[C# DLL] iHook, EndScene ASM Injection!

[dook123]

This type of code is well documented on other sites. You will need to do a global keyboard hook from within your test application.

WH_KEYBOARD_LL
^hook this
User32.dll
^inside this

SetWindowsHookEx(..)

[nilum]

This type of code is well documented on other sites. You will need to do a global keyboard hook from within your test application.

WH_KEYBOARD_LL
^hook this
User32.dll
^inside this

SetWindowsHookEx(..)

Hi, Dook.
Thanks for the response.

I did some searching and I think I found what you were referring to:
A Simple C# Global Low Level Keyboard Hook - CodeProject

Would this be the best method to use or is there a better hook? This seems to be for form applications, and I want to stick with console apps for now.

Thank you.

[dook123]

2shared - download KeyboardHookCSharp.7z

Link above has example project. Run it and you will see. The example you found its applied to his application but can be done system wide. Remember that not all keys are caught this way. Things like alt and ctrl are special.

Rep my post if it was helpful. Credits are in the source comments. I did not write the code at all but I have similar classes somewhere... cleaning the computer today.

[nilum]

Thanks for that dook. I will check it out. In the meantime I was able to find some other examples. Here is one I modified:

Code:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Runtime.InteropServices;

//Author: ComputerAnalysis
//The Computer Analysis: Episode 2
//This code is designated for educational use only.
//Please do not plagiarize my code.
//I do not take responsiblity for any illegal uses of this code.
//Modified by nilum
//Original Source: http://www.freewebs.com/computeranalysis/keylogger.txt

namespace KeyHook
{
    class Program
    {
        [DllImport("user32.dll")]
        private static extern short GetAsyncKeyState(int vKey);


        static void Main(string[] args)
        {
            bool terminate = false;
            while (terminate == false)
            {
                for (int i = 1; i < 255; i++)
                {
                    int result = GetAsyncKeyState(i);

                    if (result != 0)
                    {
                        Console.WriteLine(checkExceptions(i));
                        if (checkExceptions(i) == "T")
                        {
                            terminate = true;
                        }
                        System.Threading.Thread.Sleep(115); //115 works best for my computer.
                    }
                }
            }    
        }

        public static string checkExceptions(int i) // makes log files easier to read and cleaner
        {
            switch (i)
            {
                case 1:
                    return "<Left Click>";
                case 2:
                    return "<Right Click>";
                case 13:
                    return "<Enter>";
                case 9:
                    return "<Tab>";
                case 20:
                    return "<Caps Lock>";
                case 160:
                    return "<Left Shift>";
                case 161:
                    return "<Right Shift>";
                case 16:
                    return "";
                case 162:
                    return "<Ctrl>";
                case 163:
                    return "<Ctrl>";
                case 17:
                    return "";
                case 164:
                    return "<Alt>";
                case 165:
                    return "<Alt>";
                case 18:
                    return "";
                case 93:
                    return "<Menu Key>";
                case 37:
                    return "<Left Arrow>";
                case 39:
                    return "<Right Arrow>";
                case 38:
                    return "<Up Arrow>";
                case 40:
                    return "<Down Arrow>";
                case 220:
                    return "\\";
                case 191:
                    return "/";
                case 222:
                    return "'";
                case 186:
                    return ";";
                case 8:
                    return "<BackSpace>";
                case 33:
                    return "<Page Up>";
                case 34:
                    return "<Page Down>";
                case 35:
                    return "<End>";
                case 36:
                    return "<Home>";
                case 144:
                    return "<Num Lk>";
                case 44:
                    return "<Prnt Scrn>";
                case 45:
                    return "<Insert>";
                case 112:
                    return "<F1>";
                case 113:
                    return "<F2>";
                case 114:
                    return "<F3>";
                case 115:
                    return "<F4>";
                case 116:
                    return "<F5>";
                case 117:
                    return "<F6>";
                case 118:
                    return "<F7>";
                case 119:
                    return "<F8>";
                case 120:
                    return "<F9>";
                case 121:
                    return "<F10>";
                case 122:
                    return "<F11>";
                case 123:
                    return "<F12>";
                case 219:
                    return "[";
                case 221:
                    return "]";
                case 189:
                    return "-";
                case 187:
                    return "=";
                case 91:
                    return "<Windows Key>";
                case 188:
                    return ",";
                case 190:
                    return ".";
                default:
                    return ((char)i).ToString();
            }
        }
    }
}

