C语言 D3D12 Hook

  • S8_761324
    了解作者
  • 10.7KB
    文件大小
  • zip
    文件格式
  • 0
    收藏次数
  • VIP专享
    资源类型
  • 0
    下载次数
  • 2022-06-09 12:54
    上传日期
注意 64位 Hook需要还原代码,因为64位Jmp 是14字节 C语言 D3D12 Hook,
DllD3D12.zip
内容介绍
// dllmain.cpp : 定义 DLL 应用程序的入口点。 #include"Data.h" #include"stdafx.h" HWND Ghwnd = 0; DWORD_PTR *SwapChainVtable,*pCmdListVtable; ID3D12Device *p_Device; void *dourtablebuffer[3]; //函数指针声明 typedef void(__stdcall *D3D12DrawIndexedInstancedHook)(ID3D12GraphicsCommandList *Device,UINT IndexCount, UINT InstanceCount, UINT StartIndex, INT BaseVertex, UINT StartInstance); D3D12DrawIndexedInstancedHook pDrawIndexedInstanced = NULL; void __stdcall HookDDrawIndexedInstanced(ID3D12GraphicsCommandList *mDevice, UINT IndexCount, UINT InstanceCount, UINT StartIndex, INT BaseVertex,UINT StartInstance) { return pDrawIndexedInstanced(mDevice, IndexCount, InstanceCount, StartIndex,BaseVertex, StartInstance); } BOOL CALLBACK EnumWin(HWND hwnd, LPARAM lparam) { DWORD pid; if (IsWindowVisible(hwnd)) { GetWindowThreadProcessId(hwnd, &pid); if (pid == GetCurrentProcessId()) { Ghwnd = hwnd; return false; } } return true; } #pragma region HOOK代码植入 #ifdef _WIN64 const void* DetourFunc64(BYTE *src,BYTE *dest, int length) { BYTE *jump = new BYTE[length + 14]; if (!jump) { return nullptr; } DWORD tmp = 0; VirtualProtect(jump, length + 14, PAGE_EXECUTE_READWRITE, &tmp); for (int i = 0; i < sizeof(dourtablebuffer) / sizeof(void*); ++i) { if (!dourtablebuffer[i]) { dourtablebuffer[i] = jump; break; } } DWORD BackupVirtualProject = 0; // 64位Hook需要注意被Hook代码复制以后跳转改变造成的崩溃 VirtualProtect(src, length, PAGE_EXECUTE_READWRITE, &BackupVirtualProject); memcpy(jump, src, length); jump += length; *(WORD*)jump = 0x25FF; *(DWORD*)(jump + 2) = { 0x00}; *(DWORD_PTR*)(jump + 6) = (DWORD_PTR)src + length; *(WORD*)src = 0x25FF; *(DWORD*)(src + 2) = { 0x00 }; *(DWORD_PTR*)(src + 6) = (DWORD_PTR)dest; VirtualProtect(src, length, BackupVirtualProject, &BackupVirtualProject); return jump-length; } #else void *WINAPI Dourtable(BYTE*src, BYTE*dest, UINT Length) { BYTE *jump = new BYTE[Length + 5]; if (!jump) { return nullptr; } DWORD tmp; VirtualProtect(jump, Length + 5, PAGE_EXECUTE_READWRITE, &tmp); for (int i = 0; i < sizeof(dourtablebuffer) / sizeof(void*); ++i) { if (!dourtablebuffer[i]) { dourtablebuffer[i] = jump; break; } } DWORD BackupVirtualProject = 0; VirtualProtect(src, Length, PAGE_READWRITE, &BackupVirtualProject); memcpy(jump, src, Length); jump += Length; jump[0] = 0xE9; *(DWORD*)(jump + 1) = (DWORD)(src + Length - jump) - 5; src[0] = 0xE9; *(DWORD*)(src + 1) = (DWORD)(dest - src) - 5; VirtualProtect(src, Length, BackupVirtualProject, &BackupVirtualProject); return jump-Length; } #endif #pragma endregion DWORD __stdcall InitializeHook(LPVOID) { ID3D12Device *m_Device; DWORD_PTR *m_DeviceId,*m_DevicePtr; UINT dxgiFactoryFlags = 0; HRESULT hr; char buf[256]; hr = D3D12CreateDevice(NULL, D3D_FEATURE_LEVEL_12_0, IID_ID3D12Device, reinterpret_cast<void**>(&m_Device)); if (FAILED(hr)) { OutputDebugStringA("Failed to create directX devicen!"); return NULL; } #pragma region 输出设备信息 m_DeviceId = (DWORD_PTR*)m_Device; m_DevicePtr = (DWORD_PTR*)m_DeviceId[0]; #ifdef _WIN64 wsprintfA(buf, "DeviceId:0x%016I64X\n", (DWORD_PTR*)m_DeviceId); OutputDebugStringA(buf); wsprintfA(buf, "DevicePtr:0x%016I64X\n", (DWORD_PTR*)m_DevicePtr); OutputDebugStringA(buf); #else wsprintfA(buf, "DeviceId:0x%08X\n", (DWORD_PTR*)m_DeviceId); OutputDebugStringA(buf); wsprintfA(buf, "DevicePtr:0x%08X\n", (DWORD_PTR*)m_DevicePtr); OutputDebugStringA(buf); #endif // WIN64 #pragma endregion #pragma region 创建DXGI设备队列 IDXGIFactory2 *m_DXGIFactory; hr = CreateDXGIFactory2(0, IID_IDXGIFactory2,reinterpret_cast<void**>(&m_DXGIFactory)); if (FAILED(hr)) { OutputDebugStringA("Failed to CreateDXGIFactory2!"); return NULL; } D3D12_COMMAND_QUEUE_DESC