Code:
LONG pDevicePtr_1 = DX_DEVICE;
LONG pDevicePtr_2 = DX_DEVICE_IDX;
LONG oEndScene = ENDSCENE_IDX;
BOOL b_success = FALSE;
DWORD endsceneaddr = 0;
DWORD injectcodelen = 0;
if (m_wowhandle == NULL) return b_success;
b_success = ReadProcessMemory(m_wowhandle, (LPVOID)(m_wowbaseaddr+pDevicePtr_1), &endsceneaddr, 4, NULL);
if (!b_success) return b_success;
b_success = ReadProcessMemory(m_wowhandle, (LPVOID)(endsceneaddr+pDevicePtr_2), &endsceneaddr, 4, NULL);
if (!b_success) return b_success;
b_success = ReadProcessMemory(m_wowhandle, (LPVOID)endsceneaddr, &endsceneaddr, 4, NULL);
if (!b_success) return b_success;
b_success = ReadProcessMemory(m_wowhandle, (LPVOID)(endsceneaddr+oEndScene), &endsceneaddr, 4, NULL);
LPVOID injectcode = VirtualAllocEx(m_wowhandle, NULL, 64, MEM_COMMIT, PAGE_READWRITE);
ASSERT(injectcode);
(LPVOID)m_injectcodeaddr = VirtualAllocEx(m_wowhandle, NULL, 4, MEM_COMMIT, PAGE_READWRITE);
ASSERT(m_injectcodeaddr);
LPVOID retinjectaddr = VirtualAllocEx(m_wowhandle, NULL, 4, MEM_COMMIT, PAGE_READWRITE);
ASSERT(retinjectaddr);
BYTE hookjmp[5] = {0xE9, (BYTE)injectcode, (BYTE)(((DWORD)injectcode)>>8), (BYTE)(((DWORD)injectcode)>>16), (BYTE)(((DWORD)injectcode)>>24)};
BYTE injectprecodedata[50] = {0x60, 0x9C, 0xA1, (BYTE)((DWORD)m_injectcodeaddr), (BYTE)(((DWORD)m_injectcodeaddr)>>8),
(BYTE)(((DWORD)m_injectcodeaddr)>>16), (BYTE)(((DWORD)m_injectcodeaddr)>>24), 0x85, 0xC0, 0x74, (BYTE)((((DWORD)injectcode))+38),
(BYTE)(((((DWORD)injectcode))+38)>>8), (BYTE)(((((DWORD)injectcode))+38)>>16), (BYTE)(((((DWORD)injectcode))+38)>>24), 0xA1,
(BYTE)((DWORD)m_injectcodeaddr), (BYTE)(((DWORD)m_injectcodeaddr)>>8), (BYTE)(((DWORD)m_injectcodeaddr)>>16),
(BYTE)(((DWORD)m_injectcodeaddr)>>24), 0xFF, 0xD0, 0xA3, (BYTE)(((DWORD)retinjectaddr)), (BYTE)(((DWORD)retinjectaddr)>>8),
(BYTE)(((DWORD)retinjectaddr)>>16), (BYTE)(((DWORD)retinjectaddr)>>24), 0xBA, (BYTE)((DWORD)m_injectcodeaddr),
(BYTE)(((DWORD)m_injectcodeaddr)>>8), (BYTE)(((DWORD)m_injectcodeaddr)>>16), (BYTE)(((DWORD)m_injectcodeaddr)>>24), 0xB9, 0x00,
0x00, 0x00, 0x00, 0x89, 0x0A, 0x9D, 0x61, 0x89, 0xFF, 0x55, 0x89, 0xE5, 0xE9, (BYTE)((DWORD)endsceneaddr+5),
(BYTE)(((DWORD)endsceneaddr+5)>>8), (BYTE)(((DWORD)endsceneaddr+5)>>16), (BYTE)(((DWORD)endsceneaddr+5)>>24)};
WriteProcessMemory(m_wowhandle, injectcode, injectprecodedata, 50, &injectcodelen);
WriteProcessMemory(m_wowhandle, (LPVOID)endsceneaddr, hookjmp, 5, NULL);