注入我自己的DirectX [英] Inject my own DirectX

问题描述

有黑客.例如像战斗武器.
有了这种黑客，您就可以加载自己的DirectX代码.
并添加一个简单的菜单.
我想知道我们是否可以在所有游戏中做到这一点.
我想尝试添加dirctx代码.与注入的DLL.
我需要什么?有任何偏移量吗?
有什么办法！！
有关该教程的任何教程吗?

There is hack. For example like combat arms.
And with this hacks you can load your own directx code.
And adding a simple menu.
I want to know if we can do that with all the games.
I want to try to add dirctx code. With injected dll.
What I need for this ? Any offsets ?
Any way to do that !?
Any tutorial for that ?

推荐答案

参见

see here how can you intercept functions and inject modules

有很多解决方案可以完成这项工作.如果您要拦截的函数位于静态链接的DLL中(以便在DLL加载所需的exe或dll时由os加载该DLL)，则可以使用api重定向来挂接一个模块的函数调用到另一个模块.如果情况允许，此技术始终有效.例如，如果您有一个x.exe，并且它在其标头中导入了y.dll及其DLL导入表，则可以使用api重定向来拦截从x.exe到y.dll的f()函数调用. > 如果x.exe也使用另一个dll(例如z.dll)，并且z.dll也使用y.dll的f()函数，那么您已经进行了单独的钩挂，以拦截来自z.dll的f()函数调用到y.dll.原因是api重定向会重写x.exe和y.dll的导入表中的地址.如果有人使用LoadLibrary()显式加载库并使用GetProcAddress()查询函数地址，则无法使用此技术. API挂钩(LoadLibrary) [一种C ++的拦截函数样式 [ ^ ])，我在目标过程中通过组装补丁解决了这种情况.但是armagedescu的代码可以正常工作，它的1000倍的清除率使它可以通过汇编进行修补.
我使用的最后一种技术是DLL代理.至少可以说您的游戏使用了任何库中的函数，例如x.dll.该.dll在游戏目录中或某些系统目录中.如果游戏在您的游戏目录中，则将其移动到其他位置，因为下一步是在游戏目录(用户模块所在的目录)中创建一个具有相同名称和相同导出功能的dll.然后，将加载此dll而不是原始dll.由于dll按序号或名称导出功能，因此您不必知道其参数列表，并且dll可以加载其他dll，并使用jmp指令将所有调用转发到原始dll.完成此操作后，您只需在代理dll中编写要拦截的功能的拦截器代码.我使用自己的工具通过复制目标dll的导出接口来自动生成代理dll的源代码，通过使用Google搜索"proxy dll"，您可能会在网上找到一些类似的工具.这是一个生成器，但我还没有尝试过，请检查一下:自动创建代理DLL [^ ]

必须从您注入游戏过程的DLL中使用前两个解决方案.第三种解决方案不需要弄乱注入，因为游戏本身会将代理dll加载到其进程中.

There are many solutions to do the job. If the functions you want to intercept are in a DLL that is statically linked (so that the DLL is loaded by the os when the exe or dll that needs it is loaded) then you can use api redirection to hook the function calls of one module to another module. This technique works all the time if the situation allows the use of this. For example if you have an x.exe and it imports y.dll with its DLL import table in its header then you use api redirection to intercept the f() function call that comes from x.exe to y.dll.
If x.exe uses another dll too, for example z.dll, and z.dll also uses the f() function of y.dll, then you have make a separate hooking to intercept f() function calls coming from z.dll to y.dll. The reason for this is that api redirection rewrites the address in the import table of x.exe and y.dll. This technique can not be used if someone loads the library explicitly with LoadLibrary() and queries func addresses with GetProcAddress(). API Hooking (LoadLibrary)[^]

Another technique is what armagedescu already posted, placing a hook at the beginning of the code of the hookable function. Unfortunately this isn''t always possible, but because most pograms are written in modern languages and compiled with modern compilers the gereated code usually makes it possible quite easily. I never used code like the one armagedescu posted (A C++ Style of Intercepting Functions[^]), I solved such situations with assembly patches in my target process. But armagedescu''s code works, its 1000x times clearner that patching in with assembly.

The last technique I used is a DLL proxy. Lest say your game uses a function from whatever library, lets say x.dll. This .dll is either in the directory of your game or is in some system directories. If the game is in your game directory, then move it somewhere else, because the next step is creating a dll in your game directory (in the directory where its user module resides) with the same name and with the same exported functions. Then this dll will be loaded instead of the original dll. Since dlls export functions by ordinal number or name, you dont have to know its parameter list, and you dll can load the other dll and just forward all calls to the original dll with a jmp instruction. when this is done, you just write the interceptor code in the proxy dll for the functions you wanna intercept. I used my own tool to automatically generate the source code of the proxy dll by copying the export interface of the target dll, you might find some similar tool on the net by searching for "proxy dll" with google. Here is one generator, but I havent tried it, check this out: Create your Proxy DLLs automatically[^]

The first two solutions must be used from your DLL that you injected into the process of the game. The third solution does not require messing with injection because the game itself loads your proxy dll into its process.

这篇关于注入我自己的DirectX的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！