Page 2 of 6 FirstFirst 1234 ... LastLast
Results 26 to 50 of 127

Thread: Use your hardware mouse!

  1. #26
    Join Date
    Dec 2008
    Posts
    135
    Mentioned
    0 Post(s)
    Quoted
    44 Post(s)

    Default

    Quote Originally Posted by Krazy_Meerkat View Post
    I hope you didn't spend too much, the ones I saw were like $70-$100.. I was talking about the cheaper boards like arduino UNO which I'm seeing for $6-$15 or something like that.. I wanted to learn about aduino's because they looked a bit more fun than PCB's but there's always a shortage of time for all these little projects..
    together with shipping it was 57 usd. I don't think uno works. From their website:
    These core libraries allow a 32u4 based boards or Due and Zero board to appear as a native Mouse and/or Keyboard to a connected computer.
    The cheapest ones were around 20 dollars, but after reading up on it, I wasn't ready to risk it on a leonardo or micro mouse. I have some doubts that the mouse events are truly native event. I expect it to get it tomorrow so we will see.

    Also i am not too familiar with c++ code, so how would I implement Jaclib's dll to test whether or not the mouse events are indeed native?

  2. #27
    Join Date
    Dec 2008
    Posts
    135
    Mentioned
    0 Post(s)
    Quoted
    44 Post(s)

    Default

    Quote Originally Posted by weequ View Post

    Buy an arduino and program it to take commands from simba and send mouse events back to operating system.
    Just got the arduino today, made a super simple script.

    https://gyazo.com/4e8e0cc0b4f161feb1f0f68914d567fd

  3. #28
    Join Date
    Oct 2014
    Posts
    32
    Mentioned
    0 Post(s)
    Quoted
    23 Post(s)

    Default

    Quote Originally Posted by Grunt View Post
    Just got the arduino today, made a super simple script.

    https://gyazo.com/4e8e0cc0b4f161feb1f0f68914d567fd
    what exactly does that do?, are you not still "faking" a mouse event?

  4. #29
    Join Date
    Dec 2008
    Posts
    135
    Mentioned
    0 Post(s)
    Quoted
    44 Post(s)

    Default

    Quote Originally Posted by Zef Style View Post
    what exactly does that do?, are you not still "faking" a mouse event?
    the code is uploaded into the microcontroller, the microcontroller itself is communicating to the pc via serial usb. arduino-zero_atmel-sam-d21_hand.jpgHave not tested whether or not it will set off a flag.

  5. #30
    Join Date
    Sep 2014
    Location
    C:\Simba\
    Posts
    565
    Mentioned
    9 Post(s)
    Quoted
    71 Post(s)

    Default

    You should try to port some of Simba's mouse functions to it. Only if you believe they are necessary though
    Feel free to ask me any questions, I will do my best to answer them!

    Previously known as YouPee.

  6. #31
    Join Date
    Feb 2012
    Location
    Norway
    Posts
    968
    Mentioned
    142 Post(s)
    Quoted
    582 Post(s)

    Default

    Quote Originally Posted by Joopi View Post
    You should try to port some of Simba's mouse functions to it. Only if you believe they are necessary though
    I would personally avoid that, Arduinos are rather weak, not ment for any real processing (tho this isn't too bad). You might wanna have the methods on PC end, and just feed the Arduino coordinates. Not saying it would not work, just that having processing on PC is likely better, makes it simpler, and avoids slow mouse movements (as a result of slow processing). Also keep in mind that teh Ardus (depending on which tho) also has other limitations like very limited SRAM, and storage.
    Their arm boards doesn't seem as limited. But they are all "microcontrollers" after all.

    The ardiono should also be able to function as a keyboard, not sure if there are any programs (code) available for this tho, and it might be harder to have it function as a mouse and kb at once, but should be doable. So you'd have to do some programming yourself.
    Last edited by slacky; 02-20-2016 at 01:07 PM.
    !No priv. messages please

  7. #32
    Join Date
    Dec 2008
    Posts
    135
    Mentioned
    0 Post(s)
    Quoted
    44 Post(s)

    Default

    Quote Originally Posted by Joopi View Post
    You should try to port some of Simba's mouse functions to it. Only if you believe they are necessary though
    Working on a python pluggin that will will allow Simba to send commands to control the mouse via arduno.

