directx 9 endscene hook

[Shield]

Hey

Since Liqu asked me via PM to elaborate this a bit further, I might as well do it in this thread.
What you can do with this is basically hook the rendering process of a DirectX9 game.

You create a DLL, as shown in the example above, and then use a hooking tool (e.g. Winject)
to inject the DLL. This means that, any time the game calls one of the hooked functions,
the function in our DLL is called instead. This allows to draw over the screen of the game
and change its rendering parameters.

When I tried this back then, I played with the settings to change the scene rendering to
wireframe mode and things like that, it was pretty fun.


Unfortunately I can't test if it still works. I am currently in China and at the moment a little
limited in terms of computers / games / PB. I still hope this helps a little.

[Liqu]

so the test exe is the exe that we can tried to inject the dll, thank you shield.

with the updated code, the game / the testexe become not responding after :

Code: Select all

  PrintN("myEndscene called!")
  *device\Clear(0, 0, #D3DCLEAR_TARGET, RGBA(0,255,0,0), 0.0, 0)
 
  ;we restore the registers and flags
  !POPFD
  !POPAD
  ;POP ebx
  ;here is the original endscene first bytes
  !MOV edi,edi
  !PUSH EBP
  !MOV EBP, ESP
  ;we jump back to endscene
  JMP *backtoendscene
EndProcedure

[graph100]

Same here, i was trying it with the test exe and it crashed after the injection.
I tried on a big game and it crashed with the following error message : "could not write at address 0x000000"

I think the problem lie with the injected DLL, and with x64 bit computer.

The tries were done compiling with the x86 version of PB. I try using the x6 but got address error in

Code: Select all

*vtable = PeekI(*g_pd3dDevice) ; store the address for the vtable

it seems that *g_pd3dDevice = 0
Also the DLL cannot be compiled in 64bit because some ASM command are just for x86.

Don't know how to run this on a 64bit machine !

I use W8 x64.