How To Make A D3D Hook [ Complete Tutorial ]
First of all i m not like those who afraid on giving a hook..i don't care about this i care bout helping people
First of all include those [they may have smth rong if any corrections i suggest @Swag to tell me]

Code:

#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
#include <d3d9.h>
#include <d3dx9.h>

okay first lets start naked function

Code:

DWORD* DIP_hook = NULL;
DWORD DIP_return = NULL;

bool wallhack = true;

void myDIP(LPDIRECT3DDEVICE9 pDevice, D3DPRIMITIVETYPE Type,INT BaseVertexIndex,UINT MinVertexIndex,UINT NumVertices,UINT startIndex,UINT primCount)
{
IDirect3DVertexBuffer9* pStreamData = NULL;
UINT iOffsetInBytes,iStride;
pDevice->GetStreamSource(0,&pStreamData,&iOffsetInBytes,&iStride);

if(wallhack)
if ((iStride==40)||(iStride==44))
{
pDevice->SetRenderState(D3DRS_ZENABLE, D3DZB_FALSE );
pDevice->SetRenderState(D3DRS_ZFUNC, D3DCMP_NEVER);
}
}

_declspec(naked) void dwmyDIP()
{
__asm
{
//Call myDIP
MOV EAX, DWORD PTR [ESP+40];
PUSH EAX;
MOV EAX, DWORD PTR [ESP+40];
PUSH EAX;
MOV EAX, DWORD PTR [ESP+40];
PUSH EAX;
MOV EAX, DWORD PTR [ESP+40];
PUSH EAX;
MOV EAX, DWORD PTR [ESP+40];
PUSH EAX;
MOV EAX, DWORD PTR [ESP+40];
PUSH EAX;
MOV EAX, DWORD PTR [ESP+40];
PUSH EAX;
CALL myDIP;
ADD ESP, 28;

Then Restore EAX original value:

Code:

MOV EAX,DWORD PTR FS:[0];

Then put back the Original code:

Code:

PUSH EAX;
SUB ESP,0x20;

Then Return ur JMP Back:

Code:

JMP DIP_return;

Then Close ur naked Function:

Code:

 }
}

Then We Find The Pattern For Our Wall Hack:

Code:

DWORD FindPattern(DWORD dwAddress,DWORD dwLen,BYTE *bMask,char * szMask)
{
for(DWORD i=0; i<dwLen; i++)
if (bCompare((BYTE*)(dwAddress+i),bMask,szMask)) return (DWORD)(dwAddress+i);
return 0;
}

Then We start our 5 Bytes Hunting:

Code:

void MakeJMP(BYTE *pAddress, DWORD dwJumpTo, DWORD dwLen)
{
DWORD dwOldProtect, dwBkup, dwRelAddr;

Then we give the paged memory read/write permissions:

Code:

 VirtualProtect(pAddress, dwLen, PAGE_EXECUTE_READWRITE, &dwOldProtect);

Then We calculate the distance between our address and our target location and subtract the 5bytes, which is the size of the JMP:

Code:

dwRelAddr = (DWORD) (dwJumpTo - (DWORD) pAddress) - 5;

Then We overwrite the byte at pAddress with the jmp opcode (0xE9):

Code:

 *pAddress = 0xE9;

Then We overwrite the next 4 bytes (which is the size of a DWORD) with the dwRelAddr:

Code:

*((DWORD *)(pAddress + 0x1)) = dwRelAddr;

Then we overwrite the remaining bytes with the NOP opcode (0x90):

Code:

for(DWORD x = 0x5; x < dwLen; x++) *(pAddress + x) = 0x90;

Then we restore the paged memory permissions saved in dwOldProtect:

Code:

VirtualProtect(pAddress, dwLen, dwOldProtect, &dwBkup);

Then We close the JMPHook:

Code:

 return;

}

Then Create Our Hack Thread:thx to @CodeBlack for telling me how to put the wallhack

Code:

void WallHack()
{
LoadLibraryA("d3d9.dll");
DWORD D3D9, adr, *VTable;
do
{
D3D9 = (DWORD)LoadLibraryA("d3d9.dll");
Sleep(100);
} while (D3D9 == NULL);

adr = FindPattern(D3D9, 0x128000, (PBYTE)"\xC7\x06\x00\x00\x00\x00\x89\x86\x00\x00\x00\x00\x89\x8", "xx????xx????xx");
if (adr) {
memcpy(&VTable,(void *)(adr+2),4);

MakeJMP((BYTE *)0x4FF51658, (DWORD)dwmyDIP, 0x6);
DWORD dwJMPback = 0x4FF51658;
}
}

Then Finally The DLLMAIN:

Code:

//then put one ur self :)

Credits to:
CodeBlack
Im SwaG
Unknown gamer

Thanks For Posting