Untitled

//please read the comments maam Brixs

#include <windows.h>
#include <d3d9.h>
#include <d3dx9.h>

#pragma comment(lib, "d3d9.lib")
#pragma comment(lib, "d3dx9.lib")

#define EndSceneEngine 0x00455ECF //how to find maam Brixs? for SF1 SEA

DWORD retEndSceneEngine = ( EndSceneEngine + 0x8 );

#define Red    D3DCOLOR_ARGB( 255, 255, 000, 000 )
#define Green  D3DCOLOR_ARGB( 255, 000, 255, 000 )
#define Blue    D3DCOLOR_ARGB( 255, 000, 000, 255 )
#define Black  D3DCOLOR_ARGB( 255, 000, 000, 000 )

LPD3DXFONT Font;

VOID StartFont( LPDIRECT3DDEVICE9 pDevice )
{
    if( Font )
    {
        Font->Release();
        Font = NULL;
    }

    if( !Font )
    {
        D3DXCreateFont( pDevice,
                        14,
                        0,
                        FW_BOLD,
                        1,
                        0,
                        DEFAULT_CHARSET,
                        OUT_DEFAULT_PRECIS,
                        DEFAULT_QUALITY,
                        DEFAULT_PITCH | FF_DONTCARE,
                        "Arial",
                        &Font );
    }
}

VOID WriteText( LPDIRECT3DDEVICE9 pDevice, INT x, INT y, DWORD color, CHAR *text )
{
    RECT rect;
    SetRect( &rect, x, y, x, y );
    Font->DrawText( NULL, text, -1, &rect, DT_NOCLIP | DT_LEFT, color );
}

__declspec( naked ) HRESULT WINAPI EndSceneMidfunction( )
{
    static LPDIRECT3DDEVICE9 pDevice;

    __asm
    {
        MOV ECX, DWORD PTR DS:[EAX]
        MOV EDX, DWORD PTR DS:[ECX + 0xA8]
        MOV DWORD PTR DS:[pDevice], EAX
        PUSHAD
    }

    StartFont( pDevice );

    if( Font )
        WriteText( pDevice, 300, 300, Red, "CrossFire: Hook EndScene Engine" );

    __asm
    {
        POPAD
        JMP retEndSceneEngine
    }
}

VOID *DetourCreate( BYTE *src, CONST BYTE *dst, CONST INT len )
{
    BYTE *jmp =( BYTE * ) malloc( len + 5 );
    DWORD dwBack;

    VirtualProtect( src, len, PAGE_READWRITE, &dwBack );
    memcpy( jmp, src, len );
    jmp += len;
    jmp[0] = 0xE9;
    *( DWORD * )( jmp + 1 ) = ( DWORD )( src + len - jmp ) - 5;

    src[0] = 0xE9;
    *( DWORD * )( src + 1 ) = ( DWORD )( dst - src ) - 5;
    for( INT i = 5; i < len; i++ )
        src[i] = 0x90;
    VirtualProtect( src, len, dwBack, &dwBack );

    return( jmp - len );
}

DWORD WINAPI StartRoutine( LPVOID )
{
    while( TRUE )
    {
        if( memcmp( ( VOID * )EndSceneEngine, ( VOID * )( PBYTE )"\x8B\x08", 2 ) == 0 ) //also need help here
        {
            Sleep( 100 );
            DetourCreate( ( PBYTE )EndSceneEngine, ( PBYTE )EndSceneMidfunction, 8 );
        }
        Sleep( 50 );
    }

    return 0;
}

BOOL WINAPI DllMain( HMODULE hDll, DWORD dwReason, LPVOID lpReserved )
{
    if( dwReason == DLL_PROCESS_ATTACH )
    {
        DisableThreadLibraryCalls( hDll );
        MessageBox( 0, "Hook EndScene Engine", "Crossfire", 0 );
        CreateThread( 0, 0, (LPTHREAD_START_ROUTINE)StartRoutine, 0, 0, 0 );
    }

    return TRUE;
}