Dll for Hook the API OpenProcess
in [Win32 Kernel]
|
From: Vitoto on 4 Jan 2006 08:59 Hi, me again. Maybe i not post good detail the my problem. I try again. The API Openprocess : http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wcekernl/html/_wcesdk_win32_OpenProcess.asp This function returns a handle to an existing process object. HANDLE OpenProcess( DWORD fdwAccess, BOOL fInherit, DWORD IDProcess ); Parameters fdwAccess [in] Not supported; set to zero. fInherit [in] Not supported; set to FALSE. IDProcess <------ INTERCEPT [in] Specifies the process identifier of the process to open. Which within its parameters uses a IDProcess, the this delivery the use of some of these APIs : IDProcess = FindWindow -> Get using Window Name IDProcess = GetHProcExe -> Get using name.exe IDProcess = GetWindowProcessID -> Get using Directly IDProcess Ca use any API for get IDProcess value. HandleWindow = OpenProcess(PROCESS_ALL_ACCESS,False,IDProcess); When the cheat application running need use in the PID value, My game IDProcess. Then change memory and use WriteProcessMemory changing vars values the game. Is posible inject dll in program in memory, for know the IDProcess value used when call API OpenProcess ? Returning in Event the IDProcess Values IF the Program is using the API. Resume : Game : is normal code and not .Net code ..Net code : Use dll and monitoring programs Good is all programs in system, but if not is posible then is ok monitoring specify program running. And if is not posible for .Net technology then simple .exe or service. From my Code i call to Spy program running and log, spy or Hook If the program use API OpenProcesss. If OpenProcess was used then intercept value used in parameter IDProcess HandleWindow = OpenProcess(PROCESS_ALL_ACCESS,False,IDProcess); My problem you understand ? Some any idea for make code or invest ? Thank you.
From: Ivan Stambuk on 6 Jan 2006 05:10 I'm not really sure if I understood you properly, but it seems to me that you are building some sort of anti-cheat mechanism for your game. Well, you should certainly hook OpenProcess, something like this: #define PROCESS_PROTECT_FILENAME _T("game_exefile.exe") // rewritten OpenProcess handler by means of your favorite hooking // method.. HANDLE WINAPI Hook_OpenProcess( DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwProcessId) { DWORD ProcessId = ProcessName2Pid(PROCESS_PROTECT_FILENAME); if (dwProcessId != ProcessId) { return hooked_OpenProcess(dwDesiredAccess, bInheritHandle, dwProcessId); } else return NULL; } Use Process32First/Process32Next to implement ProcessName2Pid. This will have side effect of disabling killing your process in taskmgr.exe. Also, it will NOT protect you from cheaters using native ntdll APIs, or directly calling syscalls with sysenter/syscall/int 2eh
From: Vitoto on 6 Jan 2006 08:19 Is posible some Service monitoring all programs using API OpenProcess and return value the dwProcessId used. Is more complex only return when dwProcessId = PID the Game. From my .Net code launch game and know PID. Send this PID to Service for filter and when Service detect dwProcessId value alert .Net code. Service and .Net can use memory area using encrypted value and private key for comunication. You think is posible, this idea ? "Ivan Stambuk" wrote: > I'm not really sure if I understood you properly, but it seems to me > that you are building some sort of anti-cheat mechanism for your game. > Well, you should certainly hook OpenProcess, something like this: > > #define PROCESS_PROTECT_FILENAME _T("game_exefile.exe") > > // rewritten OpenProcess handler by means of your favorite hooking > // method.. > > HANDLE > WINAPI > Hook_OpenProcess( > DWORD dwDesiredAccess, > BOOL bInheritHandle, > DWORD dwProcessId) > { > DWORD ProcessId = ProcessName2Pid(PROCESS_PROTECT_FILENAME); > > if (dwProcessId != ProcessId) { > return hooked_OpenProcess(dwDesiredAccess, bInheritHandle, > dwProcessId); > } > > else return NULL; > } > > Use Process32First/Process32Next to implement ProcessName2Pid. This > will have side effect of disabling killing your process in taskmgr.exe. > Also, it will NOT protect you from cheaters using native ntdll APIs, or > directly calling syscalls with sysenter/syscall/int 2eh > >
