2024年4月1日发(作者:)
#include
#include
#pragma comment(lib, "")
typedef HRESULT ( WINAPI* oPresent ) ( LPDIRECT3DDEVICE8 pDevice, CONST RECT*
pSourceRect,CONST
pDirtyRegion);
oPresent pPresent;
void *DetourFunc(BYTE *src, const BYTE *dst, const int len)
{
BYTE *jmp = (BYTE*)malloc(len+5);
DWORD dwBack;
VirtualProtect(src, len, PAGE_READWRITE, &dwBack);
memcpy(jmp, src, len);
jmp += len;
jmp[0] = 0xE9;
*(DWORD*)(jmp+1) = (DWORD)(src+len - jmp) - 5;
src[0] = 0x90; //50
src[1] = 0x90; // 58
src[2] = 0xE9;
*(DWORD*)(&src[3]) = (DWORD)(dst - src) - 7;
for (int i=7; i VirtualProtect(src, len, dwBack, &dwBack); return (jmp-len); } HRESULT WINAPI myPresent ( LPDIRECT3DDEVICE8 pDevice, CONST RECT* pSourceRect, CONST RECT* pDestRect, HWND hDestWindowOverride, CONST RGNDATA* pDirtyRegion ) { _asm pushad; Sleep(100); _asm popad; return pPresent( pDevice, pSourceRect, pDestRect, hDestWindowOverride, pDirtyRegion ); } bool bCompare(const BYTE* pData, const BYTE* bMask, const char* szMask) { for(;*szMask;++szMask,++pData,++bMask) if(*szMask=='x' && *pData!=*bMask ) return false; RECT* pDestRect,HWND hDestWindowOverride,CONST RGNDATA* return (*szMask) == NULL; } DWORD FindPattern(DWORD dwAddress,DWORD dwLen,BYTE *bMask,char * szMask) { for(DWORD i=0; i < dwLen; i++) if( bCompare( (BYTE*)( dwAddress+i ),bMask,szMask) ) return (DWORD)(dwAddress+i); return 0; } int hookPresent() { DWORD* VTableHook = 0; DWORD hD3D8 = (DWORD)GetModuleHandle(""); DWORD VIRTUALTABLE = FindPattern(hD3D8, 0x128000, (PBYTE)"xC7x06x00x00x00x00x89x86x00x00x00x00x89x86", "xx????xx????xx"); memcpy(&VTableHook, (void*)(VIRTUALTABLE+2), 4); DWORD dwPresent = VTableHook[15]; pPresent = (oPresent)DetourFunc((PBYTE)dwPresent, (PBYTE)myPresent, 7); return 0; } 原理就是找到 的入口,搜索特征码,找到 Vtalbe( 虚函数表 ) ,查表找到需要 hook 的函数的地址, 然后 hook 这个比较简单,不需要在游戏启动的时候通过 COM 的方式取得地址,相对难度要简单得多 需要 hook D3D 其它函数的可以查一下有关资料,看看相关的函数在虚函数表的位置,然后 hook 就可以了 如果要 hook DX9, 改对应的特征码就可以了
发布评论