×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Detecting SendInput

Detecting SendInput

Detecting SendInput

(OP)
I am making a little game application on the side. I intend for my program to use DirectInput.
I was wondering if there was any way to detect the difference between the input coming from the keyboard itself or if somebody is trying to fake input using the SendInput function.

Might anybody know if this is possible at all?

I have tried googling Detect SendInput and similar but have not found anything helpful for being able to tell the difference between real keyboard input, and somebody using a program somewhere to SendInput (I know of the exact SendInput function being available to at least Delphi, C#, C++, Python, and something similar for a couple other languages, it is a Windows function from my understanding).  

~
"Your request is not unlike your lower intestine: stinky, and loaded with danger." — Ace Ventura.
 

RE: Detecting SendInput

if I read this post correctly, I don't think you will ever tell the difference. Are you trying to stop bots?

/Daddy

-----------------------------------------------------
 What You See Is What You Get
Never underestimate tha powah of tha google!

RE: Detecting SendInput

You probably want to investigate a low level keyboard hook, specifically WH_KEYBOARD_LL Hook. The lParam of this hook's callback function (LowLevelKeyboardProc) points to a KBDLLHOOKSTRUCT structure which contains an 8-bit flag. Bit 5 of this flag indicates whether the keyboard event is real or injected.

RE: Detecting SendInput

(OP)
Yes my goal is to stop botting.
Strong, thank you for a nudge in that direction. I will look into it.

~
"Your request is not unlike your lower intestine: stinky, and loaded with danger." — Ace Ventura.
 

RE: Detecting SendInput

Opie, my point is that there are a LOT of ways faking keyboard input some of them are easily detectable (like the keyboard hook), others not. If the hacker writes a low level filter for the keyboard driver, you'll never be able to detect that.

/Daddy

-----------------------------------------------------
 What You See Is What You Get
Never underestimate tha powah of tha google!

RE: Detecting SendInput

(OP)
They could also end up writing their own DLL and have the DLL send keyboard input. I was just wondering how much effort would be required to stop SendInput since it is so easily implemented. I know it is impossible to stop all methods. Just trying to cover some of the easier bases.

~
"Your request is not unlike your lower intestine: stinky, and loaded with danger." — Ace Ventura.
 

RE: Detecting SendInput

(OP)
Detecting it could be pretty easy depending on how far down one goes (and the trouble one is willing to go through).
After more extensive research, I have decided that it is not worth my time.
Basically I would need API hooks so far down that I would be at the rootkit level (without the rootkit activity).
See this link for the structure that contains a single bit to indicate whether it is legitimate or injected.
MSDN Article

There is also a program that does this kind of stuff, called GameGuard, and it causes problems with some other programs because it operates at this level.
I do not want that sort of reputation, and if people are really that determined, so be it.
I know that botting is impossible to stop to an extent. If people want to bot it, they will just be the ones missing out on the fun (that is if my game is as fun as I am hoping it will be).

~
"Your request is not unlike your lower intestine: stinky, and loaded with danger." — Ace Ventura.
 

RE: Detecting SendInput

That link is to the structure I already advised you about

RE: Detecting SendInput

(OP)
That it is.
And now there is a direct link to it.
Thank you for pointing me in the direction I needed to be pointed. My experience with API hooking is still very small, and mostly follows the high level hooking where I have borrowed code from others.
Thank you again guys.

~
"Your request is not unlike your lower intestine: stinky, and loaded with danger." — Ace Ventura.
 

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close