EndScene mid function

[AeroMan]

Code:

/*
	* Information *
	- Programmed by AeroMan & Znoen!

	* Usage *
	- Distribution and reusing allowed.
	- Credits should be given at any point of time!
	- Status: Unknown

	https://mpgh.net
*/


#define _SOURCE_
#ifdef _SOURCE_


#include <Windows.h>
#include <d3dx9.h>
#include <d3d9.h>

#pragma comment(lib, "d3dx9.lib")
#pragma comment(lib, "d3d9.lib")


ID3DXFont *pfont;

int pReset = 0;

void MenuRender(LPDIRECT3DDEVICE9 pDevice, int FontSize, int Weight, TCHAR *pFontName)
{

	if (pReset == 0){					// If our cReset is NULL
		D3DXCreateFont(pDevice,					// D3D9
			FontSize,							// Font Height
			0,									// Font Width
			Weight,							    // Font Weight
			1,									// Font MapLevel
			0,									// Italic
			DEFAULT_CHARSET,					// CharSet
			OUT_DEFAULT_PRECIS,					// Precis
			DEFAULT_QUALITY,					// Font Quality
			0,									// Pitch And Family
			(LPCWSTR)pFontName,					// Font Name (Arial,Verdana,Courier new,...)
			&pfont);							// pFont
		pReset = 1;
	}					// Our cReset goes to 1
}

DWORD FindDevice(DWORD Len)
{
	DWORD dwObjBase = 0;
	dwObjBase = (DWORD)LoadLibraryA("d3d9.dll");
	while (dwObjBase++ < dwObjBase + Len)
	{
		if ((*(WORD*)(dwObjBase + 0x00)) == 0x06C7 && (*(WORD*)(dwObjBase + 0x06)) == 0x8689 && (*(WORD*)(dwObjBase + 0x0C)) == 0x8689)
		{
			dwObjBase += 2; break;
		}
	}
	return (dwObjBase);
}

DWORD vTableID(int index)
{
	PDWORD VTable;
	*(DWORD*)&VTable = *(DWORD*)FindDevice(0x128000);
	return VTable[index];
}

void DrawString(char * string, int x, int y, int to, D3DCOLOR Color, ID3DXFont * pFont)
{
	RECT pRect;
	SetRect(&pRect, x, y, x, y);

	switch (to)
	{
	case 1:
		pFont->DrawTextA(NULL, string, -1, &pRect, DT_NOCLIP | DT_CENTER, Color);
		break;

	case 0:
		pFont->DrawTextA(NULL, string, -1, &pRect, DT_NOCLIP | DT_RIGHT, Color);
		break;

	case 2:
		pFont->DrawTextA(NULL, string, -1, &pRect, DT_NOCLIP | DT_LEFT, Color);
		break;
	}
}

void PlaceJMP(BYTE * address, DWORD jumpTo, DWORD length)
{
	DWORD oldProtect, newProtect, relativeAddress;
	VirtualProtect(address, length, PAGE_EXECUTE_READWRITE, &oldProtect);
	relativeAddress = (DWORD)(jumpTo - (DWORD)address) - 5;
	*address = 0xE9;
	*((DWORD *)(address + 0x1)) = relativeAddress;
	for (DWORD x = 0x5; x < length; x++)
	{
		*(address + x) = 0x90;
	}
	VirtualProtect(address, length, oldProtect, &newProtect);
}


DWORD dwReJmp = vTableID(42) + 5;
__declspec(naked)HRESULT __stdcall dwEndScene()
{
	static LPDIRECT3DDEVICE9 pDev;

	/* Original code -> 5 first hooking
	695C279F     8BFF           MOV EDI,EDI
	695C27A1   . 55             PUSH EBP
	695C27A2   . 8BEC           MOV EBP,ESP

	 * Modified code jmp to our EndScene
	695C279F  -E9 9C06D9A5      JMP VIP_Base.dwEndScene
	695C27A4   6A FF            PUSH -1
	695C27A6   68 FCAD7369      PUSH d3d9.6973ADFC
	695C27AB   64:A1 00000000   MOV EAX,DWORD PTR FS:[0]
	695C27B1   50               PUSH EAX
	695C27B2   83EC 14          SUB ESP,14
	695C27B5   53               PUSH EBX
	695C27B6   56               PUSH ESI
	*/



	__asm mov edi, edi
	__asm push ebp
	__asm mov ebp, esp
	__asm mov eax, dword ptr ss : [ebp + 0x8]
	__asm mov pDev, eax
	__asm pushad

	if (pDev)
	{
		MenuRender(pDev, 14, 600, (TCHAR*)"Arial");
		DrawString("EndScene hooked!", 50, 50, 2, D3DCOLOR_ARGB(255, 255, 0, 0), pfont);
	}

	__asm popad
	__asm jmp[dwReJmp]
}

DWORD ***********()
{
	HMODULE hDll;

	do{
		hDll = GetModuleHandleA("d3d9.dll");
		Sleep(200);
	} while (!hDll);

	PlaceJMP((PBYTE)vTableID(42), (DWORD)dwEndScene, 5);

	return 0;
}

BOOL WINAPI DllMain(HINSTANCE hDll, DWORD dwReason, LPVOID)
{
	if (dwReason == DLL_PROCESS_ATTACH)
	{
		CreateThread(NULL,
			NULL,
			(LPTHREAD_START_ROUTINE)***********,
			NULL,
			NULL,
			NULL);
	}
	return TRUE;
}

#endif