    Quote Originally Posted by slacky View Post
    I would personally avoid that, Arduinos are rather weak, not ment for any real processing (tho this isn't too bad). You might wanna have the methods on PC end, and just feed the Arduino coordinates. Not saying it would not work, just that having processing on PC is likely better, makes it simpler, and avoids slow mouse movements (as a result of slow processing). Also keep in mind that teh Ardus (depending on which tho) also has other limitations like very limited SRAM, and storage.
    Their arm boards doesn't seem as limited. But they are all "microcontrollers" after all.

    The ardiono should also be able to function as a keyboard, not sure if there are any programs (code) available for this tho, and it might be harder to have it function as a mouse and kb at once, but should be doable. So you'd have to do some programming yourself.
    Yes absolutely, you sound quite knowledgeable about the arduino hardware. Do you have any experience with the zero or due?

  8. #33
    Join Date
    Mar 2015
    Location
    Sweden
    Posts
    58
    Mentioned
    0 Post(s)
    Quoted
    32 Post(s)

    Default

    Quote Originally Posted by Grunt View Post
    Working on a python pluggin that will will allow Simba to send commands to control the mouse via arduno.



    Yes absolutely, you sound quite knowledgeable about the arduino hardware. Do you have any experience with the zero or due?

    Awesome, I already had an Arduino. I got it as a gift at some testing software program so I'm not sure how good it is
    And the best thing is that familiar with c++ too

  9. #34
    Join Date
    Dec 2011
    Posts
    445
    Mentioned
    26 Post(s)
    Quoted
    256 Post(s)

    Default

    Would anyone mind explaining how how they're testing this? I'd like to do some testing to see what exactly will flag it and what won't.

  10. #35
    Join Date
    Dec 2007
    Posts
    2,116
    Mentioned
    70 Post(s)
    Quoted
    580 Post(s)

    Default

    Quote Originally Posted by Twinki View Post
    Would anyone mind explaining how they grab the values from the jacLib dll? I'd like to do some testing to see what exactly will flag it and what won't.
    what do you mean grab values?

  11. #36
    Join Date
    Dec 2011
    Posts
    445
    Mentioned
    26 Post(s)
    Quoted
    256 Post(s)

    Default

    Quote Originally Posted by Kasi View Post
    what do you mean grab values?
    Grab the return value* of the function that hooks the mouse.

  12. #37
    Join Date
    Dec 2007
    Posts
    2,116
    Mentioned
    70 Post(s)
    Quoted
    580 Post(s)

    Default

    Quote Originally Posted by Twinki View Post
    Grab the return value* of the function that hooks the mouse.
    Uh, you have to write a wrapper for jaclib. I don't know if anyone has actually attempted / wrote a wrapper for it. It has no API which makes it somewhat difficult. You'd need to literally work from figuring out as much as you can from jaclib. For your case though, just hooking one function shouldn't be the hardest.
    @Brandon;

  13. #38
    Join Date
    Dec 2011
    Posts
    445
    Mentioned
    26 Post(s)
    Quoted
    256 Post(s)

    Default

    Quote Originally Posted by Kasi View Post
    Uh, you have to write a wrapper for jaclib. I don't know if anyone has actually attempted / wrote a wrapper for it. It has no API which makes it somewhat difficult. You'd need to literally work from figuring out as much as you can from jaclib. For your case though, just hooking one function shouldn't be the hardest.
    @Brandon;

    Apparently it's super easy

    Quote Originally Posted by the bank View Post
    If anyone would like to check for themselves its very easy. The flag is arg3 (or the last argument) and it is not obfuscated (other than the corresponding class - but that extends a jaclib class which is not obfuscated) so it is super easy to hook.

