{"id":30581463,"url":"https://github.com/vu2n/est","last_synced_at":"2025-08-29T06:29:15.184Z","repository":{"id":310356134,"uuid":"999646193","full_name":"Vu2n/EST","owner":"Vu2n","description":"External D3D11 Shellcode Toolkit","archived":false,"fork":false,"pushed_at":"2025-08-17T14:10:47.000Z","size":19,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-08-17T16:12:38.798Z","etag":null,"topics":["cheat","cpp","d3d11","d3d11hook","poc","shellcode","shellcode-hooking","shellcode-injection"],"latest_commit_sha":null,"homepage":"","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Vu2n.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-06-10T15:09:51.000Z","updated_at":"2025-08-17T14:10:51.000Z","dependencies_parsed_at":"2025-08-21T14:16:45.650Z","dependency_job_id":null,"html_url":"https://github.com/Vu2n/EST","commit_stats":null,"previous_names":["vu2n/est"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/Vu2n/EST","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Vu2n%2FEST","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Vu2n%2FEST/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Vu2n%2FEST/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Vu2n%2FEST/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Vu2n","download_url":"https://codeload.github.com/Vu2n/EST/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Vu2n%2FEST/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":272641813,"owners_count":24968807,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-29T02:00:10.610Z","response_time":87,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cheat","cpp","d3d11","d3d11hook","poc","shellcode","shellcode-hooking","shellcode-injection"],"created_at":"2025-08-29T06:29:14.213Z","updated_at":"2025-10-14T12:07:55.461Z","avatar_url":"https://github.com/Vu2n.png","language":"C++","readme":"# EST (External Shellcode Toolkit)\n\nThis project is an experiment in **external Direct3D 11 manipulation** using manual shellcode injection — no DLLs, no internal hooks. \nThe goal was to understand how to interact with D3D11 components remotely by resolving interfaces, calling vtable functions, \nand performing basic rendering-related operations from an external process.\n\n\u003e This isn't meant to be production-ready or undetectable. It's a learning tool and research base.\n\n---\n\n## Features\n\n- External `IDXGISwapChain::Present` hook via shellcode trampoline\n- Remote COM function calls via generated shellcode\n- Support for RCX/RDX/R8/R9, shadow space, and XMM registers\n- Resolves D3D11 device/context externally\n- Can call device/context functions via vtables\n- FPS tracking via Present count\n\n---\n\n## RemoteCall (RC) Wrapper\n\nThe `RemoteCall` class acts as a low-level wrapper that enables calling **in-game or engine functions remotely** from an external process. It builds shellcode dynamically to:\n\n* Push arguments (integers, floats, strings) into the appropriate registers and stack slots\n* Call arbitrary function addresses in the target process\n* Return results (both from `RAX` and `XMM0`)\n\n### Example Use Case\n\nOnce you've resolved an in-game function pointer (e.g., via vtable or signature scan), you can call it like this:\n\n```cpp\nuint64_t result = rc.Call(funcAddress, arg1, arg2, ...);\n```\n\nThis allows you to:\n\n* Call virtual functions (via resolved vtables)\n* Execute engine methods without injecting code\n* Initialize D3D objects or issue rendering commands externally\n\nIt's a flexible way to interact with the target application's codebase entirely from the outside, as long as you have the right function address and calling convention.\n---\n\n## Limitations\n\n- Backbuffer and RTV retrieval is **currently unreliable**\n- Works only on **x64** targets\n- Only tested with games using D3D11 and `dxgi.dll`\n- No GUI or overlay (yet)\n- Requires manual rebase of `dxgi.dll` vtable address (based on IDA offsets)\n\n---\n\n## Requirements\n\n- Windows 10/11\n- Target must be a D3D11 x64 application\n- Built with Visual Studio 2019+ (C++17 or later)\n\n---\n\n## Usage\n\n1. Launch your D3D11 target application (e.g., a game).\n2. Edit the process name in `Main.cpp`:\n\n```cpp\nconst wchar_t* targetProcessName = L\"AVF2-Win64-Shipping.exe\";\n```\n\n3. Build and run `Rust.exe` as administrator.\n4. The tool will:\n\n   * Find the process\n   * Hook `Present`\n   * Log FPS\n   * Attempt to find device/context/backbuffer/RTV\n\n---\n\n## Future Plans\n\n* Reliable RTV and backbuffer detection\n* External ImGui-style overlay (via separate transparent window)\n* Remote texture manipulation\n* Shared memory IPC for runtime control\n\n---\n\n## License\n\nThis project is released under the MIT License.\n\n---\n\n## Disclaimer\n\nThis code is for educational and research purposes only. Using it in online games or anti-cheat-protected environments may result in bans or violations of terms of service. Use responsibly.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvu2n%2Fest","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvu2n%2Fest","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvu2n%2Fest/lists"}