Trao đổi với tôi

http://www.buidao.com

6/4/10

[Hooking] Undetected IAT hook

i was going to release a cheat but i thaught i would share this with the community
couldn't count how many times i used this hook aswell as other people and its still undetected despite the cheats been detected,
they were pattern scanned

god knows how long it will last but i been using it a while trying things here and their and a few guys here are running cheats with it and playing 1 1/2 hours on same server without any problems

and if it gets detected their are more ways to hook inside the Engine easy enough

Credits to OsGb and original coders who released the core hook
also credits to smaller and Smokez for some nice info they shared in public and in PM's

this is an informatine post so people can look at original core hook released and see how it was done and then see this for engine and the bottom post for XInterface,
most people will know how to do this but i know i didnt and it would have been nice knowing but i got it in the end

PHP Code:
//=====================================================================================
// Globals:
//=====================================================================================
typedef void(WINAPI *ProcEvent_typedef)(class UFunction*,void*,void*);
ProcEvent_typedef OldProcessEvent;
//=====================================================================================
// New ProcessEvent
//=====================================================================================
void WINAPI NewProcessEvent( class UFunction* Function, void* Parms, void* Result=NULL)
{
__asm pushad
if (Function->FriendlyName == ENGINE_PostRender_Stage2)
{
MyPostRender(((AHUD_eventPostRender_Stage2_Parms*)Parms)->Canvas);
}
__asm popad
__asm
{
push Result
push Parms
push
Function
call OldProcessEvent
}
__asm pushad
__asm popad
}

//=====================================================================================
// IAT Function Hooking Method
//=====================================================================================
void IATHook(char* OldDLLName, char* OldFunctionName, DWORD NewFunctionAddress)
{
DWORD dwBackup;
DWORD dwIndex;
DWORD dwOffset;
HMODULE hEngine;
PIMAGE_DATA_DIRECTORY pDataDirectory;
PIMAGE_DOS_HEADER pDosHeader;
PDWORD pdwIAT;
PDWORD pdwINT;
PIMAGE_IMPORT_DESCRIPTOR pImportDescriptor;
PIMAGE_IMPORT_BY_NAME pImportName;
PIMAGE_OPTIONAL_HEADER pOptionalHeader;
PIMAGE_NT_HEADERS pPeHeader;
PSTR strCurrent;
hEngine = GetModuleHandleA("AGP.dll");
if(!
hEngine) return;

pDosHeader = PIMAGE_DOS_HEADER(hEngine);
dwOffset = pDosHeader->e_lfanew;
pPeHeader = PIMAGE_NT_HEADERS(long(hEngine) + dwOffset);
pOptionalHeader = &pPeHeader->OptionalHeader;
pDataDirectory = pOptionalHeader->DataDirectory;
dwOffset = pDataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress;
pImportDescriptor = PIMAGE_IMPORT_DESCRIPTOR(long(hEngine) + dwOffset);
for(
dwIndex = 0; true; dwIndex++)
{
dwOffset = pImportDescriptor[dwIndex].Name;
strCurrent = PSTR(long(hEngine) + dwOffset);
if(
stricmp(strCurrent, OldDLLName) == 0) break;
}
dwOffset = pImportDescriptor[dwIndex].FirstThunk;
pdwIAT = PDWORD(long(hEngine) + dwOffset);
dwOffset = pImportDescriptor[dwIndex].OriginalFirstThunk;
pdwINT = PDWORD(long(hEngine) + dwOffset);
for(
dwIndex = 0; true; dwIndex++)
{
dwOffset = pdwINT[dwIndex];
pImportName = PIMAGE_IMPORT_BY_NAME(long(hEngine) + dwOffset);
strCurrent = PSTR(pImportName->Name);
if(
stricmp(strCurrent, OldFunctionName) == 0) break;
}
VirtualProtect(&pdwIAT[dwIndex], sizeof(DWORD), PAGE_READWRITE, &dwBackup);
OldProcessEvent = (ProcEvent_typedef)pdwIAT[dwIndex];
pdwIAT[dwIndex] = PtrToUlong(NewFunctionAddress);
VirtualProtect(&pdwIAT[dwIndex], sizeof(DWORD), dwBackup, &dwOffset);
}
//=====================================================================================
// DllMain
//=====================================================================================
BOOL APIENTRY DllMain (HMODULE hDll, DWORD reason, PVOID lpReserved)
{
if(
reason == DLL_PROCESS_ATTACH )
{
DisableThreadLibraryCalls(hDll);
IATHook("Engine.dll", "?ProcessEvent@AActor@@UAEXPAVUFunction@@PAX1@Z", (DWORD)&NewProcessEvent);
}
else if(
reason == DLL_PROCESS_DETACH )
{
}
return
TRUE;
}
__________________
all people need to use is this along with the imports/exports i uploaded and make a hook or even a basic no recoil like i released,
their are loads of hooks (UNDETECTED) for no breath/recoil in XInterface.dll for they guys who dont know i only used 1 out of the many i tried all wer undetected at the time

