I'm writing a program in C# that is attaching on to another process and reading memory etc. from this other process. I'm looking for a way to simulate mouse movements in this other process, but the other process specifically blocks methods such as PostMessage, SendMessage etc. I'm trying to stay away from injection or memory writes, so those aren't an option for this. I've been told the best way would be to create a virtual mouse driver and hook it on to the other process. Anyone have any other ways I could do this or how I would go about hooking a virtual mouse driver?
A:
Would using a seperate program such as autohotkey, to drive the mouse moving be doable? Because thats what I'd do.
whatsisname
2009-07-16 21:03:21
well I could move the mouse in C# just fine. I just need to be able to do it to a background window while I can do something else with my other mouse.
Rich
2009-07-16 21:05:04
+1
A:
I'm not sure what program you're targetting but I've seen cool workarounds for games that block PostMessage (games that shall go unnamed ;p).
I don't know if hooking virtual mouse drivers would work. I've heard of the approach before but my feeling is that if PostMessage is blocked then it would be fruitless. Don't mouse drivers just send messages to the game window using standard windows messages anyway?
The most common way that I've seen developers block PostMessage/SendMessage is to copy the Windows DLL from the system folder and distribute it with the the game (I wonder if this is even legal?). Since the DLL loads the functions local to the game's address space, the game can block off other processes from accessing those functions by ensuring that the caller is also local to the game's address space.
A simple way to bypass this would be to inject a DLL into the game's process and hook into their functions. However, developers are saavy to this approach and can still block your call by performing certain checks at the entry point of the function (I'm not sure what these checks are). From what I understand, a simple way to then workaround this check is to define the first few bytes of the PostMessage function yourself, then jump to a point after the check within PostMessage.
I don't want to elaborate any more because what I'm discussing is quite specific and the topic is very deep, constantly changing, and doesn't really target people on Stack Overflow.
All of these things I've mentioned are basic ideas I picked up from surfing various game hacking forums -- those are the places to look for this kind of question. The game hacking community is pretty tight with their information but after enough time passes everybody is willing to share their approaches :)
Kai
2009-07-16 21:12:25
very helpful post. I figure this wasn't targeted toward people here, but someone suggested I post here because you guys know a lot more than most people. I have a feeling this is a very complex task that I will need another solution for.
Rich
2009-07-16 21:22:23
A:
In developing SCAR (a RuneScape macroing program), the developers eventually had to build a wrapper around the java file (called SMART) and have a "fake mouse" inside this wrapper take could be controlled using basic function calls. I don't know how to do this in C#, but it is possible in Java. Before SMART, you either had to allow your mouse to be used (so moving the mouse directly) or use something called "Silent Mouse". Silent mouse hooked into java.exe and the functions in its JVM and controlled mouse inputs, just as Kai described. However, as Kai also described, this was very easily detectable, so no one used it.
Callum Rogers
2009-07-16 21:26:15