D#D Hook Detection.

[jckl]

Some of the cheats for the game i play hook into direct 3d and call functions and such. I was wondering if there is a easy way to determin if a thrid party program like a trainer is running on the game. Basically tell if something has injected a hook into the direct3d for the game.

[ic2]

Here's a old link i founded on my computer.  Hope it helps.  If it does, and it really works, would you let us know.  I never tried it but it sounds good.

[attachment deleted by admin]

[ecube]

ic2 no offense but that doesn't really have anything to do with what hes asking, that forum discussion was just about how to find what process their dll was loaded into...heh. jckl to answer your question you can tell if the api functions are hooking via ring3 through a couple ways. If they used raw hooks(5 bytes jmp addr) you can cmp the beginning of the api function called to 0E9h(jmp short) which would indicate it's most likely hooked.They could also hook via patching the import address table(IAT) i'm not sure how to detect that one but sure theres examples on google. You can use a program liked process explorer by sysinternals to see all the open handles in that paticular process one of which might point to the suspect dll, or processguard which will tell you just about everything.

[ic2]

no offense ever taken E^cube.

Thanks for the heads up. Hooking ... That's something i know nothing about anyway.  Maybe i try something tonight.

this is help full if you use a hooked dll and you want to process something once the dll loaded into the programs memory...

For whatever why... anyway.  I missed this part too. hee hee.  I'll learn one day.

sorry about that jckl

[jckl]

ok thanks. Ill look into this more as i have been asked and have thought about writing an anti cheat program. I will also look on google for some examples. If anyone knows of some good ones then i would like to see them.