ELvsimple.Blogspot.com

Nih agan2 ane bagi PB Hook Undetect
//================NEW HOOK Udenteck==============//
void CopyCode(PDWORD target, PDWORD newfunc)
{
DWORD Jmpto=(DWORD)(newfunc)-(DWORD)target-5;
DWORD a;
VirtualProtect(target, 8, PAGE_EXECUTE_READWRITE, &a);
*(PBYTE)(target)=0xE9;
*(PDWORD)((DWORD)(target)+1)=Jmpto;
VirtualProtect(target, 8, a, &a);
}
class CHSBypass
{
public:
char _0x0000[168];
DWORD dwES;
char _0x00AC[156];
DWORD dwDIP;
};
HMODULE hGfxDx = LoadLibrary("i3GfxDx.dll");
DWORD WINAPI HookUndetect5(LPVOID Param)
{
if (hGfxDx > 0)
{
DWORD tmp1 = (DWORD)GetProcAddress(hGfxDx, "?g_pRenderContext@@3PAVi3RenderContext@@A");
DWORD tmp2 = 0;
while(!pGDevice)
{
if(IsBadReadPtr((PDWORD)tmp1,4)==NULL)tmp2 = *(PDWORD)((DWORD)(tmp1))+ 0x5380; // ?EndRender@i3RenderContext@@QAEXXZ
if(IsBadReadPtr((PDWORD)tmp2,4)==NULL)
{
DWORD OldProtect;
VirtualProtect((void*)(tmp2), 4, PAGE_EXECUTE_READWRITE, &OldProtect);
memcpy(&pGDevice, (void *)tmp2, 4);
VirtualProtect((void*)(tmp2), 4, OldProtect, NULL);
}
Sleep(150);
}
DWORD *g_pDevice = (DWORD*)pGDevice;
g_pDevice = (DWORD*)g_pDevice[0];
Sleep(512);
while(!pDevice)pDevice = (LPDIRECT3DDEVICE9)(DWORD*)g_pDevice;
*(PDWORD)&pEndScene = g_pDevice[42];
*(PDWORD)&pDrawIndexedPrimitive = g_pDevice[82];
CopyCode((PDWORD)(g_pDevice[1] - 5), (PDWORD)(g_pDevice[4] - 5));
CopyCode((PDWORD)(g_pDevice[2] - 5), (PDWORD)(g_pDevice[5] - 5));
CopyCode((PDWORD)(g_pDevice[3] - 5), (PDWORD)(g_pDevice[6] - 5));
CopyCode((PDWORD)(g_pDevice[4] - 5), (PDWORD)myEndScene);
CopyCode((PDWORD)(g_pDevice[5] - 5), (PDWORD)myDrawIndexedPrimitive);
while(1)
{
DWORD dwEhsvc = (DWORD)GetModuleHandleA(XStr(0x03, 0x09, 0x02, 0x476B5773, 0x65296C65, 0x66000000 ).c()) + 0x126FE0;// << ofset Bypass HShield
CHSBypass *CHS = *(CHSBypass**)dwEhsvc;
g_pDevice[42] = (DWORD)g_pDevice[1] - 5;
g_pDevice[82] = (DWORD)g_pDevice[2] - 5;
CHS->dwES = g_pDevice[42];
CHS->dwDIP = g_pDevice[82];
Sleep(100*2);
}
}
return 0;
}