    I just have no idea how to go about doing so, I know nothing about C++ / Assembly.
    @the bank;

  14. #39
    Join Date
    Dec 2007
    Posts
    2,116
    Mentioned
    70 Post(s)
    Quoted
    580 Post(s)

    Default

    @Twinki;

    Completely subjective. Learn basic C/C++ and I'm sure there'll be a reply when you're done either from Brandon or the bank as they probably know more about this than i do. I personally haven't looked at jaclib enough to actually say how easy it'll be. Really just scratched the surface. (Decompiled it using some tool once). From what i know, jaclib mainly just acts as a system scanner if you will. It hooks the mouse, keyboard, checks loaded processes. Doesn't even allow Runescape to be run if it's missing. Doesn't allow runescape to be run if certain plugins are loaded etc.

  15. #40
    Join Date
    Feb 2011
    Location
    The Future.
    Posts
    5,597
    Mentioned
    395 Post(s)
    Quoted
    1598 Post(s)

    Default

    Quote Originally Posted by Twinki View Post
    I just have no idea how to go about doing so, I know nothing about C++ / Assembly.

    Don't bother. Without even the basic knowledge of either language, you won't get far at all.

    However, I'll explain how it works. First you should read.. My small tutorial on BitMasking in Simba: https://villavu.com/forum/showthread...51#post1328551

    Play around with bits and get an understanding of how things work.


    Otherwise if you already know how bits and bytes and stuff work then continue on..

    The SetWindowsHookEx is the key function here: https://msdn.microsoft.com/en-ca/lib...(v=vs.85).aspx

    It has a parameter called: WH_KEYBOARD_LL and WH_MOUSE_LL. Both are "Low-Level Hooks". This means they can monitor hardware inputs for the current window and/or application (you choose).


    When the hook gets an input from one of your hardware devices, it calls your "callback function". This is a listener function that you gave to the hook to call when some event happens.

    This function has the signature (LowLevelKeyboardProc): https://msdn.microsoft.com/en-ca/lib...(v=vs.85).aspx and (LowLevelMouseProc): https://msdn.microsoft.com/en-ca/lib...(v=vs.85).aspx


    Both signatures are the same.


    The Keyboard Callback has a structure passed to it: https://msdn.microsoft.com/en-ca/lib...(v=vs.85).aspx and the mouse one has the structure: https://msdn.microsoft.com/en-ca/lib...(v=vs.85).aspx

    Within that keyboard structure that is given to your callback by the system, there exists a field called: "Flag".

    This field is a MASK/BITMASK representing multiple things.

    LLKHF_EXTENDED -- Test the extended-key flag.
    LLKHF_LOWER_IL_INJECTED -- Test the event-injected (from a process running at lower integrity level) flag.
    LLKHF_INJECTED -- Test the event-injected (from any process) flag.
    LLKHF_ALTDOWN -- Test the context code.
    LLKHF_UP -- Test the transition-state flag.

    All of this information is stored in that one flag/unsigned integer. This means that a single integer can contain up to 32 bits. A single character on your keyboard is 8 bits. You can literally use an integer to store 32 boolean values if you felt like it.


    For the mouse hook, it has the same thing:

    LLMHF_INJECTED -- Test the event-injected (from any process) flag.
    LLMHF_LOWER_IL_INJECTED -- Test the event-injected (from a process running at lower integrity level) flag.



    To test whether or not a flag is set, you have to test the BITS in the flag. If it's a 1, it is set. If it is a 0, it is not set.

    So I can test whether or not this flag is set and do whatever I want (Using the bitwise AND operation):

    C Code:
    if ((flag & LLKHF_LOWER_IL_INJECTED) || (flag & LLKHF_INJECTED))
    {
        //Keyboard is not hardware input. Some application is sending the input to us.
    }



    To remove a flag, you first have to NOT it and then AND it.

    You can combine bitwise operators and assignment operators to do this..


    C Code:
    flag &= ~LLKHF_LOWER_IL_INJECTED;  //If flag is set, remove it.
    flag &= ~LLKHF_INJECTED; //If flag is set, remove it.

