API Hook OpenProcess
vitoto
Messages postés
18
Date d'inscription
dimanche 8 mai 2005
Statut
Membre
Dernière intervention
13 janvier 2006
-
4 janv. 2006 à 04:45
GeneticW Messages postés 34 Date d'inscription samedi 3 juin 2006 Statut Membre Dernière intervention 23 avril 2011 - 13 avril 2007 à 06:04
GeneticW Messages postés 34 Date d'inscription samedi 3 juin 2006 Statut Membre Dernière intervention 23 avril 2011 - 13 avril 2007 à 06:04
A voir également:
- Openprocess msdn
- Openprocess c# - Meilleures réponses
- C# openprocess - Meilleures réponses
- Fgets msdn - Forum C++ & C++ .NET
- Shellexecute msdn - Forum C / C++ / C++.NET
- Problème sur API OpenProcess ✓ - Forum Visual Basic 6
- Msdn setwindowpos ✓ - Forum Delphi / Pascal
- Connaitre le pid à partir du handle d'un processus - Forum C / C++ / C++.NET
11 réponses
sebmafate
Messages postés
4936
Date d'inscription
lundi 17 février 2003
Statut
Membre
Dernière intervention
14 février 2014
37
4 janv. 2006 à 10:04
4 janv. 2006 à 10:04
hi...
you want another process PID or current application PID ?
Sébastien FERRAND
[MVP C#]
you want another process PID or current application PID ?
Sébastien FERRAND
[MVP C#]
vitoto
Messages postés
18
Date d'inscription
dimanche 8 mai 2005
Statut
Membre
Dernière intervention
13 janvier 2006
4 janv. 2006 à 14:49
4 janv. 2006 à 14:49
From my .Net code Set PID value the external program and Spy or Hook when if use API OpenProcess and when use API OpenProcess then capture the values used in PID parameter.
Cheat use API OpenProcess(reqdAccess, bInherit , pid ) so in PID values is the GAME PID in memory.
Game is not .Net code.
Understand me ?
Cheat use API OpenProcess(reqdAccess, bInherit , pid ) so in PID values is the GAME PID in memory.
Game is not .Net code.
Understand me ?
sebmafate
Messages postés
4936
Date d'inscription
lundi 17 février 2003
Statut
Membre
Dernière intervention
14 février 2014
37
4 janv. 2006 à 15:17
4 janv. 2006 à 15:17
if you know process name, you can find process id with System.Diagnostics.Process class.
Example :
foreach( Process p in Process.GetProcessesByName("yourProcessName")) {
/// if p is the process you are searching
/// p.Id is its PID
}
you can use Process.GetProcesses method too.
But if you want to use win32 APIs, i can't help you, sorry.
Sébastien FERRAND
[MVP C#]
Example :
foreach( Process p in Process.GetProcessesByName("yourProcessName")) {
/// if p is the process you are searching
/// p.Id is its PID
}
you can use Process.GetProcesses method too.
But if you want to use win32 APIs, i can't help you, sorry.
Sébastien FERRAND
[MVP C#]
vitoto
Messages postés
18
Date d'inscription
dimanche 8 mai 2005
Statut
Membre
Dernière intervention
13 janvier 2006
4 janv. 2006 à 15:51
4 janv. 2006 à 15:51
Yes i know man, i need LOG, SPY or HOOK when any program use API OpenProcess.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
sebmafate
Messages postés
4936
Date d'inscription
lundi 17 février 2003
Statut
Membre
Dernière intervention
14 février 2014
37
4 janv. 2006 à 16:13
4 janv. 2006 à 16:13
you can't make system hook with .net... you must use win32 dll (c++)
Sébastien FERRAND
[MVP C#]
Sébastien FERRAND
[MVP C#]
vitoto
Messages postés
18
Date d'inscription
dimanche 8 mai 2005
Statut
Membre
Dernière intervention
13 janvier 2006
4 janv. 2006 à 17:47
4 janv. 2006 à 17:47
Thank you, so alternative to system Hook, some Remote Hook is posible ?
I Re-formule the problem and use Samples and images for help.
Global Model Image.
Detail :
This is the API OpenProcess or Class in .Net GetProcessID
/library/en-us/wcekernl/html/_wcesdk_win32_OpenProcess.asp http:<WBR>/<WBR>/<WBR>msdn.<WBR>microsoft.<WBR>com/<WBR>library/<WBR>default.<WBR>asp?<WBR>url=<WBR>/<WBR>library/<WBR>en-<WBR>us/<WBR>wcekernl/<WBR>html/<WBR>_<WBR>wcesdk_<WBR>win32_<WBR>OpenProcess.<WBR>asp
Cheat program use the API and use in parameter PID the Game in Memory.
Game is not .Net program, i not have source, only launch from .Net code.
Example : Game Pid is : 5675
When cheat program "program01.exe(pid 1234)" use the API then in parameters use the value 5675.
