我正在编写一个简单的dll钩子来绘制程序,为此我将dll注入到进程中,而不是创建一个检索endScene位置的线程。为了检索最终场景位置,我找到了" Direct3DCreate9"的地址,我用来找到vtable。我的问题是,调用Direct3DCreate9似乎会立即崩溃程序。
我的代码如下,有关我如何获取Direct3DCreate9位置或其他内容有什么问题吗?
DWORD WINAPI MainThread(LPVOID param) {
// Information
HMODULE module = GetModuleHandleA("d3d9");
//d3d = Direct3DCreate9(D3D_SDK_VERSION); // create the Direct3D interface
// Find adress of create
LPDIRECT3D9(__stdcall*pDirect3DCreate9)(UINT) = (LPDIRECT3D9(__stdcall*)(UINT))GetProcAddress( module, "Direct3DCreate9");
// Create the direct3d
LPDIRECT3D9 pD3D = pDirect3DCreate9(D3D_SDK_VERSION);
// Create IDirect3DDevice9 and destroy
D3DDISPLAYMODE d3ddm;
HRESULT hRes = pD3D->GetAdapterDisplayMode(D3DADAPTER_DEFAULT, &d3ddm);
D3DPRESENT_PARAMETERS d3dpp;
ZeroMemory(&d3dpp, sizeof(d3dpp));
d3dpp.Windowed = true;
d3dpp.SwapEffect = D3DSWAPEFFECT_DISCARD;
d3dpp.BackBufferFormat = d3ddm.Format;
IDirect3DDevice9 * ppReturnedDeviceInterface; // interface IDirect3DDevice9 (pointer to array of pointers)
// Set the window to program window
HWND window = FindWindowA(NULL, "test");
// Create it
hRes = pD3D->CreateDevice(D3DADAPTER_DEFAULT,
D3DDEVTYPE_HAL,
window,
D3DCREATE_SOFTWARE_VERTEXPROCESSING,
&d3dpp,
&ppReturnedDeviceInterface);
pD3D->Release();
DestroyWindow(window);
unsigned long* pInterface = (unsigned long*)*((unsigned long*)ppReturnedDeviceInterface);
DWORD endScene = (DWORD)pInterface[42];
// Output information to log file
std::fstream test;
test.open("log.txt", std::ios::out);
test << endScene;
test.close();
FreeLibraryAndExitThread((HMODULE)param, 0);
return (0);
}
BOOL APIENTRY DllMain(HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
case DLL_THREAD_ATTACH:
{
CreateThread(NULL, 0, MainThread, hModule, 0, NULL);
break;
}
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}