[Cypher]

Thanks for that dook. I will check it out. In the meantime I was able to find some other examples. Here is one I modified:

Code:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Runtime.InteropServices;

//Author: ComputerAnalysis
//The Computer Analysis: Episode 2
//This code is designated for educational use only.
//Please do not plagiarize my code.
//I do not take responsiblity for any illegal uses of this code.
//Modified by nilum
//Original Source: http://www.freewebs.com/computeranalysis/keylogger.txt

namespace KeyHook
{
    class Program
    {
        [DllImport("user32.dll")]
        private static extern short GetAsyncKeyState(int vKey);


        static void Main(string[] args)
        {
            bool terminate = false;
            while (terminate == false)
            {
                for (int i = 1; i < 255; i++)
                {
                    int result = GetAsyncKeyState(i);

                    if (result != 0)
                    {
                        Console.WriteLine(checkExceptions(i));
                        if (checkExceptions(i) == "T")
                        {
                            terminate = true;
                        }
                        System.Threading.Thread.Sleep(115); //115 works best for my computer.
                    }
                }
            }    
        }

        public static string checkExceptions(int i) // makes log files easier to read and cleaner
        {
            switch (i)
            {
                case 1:
                    return "<Left Click>";
                case 2:
                    return "<Right Click>";
                case 13:
                    return "<Enter>";
                case 9:
                    return "<Tab>";
                case 20:
                    return "<Caps Lock>";
                case 160:
                    return "<Left Shift>";
                case 161:
                    return "<Right Shift>";
                case 16:
                    return "";
                case 162:
                    return "<Ctrl>";
                case 163:
                    return "<Ctrl>";
                case 17:
                    return "";
                case 164:
                    return "<Alt>";
                case 165:
                    return "<Alt>";
                case 18:
                    return "";
                case 93:
                    return "<Menu Key>";
                case 37:
                    return "<Left Arrow>";
                case 39:
                    return "<Right Arrow>";
                case 38:
                    return "<Up Arrow>";
                case 40:
                    return "<Down Arrow>";
                case 220:
                    return "\\";
                case 191:
                    return "/";
                case 222:
                    return "'";
                case 186:
                    return ";";
                case 8:
                    return "<BackSpace>";
                case 33:
                    return "<Page Up>";
                case 34:
                    return "<Page Down>";
                case 35:
                    return "<End>";
                case 36:
                    return "<Home>";
                case 144:
                    return "<Num Lk>";
                case 44:
                    return "<Prnt Scrn>";
                case 45:
                    return "<Insert>";
                case 112:
                    return "<F1>";
                case 113:
                    return "<F2>";
                case 114:
                    return "<F3>";
                case 115:
                    return "<F4>";
                case 116:
                    return "<F5>";
                case 117:
                    return "<F6>";
                case 118:
                    return "<F7>";
                case 119:
                    return "<F8>";
                case 120:
                    return "<F9>";
                case 121:
                    return "<F10>";
                case 122:
                    return "<F11>";
                case 123:
                    return "<F12>";
                case 219:
                    return "[";
                case 221:
                    return "]";
                case 189:
                    return "-";
                case 187:
                    return "=";
                case 91:
                    return "<Windows Key>";
                case 188:
                    return ",";
                case 190:
                    return ".";
                default:
                    return ((char)i).ToString();
            }
        }
    }
}

That code is ****ing awful. Seriously.

[nilum]

That code is ****ing awful. Seriously.

Well, at least I wasn't the one who wrote it (though admittedly I wouldn't have done much better).

Thanks for the feedback.

PS. Maybe one of you could check out my other awful code and tell me how I can improve it:

http://www.mmowned.com/forums/world-...ml#post1997238

Thanks again.

[Xelper]

Sorry for bumping a thread that is a couple of weeks old, figured my question might be relevant to those looking to start hooking EndScene.

I wrote a DPS addon that sets a variable to whatever spell ID needs to be cast next. I am then using an EndScene hook to read that variable and cast accordingly. That is all well and good.

My only issue is that I will crash (WoW) if I go into a loading screen while it is trying to read the variable. I have put some safeguards in place (if UnitIsDeadOrGhost then restore, because they will likely be releasing soon), I am also checking:

Code:

public static readonly uint InGame = 0x99069A;
public static readonly uint isLoadingOrConnecting = 0x97BD6C;
uint playerIngame = Memory.Read<uint>(Memory.BaseAddress + (uint)clsMyOffsets.InGame);
uint playerLoading = Memory.Read<uint>(Memory.BaseAddress + (uint)clsMyOffsets.isLoadingOrConnecting);

Before I do every single DoString/GetLocalizedText, however it still manages to try and do a read before one of these variables is updated.

