Results 1 to 4 of 4
  1. 12-05-2010 #1
    lauwy
    lauwy is offline
    Expert Member
    MPGH Member
    lauwy's Avatar
    Join Date
    May 2010
    Gender
    male
    Posts
    522
    Reputation
    19
    Thanks
    1,106
    Send a message via Birdie™ to lauwy Netherlands

    Finding crossfire D3D device pointer

    This is what I already found :

    Code:
    004AE618  |. 68 2CAE6600    PUSH Crossfir.0066AE2C                   ; /FileName = "d3d9.dll"
004AE61D  |. 90             NOP                                      ; |
004AE61E  |. E8 A3651475    CALL kernel32.LoadLibraryA               ; \LoadLibraryA
004AE623  |. 68 F0D46700    PUSH Crossfir.0067D4F0                   ; /ProcNameOrOrdinal = "Direct3DCreate9"
004AE628  |. 50             PUSH EAX                                 ; |hModule
004AE629  |. A3 F0AA6B00    MOV DWORD PTR DS:[6BAAF0],EAX            ; |
004AE62E  |. 90             NOP                                      ; |
004AE62F  |. E8 CE2B1475    CALL kernel32.GetProcAddress             ; \GetProcAddress
    Hmmmz: watch the d3ddevice
    Code:
    00580E19   > 68 08656700    PUSH Crossfir.00676508                   ; /s2 = "cresl_hinstance"
00580E1E   . 8B4D 08        MOV ECX,DWORD PTR SS:[EBP+8]             ; |
00580E21   . 51             PUSH ECX                                 ; |s1
00580E22   . 90             NOP                                      ; |
00580E23   . E8 6549C270    CALL MSVCR80._stricmp                    ; \_stricmp
00580E28   . 83C4 08        ADD ESP,8
00580E2B   . 85C0           TEST EAX,EAX
00580E2D   . 75 1C          JNZ SHORT Crossfir.00580E4B
00580E2F   . 8B55 0C        MOV EDX,DWORD PTR SS:[EBP+C]
00580E32   . 52             PUSH EDX                                 ; /Arg2
00580E33   . A1 D4A86B00    MOV EAX,DWORD PTR DS:[6BA8D4]            ; |
00580E38   . 8B88 C8060000  MOV ECX,DWORD PTR DS:[EAX+6C8]           ; |
00580E3E   . 51             PUSH ECX                                 ; |Arg1
00580E3F   . E8 4C340900    CALL Crossfir.00614290                   ; \Crossfir.00614290
00580E44   . 83C4 08        ADD ESP,8
00580E47   . EB 5F          JMP SHORT Crossfir.00580EA8
00580E49   . EB 58          JMP SHORT Crossfir.00580EA3
00580E4B   > 68 18656700    PUSH Crossfir.00676518                   ; /s2 = "cshell_hinstance"
00580E50   . 8B55 08        MOV EDX,DWORD PTR SS:[EBP+8]             ; |
00580E53   . 52             PUSH EDX                                 ; |s1
00580E54   . 90             NOP                                      ; |
00580E55   . E8 3349C270    CALL MSVCR80._stricmp                    ; \_stricmp
00580E5A   . 83C4 08        ADD ESP,8
00580E5D   . 85C0           TEST EAX,EAX
00580E5F   . 75 1D          JNZ SHORT Crossfir.00580E7E
00580E61   . 8B45 0C        MOV EAX,DWORD PTR SS:[EBP+C]
00580E64   . 50             PUSH EAX                                 ; /Arg2
00580E65   . 8B0D D4A86B00  MOV ECX,DWORD PTR DS:[6BA8D4]            ; |
00580E6B   . 8B91 CC060000  MOV EDX,DWORD PTR DS:[ECX+6CC]           ; |
00580E71   . 52             PUSH EDX                                 ; |Arg1
00580E72   . E8 19340900    CALL Crossfir.00614290                   ; \Crossfir.00614290
00580E77   . 83C4 08        ADD ESP,8
00580E7A   . EB 2C          JMP SHORT Crossfir.00580EA8
00580E7C   . EB 25          JMP SHORT Crossfir.00580EA3
00580E7E   > 68 2C656700    PUSH Crossfir.0067652C                   ; /s2 = "d3ddevice"
00580E83   . 8B45 08        MOV EAX,DWORD PTR SS:[EBP+8]             ; |
00580E86   . 50             PUSH EAX                                 ; |s1
00580E87   . 90             NOP                                      ; |
00580E88   . E8 0049C270    CALL MSVCR80._stricmp                    ; \_stricmp
00580E8D   . 83C4 08        ADD ESP,8
00580E90   . 85C0           TEST EAX,EAX
00580E92   . 75 0F          JNZ SHORT Crossfir.00580EA3
00580E94   . FF15 DC476C00  CALL DWORD PTR DS:[6C47DC]               ;  Crossfir.0045A140
00580E9A   . 8B4D 0C        MOV ECX,DWORD PTR SS:[EBP+C]
00580E9D   . 8901           MOV DWORD PTR DS:[ECX],EAX
00580E9F   . 33C0           XOR EAX,EAX
00580EA1   . EB 05          JMP SHORT Crossfir.00580EA8
00580EA3   > B8 01000000    MOV EAX,1
00580EA8   > 5D             POP EBP
00580EA9   . C3             RETN
    Last edited by lauwy; 12-05-2010 at 08:28 AM.
    Need some help to get back on track

    Find the pointer to the D3D9 Device (Not usefull for Cross)

    https://www.mpgh.net/forum/242-crossf...ice-lauwy.html

    Fix olly if scanning doesn't work

    https://www.mpgh.net/forum/242-crossf...ing-fails.html

    Unpack cshell.dll

    https://www.mpgh.net/forum/242-crossf...shell-dll.html
  2. 12-19-2010 #2
    deaddead
    deaddead is offline
    Leecher
    deaddead's Avatar
    Join Date
    Apr 2009
    Gender
    male
    Posts
    1
    Reputation
    10
    Thanks
    0
    Send a message via Birdie™ to deaddead Anguilla
    00580E7E > 68 2C656700 PUSH Crossfir.0067652C ; /s2 = "d3ddevice"

    is d3ddevice ??????
    Should not be is /s2 = "d3ddevice"
  3. 12-20-2010 #3
    ojiru123
    ojiru123 is offline
    Member
    MPGH Member
    ojiru123's Avatar
    Join Date
    Aug 2010
    Gender
    male
    Posts
    101
    Reputation
    10
    Thanks
    11
    My Mood
    Confused
    Send a message via Birdie™ to ojiru123 Philippines
    hello sir lauwy )
  4. 12-20-2010 #4
    Swiftdude
    Swiftdude is offline
    #MEN
    MPGH Member
    Swiftdude's Avatar
    Join Date
    Apr 2009
    Gender
    male
    Location
    Illinois.
    Posts
    12,572
    Reputation
    1130
    Thanks
    2,995
    My Mood
    Cynical
    Send a message via Birdie™ to Swiftdude United States
    bumped

    ╪closed╪
    Still love you Giggletron
« Previous Thread | Next Thread »