    //Which is the same as:

    flag = flag & ~LLKHF_LOWER_IL_INJECTED
    flag = flag & ~LLKHF_INJECTED

    //Which is the same as:

    flag = flag & (~ LLKHF_LOWER_IL_INJECTED)
    flag = flag & (~LLKHF_INJECTED)

    //Which is the same as:

    flag = flag AND (NOT LLKHF_LOWER_IL_INJECTED)
    flag = flag AND (NOT LLKHF_INJECTED)


    And voila.. flag removed.


    Now when you hook something, you usually hook it with a "trampoline". This means that when your hook gets called (your callback), you need to call the ORIGINAL callback otherwise the application may or may not function correctly.


    So:

    C Code:
    LRESULT CALLBACK MyKeyboardHook(int nCode, WPARAM wParam, LPARAM lParam)
    {
        KBDLLHOOKSTRUCT* keyboardHookPointer = (KBDLLHOOKSTRUCT *)lParam; //Cast.

        if ((keyboardHookPointer->flag & LLKHF_LOWER_IL_INJECTED) || (keyboardHookPointer->flag & LLKHF_INJECTED))
        {
            MessageBox(NULL, "FAKE INPUT DETECTED", "Cheater", 0);
        }

        keyboardHookPointer->flag &= ~LLKHF_LOWER_IL_INJECTED; //Remove flag.
        keyboardHookPointer->flag &= ~LLKHF_INJECTED; //Remove flag.

        return JagexKeyboardHook(nCode, wParam, lParam); //Give Jagex the modified parameters.
    }


    Linux has the same thing via Input.
    Last edited by Brandon; 03-05-2016 at 01:04 AM.
    I am Ggzz..

  16. #41
    Join Date
    Sep 2012
    Location
    Netherlands
    Posts
    2,732
    Mentioned
    192 Post(s)
    Quoted
    1461 Post(s)

    Default

    Quote Originally Posted by Brandon View Post
    *snip*
    I always wanted to ask you.. but are you a wizard?

  17. #42
    Join Date
    Dec 2011
    Posts
    445
    Mentioned
    26 Post(s)
    Quoted
    256 Post(s)

    Default

    Quote Originally Posted by Brandon View Post
    ....

    Appreciate the reply.

    Been messing with it on and off recently, right now i'm only trying to process Mouse info to see if it's flagged as fake or hardware.

    Code:
    #include <Windows.h>
    #include <iostream>
    
    using namespace std;
    
    HHOOK _hook;
    DWORD flag;
    MSLLHOOKSTRUCT mouseStr;
    
    
    LRESULT CALLBACK mouseCll(int nCode, WPARAM wParam, LPARAM lParam)
    {	
    	if (nCode >= 0)
    	{
    		mouseStr = *((MSLLHOOKSTRUCT*)lParam);
    		flag = mouseStr.flags;
    
    		if ((flag & LLMHF_INJECTED) || (flag & LLMHF_LOWER_IL_INJECTED))
    		{
    			cout << "Fake \n";
    		}
    		else {
    			cout << "Hardware \n";
    		}
    	}
    
    	return CallNextHookEx(_hook, nCode, wParam, lParam);
    }
    
    void hook()
    {
    	if (!(_hook = SetWindowsHookEx(WH_MOUSE_LL, mouseCll, NULL, 0)))
    	{
    		MessageBox(NULL, "Failed to install hook!", "Error", MB_ICONERROR);
    	}
    }
    
    void ReleaseHook()
    {
    	UnhookWindowsHookEx(_hook);
    }
    
    void main()
    {
    	hook();
    
    	MSG msg;
    	while (GetMessage(&msg, NULL, 0, 0))
    	{
    	}
    }
    This is what I've come up with, it returns Hardware if I move my mouse within the IDE (I'm using Visual Studio). When I tried a basic script with a loop of PickupMouse, it returned nothing.
    I'd assume it's because I have the SetWindowsHook Instance and ThreadID as null and 0, which I think should be capturing input across the system. I tried getting the ThreadID of a Simba instance but it could never hook properly.

