Welcome to Ramleague,

Ramleague - the best site for pinoy chat, games chat and mobiles chat,

Sign Up
  1. Hello guest Guest , Are you tired from Ads? to remove some ads you need to register and be active. :D

[Source Code] Cooking d3d

Discussion in 'CrossFire Source Code & Tutorials' started by oijasoidu172hjn, Jun 23, 2020.

  1. oijasoidu172hjn Adict Gamer
    Member Lvl1

    oijasoidu172hjn
    Joined:
    Feb 22, 2018
    Posts:
    102
    Reputation:
    0
    Thanks:
    53

    Cooking d3d

    First of, I did not put this in here so you could stupidly abuse it over and over. It'll get patched sooner than you think. (2days - 1week).

    This should act as a stepping stone for you to create something greater. Use it as a guide, stop copy pasting stuff.

    -AND YES, THIS IS A TRASHCODE. (originally posted for newbies who has the will to learn.)



    Here's your abuse thread

    Code:
    typedef signed int(__thiscall* sub_60BF10_t)(void*);
    sub_60BF10_t osub_60BF10;
    //End3D
    signed int sub_60BF10(void* thiz) {
        g_pDevice = *(LPDIRECT3DDEVICE9*)(0x01188720); //from cf.exe
        if (g_pDevice != 0) {
            StartFont();
    
            PrintString("HELLO WORLD.");
        }
    
        return osub_60BF10(thiz);
    }
    
    The ASM stuff, this is where you tap on the flowing calls from CSHELL + 0x96E0A9
    Code:
    DWORD call_sub_60BF10_return = 0; //Return address
    _declspec(naked) void sub_60BF10_ASM() {
         /*
         96E0A9                    | FFD0                         | call eax                                      |
         96E0AB                    | 83C4 04                      | add esp,0x4                                   |
         96E0AE                    | 85C0                         | test eax,eax                                  |
        -- Total of 7bytes
        */
    
        __asm {
            mov eax, sub_60BF10 //replace the fn call address.
            call eax //then call it.
            add esp, 0x4
            test eax, eax
    
            jmp call_sub_60BF10_return
        }
    }
    
    The I don't know thread.
    Code:
    unsigned int __stdcall ArtOfCooking(LPVOID) {
        auto SeaShell = 0;
    
        while (GetModuleHandleA("d3d9.dll") == 0 || SeaShell == 0) {
            SeaShell = (DWORD)GetModuleHandleA("CShell.dll");
            Sleep(20);
        } //So technically, you won't reach this point of execution if any of those conditions above hasn't met. It will just infinitely loop.
    
        osub_60BF10 = sub_60BF10_t(0x60BF10); //LTClient + 0xF8 //Fill it with the original address so your abuse thread can call this after drawing your stuffs.
    
        call_sub_60BF10_return = DetourJmp(SeaShell + 0x96E0A9, sub_60BF10_ASM, 7); //Jumper
    
        return true;
    }
    
    Dllmain
    Code:
    BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpvReserved)
    {
        switch (ul_reason_for_call)
        {
        case DLL_PROCESS_ATTACH:
            DisableThreadLibraryCalls(hModule);
            CreateThread(NULL, NULL, (LPTHREAD_START_ROUTINE)&ArtOfCooking, NULL, NULL, NULL);
            break;
        case DLL_PROCESS_DETACH:
            break;
        case DLL_THREAD_ATTACH:
            break;
        case DLL_THREAD_DETACH:
            DirectX::pFont->Release();
            break;
        }
        return true;
    }
    
    =================================
    This is where the tapped resource can be found.
    [​IMG]



    The ASM
    [​IMG]



    RESULT
    [​IMG]


    Code:
    96E0A3                    | 8B80 F8000000                | mov eax,dword ptr ds:[eax+0xF8]               |
    96E0A9                    | FFD0                         | call eax                                      |
    96E0AB                    | 83C4 04                      | add esp,0x4                                   |
    96E0AE                    | 85C0                         | test eax,eax                                  |
    
    Instruction in 96E0A3 means: EAX = *(DWORD*)(LTCLIENTPOINTER + 0xF8); //Which is the End3D Function address.
    So we tapped in 96E0A9 after mov eax copied the End3D Function address.
    Instead of letting that thing happened, we replace the EAX's address with our own call. Hence the "mov eax, sub_60BF10"
    Now that the EAX has finally copied our thread's address instead of original End3D we can now place the original instructions.
    
    call eax //this call is now under our thread's control.
    add esp, 0x4
    test eax, eax
    
    Just don't forget to fill osub_60BF10 the original End3D function address. Because after all, at the end of the scope, we still need to call the original function to avoid stupid crashes.
    
    osub_60BF10 = sub_60BF10_t(0x60BF10); //LTClient + 0xF8
    
    //call eax will call our thread. then in the end of our thread we call the original End3D Function that eax was mean't to call so the flow will continue and return the rightful values.
    signed int sub_60BF10(void* thiz) {
        g_pDevice = *(LPDIRECT3DDEVICE9*)(0x01188720); //from cf.exe
        if (g_pDevice != 0) {
            DirectX::StartFont();
    
            DirectX::PrintString("HELLO WORLD.");
        }
    
        return osub_60BF10(thiz); //this is the original call that you still need to return after of all the modifications that you did.
    }
    
     
    Depressed and MemoryThePast thanks this.
    • BE A GAMER - RAMLeague
  2. Member Lvl2

    Davinci Junior the MXVIII
    Joined:
    Mar 23, 2016
    Gender:
    Male
    Posts:
    862
    Reputation:
    225
    Thanks:
    250
    Location:
    Locating...
    Angelic
    love it "SeaShell"
     
  3. oijasoidu172hjn Adict Gamer
    Member Lvl1

    oijasoidu172hjn
    Joined:
    Feb 22, 2018
    Posts:
    102
    Reputation:
    0
    Thanks:
    53
    /ahah/ahah/ahah cook that seashell.
     
Loading...

Advertisement

Similar Threads Forum Date
Cooking Simulator [FitGirl Repack] PC Games Nov 23, 2021
Cooking Simulator Shelter-CODEX PC Games Nov 19, 2021
Cooking Companions-DARKSiDERS PC Games Oct 9, 2021
Cooking Simulator VR-VREX PC Games Jul 30, 2021
Kitchen Timer with alarm 1.2 - Multiple alarms for cooking PC Apllications Jun 28, 2021
Japanese Cooking - A Simple Art, 25th Anniversary Edition PC Games Jun 2, 2021

Tags for this Thread

:

Share This Page