Jump to content

  • Log In with Google      Sign In   
  • Create Account


Member Since 23 Mar 2012
Offline Last Active Mar 27 2012 01:16 AM

Topics I've Started

--Game Hooking revisited--

23 March 2012 - 09:55 AM

Hi Guys,

first of all I would say, that I'm a new member in this forum, but I'm reading many articles and posts here quite a while just for my personal interest.

I'm a student of business informatics at a university of applied sciences in germany (ohhh my god, not a pure informatician ^^).

So what do informatics students do in there sparetime? right, they are playing some computer games and programming things... :-)

It's now a whole bunch of time, since I read many articles about Game Hooking, API Hooking and Hijaking and so on. I wonder why there are no actuall tutorials for some general approach to hook a game.

With actuall I mean newer than out of the year <= 2007... ;-), and why there is no usefull and also good documented codeline to use a generic hook for a managed code program, that is written in C#.

My approach is to set up a nice looking tutorial, that mainly doesn't go to deep in the system mechanics like: "you have to set up some 'asm' with NOP NOP NOP NOP..." because this tutorial isn't that much comprehensible for almost everyone who is interested in trying it out itself.

Certainly the tutorial shouldn't also be written like a boulevard newspaper, but clearly understandable to reward everyone reading it...

And i would like to use the newest technologies availlable, like the Visual Studio 11 Developers preview with the .NET Framework 4.5, which can be downloaded and used free for one year.

Due to the fact, that I'm a student of applied sciences I would love to create a tutorial based on a real sample. I was thinking of creating a little helper tool, which can be used in a multiplayer game to automatically inform your team members of intersting events that can occur.

What should that tool do: if the game is fully loaded and your team is assembled and ready for battle, or to explore the environment the tool should send a first messages to your teammembers, that it is ready. It should also set it's intern timer to measure the time for how long the game is running to 00:00.

After a specified key is pressed by the user who runs that tool, it should send a message to the teammembers, when exactly (measured in game time) the next important event occurs.

When the game is finished, the tool should go into a "listen state" and wait for the next game session to be started.

So far the theory and the needings. Now what do I know / what did i do:

I've dissasembled the game (or did I just tried it, I don't really know, because that's not one of my strengths ^^). But what did I see there was some nice looking functions that maybe could be used for the approach mentioned above:

the dissasembler said something like this:

function .text 0058A4D4 Controller_SendChatMessage()

if I follow the function call in the main game application we get something like this:

; imports from anotherdll.dll
.idata : 00962D08 extrn __imp_Controller_SendChatMessage:dword
; DATA XREF: Controller_SendChatMessage ^r

the returnvalue of this functions seems to be an integer and the arguments is some x, (which is also an integer, could that be???)

I've found also the Direct3DCreate9 function calls at: .text 006D2712

and the DirectInput8Create function at: 006D27E4

I tried then to API-Hijack this function and attached my programm with WINJECT. poor luck for me this apporach didn't work. I tried many things, also modified many C++ samples to get some nitty piece of information, if I could acces the function. No chance, I couldn't get anything to work. The reason: I don't understand enough of the use of hijaking api's or dll-injection...

So i tried another thing, that worked very well, but was very, very low-performance. I used managed Code (C# with .NET) to capture a defined key that is pressed for the initial message to be sent (realised that with SendKeys.SendWait(""); and GetKeyState(Keys nVirtKey); from the user32.dll

Now I want to try a combination of both and document this for further use...

I'm thinking of some code looking like this (written in pseudocode) FIRST APPROACH:

in C++:

creating a dll that can use the SendChatMessage with params to send a message to your teammates...
...that can capture key events by using the DirectInput functionalities in game and (maybe in the far future can display via Direct3dD an overlay ingame that presents a status text or an timer ticking in a corner of the User Interface).

so the dll should be implemented like this:

SendChatMessage(string message);
//todo: call the function in the game with the message argument;
boolean GetKeyboardInput()
//todo: dont actually know the name for the direct x function, that is called, when a key is pressed, will figure that out...
if keypressed = definedkeyformessage then
// have to figure out, how the keys are used in direct x, but that souldn't be so hard.
return true;
return false;
DrawOverlayText(string Text, int x, int y)
//call some Direct3D Code to draw the Text with position x and y over the graphics device used a function call.
drawthetext(Text, x, y);

in C#:

This could be a small desktop application with a form, that shows some additional informations in the background of the game (maybe good for debugging during the development process)
It is the main application that calls the functionalities out of the c++ dll.
I don't know if this managed code program can attach the dll to the main game process, or if this has to be done in the c++ dll itself.

When the program starts the following should happen:

While(true) //or some timer event...
call attachdll();//just attach dll once, so if attached, don't call this function again...

private attachdll()
if game is running
{attach dll to game();
set textbox on form: "dll succesfull attached";

Now my question to the Code Gurus is: what do I have to be aware of? Is this approach generally possible, or do I missing something? I don't ask for a complete program, not even for some code. I first want to clarify, if this could be done like this and if not so, how else?

Thanks for reading and maybe answering. :-)