以下是代码。
// dllmain.cpp : 定义 DLL 应用程序的入口点。
#include <Windows.h>
#include "stdafx.h"
#include "d3d9types.h"
#include "d3dumddi.h"
#include "d3d9.h"
typedef HRESULT APIENTRY _OpenAdapter(D3DDDIARG_OPENADAPTER *pAdapterData);
HRESULT APIENTRY WarpDdiCreateDevice(
HANDLE hAdapter,
D3DDDIARG_CREATEDEVICE *pDeviceData);
void HookThread();
typedef struct _D3D_HookFunc
{
PFND3DDDI_DRAWINDEXEDPRIMITIVE DrawIndexedPrimitive;
PFND3DDDI_SETRENDERSTATE SetRenderState;
PFND3DDDI_SETSTREAMSOURCE SetStreamSource;
PFND3DDDI_CREATEQUERY CreateQuery;
DWORD Stride;
}D3D_HookFunc;
BOOL APIENTRY DllMain( HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
CreateThread(NULL,NULL,(LPTHREAD_START_ROUTINE)&HookThread,NULL,0,NULL);
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
void *DetourFunction(BYTE *src, const BYTE *dst, const int len)
{
BYTE *jmp = (BYTE*)VirtualAlloc(0,len+5,MEM_COMMIT,64);
//BYTE *jmp = (BYTE*)malloc(len+5);
DWORD dwBack;
VirtualProtect(src, len, PAGE_EXECUTE_READWRITE, &dwBack);
memcpy(jmp, src, len);
jmp += len;
jmp[0] = 0xE9;
*(DWORD*)(jmp+1) = (DWORD)(src+len - jmp) - 5;
src[0] = 0xE9;
*(DWORD*)(src+1) = (DWORD)(dst - src) - 5;
for (int i=5; i<len; i++) src[i]=0x90;
VirtualProtect(src, len, dwBack, &dwBack);
return (jmp-len);
}
_OpenAdapter *OldOpenAdapter;
PFND3DDDI_CREATEDEVICE DdiCreateDevice = NULL;
PFND3DDDI_PRESENT DdiPresent = NULL;
//PFND3DDDI_PRESENT1 DdiPresent1= NULL;
PFND3DDDI_LOCK DdiLock = NULL;
PFND3DDDI_CREATERESOURCE DdiCreateResource = NULL;
//PFND3DDDI_CREATERESOURCE2 DdiCreateResource2 = NULL;
PFND3DDDI_UNLOCK DdiUnlock = NULL;
PFND3DDDI_BLT DdiBlt = NULL;
HRESULT APIENTRY WarpOpenAdapter(D3DDDIARG_OPENADAPTER *pAdapterData)
{
HRESULT ret = OldOpenAdapter(pAdapterData);
if (ret == S_OK && pAdapterData->pAdapterFuncs->pfnCreateDevice)
{
DdiCreateDevice = pAdapterData->pAdapterFuncs->pfnCreateDevice;
pAdapterData->pAdapterFuncs->pfnCreateDevice = WarpDdiCreateDevice;
}
return ret;
}
BOOL DetourOpenAdapter()
{
PVOID OpenAdapter;
OpenAdapter = (PVOID)GetProcAddress(GetModuleHandleA("nvd3dum.dll"), "OpenAdapter");
if (OpenAdapter == NULL)
{
OpenAdapter = (PVOID)GetProcAddress(GetModuleHandleA("aticfx32.dll"), "OpenAdapter");
}
if (OpenAdapter)
{
OldOpenAdapter=(_OpenAdapter *)DetourFunction(( PBYTE )OpenAdapter,( PBYTE ) &WarpOpenAdapter,9);
}
return OpenAdapter != NULL;
}
D3DDDI_DEVICEFUNCS* pDeviceFuncs;
HRESULT WINAPI nDrawIndexedPrimitive(PVOID pDevice, D3DDDIARG_DRAWINDEXEDPRIMITIVE* pDrawIndexedPrimitive);
DWORD NewStride=0;
DWORD fangwei1;