  18. #43
    Join Date
    Feb 2011
    Location
    The Future.
    Posts
    5,597
    Mentioned
    395 Post(s)
    Quoted
    1598 Post(s)

    Default

    Quote Originally Posted by Twinki View Post
    ...
    Your message pump is bad.. Especially for a console application (Console applications don't have message pumps so they won't receive messages like hooks unless you create an actual window OR use a message only window.. aka a window with a handle of -1).

    Next, it is good practice to NOT block your application by starting the message pump in a separate thread. You must specify an hInstance if you do this hook in a DLL (the DLL's hInstance).. Otherwise for console applications, specify NULL and it will use the current application's hInstance OR you can also do GetModuleHandle(NULL) to get an hInstance. Either one is fine.

    If it's just for testing, you don't need a separate thread, but again, for good practice, I added it anyway.

    Also, C and C++ applications do NOT return VOID for "main"..

    Console application:

    C++ Code:
    #include <windows.h>
    #include <iostream>

    #if __cplusplus >= 201103L
    #include <chrono>
    #include <thread>
    #endif // __cplusplus

    #ifndef LLKHF_INJECTED
    #define LLKHF_INJECTED 0x00000010
    #endif // LLKHF_INJECTED

    #ifndef LLKHF_LOWER_IL_INJECTED
    #define LLKHF_LOWER_IL_INJECTED 0x00000002
    #endif // LLKHF_LOWER_IL_INJECTED

    #ifndef LLMHF_INJECTED
    #define LLMHF_INJECTED 0x00000001
    #endif // LLMHF_INJECTED

    #ifndef LLMHF_LOWER_IL_INJECTED
    #define LLMHF_LOWER_IL_INJECTED 0x00000002
    #endif // LLMHF_LOWER_IL_INJECTED


    bool TerminatedHook;
    HHOOK MouseHook = {0};
    HHOOK KeyboardHook = {0};

    LRESULT __stdcall MouseHookProc(int Code, WPARAM wParam, LPARAM lParam)
    {
        if (Code == HC_ACTION)
        {
            MSLLHOOKSTRUCT* Info = reinterpret_cast<MSLLHOOKSTRUCT*>(lParam);
            if ((Info->flags & LLMHF_INJECTED) == LLMHF_INJECTED)
            {
                MessageBox(NULL, "DETECTED Mouse", "", 0);
            }
            else if ((Info->flags & LLMHF_LOWER_IL_INJECTED) == LLMHF_LOWER_IL_INJECTED)
            {
                MessageBox(NULL, "DETECTED Mouse", "", 0);
            }
            else
            {
                std::cout<<"Mouse Moved\n";
            }
        }
        return CallNextHookEx(MouseHook, Code, wParam, lParam);
    }

    LRESULT __stdcall KeyboardHookProc(int Code, WPARAM wParam, LPARAM lParam)
    {
        if (Code == HC_ACTION)
        {
            KBDLLHOOKSTRUCT* Info = reinterpret_cast<KBDLLHOOKSTRUCT*>(lParam);
            if ((Info->flags & LLKHF_INJECTED) == LLKHF_INJECTED)
            {
                MessageBox(NULL, "DETECTED Keyboard", "", 0);
            }
            else if ((Info->flags & LLKHF_LOWER_IL_INJECTED) == LLKHF_LOWER_IL_INJECTED)
            {
                MessageBox(NULL, "DETECTED Keyboard", "", 0);
            }
            else
            {
                std::cout<<"Keyboard Pressed\n";
            }
        }
        return CallNextHookEx(KeyboardHook, Code, wParam, lParam);
    }


    DWORD __stdcall ThreadProc(void* param)
    {
        HINSTANCE hInstance = reinterpret_cast<HINSTANCE>(param);
        MouseHook = SetWindowsHookEx(WH_MOUSE_LL, MouseHookProc, hInstance, 0);
        KeyboardHook = SetWindowsHookEx(WH_KEYBOARD_LL, KeyboardHookProc, hInstance, 0);

