backup/DxWnd.reloaded
1
0
Fork 0
mirror of https://github.com/DxWnd/DxWnd.reloaded synced 2024-12-30 09:25:35 +01:00
Code Issues Projects Releases Activity
DxWnd.reloaded/build/help/Hookflags.html
gho tik c7934bf142 v2_03_88_src 
Former-commit-id: ea3f7967f99640133673ef363b73faa61e6ee861
2017-03-06 11:47:23 -05:00

127 lines
7.5 KiB
HTML
Raw Blame History

<html>
<head>
<title>Hook flags</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="generator" content="HelpNDoc Personal Edition 4.6.2.573">
<meta name="keywords" content="">
<link type="text/css" rel="stylesheet" media="all" href="css/reset.css" />
<link type="text/css" rel="stylesheet" media="all" href="css/base.css" />
<link type="text/css" rel="stylesheet" media="all" href="css/hnd.css" />
<!--[if lte IE 8]>
<link type="text/css" rel="stylesheet" media="all" href="css/ielte8.css" />
<![endif]-->
<style type="text/css">
#topic_header
{
background-color: #EFEFEF;
}
</style>
<script type="text/javascript" src="js/jquery.min.js"></script>
<script type="text/javascript" src="js/hnd.js"></script>
<script type="text/javascript">
$(document).ready(function()
{
if (top.frames.length == 0)
{
var sTopicUrl = top.location.href.substring(top.location.href.lastIndexOf("/") + 1, top.location.href.length);
top.location.href = "DxWnd.html?" + sTopicUrl;
}
else if (top && top.FrameTOC && top.FrameTOC.SelectTocItem)
{
top.FrameTOC.SelectTocItem("Hookflags");
}
});
</script>
</head>
<body>
<div id="topic_header">
<div id="topic_header_content">
<h1 id="topic_header_text">Hook flags</h1>
<div id="topic_breadcrumb">
<a href="Theconfigurationpanel.html">The configuration panel</a> &rsaquo;&rsaquo; <a href="Hook1.html">Hook</a> &rsaquo;&rsaquo; </div>
</div>
<div id="topic_header_nav">
<a href="Hook1.html"><img src="img/arrow_up.png" alt="Parent"/></a>
<a href="Injectionmode.html"><img src="img/arrow_left.png" alt="Previous"/></a>
<a href="Sonprocesshook.html"><img src="img/arrow_right.png" alt="Next"/></a>
</div>
<div class="clear"></div>
</div>
<div id="topic_content">
<p></p>
<div class="rvps2"><table width="100%" border="1" cellpadding="1" cellspacing="2" style="border-color: #000000; border-style: solid; border-spacing: 2px;">
<tr valign="top">
<td width="168" style="border-color: #000000; border-style: solid; padding: 1px;"><p class="rvps2"><span class="rvts6">Hot patch (obfuscated IAT)</span></p>
</td>
<td width="170" style="border-color: #000000; border-style: solid; padding: 1px;"><p class="rvps2"><span class="rvts17">HOTPATCH</span></p>
</td>
<td width="1199" style="border-color: #000000; border-style: solid; padding: 1px;"><p class="rvps2"><span class="rvts6">The original DxWnd used IAT patching to redirect API calls to the altered routines. This method has its advantages, but fails when not all API are reached because they are located in unconnected dlls, referenced by ordinal number or referenced by programs with obfuscated IAT. IAT obfuscation is a sophisticated but common enough technique to make hacker's life harder: for instance, the game executable of Doom III has an obfuscated IAT.</span></p>
<p class="rvps2"><span class="rvts6"><br/></span></p>
<p class="rvps2"><span class="rvts6">Checking this flag cause DxWnd to use an alternate patching technique, that is the "hot patching" that creates a detour assembly code right at the beginning of the API implementation. &nbsp;Once done EVERY SINGLE CALL gets intercepted no matter from where the call is made, but it isn't always possible to apply this technique. Luckily, in the vast majority of cases, they both work.</span></p>
</td>
</tr>
<tr valign="top">
<td width="168" style="border-color: #000000; border-style: solid; padding: 1px;"><p class="rvps2"><span class="rvts6">Hook child WindowProc</span></p>
</td>
<td width="170" style="border-color: #000000; border-style: solid; padding: 1px;"><p class="rvps2"><span class="rvts17">HOOKCHILDWIN</span></p>
</td>