DWORD fangwei2=500;
void HookThread()
{
BOOL IsHook;
IsHook=FALSE;
while (IsHook==FALSE)
{
IsHook=DetourOpenAdapter();
}
while (TRUE)
{
if (GetAsyncKeyState (VK_F2)&1)
{
NewStride++;
fangwei1=fangwei1+500;
fangwei2=fangwei2+500;
Sleep(100);
}
if (GetAsyncKeyState (VK_F3)&1)
{
NewStride--;
fangwei1=fangwei1-500;
fangwei2=fangwei2-500;
Sleep(100);
}
if (GetAsyncKeyState (VK_F4)&1)
{
char str[256];
itoa(NewStride,str,10);
MessageBoxA(0,str,0,0);
}
Sleep(100);
}
}
D3D_HookFunc D3DHookFunc1={};
D3D_HookFunc D3DHookFunc2={};
HRESULT WINAPI nSetStreamSource1(PVOID pDevice, D3DDDIARG_SETSTREAMSOURCE* pSetStreamSource)
{
if (pSetStreamSource->Stream==0)
{
D3DHookFunc1.Stride=pSetStreamSource->Stride;
}
return D3DHookFunc1.SetStreamSource(pDevice,pSetStreamSource);
}
HRESULT WINAPI nDrawIndexedPrimitive1(PVOID pDevice, D3DDDIARG_DRAWINDEXEDPRIMITIVE* pDrawIndexedPrimitive)
{
D3DDDIARG_RENDERSTATE tmp;
tmp.State=D3DDDIRS_ZENABLE;
tmp.Value=0;
if ( D3DHookFunc1.Stride==40 || D3DHookFunc1.Stride==44 || D3DHookFunc1.Stride==36 || D3DHookFunc1.Stride==32 || D3DHookFunc1.Stride==64)
{
tmp.State=D3DDDIRS_ZENABLE;
tmp.Value=0;
D3DHookFunc1.SetRenderState(pDevice,&tmp);
D3DHookFunc1.DrawIndexedPrimitive( pDevice, pDrawIndexedPrimitive);
tmp.State=D3DDDIRS_ZENABLE;
tmp.Value=1;
D3DHookFunc1.SetRenderState(pDevice,&tmp);
}
return D3DHookFunc1.DrawIndexedPrimitive( pDevice, pDrawIndexedPrimitive);
}
HRESULT WINAPI nCreateQuery1(PVOID pDevice, D3DDDIARG_CREATEQUERY* pCreateQuery)
{
if (pCreateQuery->QueryType==D3DDDIQUERYTYPE_OCCLUSION)
{
pCreateQuery->QueryType=D3DDDIQUERYTYPE_TIMESTAMP;
}
return D3DHookFunc1.CreateQuery(pDevice,pCreateQuery);
}
HRESULT WINAPI nSetStreamSource2(PVOID pDevice, D3DDDIARG_SETSTREAMSOURCE* pSetStreamSource)
{
if (pSetStreamSource->Stream==0)
{
D3DHookFunc2.Stride=pSetStreamSource->Stride;
}
return D3DHookFunc2.SetStreamSource(pDevice,pSetStreamSource);
}
HRESULT WINAPI nDrawIndexedPrimitive2(PVOID pDevice, D3DDDIARG_DRAWINDEXEDPRIMITIVE* pDrawIndexedPrimitive)
{
D3DDDIARG_RENDERSTATE tmp;
D3DDDIARG_SETMATERIAL Material;
if (D3DHookFunc2.Stride==40 || D3DHookFunc2.Stride==44 || D3DHookFunc2.Stride==36 || D3DHookFunc2.Stride==32 || D3DHookFunc2.Stride==64)
{
tmp.State=D3DDDIRS_ZENABLE;
tmp.Value=0;
D3DHookFunc2.SetRenderState(pDevice,&tmp);
D3DHookFunc2.DrawIndexedPrimitive( pDevice, pDrawIndexedPrimitive);
tmp.State=D3DDDIRS_ZENABLE;
tmp.Value=1;
D3DHookFunc2.SetRenderState(pDevice,&tmp);
}
return D3DHookFunc2.DrawIndexedPrimitive( pDevice, pDrawIndexedPrimitive);
