EndScene Hook not changing anything

[lanman92]

I hooked EndScene(ghetto-ly) and I know it's worked, because I looked at it in olly, but there's no messagebox popping up. From what I understand, shouldn't it be popping up with every single frame, at least? Here's what I used(please be kind to the ASM...):

Code:

 
__asm {
pushad;
mov eax, [0x113C290];
mov eax, [eax + 0x38A8];
mov eax, [eax];
mov edx, 0x42 * 0x4;
mov eax, [eax + edx];
mov eax, [eax];
mov endScene, eax;
popad;
}
oEndScene = (tEndScene)DetourFunction((PBYTE)endScene, (PBYTE)mEndScene);

Code:

void mEndScene(IDirect3DDevice9 * device)
{
if(run == TRUE)
{
MessageBox(NULL, L"It works.", L"It works.", MB_OK);
run = FALSE;
}
return oEndScene(device);
}

[Shynd]

Is run set to true? =p

[lanman92]

Yes lol. (filler)

[hypnodok]

Attach VSC++ and set a breakpoint on your hook.

[lanman92]

It never gets hit. I have it at the very top of my function.

[SKU]

HRESULT
42, not 0x42

[lanman92]

I changed the HRESULT, I didn't realize it was decimal o.O

[SKU]

Don't quite get why you use inline asm for that, but anyhow, you're doing too many reads.

DWORD_PTR dwEndScene = 0; // really good choice with inline asm!
__asm {
pushad
mov eax, 0x113c290
mov eax, [eax]
mov eax, [eax + 0x38a8]
mov eax, [eax]
mov eax, [eax + 0xA8]
mov dwEndScene, eax
popad
}

if (dwEndScene)
oEndScene = ..

[lanman92]

I can't stand using pointers when I'm doing raw reads like this, I get lost in the parentheses and asterisks =/

EDIT: There is consitently nothing at that address. Is it correct? I even tried C&P method, using help from sillyboy's code.

oEndScene = (tEndScene)DetourFunction((PBYTE)(*reinterpret_cast<void***>(mg->pDevice))[42], (PBYTE)mEndScene);

[lanman92]

Okay, sorry for double posting... The pointer to the class is always empty. There's info before and after the pDevice object, but nothing there. I followed the pointers once inside olly, and found EndScene. It seems that my program isn't finding it. Somehow.

[kynox]

reinterpret_cast< PBYTE >( *reinterpret_cast< PDWORD* >( pDevice )[42] )

Not hard at all..

[lanman92]

That's not my dilemma. The offset is always zero.
[[0x1073B44]+0x38A8]]

[jjaa]

That's not my dilemma. The offset is always zero.
[[0x1073B44]+0x38A8]]

http://www.mmowned.com/forums/wow-me...ml#post1525534

DXEndScene = [[[[0x113C290] + 0x38A8]] + 42 * 4]

[lanman92]

Argh, that's what I had it set to, I was experimenting.

EDIT: And to no surprise, it still doesn't work. I'm not sure what's going on =/ gonna try a diff offset.....

[suicidity]

As far as I understand..

VTABLE(Device) = Ptr(0x113C290) + 0x38A8
EndScene = VTABLE + (42 * 4); 42 is the location in the Virtual Table for EndScene, Multiplied by 4 bytes..

The Information stored @ EndScene is what you would detour; The Device(VTABLE) is what you would use as a Pointer to use to display to your screen. So with that you could do something like..

Code:

typedef HRESULT (WINAPI *m_D3D_EndScene) (IDirect3DDevice9 *Device);

m_D3D_EndScene    m_ofEndScene;

HRESULT WINAPI MyEndScene(IDirect3DDevice9 *Device)
{
    /*
        Draw Stuff.. 

        Maybe something like Device->Clear(...);
        Device->Clear(...) being the VTABLE/Device (Ptr(0x113C290) + 0x38A8);
    */
    return m_ofEndScene(Device);
}

void DllThread(void)
{
    m_ofEndScene    = (m_D3D_EndScene)DetourFunction((PBYTE)EndScene, (PBYTE)MyEndScene);
}

That should work; Sorry if I cause a little confusion, I tried being as clear as possible.