something like this fo a simple no recoil/no breathing hook

PHP Code:
//=====================================================================================
// Globals:
//=====================================================================================
typedef void(WINAPI *DrawGUI_typedef)(class UCanvas*);
DrawGUI_typedef OldDrawGUI;
//=====================================================================================
// New ProcessEvent
//=====================================================================================
void WINAPI NewDrawGUI( class UCanvas* Canvas)
{
__asm pushad
MyPostRender
(Canvas);
__asm popad
__asm
{
push Canvas
call OldDrawGUI
}
__asm pushad

__asm popad
}
//=====================================================================================
// IAT Function Hooking Method
//=====================================================================================
void IATHook(char* OldDLLName, char* OldFunctionName, DWORD NewFunctionAddress)
{
DWORD dwBackup;
DWORD dwIndex;
DWORD dwOffset;
HMODULE hEngine;
PIMAGE_DATA_DIRECTORY pDataDirectory;
PIMAGE_DOS_HEADER pDosHeader;
PDWORD pdwIAT;
PDWORD pdwINT;
PIMAGE_IMPORT_DESCRIPTOR pImportDescriptor;
PIMAGE_IMPORT_BY_NAME pImportName;
PIMAGE_OPTIONAL_HEADER pOptionalHeader;
PIMAGE_NT_HEADERS pPeHeader;
PSTR strCurrent;
hEngine = GetModuleHandleA("AGP_Interface.dll");
if(!
hEngine) return;

pDosHeader = PIMAGE_DOS_HEADER(hEngine);
dwOffset = pDosHeader->e_lfanew;
pPeHeader = PIMAGE_NT_HEADERS(long(hEngine) + dwOffset);
pOptionalHeader = &pPeHeader->OptionalHeader;
pDataDirectory = pOptionalHeader->DataDirectory;
dwOffset = pDataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress;
pImportDescriptor = PIMAGE_IMPORT_DESCRIPTOR(long(hEngine) + dwOffset);
for(
dwIndex = 0; true; dwIndex++)
{
dwOffset = pImportDescriptor[dwIndex].Name;
strCurrent = PSTR(long(hEngine) + dwOffset);
if(
stricmp(strCurrent, OldDLLName) == 0) break;
}
dwOffset = pImportDescriptor[dwIndex].FirstThunk;
pdwIAT = PDWORD(long(hEngine) + dwOffset);
dwOffset = pImportDescriptor[dwIndex].OriginalFirstThunk;
pdwINT = PDWORD(long(hEngine) + dwOffset);
for(
dwIndex = 0; true; dwIndex++)
{
dwOffset = pdwINT[dwIndex];
pImportName = PIMAGE_IMPORT_BY_NAME(long(hEngine) + dwOffset);
strCurrent = PSTR(pImportName->Name);
if(
stricmp(strCurrent, OldFunctionName) == 0) break;
}
VirtualProtect(&pdwIAT[dwIndex], sizeof(DWORD), PAGE_READWRITE, &dwBackup);
OldDrawGUI = (DrawGUI_typedef)pdwIAT[dwIndex];
pdwIAT[dwIndex] = PtrToUlong(NewFunctionAddress);
VirtualProtect(&pdwIAT[dwIndex], sizeof(DWORD), dwBackup, &dwOffset);
}
//=====================================================================================
// DllMain
//=====================================================================================
BOOL APIENTRY DllMain (HMODULE hDll, DWORD reason, PVOID lpReserved)
{
if(
reason == DLL_PROCESS_ATTACH )
{
DisableThreadLibraryCalls(hDll);
IATHook("XInterface.dll", "?Draw@UGUIPanel@@UAEXPAVUCanvas@@@Z", (DWORD)&NewDrawGUI);
}
else if(
reason == DLL_PROCESS_DETACH )
{
}
return
TRUE;
}
this is undetected aswell

RefLink: http://www.uc-forum.com/forum/2-x-coding-and-tutorials/63012-undetected-iat-hook.html