DxWnd.reloaded/help/Hook1.html

<html>
	
<head>
	<title>Hook</title>
	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <meta name="generator" content="HelpNDoc Personal Edition 4.6.2.573">
	<meta name="keywords" content="">
	
	<link type="text/css" rel="stylesheet" media="all" href="css/reset.css" />
	<link type="text/css" rel="stylesheet" media="all" href="css/base.css" />
	<link type="text/css" rel="stylesheet" media="all" href="css/hnd.css" />
	<!--[if lte IE 8]>
		<link type="text/css" rel="stylesheet" media="all" href="css/ielte8.css" />
	<![endif]-->
	<style type="text/css">
		#topic_header
		{
			background-color: #EFEFEF;
		}
	</style>
	<script type="text/javascript" src="js/jquery.min.js"></script>
	<script type="text/javascript" src="js/hnd.js"></script>
	<script type="text/javascript">
		$(document).ready(function()
		{
			if (top.frames.length == 0)
			{
				var sTopicUrl = top.location.href.substring(top.location.href.lastIndexOf("/") + 1, top.location.href.length);
				top.location.href = "DxWnd.html?" + sTopicUrl;
			}
			else if (top && top.FrameTOC && top.FrameTOC.SelectTocItem)
			{
				top.FrameTOC.SelectTocItem("Hook1");
			}
		});
	</script>
	
	</head>

<body>

<div id="topic_header">
			<div id="topic_header_content">
				<h1 id="topic_header_text">Hook</h1>
				
				<div id="topic_breadcrumb">
					<a href="Theconfigurationpanel.html">The configuration panel</a> &rsaquo;&rsaquo; </div>
				</div>
			<div id="topic_header_nav">
				<a href="Theconfigurationpanel.html"><img src="img/arrow_up.png" alt="Parent"/></a>
				