        MSG msg = {0};
        while(GetMessage(&msg, reinterpret_cast<HWND>(-1), 0, 0) > 0)
        {
            TranslateMessage(&msg);
            DispatchMessage(&msg);

            if (GetAsyncKeyState(VK_ESCAPE))
            {
                break;
            }
        }

        UnhookWindowsHookEx(KeyboardHook);
        UnhookWindowsHookEx(MouseHook);
        TerminatedHook = true;

        return 0;
    }

    int main()
    {
        #if __cplusplus >= 201103L
        HINSTANCE hInstance = nullptr;
        std::thread(&ThreadProc, hInstance).detach();
        #else
        HINSTANCE hInstance = NULL;
        CloseHandle(CreateThread(NULL, 0, ThreadProc, hInstance, 0, NULL));
        #endif // __cplusplus

        while(!TerminatedHook)
        {
            #if __cplusplus >= 201103L
            std::this_thread::sleep_for(std::chrono::seconds(1));
            #else
            Sleep(1000);
            #endif // __cplusplus
        }

        return 0;
    }


    Simba script:

    Simba Code:
    var
      I: Integer;
    begin
      ActivateClient();

      while(true) do
      begin
        MoveMouse(100, 200);
        KeyDown(13);
        KeyUp(13);

        Sleep(1000);
        Inc(I);

        if (I > 5) then
          break;
      end;

    end.
    Last edited by Brandon; 03-11-2016 at 03:04 AM.
    I am Ggzz..

  19. #44
    Join Date
    May 2017
    Posts
    22
    Mentioned
    1 Post(s)
    Quoted
    15 Post(s)

    Default

    Does anybody have a compiled version to share?
    Regards

  20. #45
    Join Date
    May 2017
    Posts
    4
    Mentioned
    0 Post(s)
    Quoted
    1 Post(s)

    Default

    Quote Originally Posted by Brandon View Post
    I wrote an anti-jaclib hook before. I don't remember if I shared it or not but I remember writing it.. There was lots of features but the one you seem to be interested in is the MouseHook and KeyboardHook flag removal.. Below should be enough to get you started on writing your own.


    How it works? We get the game to load our code/plugin/dll (use whatever method you want). Then in DLLMain we HIDE ourselves from detection so if the game tries to detect that our module is loaded/injected, it won't. Then we hook the SetWindowsHookEx function. If the game tries to hook the mouse, return our custom hooks instead and keep a pointer to the original function (Trampoline).

    In our trampoline function, we remove the Injection Flags and call the original hook function (don't break the chain). Voila. We are undetected and our mouse and keyboard is undetected. All without the need of a driver.


    C++ Code:
    #include <windows.h>
    #include <winternl.h>
    #include <TlHelp32.h>
    #include <chrono>
    #include <thread>
     
    typedef struct _LDR_MODULE
    {
        LIST_ENTRY              InLoadOrderModuleList;
        LIST_ENTRY              InMemoryOrderModuleList;
        LIST_ENTRY              InInitializationOrderModuleList;
        PVOID                   BaseAddress;
        PVOID                   EntryPoint;
        ULONG                   SizeOfImage;
        UNICODE_STRING          FullDllName;
        UNICODE_STRING          BaseDllName;
        ULONG                   Flags;
        SHORT                   LoadCount;
        SHORT                   TlsIndex;
        LIST_ENTRY              HashTableEntry;
        ULONG                   TimeDateStamp;
    } LDR_MODULE, *PLDR_MODULE;

    typedef struct _ProcessModuleInfo
    {
        std::uint32_t Size;
        std::uint32_t Initialized;
        HANDLE SsHandle;
        LIST_ENTRY LoadOrder;
        LIST_ENTRY InitOrder;
        LIST_ENTRY MemoryOrder;
    } ProcessModuleInfo, *pProcessModuleInfo;


    void* DetourFunction(BYTE *src, const BYTE *dst, const int len);
    typedef HHOOK (__stdcall *SetWindowsHookEx_t)(int idHook, HOOKPROC lpfn, HINSTANCE hMod, DWORD dwThreadId);
    SetWindowsHookEx_t o_SetWindowsHookEx;
    HOOKPROC oMouseHookedProc = NULL;





