madCollection - Hook, Spy or Intercept API OpenProcess ??

contains all delphi packages mentioned below
Post Reply
Vitoto
Posts: 3
Joined: Tue Jan 03, 2006 6:39 pm
Contact:

madCollection - Hook, Spy or Intercept API OpenProcess ??

Post by Vitoto »

Hi, is posible using madCollection fix my problem ?

Please help me in concept issue.

Global Model Image.
http://www.legion-of-terror.cl/download/temp/model.jpg

Detail :

This is the API OpenProcess or Class in .Net GetProcessID
http://msdn.microsoft.com/library/defau ... rocess.asp

Cheat program use the API and use in parameter PID the Game in Memory.
Game is not .Net program, i not have source, only launch from .Net code.

Example : Game Pid is : 5675

When cheat program "program01.exe(pid 1234)" use the API then in parameters use the value 5675.

Example :

IDProcess = 5675
HandleWindow = OpenProcess(PROCESS_ALL_ACCESS,False,IDProcess);

For get value 5675 use others APIs :

IDProcess = FindWindow -> Get using Window Name -> "Game Window Name"
IDProcess = GetHProcExe -> Get using game.exe
IDProcess = GetWindowProcessID -> Get using Directly IDProcess -> PID the Game.exe

I not want stop this 3 methods, i need Stop OpenProcess where values will be passed.

After OpenProcess get Access to Game Process using parameter : PROCESS_ALL_ACCESS
Return HandleWindow and use after in API WriteProcessMemory
WriteProcessMemory(HandleWindow, Offset, Value, 1, 0&)

From my ".Net Program" i use PID 1234 "program01.exe" for Spy, Hook or Intercept if Use API OpenProcess.

When program01.exe was detected using the API OpenProcess then Log, Hook or Intercept the value in parameter used.

If value is IDProcess = 5675, then assume "program01.exe" is Cheat Program trying attack GAME Process.

After check program02.exe and detect not using API OpenProcess, skip for monitor others process.

I Can scan all process alrey running enumerating Process in memory and for get all new programs open in RealTime using "WMI and Win32_ProcessStartTrace", you can look Sample code working in VB.Net 2003 and 2005.
Only need update XP SP2 to last update.
Imports System.Management

Public Class Form1
Inherits System.Windows.Forms.Form

#Region " Windows Form Designer generated code " ....

Dim q As New EventQuery("SELECT * FROM Win32_ProcessStartTrace")
WithEvents w As New ManagementEventWatcher(q)
Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
'start subscribing to WMI event
w.Start()
End Sub
Private Sub ProcStartEventArrived(ByVal sender As Object, ByVal e As EventArrivedEventArgs) Handles w.EventArrived
'Get the Event object and display it
TextBox1.Text += e.NewEvent("ProcessName") & Environment.NewLine
End Sub

Private Sub Form1_Closing(ByVal sender As Object, ByVal e As System.ComponentModel.CancelEventArgs) Handles MyBase.Closing
'stop subscribing to WMI event
w.Stop()
End Sub
End Class

If you have problem in updates, only can use e.NewEvent("ProcessName"), If you have last update then use e.NewEvent("ProcessID") too.

Backing my problem, madCollection can help me ?

Thank you.
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

madCodeHook can watch over OpenProcess for you and block access to the game you want to protect. You just need a hook dll which will hook OpenProcess. It's not very difficult when using madCodeHook.

The only question is what happens if you block all processes from calling OpenProcess(GameProcess)? Maybe the operating system won't like that? Maybe if the OS tries to do OpenProcess(GameProcess) and you block it, maybe there are crashes then? But I don't think so. I think there should be no problems...
Post Reply