<td width="1199" style="border-color: #000000; border-style: solid; padding: 1px;"><p class="rvps2"><span class="rvts6">By default, DxWnd intercepts the WindowProc routine of the main window, and this is enough for its purposes. In some cases, though, this is not enough and this flag tells DxWnd to intercept and redirect the WindowProc routines of all child windows as well.</span></p>
</td>
</tr>
<tr valign="top">
<td width="168" style="border-color: #000000; border-style: solid; padding: 1px;"><p class="rvps2"><span class="rvts6">Hook all DLLs</span></p>
</td>
<td width="170" style="border-color: #000000; border-style: solid; padding: 1px;"><p class="rvps2"><span class="rvts17">HOOKDLLS</span></p>
</td>
<td width="1199" style="border-color: #000000; border-style: solid; padding: 1px;"><p class="rvps2"><span class="rvts6">The original DxWnd behaviour was limited to search &amp; hook calls made by the main program directly. Checking this flag cause DxWnd to recurse in all &nbsp;non-system DLLs address space to hook calls there. It's necessary in all cases where the graphic engine is not directly coded in the program, but it's implemented in a separated engine DLL.</span></p>
</td>
</tr>
<tr valign="top">
<td width="168" style="border-color: #000000; border-style: solid; padding: 1px;"><p class="rvps2"><span class="rvts6">Widechar program vs. ANSI</span></p>
</td>
<td width="170" style="border-color: #000000; border-style: solid; padding: 1px;"><p class="rvps2"><span class="rvts17">ANSIWIDE</span></p>
</td>
<td width="1199" style="border-color: #000000; border-style: solid; padding: 1px;"><p class="rvps2"><span class="rvts6">DxWnd uses ANSI versions of several system calls by default. This flag tells DxWnd to use the corresponding WIDECHAR version instead.</span></p>
</td>
</tr>
<tr valign="top">
<td width="168" style="border-color: #000000; border-style: solid; padding: 1px;"><p class="rvps2"><span class="rvts6">No Run</span></p>
</td>
<td width="170" style="border-color: #000000; border-style: solid; padding: 1px;"><p class="rvps2"><span class="rvts17">HOOKNORUN</span></p>
</td>
<td width="1199" style="border-color: #000000; border-style: solid; padding: 1px;"><p class="rvps2"><span class="rvts6">Some applications run several executables. The only game found to run like this so far is </span><span class="rvts19">Die Hard Trilogy</span><span class="rvts6">. It has a frontend program that runs one choice of three different executables, each one implementing one single, unique game. In this situation, each individual game needs an individual DxWnd configuration entry, and also needs to be run by the frontend. They cannot be run directly. The "No Run" flag and the corresponding blocking icon prevent the user from trying to run the game from the DxWnd interface.</span></p>
</td>
</tr>
<tr valign="top">
<td width="168" style="border-color: #000000; border-style: solid; padding: 1px;"><p class="rvps2"><span class="rvts6">No hook update</span></p>
</td>
<td width="170" style="border-color: #000000; border-style: solid; padding: 1px;"><p class="rvps2"><span class="rvts17">HOOKNOUPDATE</span></p>
</td>
<td width="1199" style="border-color: #000000; border-style: solid; padding: 1px;"><p class="rvps2"><span class="rvts6">Under certain conditions, the same API or method call may have different memory addresses while the program is running. Unfortunately, there is no universal policy to handle this situation: in some cases, the program only works correctly if the function's original address is updated; in other cases, it is better to stick to the original value. By default, the original address is updated. Check this flag to keep the initial original address instead.</span></p>
</td>
</tr>
</table>
</div>
<p></p>
</div>
<div id="topic_footer">
<div id="topic_footer_content">
Copyright &copy; 2016 by GHO. All Rights Reserved.</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink