Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Little problem hooking EndScene

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
autisticrage85
Newbie cheater
Reputation: 0

Joined: 19 Apr 2015
Posts: 11
PostPosted: Wed Nov 25, 2015 11:52 pm    Post subject: Little problem hooking EndScene Reply with quote
So i am having a little problem hooking EndScene. The following log file shows it is hooked, but i am not 100% certain why it crashes.

Code:
Direct3DCreate9: Invoked. SDKVersion = 00000020
CreateDevice: Invoked.
Reset: Invoked.
EndScene: Invoked.


Here is what the patched/unpatched EndScene looks like with Cheat Engine.

Code:
Unpatched

d3d9.Direct3DCreate9Ex+1FF80 - 6A 20                 - push 20
d3d9.Direct3DCreate9Ex+1FF82 - B8 992FED67           - mov eax,d3d9.DebugSetMute+5FE9
d3d9.Direct3DCreate9Ex+1FF87 - E8 FE490100           - call d3d9.Direct3DCreate9Ex+3498A


Patched

d3d9.Direct3DCreate9Ex+1FF80 - E9 BBB3B8A1           - jmp Project1.dll+D2540
d3d9.Direct3DCreate9Ex+1FF85 - ED                    - in eax,dx
d3d9.Direct3DCreate9Ex+1FF86 - 67 E8 FE490100        - call d3d9.Direct3DCreate9Ex+3498A


I have a feeling the problem is i am patching 5 bytes (jmp), whereas the unpatched code ends with 7 bytes.

How can i fix this issue?
Back to top
View user's profile Send private message
atom0s
Moderator
Reputation: 205

Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
PostPosted: Thu Nov 26, 2015 12:00 am    Post subject: Reply with quote
Your jump patch is not cleaning up any extra data and is leaving crap behind. If you jump back to the wrong location then you are going to land up crashing due to invalid instructions.
_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
autisticrage85
Newbie cheater
Reputation: 0

Joined: 19 Apr 2015
Posts: 11
PostPosted: Thu Nov 26, 2015 1:18 am    Post subject: Reply with quote
Thanks for the reply. So i added some nops to take care of the 2 bytes. But i have a feeling my JMPEndScene is wrong.

Code:

d3d9.Direct3DCreate9Ex+1FF80 - E9 A3B452A1           - jmp Project1.dll+D2628
d3d9.Direct3DCreate9Ex+1FF85 - 90                    - nop
d3d9.Direct3DCreate9Ex+1FF86 - 90                    - nop
d3d9.Direct3DCreate9Ex+1FF87 - E8 FE490100           - call d3d9.Direct3DCreate9Ex+3498A


Code:
function JMPEndScene(D3DD9: Pointer): HResult; stdcall;
asm
  mov eax, $67ED2F99//addr of d3d9.DebugSetMute+5FE9
  jmp [OldEndScene]//+7
end;

function NewEndScene(D3DD9: Pointer): HResult; stdcall;
begin
  Log('EndScene: Invoked.');
  result:=JMPEndScene(D3DD9);
end;


Still crashing but going to play around a little more.
Back to top
View user's profile Send private message
Zanzer
I post too much
Reputation: 126

Joined: 09 Jun 2013
Posts: 3278
PostPosted: Thu Nov 26, 2015 6:59 am    Post subject: Reply with quote
Addresses are dynamic, so the following line is likely incorrect.
Code:
mov eax, $67ED2F99//addr of d3d9.DebugSetMute+5FE9

Instead of hardcoding the instruction, you should simply copy the overwritten bytes at the time.
Code:
d3d9.Direct3DCreate9Ex+1FF82 - B8 992FED67           - mov eax,d3d9.DebugSetMute+5FE9

So dynamically copy whatever the bytes turn in to. Above, they are B8 99 2F ED 67. That will change.
Back to top
View user's profile Send private message
atom0s
Moderator
Reputation: 205

Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
PostPosted: Thu Nov 26, 2015 1:00 pm    Post subject: Reply with quote
The way you are hooking/jumping is kind of strange too. I've personally never seen someone do it that way. You should check out a detouring library for Delphi instead and see if that helps make things easier.

Here is one that pops up on Google:
https://github.com/mahdisafsafi/delphi-detours-library

I'm not familiar with Delphi at all though, so there is not much more I can help you with.
_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
autisticrage85
Newbie cheater
Reputation: 0

Joined: 19 Apr 2015
Posts: 11
PostPosted: Thu Nov 26, 2015 6:35 pm    Post subject: Reply with quote
Thanks for the replies, i have looked at that library, that is where i got the idea of my trampoline from.

I have got it working without crashing now! Now i just need to tweak it a bit because all i see is a black screen with the games music playing in the back ground.

Edit: Fixed the black screen, i was not calling .Render in the EndScene hook, now its all working fine for now!

Edit2: Also recoded the jump/patch because it did look strange, now only using NewEndScene and OriginalEndScene, (JMPEndScene) has been ditched.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites