ESP Part1

1. //dllmain.cpp
2.  
3. // dllmain.cpp : Defines the entry point for the DLL application.
4. #include "pch.h"
5.  
6. #include <iostream>
7. #include <vector>
8. #include "Entity.h"
9.  
10. #include <d3d9.h>
11. #include <d3dx9.h>
12.  
13. #pragma comment(lib, "d3d9.lib")
14. #pragma comment(lib, "d3dx9.lib")
15.  
16. #include "detours.h"
17. #pragma comment(lib, "detours.lib")
18.  
19.  
20. HINSTANCE DllHandle;
21.  
22. typedef HRESULT(__stdcall* endScene)(IDirect3DDevice9* pDevice);
23. endScene pEndScene;
24.  
25. LPD3DXFONT font;
26.  
27. //ESP
28.  
29. uintptr_t pEntityTableBase = 0x400506EC;
30.  
31. std::vector<Entity*> loadEntities() {
32.     int failCounter = 0;
33.     std::vector<Entity*> entities;
34.     for (int i = 0; i < 9999; ++i) {
35.         uintptr_t pointer = *(uintptr_t*)(pEntityTableBase + 0x08 + i * 12);
36.         if (pointer) {
37.             failCounter = 0;
38.             Entity* entity = (Entity*)pointer;
39.             entities.push_back(entity);
40.         }
41.         else
42.             failCounter++;
43.         if (failCounter > 5)
44.             return entities;
45.     }
46.     return entities;
47. }
48.  
49. HRESULT __stdcall hookedEndScene(IDirect3DDevice9* pDevice) {
50.     //now here we can create our own graphics
51.     int padding = 2;
52.     int rectx1 = 100, rectx2 = 300, recty1 = 50, recty2 = 100;
53.     D3DRECT rectangle = { rectx1, recty1, rectx2, recty2 };
54.     pDevice->Clear(1, &rectangle, D3DCLEAR_TARGET, D3DCOLOR_ARGB(255, 0, 0, 0), 0.0f, 0); // this draws a rectangle
55.     if (!font)
56.         D3DXCreateFont(pDevice, 16, 0, FW_BOLD, 1, 0, DEFAULT_CHARSET, OUT_DEFAULT_PRECIS, DEFAULT_QUALITY, DEFAULT_PITCH | FF_DONTCARE, "Arial", &font);
57.     RECT textRectangle;
58.     SetRect(&textRectangle, rectx1 + padding, recty1 + padding, rectx2 - padding, recty2 - padding);
59.     font->DrawText(NULL, "Press Numpad0 to Exit", -1, &textRectangle, DT_NOCLIP | DT_LEFT, D3DCOLOR_ARGB(255, 153, 255, 153)); //draw text;
60.     return pEndScene(pDevice); // call original endScene
61. }
62.  
63. void hookEndScene() {
64.     IDirect3D9* pD3D = Direct3DCreate9(D3D_SDK_VERSION); // create IDirect3D9 object
65.     if (!pD3D)
66.         return;
67.  
68.     D3DPRESENT_PARAMETERS d3dparams = { 0 };
69.     d3dparams.SwapEffect = D3DSWAPEFFECT_DISCARD;
70.     d3dparams.hDeviceWindow = GetForegroundWindow();
71.     d3dparams.Windowed = true;
72.  
73.     IDirect3DDevice9* pDevice = nullptr;
74.  
75.     HRESULT result =  pD3D->CreateDevice(D3DADAPTER_DEFAULT, D3DDEVTYPE_HAL, d3dparams.hDeviceWindow, D3DCREATE_SOFTWARE_VERTEXPROCESSING, &d3dparams, &pDevice);
76.     if (FAILED(result) || !pDevice) {
77.         pD3D->Release();
78.         return;
79.     }
80.     //if device creation worked out -> lets get the virtual table:
81.     void** vTable = *reinterpret_cast<void***>(pDevice);
82.  
83.     //now detour:
84.  
85.     pEndScene = (endScene)DetourFunction((PBYTE)vTable[42],(PBYTE)hookedEndScene);
86.  
87.     pDevice->Release();
88.     pD3D->Release();
89. }
90.  
91.  
92. DWORD __stdcall EjectThread(LPVOID lpParameter) {
93.     Sleep(100);
94.     FreeLibraryAndExitThread(DllHandle, 0);
95.     return 0;
96. }
97.  
98. DWORD WINAPI Menue(HINSTANCE hModule) {
99.     AllocConsole();
100.     FILE* fp;
101.     freopen_s(&fp, "CONOUT$", "w", stdout); //sets cout to be used with our newly created console
102.  
103.     hookEndScene();
104.  
105.     while (true) {
106.         Sleep(50);
107.         if (GetAsyncKeyState(VK_NUMPAD0)) {
108.             std::vector<Entity*> entities = loadEntities();
109.             for (Entity* entity : entities) {
110.                 std::cout << "position: x: " << entity->feet.x << " y:" << entity->feet.y << " z:" << entity->feet.z << std::endl;
111.                 std::cout << "health: " << entity->health << std::endl;
112.                 std::cout << "shield: " << entity->shield << std::endl << std::endl;
113.             }
114.         }
115.         if (GetAsyncKeyState(VK_NUMPAD1)) {
116.             DetourRemove((PBYTE)pEndScene,(PBYTE)hookedEndScene);
117.             break;
118.         }
119.     }
120.     std::cout << "ight imma head out" << std::endl;
121.     Sleep(1000);
122.     fclose(fp);
123.     FreeConsole();
124.     CreateThread(0, 0, EjectThread, 0, 0, 0);
125.     return 0;
126. }
127.  
128. BOOL APIENTRY DllMain( HMODULE hModule, DWORD  ul_reason_for_call,LPVOID lpReserved)
129. {
130.     switch (ul_reason_for_call)
131.     {
132.     case DLL_PROCESS_ATTACH:
133.         DllHandle = hModule;
134.         CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)Menue, NULL, 0, NULL);
135.     case DLL_THREAD_ATTACH:
136.     case DLL_THREAD_DETACH:
137.     case DLL_PROCESS_DETACH:
138.         break;
139.     }
140.     return TRUE;
141. }
142.  
143. //Entity.h
144. #pragma once
145. #include "Vector.h"
146.  
147. class Entity
148. {
149. public:
150.     char pad_0000[92]; //0x0000
151.     Vector3 feet; //0x005C
152.     char pad_0068[56]; //0x0068
153.     Vector3 torso; //0x00A0
154.     char pad_00AC[52]; //0x00AC
155.     float health; //0x00E0
156.     float shield; //0x00E4
157. }; //Size: 0x00E8
158.  
159. //Vector.h
160. #pragma once
161.  
162. struct Vector2 {
163.     float x, y;
164. };
165.  
166. struct Vector3 {
167.     float x, y, z;
168. };
169.  
170. struct Vector4 {
171.     float x, y, z, w;
172. };