    LDR_MODULE* GetModuleIterator()  //I use assembly here but you can remove it and use GetPEB() from WinAPI.
    {
        #ifndef _USE_GET_PEB_
            void* result = NULL;

            #ifdef INTEL_SYNTAX     /**-masm=intel**/
            asm (".intel_syntax noprefix\n");
            #else
            asm (".att_syntax noprefix\n");
            #endif // INTEL_SYNTAX

            #ifndef INTEL_SYNTAX
            asm volatile
            (
                "movl %%FS:0x18,   %%eax\n"
                "movl 0x30(%%eax), %%eax\n"
                "movl 0x0C(%%eax), %0\n"
                : "=r" (result) :: "eax"
            );
            #else
            asm volatile
            (
                "mov eax, DWORD PTR [FS:0x18]\n\t"
                "mov eax, DWORD PTR [eax + 0x30]\n\t"
                "mov %0,  DWORD PTR [eax + 0x0C]\n"
                : "=r" (result) :: "eax"
            );
            #endif // INTEL_SYNTAX

            return reinterpret_cast<ProcessModuleInfo*>(result)->LoadOrder.Flink;
        #else
            reinterpret_cast<ProcessModuleInfo*>(GetPEB())->LoadOrder.Flink;
        #endif
    }

    void LinkLocalProcessModule(LDR_MODULE* module)
    {
        auto AddLink = [&](LIST_ENTRY* Link)
        {
            Link->Flink->Blink = Link;
            Link->Blink->Flink = Link;
        };

        AddLink(&module->InLoadOrderModuleList);
        AddLink(&module->InMemoryOrderModuleList);
        AddLink(&module->InInitializationOrderModuleList);
        AddLink(&module->HashTableEntry);
    }

    void UnlinkLocalProcessModule(LDR_MODULE* module)
    {
        auto RemoveLink = [](LIST_ENTRY* Link)
        {
            Link->Blink->Flink = Link->Flink;
            Link->Flink->Blink = Link->Blink;
        };

        RemoveLink(&module->InLoadOrderModuleList);
        RemoveLink(&module->InMemoryOrderModuleList);
        RemoveLink(&module->InInitializationOrderModuleList);
        RemoveLink(&module->HashTableEntry);
    }

    void HideSelf(HMODULE self, LDR_MODULE** old)
    {
        LDR_MODULE* module = GetModuleIterator();

        while (module->BaseAddress)
        {
            if (module->BaseAddress == self)
            {
                *old = module;
                UnlinkLocalProcessModule(module);
            }

            module = reinterpret_cast<LDR_MODULE*>(module->InLoadOrderModuleList.Flink);
        }
    }


    LRESULT __stdcall mHookedProc(int Code, WPARAM wParam, LPARAM lParam)
    {
        if (Code == HC_ACTION)
        {
            MSLLHOOKSTRUCT* Info = reinterpret_cast<MSLLHOOKSTRUCT*>(lParam);
            Info->flags &= ~LLMHF_INJECTED; //remove the injected flag.
            Info->flags &= ~LLMHF_LOWER_IL_INJECTED; //remove the injected flag.
        }
        return oMouseHookedProc(Code, wParam, lParam);
    }

    HHOOK __stdcall HOOKED_SetWindowsHookEx(int idHook, HOOKPROC lpfn, HINSTANCE hMod, DWORD dwThreadId)
    {
        if (idHook == WH_MOUSE_LL)
        {
            oMouseHookedProc = (HOOKPROC)DetourFunction((unsigned char*)lpfn, (unsigned char*)&mHookedProc, 6);
        }

        return o_SetWindowsHookEx(idHook, oMouseHookedProc, hMod, dwThreadId);
    }

    void* DetourFunction (BYTE *src, const BYTE *dst, const int len)
    {
            BYTE *jmp = (BYTE*)malloc(len+5);
            DWORD dwBack;

