Results 1 to 11 of 11

Thread: Coding a Trainer: Hotkey problem, please help :)

  1. #1
    Predator [PC/pGC]
    Guest

    Coding a Trainer: Hotkey problem, please help :)

    Well this is my first post, hope it won't be a bad one - first thing I should say is that this board is -great- and I should've checked it out earlier.

    Here go's. I'm trying to code a trainer for Tony Hawk 2. I found the memory locations for the score and money. Thing is, that you can't use alt-tab in the game while those keys are disabled - so alt-tab and then pressing a button on my trainer window won't do. When I re-enabled those keycombinations by inserting a call to SystemParametersInfoA, setting the screensaver to 'disabled', I found that pressing alt-tab in the game simply closes the game.

    So, use hotkeys then we can use from within the game (better anyway) for example pressing F12 would update the score with 10000. I've tried putting GetAsyncKeyState on a timer (what defiler did in his tut about trainers): no luck. Then SavaGe notified me about the RegisterHotKey API which looks great but: also doesn't work. As soon as you are -in- the game, the keys won't be noticed by my trainer anymore.

    BPX SetWindowsHookEx, trying to see if the game hooks WH_KEYBOARD and indeed that was it - I jumped over the call and found that my trainer can 'see' the hotkeys now ... but, the game doesn't, anymore ;-)

    I'm stuck. What do I do next? How can I make the trainer work?
    An easy way out would possibly be to set a timer in my trainer, and after 5 minutes let it update the score/money (when the game is allready launched) but that kind of sux.

    I'm calling for help here ;-) Thanks in advance.

    Greetings,
    Predator [PC/pGC]
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Solomon
    Guest
    Maybe the trainer can also set a keyboard hook, just like what the game does. All the keyboard hooks form a chain. One hook will use CallNextHookEx( ) to activate next one in the chain.
    not proved yet
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #3
    xOANINO [UCF]
    Guest
    That dude, is right ... u just simply have to set your hook on top of the chain and CallNextHook in the end of your routine. In this way, your hook will be executed before the game's one. It's like old dos INT chaining

    xOANINO
    [UCF]
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    Predator [PC/pGC]
    Guest
    Wow, thanks for the good and very fast reply guys - is this great or what? ;-)

    I'm not sure if it's "normal" for a trainer to use a dll though (required for using SetWindowsHookEx right?) but, hey.. who cares if it works it works.

    Tnx again.. Greetz,

    Predator [PC/pGC]
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5
    Predator [PC/pGC]
    Guest
    xOANINO [UCF] (11-21-2000 23:51):
    u just simply have to set your hook on top of the chain and CallNextHook in the end of your routine. In this way, your hook will be executed before the game's one.
    Hello again ;-) I finished coding the hook thing, with a little help of Iczelion's tut#24 it wasn't hard, but it doesn't seem to work anymore as soon as I fire up the game. Before I run the game, the hook works good and pressing F12 pops up a messagebox (just as a test).
    I guess this could be 2 things, please correct me if I'm wrong
    1. The game doesn't call "CallNextHookEx" api when it should
    2. My hook isn't on top of the chain

    I hope it's option #2.. hehe.. if it is, how can I make my hook the top one on the chain? Perhaps setting it -after- the game has launched/set it's hook? I'm just guessing ...

    Tnx again

    Later,
    Predator [PC/pGC]
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    Solomon
    Guest
    Quoted from MSDN:

    "The SetWindowsHookEx function always installs a hook procedure at the beginning of a hook chain. "

    "When an event occurs that is monitored by a particular type of hook, the system calls the procedure at the beginning of the hook chain associated with the hook. Each hook procedure in the chain determines whether to pass the event to the next procedure. A hook procedure passes an event to the next procedure by calling the CallNextHookEx function. "

    So the game should set the hook first, then the trainer
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  7. #7
    Predator [PC/pGC]
    Guest
    Hmm that's odd, I tried doing so by launching the game and having the trainer to sleep for 60 secs and -then- do the hooking .. but it still didn't work - quite weird because if it really is on top of the chain it doesn't matter if the game itself calls CallNextHookEx or not..

    Is it possible that the game (or directX) fucks up the keyboard so badly that I can't hook it anymore? :-)


    [edit]
    msdn says: "For a specified hook type, thread hooks are called first, then global hooks."

    I have a theory The game uses a thread hook, so wether I set my hook before or after the game sets it's hook, the hook set by the game will be processed first. And the game doesn't call CallNextHookEx so my global hook doesn't get processed at all.

    I hope I'm not right, because I'm running out of options..
    [/edit]


    Greetings,
    Predator [PC/pGC]
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  8. #8
    Predator [PC/pGC]
    Guest
    Well my theory was correct.. So I was freaking out. Untill NU told me on irc that defiler coded an example of hooking services. Ring-0 keyboard hook. Can't be defeated ;-)
    And indeed it works... but I see I gotta improve my VXD coding because I'm struggling a bit with it. Anyway, problem solved ;-)

    Thanks very much to all of you who replied to my topic! Very much appreciated.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  9. #9
    Erovin
    Guest
    Any chance you'd like to share your VXD code or a template? I've been trying to decipher Ring-0 VXDs on and off for a few months now with no luck. I have MSDN Library so I have access to all documentation. My interest is in detecting :CueCat swipes under the covers so that I don't have to run special :CueCat software all the time. I want to detect swipes and then launch a program to deal with them rather than launch a program that subsequently detects the swipes.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  10. #10
    Predator [PC/pGC]
    Guest
    Ofcourse, no problem. Here's the url:

    http://themen01.exit.de/windows/member/relifed/files/servicehook.zip

    Greetings,
    Predator [PC/pGC]
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  11. #11
    Anticode
    Guest
    another example of keyboard service hooking: http://www.sysinternals.com/c2cap95.htm
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Ollydbg 2 Coding help
    By ragdog in forum OllyDbg Support Forums
    Replies: 0
    Last Post: October 4th, 2011, 04:45
  2. Coding Digest of the Demo Scene
    By 0xf001 in forum Off Topic
    Replies: 2
    Last Post: May 14th, 2006, 07:38
  3. Coding ASPACK dumper
    By canuckcracker in forum Malware Analysis and Unpacking Forum
    Replies: 4
    Last Post: August 3rd, 2004, 10:25
  4. where can i find Trainer Engine v1.0 (c) odin?
    By madsman in forum Tools of Our Trade (TOT) Messageboard
    Replies: 0
    Last Post: April 11th, 2001, 10:42
  5. Help: Coding Filter Drivers on winnt/2k problem
    By morlac in forum Advanced Reversing and Programming
    Replies: 1
    Last Post: February 15th, 2001, 06:53

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •