Wrapping dx9 interfaces and hooking functions

StackOverflow https://stackoverflow.com/questions/20274754

  •  06-08-2022
  •  | 
  •  

Question

I've followed this tutorial:DirectX 9.0 Hooking via Injection via C++ . So, program creates a remote thread in the process as its starting up, injects my hook, calls its DllMain and hooks the Direct3D9Create function. Detour Trampoline is used for Direct3DCreate9 hooking. Whole Direct3D interface and device interface is wrapped. When the game calls Direct3D9Create, it should call my hooked function instead of the original. This is the problem because game never calls hooked function. But when I call Direct3DCreate from within dll, hooked function is called. This is DllMain:

...
BOOL APIENTRY DllMain( HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved) 
{ 
  if (ul_reason_for_call == DLL_PROCESS_ATTACH) 
  { 
     DisableThreadLibraryCalls(hModule); 
     HookHandle = hModule; 
     HookAPI(); 
     lpReserved;
     //LPDIRECT3D9 pD3d9 = Direct3DCreate9(D3D_SDK_VERSION);//if I uncomment this line, hooked function is called
  } 
  else if (ul_reason_for_call == DLL_PROCESS_DETACH) 
  { 
     UnhookAPI(); 
     lpReserved;
     OutputDebugString(pszMessage);
  } 
  return TRUE; 
}
...

This is the wrapper constructor implementation:

Direct3D9Wrapper::Direct3D9Wrapper(LPDIRECT3D9 pDirect3D) 
{       
    IDirect3DDevice9 * device = (IDirect3DDevice9 *)this;
    Direct3D9 = pDirect3D; 
}

Dll is injected at games runtime, so Direct3DCreate cannot be called after DllMain completion. I tried to call CreateDevice function from dll manually, and it is also redirected correctly, but game itself never makes the call. How could game be even started without redirecting CreateDevice function call to my dll first? I tried several dx9 games, and it is all the same. What am I missing?

Was it helpful?

Solution

I guess you trying to make screen capturing for your game. If you want to make a stable code(not just for learning purpose), please use Direct3DHook instead of dealing with API Hooking.

EDIT:

For more control use EasyHook. Direct3DHook uses EasyHook behind the scenes, unless you just playing with API Hooking...

OTHER TIPS

Some guesses.

  • you're not dealing with the either the hooking of GetProcAddress() and the LoadLibrary() variants
  • you're simply not iterating the modules that are loaded when YOU are loaded and hooking them.
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top