}
HRESULT WINAPI nCreateQuery2(PVOID pDevice, D3DDDIARG_CREATEQUERY* pCreateQuery)
{
if (pCreateQuery->QueryType==D3DDDIQUERYTYPE_OCCLUSION)
{
pCreateQuery->QueryType=D3DDDIQUERYTYPE_TIMESTAMP;
}
return D3DHookFunc2.CreateQuery(pDevice,pCreateQuery);
}
HRESULT APIENTRY WarpDdiCreateDevice(
HANDLE hAdapter,
D3DDDIARG_CREATEDEVICE *pDeviceData)
{
// DdiCreateDevice must not be NULL if this path hit
HRESULT ret = DdiCreateDevice(hAdapter, pDeviceData);
if (pDeviceData->pDeviceFuncs->pfnDrawIndexedPrimitive!=NULL)
{
if (D3DHookFunc1.DrawIndexedPrimitive==NULL && D3DHookFunc2.SetRenderState!=pDeviceData->pDeviceFuncs->pfnSetRenderState)
{
D3DHookFunc1.DrawIndexedPrimitive=pDeviceData->pDeviceFuncs->pfnDrawIndexedPrimitive;
D3DHookFunc1.SetRenderState=pDeviceData->pDeviceFuncs->pfnSetRenderState;
D3DHookFunc1.SetStreamSource=pDeviceData->pDeviceFuncs->pfnSetStreamSource;
D3DHookFunc1.CreateQuery=pDeviceData->pDeviceFuncs->pfnCreateQuery;
pDeviceData->pDeviceFuncs->pfnDrawIndexedPrimitive=(PFND3DDDI_DRAWINDEXEDPRIMITIVE)nDrawIndexedPrimitive1;
pDeviceData->pDeviceFuncs->pfnSetStreamSource=(PFND3DDDI_SETSTREAMSOURCE)nSetStreamSource1;
pDeviceData->pDeviceFuncs->pfnCreateQuery=(PFND3DDDI_CREATEQUERY)nCreateQuery1;
}
if (D3DHookFunc2.DrawIndexedPrimitive==NULL && D3DHookFunc1.SetRenderState!=pDeviceData->pDeviceFuncs->pfnSetRenderState )
{
D3DHookFunc2.DrawIndexedPrimitive=pDeviceData->pDeviceFuncs->pfnDrawIndexedPrimitive;
D3DHookFunc2.SetRenderState=pDeviceData->pDeviceFuncs->pfnSetRenderState;
D3DHookFunc2.SetStreamSource=pDeviceData->pDeviceFuncs->pfnSetStreamSource;
D3DHookFunc2.CreateQuery=pDeviceData->pDeviceFuncs->pfnCreateQuery;
pDeviceData->pDeviceFuncs->pfnDrawIndexedPrimitive=(PFND3DDDI_DRAWINDEXEDPRIMITIVE)nDrawIndexedPrimitive2;
pDeviceData->pDeviceFuncs->pfnSetStreamSource=(PFND3DDDI_SETSTREAMSOURCE)nSetStreamSource2;
pDeviceData->pDeviceFuncs->pfnCreateQuery=(PFND3DDDI_CREATEQUERY)nCreateQuery2;
}
}
return ret;
}
问题1:进入游戏后能运行到WarpDdiCreateDevice函数内部,通过两个if判断。但是没进入到nDrawIndexedPrimitive1函数中。还是没透视效果。
问题2:
while (TRUE)
{
if (GetAsyncKeyState (VK_F2)&1)
{
NewStride++;
fangwei1=fangwei1+500;
fangwei2=fangwei2+500;
Sleep(100);
}
if (GetAsyncKeyState (VK_F3)&1)
{
NewStride--;
fangwei1=fangwei1-500;
fangwei2=fangwei2-500;
Sleep(100);
}
if (GetAsyncKeyState (VK_F4)&1)
{
char str[256];
itoa(NewStride,str,10);
MessageBoxA(0,str,0,0);
}
Sleep(100);
}
以上代码中angwei1和angwei2两个变量没什么用吧?还是代码阉割了?
哪位大神救救我。要以QQ:1229352057
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
