Improper hooking, redundant code, unnecessary complexity of DLLMain (WILL LEAD TO DETECTION FIX ASAP)

[uhohspaghettioo]

The

ADDR_CLDBDOSOMESTUFF, ADDR_CLDBDOSOMEOTHERSTUFF, and ADDR_CLDBDOYETMORESTUFF

constants are defined but not used.

The

originalCreateFileA

function pointer is declared but not used. The

originalBytesForOpenProcess, originalBytesForTerminateProcess, and originalBytesForExitProcess

arrays are defined but not used.

The InstallDllHook function is defined but not used, and the hooking functionality is implemented directly in the InstallHook and UninstallHook functions.

The MyGetForegroundWindow and MySetFocus functions have similar logic to find the main window, which could be refactored to avoid duplication.

The InstallHook and UninstallHook functions hook and unhook different sets of functions.

The InstallHook function hooks EmptyClipboard, GetForegroundWindow, TerminateProcess, and ExitProcess, while the UninstallHook function only unhooks SetClipboardData, EmptyClipboard, and GetForegroundWindow.

This inconsistency can lead to issues where some functions remain hooked even after calling UninstallHook

Lack of proper trampoline function: To correctly hook a function, a trampoline function should be created that executes the stolen bytes (original instructions) and then jumps back to the remaining part of the target function. The current code does not implement a trampoline function, which means the original functionality of the hooked functions is not preserved. this can cause crashes, detection, and even BSOD

The code attempts to hook various functions by overwriting the first 5 bytes of the target function with a jump instruction to the custom implementation. However, it does not properly handle the stolen bytes (original instructions) from the target function.

void targetGetForegroundWindow = GetForegroundWindow; DWORD jumpGetForeground = (DWORD)MyGetForegroundWindow - (DWORD)targetGetForegroundWindow - 5; memcpy(originalBytesForGetForeground, targetGetForegroundWindow, sizeof(originalBytesForGetForeground)); VirtualProtect(targetGetForegroundWindow, sizeof(originalBytesForGetForeground), PAGE_EXECUTE_READWRITE, &oldProtect); ((BYTE)targetGetForegroundWindow) = 0xE9; ((DWORD)((BYTE)targetGetForegroundWindow + 1)) = jumpGetForeground; VirtualProtect(targetGetForegroundWindow, sizeof(originalBytesForGetForeground), oldProtect, &oldProtect);

Check the return value of VirtualProtect and handle any errors appropriately. Add error logging or reporting mechanisms to help diagnose issues.

Unused or ineffective code in MyTerminateProcess:

BOOL WINAPI MyTerminateProcess(HANDLE hProcess, UINT uExitCode) { std::cout << "TerminateProcess hook called, but not terminating process." << std::endl; // if (hProcess == OpenProcess(PROCESS_TERMINATE, FALSE, findDiscordProcessId())) { // std::cout << "Discord process found, but not terminating process." << std::endl; // return TRUE; // Simulate success //} return FALSE; }

returning false will tell the browser it failed to kill a process which is a big red flag, change to TRUE

Redundant or unnecessary code in FindMainWindow and FindTargetWindow:

BOOL CALLBACK EnumWindowsCallback(HWND handle, LPARAM lParam) { DWORD processID = 0; GetWindowThreadProcessId(handle, &processID); if (GetCurrentProcessId() == processID && IsMainWindow(handle)) { // Stop enumeration if a main window is found, and return its handle reinterpret_cast<HWND>(lParam) = handle; return FALSE; } return TRUE; }

HWND FindMainWindow() { HWND mainWindow = NULL; EnumWindows(EnumWindowsCallback, reinterpret_cast(&mainWindow)); return mainWindow; }

The FindMainWindow function and its associated callback EnumWindowsCallback are not used effectively in the code. The IsMainWindow function used inside the callback is not defined, making the code incomplete. Similarly, the FindTargetWindow function and its callback TargetEnumWindowsCallback are not used anywhere in the code, making them redundant.

Inefficient or poorly implemented code in MyGetForegroundWindow and MySetFocus:

HWND WINAPI MyGetForegroundWindow() { HWND hWnd = FindMainWindow(); if (hWnd != NULL) { std::cout << "Returning the main window of the current application." << std::endl; return hWnd; } std::cout << "Main window not found, returning NULL." << std::endl; return NULL; }

HWND WINAPI MySetFocus(HWND _hWnd) { focusHWND = _hWnd; HWND hWnd = FindMainWindow(); // Find the main window of the current process if (hWnd != NULL) { std::cout << "Returning the main window of the current application due to '[' key press." << std::endl; return hWnd; // Return the main window handle if found } else { std::cout << "Main window not found, returning NULL." << std::endl; return NULL; // If main window is not found, return NULL } }

Both MyGetForegroundWindow and MySetFocus functions use the FindMainWindow function to find the main window of the current application. However, the FindMainWindow function itself is not properly implemented, making these functions ineffective.

you say you dont hardcode, but you cast the APIs to a void pointer instead of just calling GetProcAddress to dynamically resolve them. Enjoy your IAT scan and eventual ban.

as a public bypass these need to be addressed ASAP, this may seem mean but trust me its a lot nicer than the industry boys will treat this

[MarkSh0w]

Is this caused by DLL file? How this can be fixed?

[alu1al]

@uhohspaghettioo did you find any Solutions?