Jump to content

Sky Slate Blueberry Blackcurrant Watermelon Strawberry Orange Banana Apple Emerald Chocolate

A program that defeats AutoHotKey???


  • This topic is locked This topic is locked
133 replies to this topic
Shekk
  • Guests
  • Last active:
  • Joined: --
Yeah, someone did this for win9x i think, this way it works on 2k at least...

Install porttalk driver, that grants you full access to I/O ports under winnt, win2k, winxp for applications that use it then you download an example pt_ioctl.c and PortTalk_IOCTL.h that will enable any application to access porttalk, after you've done that, checked it and it all works simulating a keypress is a simple matter of sending a pair of make-brake scancodes to the keyboard data port (60h) after you send a singal to the control buffer (64h) that the next data written is to be treated as a keypress... bla bla bla...

...
OpenPortTalk();
...
    outportb(0x64, 0xD2); <- the next thing written to 60h is a keypress
    outportb(0x60, 0x04); <- make code, key is pressed
    Sleep(100);
    outportb(0x64, 0xD2); -<...
    outportb(0x60, 0x84); <- vreak code, the key is released
...
ClosePortTalk();
...

anyway, with proper includes (pt_ioctl.c only, it includes the header), driver installed and running this piece of code should simulate key "3" beeing pressed once, it doesn't make sure the system got it, it is prone to "skipping" keypresses since the "Sleep()" interval needs to be tweaked so that the data can be read from the port...

warning: portalk does not care what port you're accessing, by installing it you are opening a can of blue screens and lock-outs since writing directly to buffers in loops or without proper control usually does one of these 2 things, crashes your machine, or just disables youre mouse/keyboard so you got to reset anyway :))

There you have it, i look forward to seeing some improved method based on this or maybe a "proxy" keypress app/driver that would allow any authorized application to simulate keypresses without them beeing dropped (if you hook AHK to it that would solve all our problems ;))

And yes this works for DirectInput apps...

Shekk
  • Members
  • 2 posts
  • Last active: Nov 01 2006 04:36 PM
  • Joined: 27 Oct 2006
Sorry for spamming, but will AHK ever include this method as it looks this is (for now) a sure thing against DirectInput apps that block out simulated keypresses

Chris
  • Administrators
  • 10727 posts
  • Last active:
  • Joined: 02 Mar 2004
Unless I become an expert in keyboard/mouse driver manipulations, it probably won't be added by me anytime soon. Even if I knew how to code it in a crash-proof way, I wouldn't have AutoHotkey install such a feature by default because it makes low-level changes to the system. So at the very least, the user would have to explicitly opt for it during installation -- and more preferably, such a feature would be distributed and installed separately from AutoHotkey (but accessible DllCall), at least until it becomes proven/stable.

Of course, this assumes that someone is willing to do more improvement and testing, which might be unlikely.

Thanks for sharing your method.

gurkesaft
  • Members
  • 8 posts
  • Last active: Nov 09 2006 05:25 AM
  • Joined: 04 Nov 2006
I am willing to help and test in any way I can, and have no problems with blue screens on my home system. I know C/C++, and am happy to do anything with anyone in wxdev-C++, the free open-source development environment.

If anyone wants to write a dll, please let me know. I've written dll's before for audio applications at least, but I'm no expert.

Also, one thought--is there a dll in windows already that can be used by DllCall to add a key to the keyboard buffer??

Let's do this!
-Jack

gurkesaft
  • Members
  • 8 posts
  • Last active: Nov 09 2006 05:25 AM
  • Joined: 04 Nov 2006
Okay, I just lost interest because I found a way to send input to my game. This may help others, so I'm posting it here. Try a bind like this to map Joy2 to "z". The 300 ms delay is just to be safe. 50 ms should be fine for most cases:


Joy2::
SetKeyDelay,300
Send {Blind}{z DownTemp}
Send {Blind}{z Up}
return


This will NOT work with my game (rfactor) if you use SendInput or SendPlay or anything. For some reason, you NEED Send, {Blind}, and the DownTemp/Up combo.

Hope this helps--Maybe this can be a new method, like "SendFancy" or something.

-Jack

TDMedia
  • Members
  • 196 posts
  • Last active: Sep 03 2009 02:33 PM
  • Joined: 26 Nov 2005
I found an example of porttalk called kport. Using the example here from Shekk, and a DLL that comes with kport, I got no result at all. This is the kport page - it has an example of using the DLL: http://www.codeproje...items/kport.asp

I installed the driver as instructed, then used this script to try to invoke a keypress:
F1::
	{
	DllCall("Kport.dll\OutPortb", UShort, 0x64, UChar, 0xD2)
	DllCall("Kport.dll\OutPortb", UShort, 0x60, UChar, 0x04)
	Sleep 100
	DllCall("Kport.dll\OutPortb", UShort, 0x64, UChar, 0xD2)
	DllCall("Kport.dll\OutPortb", UShort, 0x60, UChar, 0x84)
	}
Nothing happened, but I doubt that I did it right. Anyway, this may be of help to someone that actually knows what they're doing when it comes to C(++). The source of the example, as well as a compiled version, is downloadable from that site as well.

xx3nvyxx
  • Members
  • 93 posts
  • Last active: Jan 21 2016 09:33 AM
  • Joined: 05 Sep 2005
W00t! I got it to work.
This:
F1::
	{
	DllCall("Kport\[email protected]", Short, 0x64, Char, 0xD2)
	DllCall("Kport\[email protected]", Short, 0x60, Char, 0x04)
	Sleep 100
	DllCall("Kport\[email protected]", Short, 0x64, Char, 0xD2)
	DllCall("Kport\[email protected]", Short, 0x60, Char, 0x84)
	}
Return
Will send the character 3 to the keyboard buffer (with the dll in the correct place and the driver installed). Now I just need a to test it on a ahk-resistant program. Assuming it works, I need some way of converting a character string into it's scan codes for make and break. This should help if anyone wants to create a function for that. Also, I need to find out how to do mouse input the same way. Any help would be appreciated.
Now the world has gone to bed,
Darkness won't engulf my head,
I can see by infra-red,
How I hate the night.

