DetourFunc(PBYTE src, const PBYTE dst, const int len) { 
	 DWORD dwback; 
	 BYTE* jmp = (BYTE*)malloc(len+5); 
	 VirtualProtect(src, len, PAGE_READWRITE, &dwback); 
	 memcpy(jmp, src, len); 
	 jmp += len;  
	 jmp[0] = 0xE9; 
	 *(DWORD*)(jmp+1) = (DWORD)(src + len - jmp) - 5; 
	 src[0] = 0xE9;
	 *(DWORD*)(src+1) = (DWORD)(dst - src) - 5; 
	 VirtualProtect(src, len, dwback, &dwback); 
	 VirtualProtect(jmp-len, len+5, PAGE_EXECUTE_READWRITE, &dwback); 
	 return (jmp - len); 
 } 

bool bDataCompare(const BYTE* pData, const BYTE* bMask, const char* szMask) { 
	for(;*szMask;++szMask,++pData,++bMask)  { 
		if(*szMask=='x' && *pData!=*bMask )   {  
			return false;  
		}  
	} 
	return (*szMask) == NULL; 
}  

DWORD dwFindPattern(DWORD dwAddress,DWORD dwLen,BYTE *bMask,char * szMask) {  
	for(DWORD i=0; i < dwLen; i++)  {  
		if( bDataCompare( (BYTE*)( dwAddress+i ),bMask,szMask) )   { 
			return (DWORD)(dwAddress+i);   
		}  
	} 
	return 0; 
}  

HRESULT __stdcall hkEndScene(LPDIRECT3DDEVICE9 pDevice) { 
	CreateLog("DrawIngameMenu"); 
	
	DrawFilledRectangle(55, 20, 200, 50, fontBlue, pDevice);
	DrawBorderBox(55, 20, 200, 50, 4, fontBlack, pDevice);

	D3DXCreateFont(pDevice, 14, 0, FW_NORMAL, 1, 0, DEFAULT_CHARSET,  OUT_DEFAULT_PRECIS, ANTIALIASED_QUALITY, DEFAULT_PITCH | FF_DONTCARE, "Arial", &pFont );      
	DrawFont( 300, 50, fontRed, "My first Text");


	return pEndScene(pDevice); 
} 

void DrawFilledRectangle(int x, int y, int w, int h, D3DCOLOR color, IDirect3DDevice9 *d3dDevice) {
	CreateLog("DrawFilledRectangle"); 
	D3DRECT rct = {x , y, x + w, y + h};
	d3dDevice->Clear(1, &rct, D3DCLEAR_TARGET | D3DCLEAR_TARGET, color, 0, 0);
}

void DrawBorderBox(int x, int y, int w, int h, int thickness, D3DCOLOR color, IDirect3DDevice9 *d3dDevice){
	CreateLog("DrawBorderBox");
	DrawFilledRectangle(x, y, w, thickness, color, d3dDevice);
	DrawFilledRectangle(x, y, thickness, h, color, d3dDevice);
	DrawFilledRectangle(x + w, y, thickness, h, color, d3dDevice);
	DrawFilledRectangle(x, y+h, thickness + w, thickness, color, d3dDevice);
}


void DrawFont (int X, int Y, D3DCOLOR Color, char *format, ...) { 
	char buffer[256];        
	va_list args; // deswegen: #include <cstdio>      
	va_start (args, format);   
	vsprintf (buffer,format, args);    
	RECT FontRect = { X, Y, X + 120, Y + 16 };    
	pFont->DrawText( NULL, buffer, -1, &FontRect, DT_NOCLIP , Color ); // Zeichnen  
	va_end (args); 
}
The Error which came up is
C++:
 Quelle.obj : error LNK2001: Nicht aufgelöstes externes Symbol "_D3DXCreateFontA@48".
Perhaps someone can help? i would be very happy! :)
 
Last edited:

Chriko2502

Newbie
Full Member
Jul 18, 2013
8
172
0
has been answered countless times on this forum, if you took 10 seconds of your life to use the search button.
Sorry didnt found it :( u have a link for me?

also, why are you calling D3DXCreateFont each frame
Yeah sure it makes no sense, i only wanted to test it because i am new to this stuff... and i failed :(
In final version i'll only will do it once....
 
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods