vitoto
Messages postés18Date d'inscriptiondimanche 8 mai 2005StatutMembreDernière intervention13 janvier 2006
-
4 janv. 2006 à 04:45
GeneticW
Messages postés34Date d'inscriptionsamedi 3 juin 2006StatutMembreDernière intervention23 avril 2011
-
13 avril 2007 à 06:04
Hi guys.
I try get some help in this problem.
API Openprocess which within its parameters uses a PID, the this delivery the use of some of these APIs :
vitoto
Messages postés18Date d'inscriptiondimanche 8 mai 2005StatutMembreDernière intervention13 janvier 2006 4 janv. 2006 à 14:49
From my .Net code Set PID value the external program and Spy or Hook when if use API OpenProcess and when use API OpenProcess then capture the values used in PID parameter.
Cheat use API OpenProcess(reqdAccess, bInherit , pid ) so in PID values is the GAME PID in memory.
IDProcess = FindWindow -> Get using Window Name -> "Game Window Name"
IDProcess = GetHProcExe -> Get using game.exe
IDProcess = GetWindowProcessID -> Get using Directly IDProcess -> PID the Game.exe
I not want stop this 3 methods, i need Stop OpenProcess where values will be passed.
After OpenProcess get Access to Game Process using parameter : PROCESS_ALL_ACCESS
Return HandleWindow and use after in API WriteProcessMemory
WriteProcessMemory(HandleWindow, Offset, Value, 1, 0&)
From my ".Net Program" i use PID 1234 "program01.exe" for Spy, Hook or Intercept if Use API OpenProcess.
When program01.exe was detected using the API OpenProcess then Log, Hook or Intercept the value in parameter used.
If value is IDProcess = 5675, then assume "program01.exe" is Cheat Program trying attack GAME Process.
After check program02.exe and detect not using API OpenProcess, skip for monitor others process.
I Can scan all process alrey running enumerating Process in memory and for get all new programs open in RealTime using "WMI and Win32_ProcessStartTrace", you can look Sample code working in VB.Net 2003 and 2005.
Only need update XP SP2 to last update.
Imports System.Management
Public Class Form1
Inherits System.Windows.Forms.Form
#Region " Windows Form Designer generated code " ....
Dim q As New EventQuery("SELECT * FROM Win32_ProcessStartTrace")
WithEvents w As New ManagementEventWatcher(q)
Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
'start subscribing to WMI event
w.Start()
End Sub
Private Sub ProcStartEventArrived(ByVal sender As Object, ByVal e As EventArrivedEventArgs) Handles w.EventArrived
'Get the Event object and display it
TextBox1.Text += e.NewEvent("ProcessName") & Environment.NewLine
End Sub
Private Sub Form1_Closing(ByVal sender As Object, ByVal e As System.ComponentModel.CancelEventArgs) Handles MyBase.Closing
'stop subscribing to WMI event
w.Stop()
End Sub
End Class
If you have problem in updates, only can use e.NewEvent("ProcessName"), If you have last update then use e.NewEvent("ProcessID") too.
Backing my problem.
If is necesary somewin32 dll (c++), you know where i can found ?
vitoto
Messages postés18Date d'inscriptiondimanche 8 mai 2005StatutMembreDernière intervention13 janvier 2006 6 janv. 2006 à 14:16
I need a service that Intercepts all the programs that use the API OpenProcess and that the value that returns HandleWindow is passed to an application Net, or better even it passes the value that uses like IDProcess parameter. HandleWindow = OpenProcess(PROCESS_ALL_ACCESS, False, IDProcess);
J'ai besoin d'un service qui arrête tous les programmes qui emploient l'api OpenProcess et qui la valeur qui retourne HandleWindow est passé à un filet d'application, ou meilleur égal elle passe la valeur qui emploie comme le paramètre d'IDProcess.
GeneticW
Messages postés34Date d'inscriptionsamedi 3 juin 2006StatutMembreDernière intervention23 avril 2011 13 avril 2007 à 06:04
yeah it's possible. but only in c++ like it has been said, not in DOT NET
there is a guy that made something similar to what you want and he gave source FREE
the code was intended to show other program that access that API,
but you'll have to make the part of returning a different value.
would be nice if you post your end code here.
----------------------
Désolé les gars, j'ai répondu en Anglais parce que le gars parle ni francais ni anglais.
certains bout ses commentaire sont meme difficile a lire en anglais.
Le gars veut un code permettant d'intercepter les call a un API et d'envoyer une reponse differente. j'ai fournit un code qui (va parraitre d'ici AOUT 2007 dans un nouveau livre sur la programmation des Hack pour jeu) qui intercepte les appels a cet API.