            VirtualProtect(src, len, PAGE_EXECUTE_READWRITE, &dwBack);
            memcpy(jmp, src, len);
            jmp += len;
            jmp[0] = 0xE9; //Assembly JMP instruction.
            *(DWORD*)(jmp+1) = (DWORD)(src+len - jmp) - 5;
            src[0] = 0xE9;
            *(DWORD*)(src+1) = (DWORD)(dst - src) - 5;
            for (int i=5; i<len; i++)
            src[i]=0x90; //Assembly NOP instruction.
            VirtualProtect(src, len, dwBack, &dwBack);
            return (jmp-len);
    }

    void InitialiseHooks()
    {
        while(!GetModuleHandle("User32.dll")) //hook user32's SetWindowsHookEx function..
        {
            std::this_thread::sleep_for(std::chrono::milliseconds(100));
        }

        o_SetWindowsHookEx = (SetWindowsHookEx_t) GetProcAddress(GetModuleHandle("User32.dll"), "SetWindowsHookExA");
        o_SetWindowsHookEx = (SetWindowsHookEx_t) DetourFunction((unsigned char*)o_SetWindowsHookEx, (unsigned char*)&HOOKED_SetWindowsHookEx, 5);
    }






    static LDR_MODULE* me = NULL;
    DWORD __stdcall DllMain(HINSTANCE hInst, DWORD nReason, LPVOID Reserved)
    {
        switch(nReason)
        {
            case DLL_PROCESS_ATTACH:
            {
                DisableThreadLibraryCalls(hInst);
                HideSelf(hInst, &me);
                std::thread([&] {InitialiseHooks();}).detach();
            }
            break;

            case DLL_PROCESS_DETACH:
            {
                LinkLocalProcessModule(me);
            }
            break;
        }
        return TRUE;
    }
    Hello man
    Where can i find the source?
    TY

  21. #46
    Join Date
    Dec 2010
    Posts
    483
    Mentioned
    30 Post(s)
    Quoted
    328 Post(s)

    Default

    Quote Originally Posted by Vasile View Post
    Hello man
    Where can i find the source?
    TY
    Are you serious right now Vladria?

  22. #47
    Join Date
    Feb 2011
    Location
    The Future.
    Posts
    5,597
    Mentioned
    395 Post(s)
    Quoted
    1598 Post(s)

    Default

    What is this??? The source is already there.. as for compiling it.. if you guys actually wrote a rootkit that does what you say it does, then there's no need for me to help you compile the above because you have enough skills to write your own..

    Screen Shot 2017-05-15 at 8.11.01 PM.jpg


    Also, just stick it in any C++ compiler and hit the play/compile button. It'll work just fine. CodeBlocks + Mingw works as well.
    I am Ggzz..

  23. #48
    Join Date
    Dec 2007
    Posts
    2,116
    Mentioned
    70 Post(s)
    Quoted
    580 Post(s)

    Default

    @Brandon; Think he sent that pm to everyone on this thread.

  24. #49
    Join Date
    Dec 2006
    Location
    Banville
    Posts
    3,913
    Mentioned
    12 Post(s)
    Quoted
    98 Post(s)

    Default

    It does seem like, based on some posts I vaguely remember reading (not on Villavu?), that using a touchscreen has gotten people banned for macroing. I'm not sure if they're being entirely truthful but it sounds plausible.

    I was trying to make a Windows driver that would simulate a keyboard and mouse, but that's on hold until I get more hardware or more time.
    The jealous temper of mankind, ever more disposed to censure than
    to praise the work of others, has constantly made the pursuit of new
    methods and systems no less perilous than the search after unknown
    lands and seas.

  25. #50
    Join Date
    Dec 2007
    Posts
    2,116
    Mentioned
    70 Post(s)
    Quoted
    580 Post(s)

    Default

    @R0b0t1; A Friend made a video about it. https://www.youtube.com/watch?v=nBek_MHnRM4

Page 2 of 6 FirstFirst 1234 ... LastLast

Thread Information

Users Browsing this Thread

There are currently 4 users browsing this thread. (0 members and 4 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •