为什么Direct x 9挂钩会导致程序崩溃?

时间:2017-07-16 14:16:47

标签: directx hook

我正试图挂钩Direct x 9。   我在下面的代码中使用了钩子dll,我为我的dx游戏注入了dll。

但是在我的dx游戏中出现了崩溃。   那么..我可以得到一些帮助吗?我不知道为什么它不起作用。

也许我猜h_EndScene(LPDIRECT3DDEVICE9 pDevice)函数的   return org_EndScene(pDevice);导致崩溃。   (但没有什么可怪的......)

//Dll's Main.cpp

#include "d3dhooks.h"

BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpReserved )
{
 switch( fdwReason )
 {
   case DLL_PROCESS_ATTACH:
   {
     DisableThreadLibraryCalls(hinstDLL);
     StartD3DHooks();
     return true;
     break;
   }
   case DLL_PROCESS_DETACH:
   {
     MessageBox(NULL,L"detach dll!", L"ok", MB_OK);
     break;
   }
  }
 return TRUE;
}




//d3dhooks.h
#include <d3d9.h>
#include <d3dx9.h>
#pragma comment( lib, "d3d9.lib" )
#pragma comment( lib, "d3dx9.lib" )
#include <iostream>
#include <vector>
class DXGH 
{
 public:
   static HRESULT WINAPI h_EndScene(LPDIRECT3DDEVICE9 pDevice);
   void DrawRect(LPDIRECT3DDEVICE9 Device_t, int X, int Y, int L, int H, 
   D3DCOLOR color);
};

int StartD3DHooks();
typedef HRESULT(WINAPI *EndScene_t)(LPDIRECT3DDEVICE9 pDevice);
extern DXGH DXGameHook;




//d3dhooks.cpp

#include "d3dhooks.h"
#define ENDSCENE 42
DXGH DXGameHook;
typedef HRESULT(__stdcall* EndScene_t)(LPDIRECT3DDEVICE9);
EndScene_t org_EndScene;

const D3DCOLOR txtPink = D3DCOLOR_ARGB(255, 255, 0, 255);

void *DetourFunc(BYTE *src, const BYTE *dst, const int len)
{
  BYTE *jmp = (BYTE*)malloc(len + 5);
  DWORD dwback;
  VirtualProtect(src, len, PAGE_READWRITE, &dwback);
  memcpy(jmp, src, len); jmp += len;
  jmp[0] = 0xE9;
  *(DWORD*)(jmp + 1) = (DWORD)(src + len - jmp) - 5;
  src[0] = 0xE9;
  *(DWORD*)(src + 1) = (DWORD)(dst - src) - 5;
  VirtualProtect(src, len, dwback, &dwback);

  return (jmp - len);
}


bool bDataCompare(const BYTE* pData, const BYTE* bMask, const char* szMask)
{
  for (; *szMask; ++szMask, ++pData, ++bMask)
      if (*szMask == 'x' && *pData != *bMask)
          return false;
  return (*szMask) == NULL;
}

DWORD FindPattern(DWORD dwAddress, DWORD dwLen, BYTE *bMask, char * szMask)
{
   for (DWORD i = 0; i < dwLen; i++)
      if (bDataCompare((BYTE*)(dwAddress + i), bMask, szMask))
         return (DWORD)(dwAddress + i);

    return 0;
}


void DXGH::DrawRect(LPDIRECT3DDEVICE9 Device_t, int X, int Y, int L, int H, 
D3DCOLOR color)
{
    D3DRECT rect = { X, Y, X + L, Y + H };
    Device_t->Clear(1, &rect, D3DCLEAR_TARGET, color, 0, 0);
}
HRESULT WINAPI DXGH::h_EndScene(LPDIRECT3DDEVICE9 pDevice)
{
  DXGameHook.DrawRect(pDevice, 10, 10, 200, 200, txtPink);
  MessageBoxA(NULL, "test", "1", MB_OK);
  return org_EndScene(pDevice);
}

LPDIRECT3D9 g_pD3D = NULL;
LPDIRECT3DDEVICE9 g_pd3dDevice = NULL;



int StartD3DHooks()
{
  DWORD D3DPattern, *vTable, DXBase = NULL;
  DXBase = (DWORD)LoadLibraryA("d3d9.dll");
  while (!DXBase);
  {
      D3DPattern = FindPattern(DXBase, 0x128000,
        (PBYTE)"\xC7\x06\x00\x00\x00\x00\x89\x86\x00\x00\x00\x00\x89\x86" 
        ,"xx????xx????xx");
  }

 if (D3DPattern)
 {
     memcpy(&vTable, (void *)(D3DPattern + 2), 4);
     org_EndScene = (EndScene_t)DetourFunc((PBYTE)vTable[ENDSCENE], 
      (PBYTE)DXGameHook.h_EndScene, 5);

 }
 return 0;
}

0 个答案:

没有答案
相关问题
最新问题