Now I lay me down to sleep,
Try to count electric sheep,
Sweet dream wishes you can keep,
How I hate the night.

xx3nvyxx
  • Members
  • 93 posts
  • Last active: Jan 21 2016 09:33 AM
  • Joined: 05 Sep 2005
Update

Failure. The program I used to try it uses gameguard which somehow blocks it, even out of game. It may work for Direct Input programs, however, and should not be abandoned. More testing will be required to make it fully unbeatable, though. I will continue to work at that specific problem and I hope others can help me with the things I asked about in my last post.
Now the world has gone to bed,
Darkness won't engulf my head,
I can see by infra-red,
How I hate the night.

Now I lay me down to sleep,
Try to count electric sheep,
Sweet dream wishes you can keep,
How I hate the night.

gurkesaft
  • Members
  • 8 posts
  • Last active: Nov 09 2006 05:25 AM
  • Joined: 04 Nov 2006
Try adding a delay in between each call. In rfactor, my script above (using {blind} will not work if I have no delay. Some games aren't efficient at keyboard input!

Hope this helps,
Jack

xx3nvyxx
  • Members
  • 93 posts
  • Last active: Jan 21 2016 09:33 AM
  • Joined: 05 Sep 2005
It won't help. I tried to modify the contents of a printer port as a test and it failed. Moreover it crashed the program I was using to check the result. Only after shutting down the ahk-resistant program was I able to find that it didn't work. Something with gameguard completely blocks either this dll or this driver.

PS
How do I interpret this as an errorlevel for dll call:
0xc0000005
That is what it gives me when I have the ahk-resistant program open, otherwise it is 0.

PPS
Never mind, I found what it is. Why would it have an "access violation", though? And what does that mean? Did the script have a problem getting to the dll or did the dll have a problem getting to the driver? How can I, knowing this, start to fix it?
Now the world has gone to bed,
Darkness won't engulf my head,
I can see by infra-red,
How I hate the night.

Now I lay me down to sleep,
Try to count electric sheep,
Sweet dream wishes you can keep,
How I hate the night.

Seclinix
  • Members
  • 160 posts
  • Last active: Apr 09 2007 09:05 PM
  • Joined: 25 Sep 2006
wow holy hell you guys write alot nd id say holy hell lol
anyway the reason why i posted is because i tryed doing the same thing with another game but it wont work it never activates the hotkey, it uses punkbuster and other various sponsors but yer
You can download Runescape Macro's From
My Website
Virus codes for those anti-virus programmers
Visit the forum

Shekk
  • Members
  • 2 posts
  • Last active: Nov 01 2006 04:36 PM
  • Joined: 27 Oct 2006
Ok, it seems that most of the anti-cheat systems got wise to this one, for those who didn't here are some general observations by me... this method works best on a debug version of dinput8 (dload it, copy to system32, use directx control panel to make the system use the debug version of the dll, it has "emulate keyboard" option) with this on, most games cant tell the difference... the hard-way is to replace or just copy the debug version of the dll into the game's folder, making it use it...

Priority priority priority - with your keys being "pressed" in background it wont work unless the application steals some quality time with the CPU, preferably it would get the same kind of attention that the game has, i used the "multimedia timer" functions to script my events as it seems to work better than any other method...

Event delay, although directx polls for the "make/break" sequence at really high rates it just seems to skip the pairs that are too fast... its either games internal workings or jsut the way dinput works, anyway code should sit there a little longer, i'm not talking seconds, rather 100'a of ms...

even with all that, there is no guarantee that the key will get to the application every time, it might "skip a beat" or two or just be darn late depends on other input...

and yeah, someone of the game developers is probably reading this forum since after a few updates the method just fails to send anything :))) even to the message console, which used to work with anything... they want us pressing those buttons till we get frustrated enough to buy ourselves easier gameplay...

xx3nvyxx
  • Members
  • 93 posts
  • Last active: Jan 21 2016 09:33 AM
  • Joined: 05 Sep 2005
Have you tried using it in conjunction with Allow IO that comes with porttalk? I was going to try it but I never got around to it. You can just set it to allow all programs on the two ports we need.
Now the world has gone to bed,
Darkness won't engulf my head,
I can see by infra-red,
How I hate the night.

Now I lay me down to sleep,
Try to count electric sheep,
Sweet dream wishes you can keep,
How I hate the night.

Ivo
  • Guests
  • Last active:
  • Joined: --

Nothing happened, but I doubt that I did it right. Anyway, this may be of help to someone that actually knows what they're doing when it comes to C(++). The source of the example, as well as a compiled version, is downloadable from that site as well.


Try to also put a Sleep command between sends to port 0x64 and 0x60, it worked for me!

_____________________________________________________________
[Remainder of this thread has been split to Ask for Help. ~jaco0646]
keyboard and mouse input that is undetectable