queueDesc; queueDesc.Flags = D3D12_COMMAND_QUEUE_FLAG_NONE; queueDesc.Priority = 0; queueDesc.Type = D3D12_COMMAND_LIST_TYPE_DIRECT; queueDesc.NodeMask = 0; ID3D12CommandQueue *m_pCmdQueue; hr = m_Device->CreateCommandQueue(&queueDesc, IID_ID3D12CommandQueue, reinterpret_cast<void**>(&m_pCmdQueue)); if (FAILED(hr)) { OutputDebugStringA("Failed to CreateCommandQueue!"); return NULL; } #pragma endregion #pragma region 创建交换链 RECT rect = { 0 }; EnumWindows((WNDENUMPROC)EnumWin, NULL); GetClientRect(Ghwnd, &rect); wsprintfA(buf, "RectL:%d,RectR:%d,RectBtm:%d,RectTop:%d\n", rect.left, rect.right, rect.bottom, rect.top); OutputDebugStringA(buf); DXGI_SWAP_CHAIN_DESC1 swapChainDesc = { 0 }; swapChainDesc.BufferCount = 3; swapChainDesc.Width = rect.right - rect.left; swapChainDesc.Height = rect.bottom - rect.top; swapChainDesc.Format = DXGI_FORMAT_R8G8B8A8_UNORM; swapChainDesc.BufferUsage = DXGI_USAGE_RENDER_TARGET_OUTPUT; swapChainDesc.SwapEffect = DXGI_SWAP_EFFECT_FLIP_DISCARD; swapChainDesc.SampleDesc.Count = 1; IDXGISwapChain1 *pSwapChain; hr = m_DXGIFactory->CreateSwapChainForComposition(m_pCmdQueue, &swapChainDesc, nullptr, &pSwapChain); if (hr==DXGI_ERROR_INVALID_CALL) { OutputDebugStringA("Failed to SwapChain Error Call!"); wsprintfA(buf, "%I64d,%X\n", hr, Ghwnd); OutputDebugStringA(buf); return NULL; } else if (FAILED(hr)) { OutputDebugStringA("Failed to CreateSwapChainForHwnd!"); return NULL; } SwapChainVtable = (DWORD_PTR*)pSwapChain; SwapChainVtable = (DWORD_PTR*)SwapChainVtable[0]; #ifdef _WIN64 wsprintfA(buf, "SwapChain:0x%016I64X\n", (DWORD_PTR*)pSwapChain); OutputDebugStringA(buf); wsprintfA(buf, "SwapChainBase:0x%016I64X\n", SwapChainVtable); OutputDebugStringA(buf); #else wsprintfA(buf, "SwapChain:0x%08X\n", (DWORD_PTR*)pSwapChain); OutputDebugStringA(buf); wsprintfA(buf, "SwapChainBase:0x%08X\n", (DWORD_PTR*)SwapChainVtable); OutputDebugStringA(buf); #endif // _WIN64 #pragma endregion #pragma region 获取GPU命令函数表 ID3D12GraphicsCommandList *m_pGfxCmdList; ID3D12CommandAllocator *m_commandAllocator; hr = m_Device->CreateCommandAllocator(D3D12_COMMAND_LIST_TYPE_DIRECT, IID_PPV_ARGS(&m_commandAllocator)); if (FAILED(hr)) { OutputDebugStringA("Failed to CreateCommandAllocator!"); return NULL; } hr = m_Device->CreateCommandList(0, D3D12_COMMAND_LIST_TYPE_DIRECT, m_commandAllocator, nullptr, IID_ID3D12GraphicsCommandList, reinterpret_cast<void**>(&m_pGfxCmdList)); pCmdListVtable = (DWORD_PTR*)m_pGfxCmdList; pCmdListVtable = (DWORD_PTR*)pCmdListVtable[0]; #ifdef _WIN64 /*wsprintfA(buf, "DeviceCmdListBase1:0x%016I64X\n", pCmdListVtable); OutputDebugStringA(buf);*/ wsprintfA(buf, "DeviceCmdListBase:0x%016I64X\n", pCmdListVtable[12]); OutputDebugStringA(buf); #else wsprintfA(buf, "DeviceCmdListBase:0x%08X\n", pCmdListVtable[13]); OutputDebugStringA(buf); #endif // _WIN64 if (FAILED(hr)) { OutputDebugStringA("Failed to CreateCommandList!"); return NULL; } #pragma endregion #ifdef _WIN64 pDrawIndexedInstanced = (D3D12DrawIndexedInstancedHook)DetourFunc64((BYTE*)pCmdListVtable[13], (BYTE*)HookDDrawIndexedInstanced, 14); wsprintfA(buf, "Hook:0x%016I64X\n", pDrawIndexedInstanced); OutputDebugStringA(buf); #else pDrawIndexedInstanced =(D3D12DrawIndexedInstancedHook)Dourtable((BYTE*)pCmdListVtable[13], (BYTE*)HookDDrawIndexedInstanced, 5); wsprintfA(buf, "Hook:0x%08X\n", pDrawIndexedInstanced); OutputDebugStringA(buf); #endif // _WIN64 //设备释放 m_pCmdQueue->Release(); m_commandAllocator->Release(); m_pGfxCmdList->Release(); m_Device->Release(); pSwapChain->Release(); return NULL; } BOOL APIENTRY DllMain( HMODULE hModule,DWORD dwReason,LPVOID lpReserved) { if (dwReason == DLL_PROCESS_ATTACH) { OutputDebugStringA("D3D12HookInitation"); CreateThread(NULL, 0, InitializeHook, NULL, 0, NULL); } else if (dwReason == DLL_PROCESS_DETACH) { for (int i = 0; i < sizeof(dourtablebuffer) / sizeof(void*); ++i)/
评论
    相关推荐