我如何防止这种绕过? [英] How can i protect against this bypass?

问题描述

我有保护它免受鼠标调用的机器人的攻击. (如果点击是人为点击).

I have it to protect against bots called by mouse. (if click is by a human or not).

我有保护的目标: http://pastebin.com/SfebsEPj

但是有些人绕过了: http://pastebin.com/HK9CekzZ

But some peoples did a bypass: http://pastebin.com/HK9CekzZ

有人有主意吗?

代码:

HHOOK MouseHook;

LRESULT CALLBACK MouseHookProc(int nCode, WPARAM wParam, LPARAM lParam)
{
    if (nCode == HC_ACTION)
    {
        if(wParam == WM_RBUTTONDOWN || wParam == WM_LBUTTONDOWN)
        {
            MSLLHOOKSTRUCT *info=(MSLLHOOKSTRUCT*)lParam;     
            if((info->flags & LLMHF_INJECTED) == LLMHF_INJECTED)
            {
                ExitProcess(-1);
            }
        }
    }
    return CallNextHookEx(MouseHook,nCode,wParam,lParam);
}


void AntiShotbotLogger()
{
    HINSTANCE hInstance = GetModuleHandle(NULL);

    MouseHook = SetWindowsHookEx( WH_MOUSE_LL, MouseHookProc, hInstance, NULL );
    MSG message;
    while (GetMessage(&message,NULL,0,0)) {
        TranslateMessage( &message );
        DispatchMessage( &message );
    }

    UnhookWindowsHookEx(MouseHook);

绕过:

HHOOK MouseHook;


LRESULT CALLBACK ReplaceMousehook(int nCode, WPARAM wParam, LPARAM lParam)
{
    if (nCode == HC_ACTION && (wParam  == WM_RBUTTONDOWN || wParam == WM_LBUTTONDOWN))
    {
        reinterpret_cast<MSLLHOOKSTRUCT*>(lParam)->flags = 0;
        std::cout << "Injection bypassed!" << std::endl;
    }
    return CallNextHookEx(MouseHook,nCode,wParam,lParam);
}


void ShotbotBypassExample()
{
    while(true)
    {
        if (GetAsyncKeyState(VK_NUMPAD0)&1)
        {
            std::cout << "Sending input now." << std::endl;
            INPUT input[2];
            input[0].type = INPUT_MOUSE;
            input[0].mi.dwFlags = MOUSEEVENTF_LEFTDOWN;    
            input[1].type = INPUT_MOUSE;
            input[1].mi.dwFlags = MOUSEEVENTF_LEFTUP;
            SendInput(2, input, sizeof(INPUT));
        }


        Sleep(1);
    }
}


int main(int argc, char** argv)
{
    std::thread keybind(ShotbotBypassExample);
    keybind.joinable();


    HHOOK hook = SetWindowsHookEx( WH_MOUSE_LL, ReplaceMousehook, GetModuleHandle(0), NULL );
    MSG message;
    while (GetMessage(&message,NULL,0,0)) {
        TranslateMessage( &message );
        DispatchMessage( &message );
    }
    return 0;
}

推荐答案

安装您的自己挂钩，不要调用CallNextHookEx.他们的钩子将不会被调用(如果它更旧).

Install your own hook, don't call CallNextHookEx. Their hook won't be called then (if it's older).

此外，当您安装钩子时，请检查您的进程中是否有已加载的DLL.以后加载的所有DLL都可能包含一个覆盖您的钩子的钩子.

Furthermore, when you install your hook, check your process for loaded DLL's. Any DLL loaded later may contain a hook which overrides your hook.

这篇关于我如何防止这种绕过?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！