From: Alexander Grigoriev on 6 Jan 2006 10:58 I would never buy a game that needs to inject a DLL to all running processes... "Vitoto" <Vitoto(a)discussions.microsoft.com> wrote in message news:9732CB9B-0EFD-42A8-A084-F96709E5303B(a)microsoft.com... > Is posible some Service monitoring all programs using API OpenProcess and > return value the dwProcessId used. > Is more complex only return when dwProcessId = PID the Game. > > From my .Net code launch game and know PID. > Send this PID to Service for filter and when Service detect dwProcessId > value alert .Net code. > > Service and .Net can use memory area using encrypted value and private key > for comunication. > > You think is posible, this idea ? > > "Ivan Stambuk" wrote: > >> I'm not really sure if I understood you properly, but it seems to me >> that you are building some sort of anti-cheat mechanism for your game. >> Well, you should certainly hook OpenProcess, something like this: >> >> #define PROCESS_PROTECT_FILENAME _T("game_exefile.exe") >> >> // rewritten OpenProcess handler by means of your favorite hooking >> // method.. >> >> HANDLE >> WINAPI >> Hook_OpenProcess( >> DWORD dwDesiredAccess, >> BOOL bInheritHandle, >> DWORD dwProcessId) >> { >> DWORD ProcessId = ProcessName2Pid(PROCESS_PROTECT_FILENAME); >> >> if (dwProcessId != ProcessId) { >> return hooked_OpenProcess(dwDesiredAccess, bInheritHandle, >> dwProcessId); >> } >> >> else return NULL; >> } >> >> Use Process32First/Process32Next to implement ProcessName2Pid. This >> will have side effect of disabling killing your process in taskmgr.exe. >> Also, it will NOT protect you from cheaters using native ntdll APIs, or >> directly calling syscalls with sysenter/syscall/int 2eh >> >>
From: Vitoto on 6 Jan 2006 11:49 You think game need Hook ? what you are speakig, My Anticheat Program need detect cheats. If you not want help, please stop posting. "Alexander Grigoriev" wrote: > I would never buy a game that needs to inject a DLL to all running > processes... > > "Vitoto" <Vitoto(a)discussions.microsoft.com> wrote in message > news:9732CB9B-0EFD-42A8-A084-F96709E5303B(a)microsoft.com... > > Is posible some Service monitoring all programs using API OpenProcess and > > return value the dwProcessId used. > > Is more complex only return when dwProcessId = PID the Game. > > > > From my .Net code launch game and know PID. > > Send this PID to Service for filter and when Service detect dwProcessId > > value alert .Net code. > > > > Service and .Net can use memory area using encrypted value and private key > > for comunication. > > > > You think is posible, this idea ? > > > > "Ivan Stambuk" wrote: > > > >> I'm not really sure if I understood you properly, but it seems to me > >> that you are building some sort of anti-cheat mechanism for your game. > >> Well, you should certainly hook OpenProcess, something like this: > >> > >> #define PROCESS_PROTECT_FILENAME _T("game_exefile.exe") > >> > >> // rewritten OpenProcess handler by means of your favorite hooking > >> // method.. > >> > >> HANDLE > >> WINAPI > >> Hook_OpenProcess( > >> DWORD dwDesiredAccess, > >> BOOL bInheritHandle, > >> DWORD dwProcessId) > >> { > >> DWORD ProcessId = ProcessName2Pid(PROCESS_PROTECT_FILENAME); > >> > >> if (dwProcessId != ProcessId) { > >> return hooked_OpenProcess(dwDesiredAccess, bInheritHandle, > >> dwProcessId); > >> } > >> > >> else return NULL; > >> } > >> > >> Use Process32First/Process32Next to implement ProcessName2Pid. This > >> will have side effect of disabling killing your process in taskmgr.exe. > >> Also, it will NOT protect you from cheaters using native ntdll APIs, or > >> directly calling syscalls with sysenter/syscall/int 2eh > >> > >> > > >
|
Next
|
Last
Pages: 1 2 3 Prev: SHChangeNotifyRegister and SHCNE_CREATE Next: IRP_MJ_READ problem accessing memory |