				<a href="Position.html"><img src="img/arrow_left.png" alt="Previous"/></a>
				
				<a href="Sonprocesshook.html"><img src="img/arrow_right.png" alt="Next"/></a>
				
				</div>
			<div class="clear"></div>
		</div>
	<div id="topic_content">
		
<p></p>
<p class="rvps2"><img alt="" style="padding : 1px;" src="lib/dxwnd_configuration_hook.png"></p>
<p class="rvps2"><span class="rvts6"><br/></span></p>
<div class="rvps2"><table border="1" cellpadding="1" cellspacing="2" style="border-color: #000000; border-style: solid; border-spacing: 2px;">
<tr valign="top">
<td width="189" style="border-color: #000000; border-style: solid; padding: 1px;"><p class="rvps2"><span class="rvts6">Hook enabled</span></p>
</td>
<td width="137" style="border-color: #000000; border-style: solid; padding: 1px;"><p class="rvps2"><span class="rvts15">HOOKENABLED</span></p>
</td>
<td width="1171" style="border-color: #000000; border-style: solid; padding: 1px;"><p class="rvps2"><span class="rvts6">If this flag is not set, DxWnd ignores the task - see gray icon</span></p>
</td>
</tr>
<tr valign="top">
<td width="189" style="border-color: #000000; border-style: solid; padding: 1px;"><p class="rvps2"><span class="rvts6">Additional modules:</span></p>
</td>
<td width="137" style="border-color: #000000; border-style: solid; padding: 1px;"><p class="rvps2"><span class="rvts15"><br/></span></p>
</td>
<td width="1171" style="border-color: #000000; border-style: solid; padding: 1px;"><p class="rvps2"><span class="rvts6">DxWnd's hooking logic may not notice some DLLs. In these fortunately rare cases, you can fix the issue by entering one or more module names to be added to DxWnd's search algorithm.</span></p>
</td>
</tr>
<tr valign="top">
<td width="189" style="border-color: #000000; border-style: solid; padding: 1px;"><p class="rvps2"><span class="rvts6">Hot patch (obfuscated IAT)</span></p>
</td>
<td width="137" style="border-color: #000000; border-style: solid; padding: 1px;"><p class="rvps2"><span class="rvts15">HOTPATCH</span></p>
</td>
<td width="1171" style="border-color: #000000; border-style: solid; padding: 1px;"><p class="rvps2"><span class="rvts6">The original DxWnd used IAT patching to redirect API calls to the altered routines. This method has its advantages, but fails when not all API are reached because they are located in unconnected dlls, referenced by ordinal number or referenced by programs with obfuscated IAT. IAT obfuscation is a sophisticated but common enough technique to make hacker's life harder: for instance, the game executable of Doom III has an obfuscated IAT.</span></p>
<p class="rvps2"><span class="rvts6"><br/></span></p>
<p class="rvps2"><span class="rvts6">Checking this flag cause DxWnd to use an alternate patching technique, that is the "hot patching" that creates a detour assembly code right at the beginning of the API implementation. &nbsp;Once done EVERY SINGLE CALL gets intercepted no matter from where the call is made, but it isn't always possible to apply this technique. Luckily, in the vast majority of cases, they both work.</span></p>
</td>
</tr>
<tr valign="top">
<td width="189" style="border-color: #000000; border-style: solid; padding: 1px;"><p class="rvps2"><span class="rvts6">Use DLL injection</span></p>
</td>
<td width="137" style="border-color: #000000; border-style: solid; padding: 1px;"><p class="rvps2"><span class="rvts15">STARTDEBUG</span></p>
</td>
<td width="1171" style="border-color: #000000; border-style: solid; padding: 1px;"><p class="rvps2"><span class="rvts6">The basic hook thecnique intercepts the first window creation event. At that time, the program may have done unwanted actions already, such as changing video mode or detecting bad conditions or crashing. Checking this flag cause the DxWnd logic to be "injected" right at the beginning of the task execution, making DxWnd able to intercepts all events. The drawback is that this only works when the task is activated from the DxWnd interface – see red icon. Another drawback is that the injection process resembles pretty much of an activation from a debugger, increasing the chances for game protections to intercept this situation and stop the program.</span></p>
</td>
</tr>
<tr valign="top">
<td width="189" style="border-color: #000000; border-style: solid; padding: 1px;"><p class="rvps2"><span class="rvts6">Hook child WindowProc</span></p>
</td>
<td width="137" style="border-color: #000000; border-style: solid; padding: 1px;"><p class="rvps2"><span class="rvts15">HOOKCHILDWIN</span></p>
</td>
<td width="1171" style="border-color: #000000; border-style: solid; padding: 1px;"><p class="rvps2"><span class="rvts6">By default, DxWnd intercepts the WindowProc routine of the main window, and this is enough for its purposes. In some cases, though, this is not enough and this flag tells DxWnd to intercept and redirect the WindowProc routines of all child windows as well.</span></p>
</td>
</tr>
<tr valign="top">
<td width="189" style="border-color: #000000; border-style: solid; padding: 1px;"><p class="rvps2"><span class="rvts6">Hook all DLLs</span></p>
</td>
<td width="137" style="border-color: #000000; border-style: solid; padding: 1px;"><p class="rvps2"><span class="rvts15">HOOKDLLS</span></p>
</td>
<td width="1171" style="border-color: #000000; border-style: solid; padding: 1px;"><p class="rvps2"><span class="rvts6">The original DxWnd behaviour was limited to search &amp; hook calls made by the main program directly. Checking this flag cause DxWnd to recurse in all &nbsp;non-system DLLs address space to hook calls there. It's necessary in all cases where the graphic engine is not directly coded in the program, but it's implemented in a separated engine DLL.</span></p>
</td>
</tr>
<tr valign="top">
<td width="189" style="border-color: #000000; border-style: solid; padding: 1px;"><p class="rvps2"><span class="rvts6">Widechar program vs. ANSI</span></p>
</td>
<td width="137" style="border-color: #000000; border-style: solid; padding: 1px;"><p class="rvps2"><span class="rvts15">ANSIWIDE</span></p>
</td>
<td width="1171" style="border-color: #000000; border-style: solid; padding: 1px;"><p class="rvps2"><span class="rvts6">DxWnd uses ANSI versions of several system calls by default. This flag tells DxWnd to use the corresponding WIDECHAR version instead.</span></p>
</td>
</tr>
</table>
</div>
<p></p>
</div>
	
	<div id="topic_footer">

			<div id="topic_footer_content">
				Copyright &copy; 2016 by GHO. All Rights Reserved.</div>
		</div>
	</body>
	
</html>