Example :
IDProcess = 5675
HandleWindow = OpenProcess(PROCESS_ALL_ACCESS,False,IDP<WBR>rocess);
For get value 5675 use others APIs :
IDProcess = FindWindow -> Get using Window Name -> "Game Window Name"
IDProcess = GetHProcExe -> Get using game.exe
IDProcess = GetWindowProcessID -> Get using Directly IDProcess -> PID the Game.exe
I not want stop this 3 methods, i need Stop OpenProcess where values will be passed.
After OpenProcess get Access to Game Process using parameter : PROCESS_ALL_ACCESS
Return HandleWindow and use after in API WriteProcessMemory
WriteProcessMemory(HandleWindow, Offset, Value, 1, 0&)
From my ".Net Program" i use PID 1234 "program01.exe" for Spy, Hook or Intercept if Use API OpenProcess.
When program01.exe was detected using the API OpenProcess then Log, Hook or Intercept the value in parameter used.
If value is IDProcess = 5675, then assume "program01.exe" is Cheat Program trying attack GAME Process.
After check program02.exe and detect not using API OpenProcess, skip for monitor others process.
I Can scan all process alrey running enumerating Process in memory and for get all new programs open in RealTime using "WMI and Win32_ProcessStartTrace", you can look Sample code working in VB.Net 2003 and 2005.
Only need update XP SP2 to last update.
Imports System.Management
Public Class Form1
Inherits System.Windows.Forms.Form
#Region " Windows Form Designer generated code " ....
Dim q As New EventQuery("SELECT * FROM Win32_ProcessStartTrace")
WithEvents w As New ManagementEventWatcher(q)
Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
'start subscribing to WMI event
w.Start()
End Sub
Private Sub ProcStartEventArrived(ByVal sender As Object, ByVal e As EventArrivedEventArgs) Handles w.EventArrived
'Get the Event object and display it
TextBox1.Text += e.NewEvent("ProcessName") & Environment.NewLine
End Sub
Private Sub Form1_Closing(ByVal sender As Object, ByVal e As System.ComponentModel.CancelEventArgs) Handles MyBase.Closing
'stop subscribing to WMI event
w.Stop()
End Sub
End Class
If you have problem in updates, only can use e.NewEvent("ProcessName"), If you have last update then use e.NewEvent("ProcessID") too.
Backing my problem.
If is necesary some win32 dll (c++), you know where i can found ?
Any can help me ?
I Re-formule the problem and use Samples and images for help.
Global Model Image.
Detail :
This is the API OpenProcess or Class in .Net GetProcessID
/library/en-us/wcekernl/html/_wcesdk_win32_OpenProcess.asp http:<WBR>/<WBR>/<WBR>msdn.<WBR>microsoft.<WBR>com/<WBR>library/<WBR>default.<WBR>asp?<WBR>url=<WBR>/<WBR>library/<WBR>en-<WBR>us/<WBR>wcekernl/<WBR>html/<WBR>_<WBR>wcesdk_<WBR>win32_<WBR>OpenProcess.<WBR>asp
Cheat program use the API and use in parameter PID the Game in Memory.
Game is not .Net program, i not have source, only launch from .Net code.
Example : Game Pid is : 5675
When cheat program "program01.exe(pid 1234)" use the API then in parameters use the value 5675.
Example :
IDProcess = 5675
HandleWindow = OpenProcess(PROCESS_ALL_ACCESS,False,IDP<WBR>rocess);
For get value 5675 use others APIs :
IDProcess = FindWindow -> Get using Window Name -> "Game Window Name"
IDProcess = GetHProcExe -> Get using game.exe
IDProcess = GetWindowProcessID -> Get using Directly IDProcess -> PID the Game.exe
I not want stop this 3 methods, i need Stop OpenProcess where values will be passed.
After OpenProcess get Access to Game Process using parameter : PROCESS_ALL_ACCESS
Return HandleWindow and use after in API WriteProcessMemory
WriteProcessMemory(HandleWindow, Offset, Value, 1, 0&)
From my ".Net Program" i use PID 1234 "program01.exe" for Spy, Hook or Intercept if Use API OpenProcess.
When program01.exe was detected using the API OpenProcess then Log, Hook or Intercept the value in parameter used.
If value is IDProcess = 5675, then assume "program01.exe" is Cheat Program trying attack GAME Process.
After check program02.exe and detect not using API OpenProcess, skip for monitor others process.
I Can scan all process alrey running enumerating Process in memory and for get all new programs open in RealTime using "WMI and Win32_ProcessStartTrace", you can look Sample code working in VB.Net 2003 and 2005.
Only need update XP SP2 to last update.
Imports System.Management
Public Class Form1
Inherits System.Windows.Forms.Form
#Region " Windows Form Designer generated code " ....
