D3D11 Hook

1. /*
2.     D3D11 DirectX Hook by agrippa1994
3.     Credits: unknowncheats.me
4. */
5.  
6. #include <Windows.h>
7. #include <iostream>
8.  
9. #include <d3d11.h>
10. #include <d3d10.h>
11.  
12. #pragma comment(lib,"d3d11.lib")
13. #pragma comment(lib,"d3d10.lib")
14.  
15. DWORD g_dwPresent;
16. DWORD g_dwClearRenderTargetView;
17. DWORD g_dwDrawIndexed;
18.  
19. void InitHooks();
20.  
21. BOOL WINAPI DllMain(HANDLE hDllHandle, DWORD dwReason, void *pReserved)
22. {
23.     if(dwReason == DLL_PROCESS_ATTACH)
24.     {
25.         CreateThread(0,0,(LPTHREAD_START_ROUTINE)InitHooks,0,0,0);
26.         return TRUE;
27.     }
28.     return FALSE;
29. }
30.  
31. void WINAPI Present(IDXGISwapChain *pSwap)
32. {
33.     printf("Render\n");
34. }
35.  
36. void WINAPI ClearTargetRenderView(ID3D11DeviceContext *pCon)
37. {
38.     printf("ClearTargetRenderView\n");
39. }
40.  
41. void WINAPI DrawIndexed(ID3D11DeviceContext *pCon,UINT IndexCount, UINT StartIndexLocation, UINT BaseVertexLocation)
42. {
43.     printf("DrawIndexed: %d %d %d\n",IndexCount,StartIndexLocation,BaseVertexLocation);
44. }
45.  
46. void __declspec(naked) MidPresent()
47. {
48.     __asm mov edi, edi
49.     __asm push ebp
50.     __asm mov ebp, esp
51.     __asm pushad
52.     __asm mov eax, [ebp + 0x8]
53.     __asm push eax
54.     __asm call Present
55.     __asm popad
56.     __asm jmp g_dwPresent
57. }
58.  
59. void __declspec(naked) MidClearTargetRenderView()
60. {
61.     __asm mov edi, edi
62.     __asm push ebp
63.     __asm mov ebp, esp
64.     __asm pushad
65.     __asm mov eax, [ebp + 0x8]
66.     __asm push eax
67.     __asm call ClearTargetRenderView
68.     __asm popad
69.     __asm jmp g_dwClearRenderTargetView
70. }
71.  
72. void __declspec(naked) MidDrawIndexed()
73. {
74.     __asm mov edi, edi
75.     __asm push ebp
76.     __asm mov ebp, esp
77.     __asm pushad
78.     __asm mov edx, 0x14
79.     __asm Label:
80.     __asm mov eax, [ebp + edx]
81.     __asm push eax
82.     __asm sub edx, 0x4
83.     __asm cmp edx, 0x4
84.     __asm jne Label
85.     __asm call DrawIndexed
86.     __asm popad
87.     __asm jmp g_dwDrawIndexed
88. }
89.  
90. bool SetJmp(BYTE *pSrc,DWORD dwTo,size_t uiLen)
91. {
92.     DWORD dwOld;
93.     if(!VirtualProtect((void *)pSrc,uiLen,PAGE_EXECUTE_READWRITE,&dwOld))
94.         return false;
95.  
96.     memset(pSrc,0x90,uiLen);
97.  
98.     *pSrc = 0xE9;
99.     *(DWORD *)(BYTE *)(pSrc + 0x1) = dwTo - (DWORD)pSrc - 0x5;
100.    
101.     VirtualProtect((void *)pSrc,uiLen,dwOld,NULL);
102.  
103.     return true;
104. }
105.  
106. void InitHooks()
107. {
108.     ID3D11Device *pDev;
109.     ID3D11DeviceContext *pCon;
110.     IDXGISwapChain *pSwap;
111.  
112.     DXGI_SWAP_CHAIN_DESC scd;
113.     memset(&scd,0,sizeof(scd));
114.  
115.     HWND hWnd = FindWindowA(0,"Far Cry® 3");
116.     scd.BufferCount = 1;                                
117.     scd.BufferDesc.Format = DXGI_FORMAT_R8G8B8A8_UNORM;  
118.     scd.BufferUsage = DXGI_USAGE_RENDER_TARGET_OUTPUT;
119.     scd.OutputWindow = hWnd;
120.     scd.SampleDesc.Count = 4;
121.     scd.Windowed = ((GetWindowLong(hWnd, GWL_STYLE) & WS_POPUP) != 0) ? false : true;
122.     scd.BufferDesc.ScanlineOrdering = DXGI_MODE_SCANLINE_ORDER_UNSPECIFIED;
123.     scd.BufferDesc.Scaling = DXGI_MODE_SCALING_UNSPECIFIED;
124.     scd.SwapEffect = DXGI_SWAP_EFFECT_DISCARD;
125.  
126.     D3D11CreateDeviceAndSwapChain(NULL,D3D_DRIVER_TYPE_HARDWARE,NULL,NULL,NULL,NULL,D3D11_SDK_VERSION,
127.         &scd,&pSwap,&pDev,NULL,&pCon);
128.  
129.     if(pSwap == NULL || pDev == NULL || pCon == NULL)
130.         return;
131.    
132.     AllocConsole();
133.     freopen("conout$","w",stdout);
134.  
135.     DWORD *vTable = NULL;
136.  
137.     memcpy(&vTable,(void *)pSwap,4);
138.     g_dwPresent = vTable[8] + 0x5;
139.     SetJmp((BYTE *)vTable[8],(DWORD)MidPresent,5);
140.  
141.     memcpy(&vTable,(void *)pCon,4);
142.  
143.     g_dwClearRenderTargetView = vTable[50] + 0x5;
144.     SetJmp((BYTE *)vTable[50],(DWORD)MidClearTargetRenderView,5);
145.  
146.     g_dwDrawIndexed = vTable[12]+0x5;
147.     SetJmp((BYTE *)vTable[12],(DWORD)MidDrawIndexed,5);
148.  
149.     pSwap->Release();
150.     pCon->Release();
151.     pDev->Release();
152.  
153.     while(1)
154.     {
155.         Sleep(100);
156.         if(GetAsyncKeyState(VK_F12))
157.             break;
158.     }
159.  
160.     FreeConsole();
161.  
162.     return;
163. }