PDA

View Full Version : SendInput alternative



PatB
11-02-2011, 08:55 PM
Greetings!

I want to build a 'keyboard assistent' (ahem) for an online game doing all the routine jobs.

However, as I have read in one of the threads in this forums,
sending virtual keystrokes and mouse events using the windows API 'SendInput'
can be easily detected by the client.

Is there an undetectable alternative for the windows API 'SendInput'?


Thanks for hints
Pat

civan
11-03-2011, 11:50 AM
Simplest answer is that there are no undetectable hacks, and there are no methods of detecting them that are unavoidable. It is a game of walls and ladders.

LulzBot
11-04-2011, 03:22 PM
You can use PostMessage, but that also is quite easily detectable.
All they need to use is GetAsynKeyState and they'll see that the client is getting Key downs, and that no keys are being pressed.
I believe you would need an even lower level hook to fool them.

civan
11-04-2011, 11:19 PM
And you can detect that by comparing IAT to an unhooked copy, which you can avoid by direct hooking, which you can detect by code crc, etc. etc.

wrunning
11-07-2011, 07:16 PM
Modify your keyboard driver, write a filter driver or make a virtual keyboard driver and talk to either.

civan
11-07-2011, 09:25 PM
Believe it or not, it can also be detected by another driver (this is what Punkbuster does).

wrunning
11-07-2011, 11:49 PM
Ofcourse it can be detected, it's a matter of probabilities.Also, I'm not familiar with what punkbuster does, but there are for sure ways around it, as usual.
If you want something even better than that, you can always program the hardware, in many ingenious ways.But I think a modified keyboard driver should be enough for most things.

PatB
11-29-2011, 03:08 PM
Thanks folks for your input.

Are the above statements also true on a VM if input is generated from the host?

PatB
11-30-2011, 11:56 AM
... and what about multiboxing software?

civan
11-30-2011, 06:28 PM
In case of vm's it depends on vm implementation, as everything it _can_ be detected (as in that a vm input diver is loaded), but most likely there won't be any user-mode traces.
Multiboxing software would produce false poisitives if ccp ever gets round to getting the detection done.