January 11th, 2009, 10:58 AM
DLL Injection Detection
Hi there, so here's the deal. First off let me start by telling you why:
Basically it's a game security feature, to prevent cheating.
Anywhere here's the deal, I've been given the task of making a function to find all injected and loaded DLL's in a specific process at run time. Here's an example: They launch the game, this program will dump the target game's memory into a buffer or a file or something, and try and find all the DLL's loaded in that game's memory/process/address space.
I'm just wondering what an efficient way to do this would be. I'm uncertain how to find all DLL's loaded in a certain process's address space, or how I could really access this memory to begin with. I'm not asking to be spoon fed here (unless you really feel like it haha) I would just like to have some suggestions on how I can accomplish this task, and what I will need to know/be able to do.
I've done a bit of googling and I found a method commonly used to 'hide' these DLLs from injection detection techniques, here's the link/source code:
Found at: http://www.battleforums.com/forums/d...akdll-cpp.html
Source code: http://www.privatepaste.com/b31hpsgNJt
I'm also aware that I may be able to use notification hooks to monitor access of OpenGL.dll or the Direct 3D DLL, but I'm uncertain if this will be an affective method to counter the 'hide' code used, or even if it's an affective method overall.
Thanks a lot!
Click Here to Expand Forum to Full Width