PDA

Click to See Complete Forum and Search --> : Direct3d Hooking with C/C++

kahless
August 29th, 2005, 07:01 AM
Hi,
i have not much knowledge about directx/direct3d programming neither about windows specific c/c++ .. so i don't have much of a starting point ..

what i need is a way to hook into a direct3d game to display a message .. and if possible even catch user input .. (3rd party games, not my own ! i'm searching for a way so it would work with games like ut2k4, liveforspeed,americas army, etc.)

The whole thing should be integrated into my Instant Messenger, i'm currently working on .. called Gamers' Own Instant Messenger ( http://goim.sphene.net )

so .. can anyone help me figuring out how such a hook could be possible ? i've searched through the MSDN but couldn't really find a solution .. i would also be happy about a sample application which just displays some text inside of a game or something ..

thanks in advance & cu
Herbert Poul
philkr
September 4th, 2005, 05:43 PM
It will be very hard, I once tried it myself.
First you have to read some articles about hooking in general to learn how hooking works. Import Address Table manipulation is the favourite method, but it only works when the game links directly to the dll (d3d9.dll for example). If that is not the case (many games have anti-hooking techniques to avoid cheating (eg. wall hacks)), you are completely hopeless unless you know assembly very well (--> unconditional jump code patching method)
You then have to learn how to get your hooking code into the game. The famous "Three ways to inject your code into a library" (I think that was the name) will help you. You find a link on the forum if you search for it. That's the easy part.
One of the last steps is to hook the Direct3DCreate9 function. Then you get the object pointer. Now that was the step where I failed. There is a way you can get the address of the CreateDevice member functions of the object, I didn't figure it out. Then you have two possibilities: You can hook the CreateDevice function. Then you have the device object pointer and can use it as if it was in your program (eg. render text). Unfortunately you can only hook the function with code patching which is very hard as I already said.
The second method is not so hard, but involves a lot of stupid typing. You have to wrap the whole Direct3D interface and device interface. Then if CreateDevice is called you call your the real Direct3DCreate9 function on your own, save the pointer but return the pointer to your wrapper interface. Then CreateDevice of your wrapper will then be called by the game, because it thinks it is the real Direct3D device. There you can call CreateDevice with your device wrapper as parameter and store the pointer in the parameter where usually the return value is saved. The game thinks again it is the real device interface and every call gets now to your wrapper. You have to redirect every call to the real Direct3DDevice interface functions. But before or after the redirection you can do your own things.