Hook Directx + CEGUI VC++

 

void CtestwmDlg::OnBnClickedButton1()
{
    CStringA lpszFile;
    m_file.GetWindowText(lpszFile);
    if (lpszFile.IsEmpty())
        lpszFile = GetExeDirA()+"\\element\\elementclient.exe";
    LPCSTR  lpDir = GetDirA(lpszFile);
    LPSTR lpwParam = " game:cpw";
     CStringA lpDll;
    LPCSTR dll[5] = {
        "CEGUIBase.dll",
        "DirectX81GUIRenderer.dll",
        "CEGUIExpatParser.dll",
        "CEGUIFalagardWRBase.dll",
        "wmsdk.dll"        //自己的,要最后注入,不然失败
    };
    STARTUPINFO si= {0};
    si.cb = sizeof si;
    si.dwFlags = STARTF_USECOUNTCHARS;
    si.wShowWindow = SW_SHOW;
    PROCESS_INFORMATION pi;
    CreateProcess(lpszFile,lpwParam,0,0,FALSE,CREATE_SUSPENDED,0,lpDir,&si,&pi);
    ResumeThread(pi.hThread);
    for (int i = 0;i < 5;i++)
    {
        lpDll.Format("%s\\%s",GetExeDirA(),dll);
        injectionDll(pi.hProcess,lpDll);
    }
injectionDll 函数
void injectionDll(HANDLE hProcess,LPCSTR lpDll)
{
    DWORD dwSize = strlen(lpDll) + 1;
    LPVOID lpBuf = VirtualAllocEx(hProcess,NULL,dwSize,MEM_COMMIT,PAGE_READWRITE);
    WriteProcessMemory(hProcess,lpBuf,LPVOID(lpDll),dwSize,NULL);
    LPVOID lpFun = LoadLibraryA;
    ASSERT(lpFun);
    HANDLE hThread = CreateRemoteThread(hProcess,NULL,0,(LPTHREAD_START_ROUTINE)lpFun,lpBuf,0,0);
    WaitForSingleObject(hThread,INFINITE);
    VirtualFreeEx(hProcess,lpBuf,dwSize,MEM_DECOMMIT);
    CloseHandle(hThread);
}
}

 

DLL代码

 

#include "Main.h" 
#include "Game.h" 
#include "IDirect3D8.h" 

DWORD WINAPI ThreadProc(LPVOID lpParameter); 
LRESULT CALLBACK WndProc(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam); 

typedef IDirect3D8 * (WINAPI * lpDirect3DCreate8)(UINT SDKVersion); 
lpDirect3DCreate8 pDirect3DCreate8; 
IDirect3D8 * WINAPI myDirect3DCreate8(UINT SDKVersion); 

CGame * Game; 
HMODULE phModule; 
MyIDirect3D8 * NewIDirect3D8; 

BOOL APIENTRY DllMain( HMODULE hModule, 
    DWORD  ul_reason_for_call, 
    LPVOID lpReserved 
    ) 
{ 
    phModule = hModule; 
    switch (ul_reason_for_call) 
    { 
    case DLL_PROCESS_ATTACH: 
        CreateThread(NULL,0,ThreadProc,NULL,0,NULL); 
        break; 
    case DLL_THREAD_ATTACH: 
    case DLL_THREAD_DETACH: 
    case DLL_PROCESS_DETACH: 
        break; 
    } 
    return TRUE; 
} 

DWORD WINAPI ThreadProc(LPVOID lpParameter) 
{ 
    HMODULE hD3D8 = GetModuleHandle(L"d3d8.dll"); 

    while (hD3D8 == 0) 
    { 
        Sleep(1); 
        hD3D8 = GetModuleHandle(L"d3d8.dll"); 
    } 

    LPVOID lpFunC = GetProcAddress(hD3D8,"Direct3DCreate8"); 

    DetourTransactionBegin(); 
    DetourUpdateThread(GetCurrentThread()); 
    DetourAttach(&(PVOID&)lpFunC,myDirect3DCreate8); 
    DetourTransactionCommit(); 
    pDirect3DCreate8= (lpDirect3DCreate8)lpFunC; 

    return 0; 
} 


IDirect3D8 * WINAPI myDirect3DCreate8(UINT SDKVersion) 
{ 
    static int doing; 
    doing++; 
    IDirect3D8 * tmp = pDirect3DCreate8(SDKVersion); 
    if (doing == 2)    //2=窗口模式    3=全屏模式 
    { 
        NewIDirect3D8 = new MyIDirect3D8(tmp); 
        tmp= (IDirect3D8*)NewIDirect3D8; 
    } 
    return tmp; 
} 

HRESULT APIENTRY MyIDirect3D8::CreateDevice(UINT Adapter,D3DDEVTYPE DeviceType,HWND hFocusWindow,DWORD BehaviorFlags, 
D3DPRESENT_PARAMETERS* pPresentationParameters,IDirect3DDevice8** ppReturnedDeviceInterface) 
{ 

HRESULT hr=lpD3D->CreateDevice(Adapter,DeviceType,hFocusWindow,BehaviorFlags, 
pPresentationParameters,&lpD3DD8bak); 

lpD3DD8=new MyIDirect3DDevice8(lpD3DD8bak); 

*ppReturnedDeviceInterface = (IDirect3DDevice8*)lpD3DD8; 


Game=new CGame(lpD3DD8,phModule); 
Game->hWnd=hFocusWindow; 
Game->WndProc=(WNDPROC)SetWindowLong(hFocusWindow,GWL_WNDPROC,(LONG)&WndProc); 
Game->init(); 

return hr; 
} 

 

我用VS2010+VC9 + GEGUI 0.62  + Detours 编译通过  

posted @ 2014-08-23 15:36  Max Woods  阅读(573)  评论(0编辑  收藏  举报