Results 1 to 3 of 3
  1. #1
    RDCM's Avatar
    Join Date
    Oct 2013
    Gender
    male
    Location
    ring0
    Posts
    2
    Reputation
    10
    Thanks
    0
    My Mood
    Devilish

    Question Question D3D physical hook - any thoughts?

    First of all, sry if i posted in the incorrect section, but i didn't found any "D3D hooks" or "GRAPI substitution" sub-forum, so posting it here...

    I am not a PRO, but have a lot of programming experience and i'm pretty familiar with D3D hooking, i've coded my first wallhack (for Warframe) like 3 years ago.
    So it's not about D3D coding itself, and not 'bout hooking some graphic rendering API, it's more about overall API substitution methods...
    A small intro: when i decided to make a bot for some game, after gathering information i've found that there r few bots available already (free or paid), but all of them had reports of being bannable, so i've started to think - what other options we have to substitute renderer except dll-injection or system-hooks. And i've realized that we don't rly need to inject any code or manipulate process memory to change jump/call addresses - we can just replace the renderer itself with our own wrapper. I still didn't tried to actually do that, but atm i see no reasons why it couldn't be done (yeah, obv. it will add at least 1 cp-instruction to every exported routine and assuming thousands of calls inside every frame such wrapper-library could cause visible fps-drop, but hey, it's not like the game should work on old 1.3 GHz Celeron on S370 MB with integrated GPU anyways =)

    So by "physical hook" i mean replacement of the library file inside the actual file-system (not memory) with a wrapper-library. But i still not sure how it could be done in "undetectable" way... I can think of at least two problems: file checks (size, hash (md5, crc32) etc.) and library lists checking (cuz wrapper will call original dll anyways). As to first problem - i still not sure what could be done to passby that, but on other hand such defense seems quite unrealistic to me (there r too much different versions of dx libs). And as to second problem it could be passed via memory mapping - wrapper could load the original dll inside it's own memory page space, so original version willn't be listed in the dll-list.

    Has anybody tried to do such dx-substitution? Or maybe u see something that i missed? Or u know better (undetectable) way to intercept API calls? I'll appreciate any constructive opinions on that topic...

  2. #2
    Mayion's Avatar
    Join Date
    Oct 2012
    Gender
    male
    Location
    Bed
    Posts
    13,502
    Reputation
    4018
    Thanks
    8,368
    My Mood
    Twisted
    But aren't you still modifying the memory by replacing the DX library with the wrapper?
    And no, I don't think such checks are ran to verify the file.
    I do not use any type of messenger outside of MPGH.
    Inactive but you can reach me through VM/PM.










     

    Donator - 30 August 2013
    Battlefield Minion - 26 October 2013

    Blackshot Minion - 14 January 2014/16 September 2014
    Minecraft Minion - 7 February 2014/16 September 2014
    WarRock Minion - 23 February 2014
    League of Legends Minion - 21 March 2014

    Minion+ - 15 May 2014
    Other Semi-Popular First Person Shooter Minion - 8 August 2014
    CrossFire Minion - 23 October 2014
    Programming Section Minion - 13 November 2014
    Marketplace Minion - 7 December 2014

    Official Middleman - 7 December 2014 - 27 June 2015
    Moderator - 29 December 2014
    Project Blackout Minion - 10 January 2015
    News Force Interviewer - January 2015
    Steam Games Minion - 21 March 2015
    Dragon Nest Minion - 31 March 2015
    Publicist - April 2015 - 21 September 2015
    Global Moderator - 25 August 2015
    Super User - 13 August 2016



  3. #3
    Threadstarter
    New Member
    RDCM's Avatar
    Join Date
    Oct 2013
    Gender
    male
    Location
    ring0
    Posts
    2
    Reputation
    10
    Thanks
    0
    My Mood
    Devilish
    Quote Originally Posted by Mayion View Post
    But aren't you still modifying the memory by replacing the DX library with the wrapper?
    Not rly, speaking simple - wrapper just replaces original dll-file on the hard rive. Yeah, obv. it gets loaded into memory after (that's why i'm thinkg of ways to bypass possible file-size/hash checking), but it's not bout "memory modifying" anyways =)

Similar Threads

  1. Question| well is there any ?
    By fallenleaves in forum Combat Arms Europe Hacks
    Replies: 6
    Last Post: 07-26-2009, 10:42 AM
  2. Pro Code D3D Public Hook
    By lukazuki in forum Operation 7 Hacks
    Replies: 10
    Last Post: 06-19-2009, 05:54 PM
  3. question and a hope any one give me answer
    By -=SOLO=- in forum CrossFire Hacks & Cheats
    Replies: 5
    Last Post: 06-13-2009, 05:58 PM
  4. Steel's Wrapper D3D (Works on any update)
    By TryMe in forum WarRock - International Hacks
    Replies: 71
    Last Post: 03-30-2009, 11:10 AM
  5. Your D3D8/9 SDK For D3D/Client Hooks!
    By WarPunk in forum C++/C Programming
    Replies: 2
    Last Post: 04-27-2008, 02:51 AM