Hello,

I wonder which of these methods are the safest (i.e. are not detected by PunkBuster) ?Or maybe any other ?

From my short experience I noticed that DirectX hooking is detected by PB, but dunno about the others ?

And would you please provide me with some info/link/whatever about the other methods, I came across dll injecting code, but didnt come any sourcecode for the library to be injected. I also hardly found any info about mempatching.

hooking is memory patching, archieved by injecting a dll in the game's process?!

Anyway, check HW breakpoints ;)


The code I use for dll injection:

void* pProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION | PROCESS_VM_WRITE, FALSE, lID);
if(!pProcess)
return -1;

void* pLibFileRemote = reinterpret_cast<char*>(VirtualAllocEx(pProcess, NULL, strlen(pcModuleFileName)+1, MEM_COMMIT, PAGE_READWRITE));
if (!pLibFileRemote)
return -1;

if(!WriteProcessMemory(pProcess, pLibFileRemote, pcModuleFileName, strlen(pcModuleFileName)+1, NULL))
return -1;

void* pThread = CreateRemoteThread(pProcess, NULL, 0, reinterpret_cast<LPTHREAD_START_ROUTINE>(GetProcAddress(GetModuleHandle("Kernel32"), "LoadLibraryA")), pLibFileRemote, 0, NULL);
if (!pThread)
return -1;

WaitForSingleObject(pThread, INFINITE);

VirtualFreeEx(pProcess, pLibFileRemote, 0, MEM_RELEASE);

CloseHandle(pThread);
CloseHandle(pProcess);

Like i wrote in my previous post, I did some directx hooking but got kicked by PB. Does your method avoid being kicked by PB ? or do I have to use any other technique ? (I heared something about detour function - but didnt find almost any info about it).

hooking is memory patching, archieved by injecting a dll in the game's process?!

Anyway, check HW breakpoints ;)


The code I use for dll injection:

void* pProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION | PROCESS_VM_WRITE, FALSE, lID);
if(!pProcess)
return -1;

void* pLibFileRemote = reinterpret_cast<char*>(VirtualAllocEx(pProcess, NULL, strlen(pcModuleFileName)+1, MEM_COMMIT, PAGE_READWRITE));
if (!pLibFileRemote)
return -1;

if(!WriteProcessMemory(pProcess, pLibFileRemote, pcModuleFileName, strlen(pcModuleFileName)+1, NULL))
return -1;

void* pThread = CreateRemoteThread(pProcess, NULL, 0, reinterpret_cast<LPTHREAD_START_ROUTINE>(GetProcAddress(GetModuleHandle("Kernel32"), "LoadLibraryA")), pLibFileRemote, 0, NULL);
if (!pThread)
return -1;

WaitForSingleObject(pThread, INFINITE);

VirtualFreeEx(pProcess, pLibFileRemote, 0, MEM_RELEASE);

CloseHandle(pThread);
CloseHandle(pProcess);



Undetected?

this is also a simple loader script:

#include <windows.h>
#define WINDOW_NAME "World of Warcraft"
#define DLL_LOC "c:\\dll.dll"
void main(void)
{
DWORD pidorlen;
LPVOID addy;
HANDLE h;
HANDLE hpid;
HMODULE hm;
FARPROC fp;
char* loc = DLL_LOC;

h = FindWindow(0, WINDOW_NAME);
GetWindowThreadProcessId(h, &pidorlen);
hpid = OpenProcess(PROCESS_ALL_ACCESS, 0, pidorlen);
pidorlen = lstrlen(loc);
addy = VirtualAllocEx(hpid, 0, pidorlen, MEM_COMMIT, PAGE_READWRITE);
WriteProcessMemory(hpid, addy, loc, pidorlen, 0);
hm = GetModuleHandle("Kernel32");
fp = GetProcAddress(hm, "LoadLibraryA");
h = CreateRemoteThread(hpid, 0, 0, (LPTHREAD_START_ROUTINE)fp, addy, 0, 0);
WaitForSingleObject(h, INFINITE);
CloseHandle(h);
VirtualFreeEx(hpid, addy, pidorlen, MEM_RELEASE);
}

NOT written by me. I found this in a tut by Kuntz.

I am not an expert in the field but I do know for an absolute fact that doing stuff in the game that is legal will not kick you by pb...(changing teams)...