Dim q As New EventQuery("SELECT * FROM Win32_ProcessStartTrace")
WithEvents w As New ManagementEventWatcher(q)
Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
'start subscribing to WMI event
w.Start()
End Sub
Private Sub ProcStartEventArrived(ByVal sender As Object, ByVal e As EventArrivedEventArgs) Handles w.EventArrived
'Get the Event object and display it
TextBox1.Text += e.NewEvent("ProcessName") & Environment.NewLine
End Sub
Private Sub Form1_Closing(ByVal sender As Object, ByVal e As System.ComponentModel.CancelEventArgs) Handles MyBase.Closing
'stop subscribing to WMI event
w.Stop()
End Sub
End Class
If you have problem in updates, only can use e.NewEvent("ProcessName"), If you have last update then use e.NewEvent("ProcessID") too.
Backing my problem.
If is necesary some win32 dll (c++), you know where i can found ?
Any can help me ?
cs_coq
Messages postés
6349
Date d'inscription
samedi 1 juin 2002
Statut
Membre
Dernière intervention
2 août 2014
101
5 janv. 2006 à 23:21
5 janv. 2006 à 23:21
Eh beh, heureusement que nous sommes sur une communauté francophone...
/*
coq
MVP Visual C#
*/
/*
coq
MVP Visual C#
*/
vitoto
Messages postés
18
Date d'inscription
dimanche 8 mai 2005
Statut
Membre
Dernière intervention
13 janvier 2006
6 janv. 2006 à 00:16
6 janv. 2006 à 00:16
I try translate the post.
cs_Bidou
Messages postés
5487
Date d'inscription
dimanche 4 août 2002
Statut
Membre
Dernière intervention
20 juin 2013
61
6 janv. 2006 à 08:35
6 janv. 2006 à 08:35
lol, allez coq sort nous ton Anglais
<HR>
[Pub] http://www.csharpfr.com/auteurdetail.aspx?ID=13319 [\Pub]
C# forever
<HR>
[Pub] http://www.csharpfr.com/auteurdetail.aspx?ID=13319 [\Pub]
C# forever
vitoto
Messages postés
18
Date d'inscription
dimanche 8 mai 2005
Statut
Membre
Dernière intervention
13 janvier 2006
6 janv. 2006 à 14:16
6 janv. 2006 à 14:16
I need a service that Intercepts all the programs that use the API OpenProcess and that the value that returns HandleWindow is passed to an application Net, or better even it passes the value that uses like IDProcess parameter. HandleWindow = OpenProcess(PROCESS_ALL_ACCESS, False, IDProcess);
J'ai besoin d'un service qui arrête tous les programmes qui emploient l'api OpenProcess et qui la valeur qui retourne HandleWindow est passé à un filet d'application, ou meilleur égal elle passe la valeur qui emploie comme le paramètre d'IDProcess.
HandleWindow = OpenProcess(PROCESS_ALL_ACCESS, Faux, IDProcess);
Is Posible ?
J'ai besoin d'un service qui arrête tous les programmes qui emploient l'api OpenProcess et qui la valeur qui retourne HandleWindow est passé à un filet d'application, ou meilleur égal elle passe la valeur qui emploie comme le paramètre d'IDProcess.
HandleWindow = OpenProcess(PROCESS_ALL_ACCESS, Faux, IDProcess);
Is Posible ?
GeneticW
Messages postés
34
Date d'inscription
samedi 3 juin 2006
Statut
Membre
Dernière intervention
23 avril 2011
13 avril 2007 à 06:04
13 avril 2007 à 06:04
yeah it's possible. but only in c++ like it has been said, not in DOT NET
there is a guy that made something similar to what you want and he gave source FREE
the code was intended to show other program that access that API,
but you'll have to make the part of returning a different value.
www.rootkit.com/vault/hoglund/Governor.zip
would be nice if you post your end code here.
----------------------
Désolé les gars, j'ai répondu en Anglais parce que le gars parle ni francais ni anglais.
certains bout ses commentaire sont meme difficile a lire en anglais.
Le gars veut un code permettant d'intercepter les call a un API et d'envoyer une reponse differente. j'ai fournit un code qui (va parraitre d'ici AOUT 2007 dans un nouveau livre sur la programmation des Hack pour jeu) qui intercepte les appels a cet API.
there is a guy that made something similar to what you want and he gave source FREE
the code was intended to show other program that access that API,
but you'll have to make the part of returning a different value.
www.rootkit.com/vault/hoglund/Governor.zip
would be nice if you post your end code here.
----------------------
Désolé les gars, j'ai répondu en Anglais parce que le gars parle ni francais ni anglais.
certains bout ses commentaire sont meme difficile a lire en anglais.
Le gars veut un code permettant d'intercepter les call a un API et d'envoyer une reponse differente. j'ai fournit un code qui (va parraitre d'ici AOUT 2007 dans un nouveau livre sur la programmation des Hack pour jeu) qui intercepte les appels a cet API.