Anyone have any thoughts on preventing the application of the hook, restoring the hook prior to a loadscreen (automatically), or other thoughts?

Thanks!

[Flushie]

Will you release the DLL's source ?

You can always reverse engineer it? Obviously thats not the source/source, but you can gain an idea on how he approached it.
And -Ryuak- this is pretty cool, thank you for your contribution.

[theomi]

Awesome work -Ryuak-...
Thank you

[Xelper]

4.0.6.13596

Code:

        public static uint Direct3D9__Device = 0x98ACDC;
        public static uint Direct3D9__Device__OffsetA = 0x27C4;
        public static uint Direct3D9__Device__OffsetB = 0xA8;
        public static uint ClntObjMgrGetActivePlayerObjAddress = 0x3540;
        public static uint Lua_DoStringAddress = 0x3A26B0;
        public static uint Lua_GetLocalizedTextAddress = 0x1C2270;

[-Ryuk-]

4.0.6.13596

Code:

        public static uint Direct3D9__Device = 0x98ACDC;
        public static uint Direct3D9__Device__OffsetA = 0x27C4;
        public static uint Direct3D9__Device__OffsetB = 0xA8;
        public static uint ClntObjMgrGetActivePlayerObjAddress = 0x3540;
        public static uint Lua_DoStringAddress = 0x3A26B0;
        public static uint Lua_GetLocalizedTextAddress = 0x1C2270;

Added to first post. =)

Good to see people are using this

+Rep

[reeveerx]

Just wondering, does anyone have the updated ones for 13623? TIA.

[Xelper]

4.0.6.13623

Code:

        public static uint Direct3D9__Device = 0x98BCDC; 
        public static uint Direct3D9__Device__OffsetA = 0x27C4;
        public static uint Direct3D9__Device__OffsetB = 0xA8;
        public static uint ClntObjMgrGetActivePlayerObjAddress = 0x3520;
        public static uint Lua_DoStringAddress = 0x3A2620;
        public static uint Lua_GetLocalizedTextAddress = 0x1C2250;

Just an FYI to everyone, this stuff is normally in the InfoDump thread (usually on the 1st page since EndScene stuff is pretty popular). They might go by slightly different names though, usually they are pretty close. Also, some tips on 'finding' them yourself (using that term loosely since you are still relying on the InfoDump!)

Direct3D9__Device = DXDEVICE, you can use RivaLfr's OffsetFinder to use his pattern for finding this. Check out his app here: Click

From the Function Dump (very 1st post in the InfoDump usually, see here for this patch example):
Lua_DoStringAddress = (FrameScript::Execute - 0x400000) so for example, the offset listed for this patch is 7A2620. Subtract 0x400000 and you get 0x3A2620.
Lua_GetLocalizedTextAddress = (FrameScript::GetLocalizedText - 0x400000)
ClntObjMgrGetActivePlayerObjAddress = (ClntObjMgrGetActivePlayerObjAddress - 0x400000)

[-Ryuk-]

4.0.6.13623

Code:

        public static uint Direct3D9__Device = 0x98BCDC; 
        public static uint Direct3D9__Device__OffsetA = 0x27C4;
        public static uint Direct3D9__Device__OffsetB = 0xA8;
        public static uint ClntObjMgrGetActivePlayerObjAddress = 0x3520;
        public static uint Lua_DoStringAddress = 0x3A2620;
        public static uint Lua_GetLocalizedTextAddress = 0x1C2250;

Just an FYI to everyone, this stuff is normally in the InfoDump thread (usually on the 1st page since EndScene stuff is pretty popular). Some other names people post them as:
Direct3D9__Device = DXDEVICE
Lua_DoStringAddress = FrameScript__Execute
Lua_GetLocalizedTextAddres = FrameScript__GetLocalizedText
ClntObjMgrGetActivePlayerObjAddress = look at the function dump (usually the 1st post), find the offset for ClntObjMgrGetActivePlayerObjAddress and subtract 0x400000.

TY again

+Rep (If I dont have to spread)

[wowsc4p3]

Any chance of a source to the dll? Would like to add it to my existing hack...