Tutorial How to Hook DirectInput & Emulate Key Presses

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

kino0924

Full Member
Dec 31, 2019
11
114
0
C++:
[+] fnGetDeviceState Hook installed, old func at 739069DD
[+] fnGetDeviceData Hook installed, old func at 73906BA7
HookGetDeviceState: 00259914, 256, 0050F380
HookGetDeviceState: 00259914, 256, 0050F380
HookGetDeviceState: 00259914, 256, 0050F380
HookGetDeviceState: 00259914, 256, 0050F380
HookGetDeviceState: 00259914, 256, 0050F380
HookGetDeviceState: 00259914, 256, 0050F380
HookGetDeviceState: 00259914, 256, 0050F380
HookGetDeviceState: 00259914, 256, 0050F380
HookGetDeviceState: 00259914, 256, 0050F380
One thing that I noticed is that HookGetDeviceState seems to be working
But no message output from HookGetDeviceData what so ever!
 
Last edited:

kino0924

Full Member
Dec 31, 2019
11
114
0
Im just dumb.
The example was getting key data with GetDeviceState not GetDeviceData
:eek:

C++:
    hr = g_pKeyboard->GetDeviceState( sizeof(diks), &diks );

    for( i = 0; i < 256; i++ )
    {
        if( diks[i] & 0x80 )
        {
            wsprintf( strElement, TEXT("0x%02x "), i );
            _tcscat( strNewText, strElement );
        }
    }
 
  • Haha
Reactions: timb3r

timb3r

Semi-Retired
Dank Tier VIP
Jul 15, 2018
767
22,668
47
Remember I said in the article there's two ways you have to remember that for about 5 minutes until direct input is obsolete.
 

kino0924

Full Member
Dec 31, 2019
11
114
0
Slightly outside of the main topic.
What if the target is using GetRawInputData?
I cannot find any useful information about injecting key if the target utilize GetRawInputData
 

timb3r

Semi-Retired
Dank Tier VIP
Jul 15, 2018
767
22,668
47
It's actually a fair bit simpler all you need to do is hook the MsgProc with SetWindowLongPtr and then intercept the WM_INPUT message.
 
  • Like
Reactions: Rake

kino0924

Full Member
Dec 31, 2019
11
114
0
It's actually a fair bit simpler all you need to do is hook the MsgProc with SetWindowLongPtr and then intercept the WM_INPUT message.
I've been searching all over the web right after seeing your reply but could not find good example.
Are you saying hook MsgProc, inject WM_INPUT, hook GetRawInputData and change RAWINPUT?

Code:
___:0246693D                 sub     eax, 0FFh
___:02466942                 jz      short loc_246695C
___:0246695C                 push    10h             ; _DWORD
___:0246695E                 lea     eax, [ebp+var_14]
___:02466961                 mov     [ebp+var_14], 28h
___:02466968                 push    eax             ; _DWORD
___:02466969                 push    offset dword_2F65420 ; _DWORD
___:0246696E                 push    10000003h       ; _DWORD
___:02466973                 push    [ebp+arg_C]     ; _DWORD
___:02466976                 call    GetRawInputData
So I believe this is part of my target's MsgProc,
0246693D sub eax, 0FFh;
is WM_INPUT

0246696E push 10000003h ; _DWORD;
is RID_INPUT

But even with this information, I still cant get clear vision of how to inject key since WM_INPUT message only generated when a key is pressed.
Also, I dont understand why you told me to hook SetWindowLongPtr o_O
 

timb3r

Semi-Retired
Dank Tier VIP
Jul 15, 2018
767
22,668
47
SetWindowLongPtr allows you to replace window message callback procedure of a process. But you must be running in the context of the process (injected) to do this.

This is the preferable approach as you can control other messages as well like kill focus and the like.

All you need to do is create a new raw input Struct and set it up with the desired values. Then use callwindowproc to call the original procedure with the WM_INPUT message.

To get an idea of how this works create a dummy app that processes input using the raw input method so you can inspect valid structures which will make it easier to spoof.

One albeit hacky way to do this is to wait for the first keyboard input and copy the Struct then you only need to modify key input part of the message.
 
  • Like
Reactions: Rake

Syqao

Trump Tier Donator
Full Member
Nobleman
Dec 25, 2019
106
3,273
0
Can you elaborate and explain more on these 2 comments as to how and why it gets detected? Thanks.
Using something like SendInput() within your program to send mouse input for example will set the event-injected flag LLMHF_INJECTED. This can be checked by installing a low level hook which will show all mouse input from legitimate devices as well as synthesized input such as SendInput. Testing the flag tells you whether the input was "Injected". So in the case of how something would detect this it could check the injected flag for an input to determine whether it was legitimate or not.

C++:
typedef struct tagMSLLHOOKSTRUCT {
  POINT     pt;
  DWORD     mouseData;
  DWORD     flags;
  DWORD     time;
  ULONG_PTR dwExtraInfo;
} MSLLHOOKSTRUCT, *LPMSLLHOOKSTRUCT, *PMSLLHOOKSTRUCT;
https://docs.microsoft.com/en-us/windows/win32/api/winuser/ns-winuser-msllhookstruct
 

Hazey

Newbie
Full Member
Oct 8, 2017
6
1,908
0
I've been searching all over the web right after seeing your reply but could not find good example.
Are you saying hook MsgProc, inject WM_INPUT, hook GetRawInputData and change RAWINPUT?

Code:
___:0246693D                 sub     eax, 0FFh
___:02466942                 jz      short loc_246695C
___:0246695C                 push    10h             ; _DWORD
___:0246695E                 lea     eax, [ebp+var_14]
___:02466961                 mov     [ebp+var_14], 28h
___:02466968                 push    eax             ; _DWORD
___:02466969                 push    offset dword_2F65420 ; _DWORD
___:0246696E                 push    10000003h       ; _DWORD
___:02466973                 push    [ebp+arg_C]     ; _DWORD
___:02466976                 call    GetRawInputData
So I believe this is part of my target's MsgProc,
0246693D sub eax, 0FFh;
is WM_INPUT

0246696E push 10000003h ; _DWORD;
is RID_INPUT

But even with this information, I still cant get clear vision of how to inject key since WM_INPUT message only generated when a key is pressed.
Also, I dont understand why you told me to hook SetWindowLongPtr o_O
I also had trouble emulating input but I figured that with PostMessage i could generate WM_INPUT messages and inject my desired keycodes. If your still having trouble I made an autoclicker for Roblox a while back. A lot of the code is Roblox specific so all you really need to focus on is DetourGetRawInputData. Rawinput Autoclicker
 
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods League of Legends Accounts