How can i protect against this bypass?

问题

I have it to protect against bots called by mouse. (if click is by a human or not).

I have it to protect: http://pastebin.com/SfebsEPj

But some peoples did a bypass: http://pastebin.com/HK9CekzZ

Anyone have an idea?

Code:

HHOOK MouseHook;

LRESULT CALLBACK MouseHookProc(int nCode, WPARAM wParam, LPARAM lParam)
{
    if (nCode == HC_ACTION)
    {
        if(wParam == WM_RBUTTONDOWN || wParam == WM_LBUTTONDOWN)
        {
            MSLLHOOKSTRUCT *info=(MSLLHOOKSTRUCT*)lParam;     
            if((info->flags & LLMHF_INJECTED) == LLMHF_INJECTED)
            {
                ExitProcess(-1);
            }
        }
    }
    return CallNextHookEx(MouseHook,nCode,wParam,lParam);
}


void AntiShotbotLogger()
{
    HINSTANCE hInstance = GetModuleHandle(NULL);

    MouseHook = SetWindowsHookEx( WH_MOUSE_LL, MouseHookProc, hInstance, NULL );
    MSG message;
    while (GetMessage(&message,NULL,0,0)) {
        TranslateMessage( &message );
        DispatchMessage( &message );
    }

    UnhookWindowsHookEx(MouseHook);

Bypass:

HHOOK MouseHook;


LRESULT CALLBACK ReplaceMousehook(int nCode, WPARAM wParam, LPARAM lParam)
{
    if (nCode == HC_ACTION && (wParam  == WM_RBUTTONDOWN || wParam == WM_LBUTTONDOWN))
    {
        reinterpret_cast<MSLLHOOKSTRUCT*>(lParam)->flags = 0;
        std::cout << "Injection bypassed!" << std::endl;
    }
    return CallNextHookEx(MouseHook,nCode,wParam,lParam);
}


void ShotbotBypassExample()
{
    while(true)
    {
        if (GetAsyncKeyState(VK_NUMPAD0)&1)
        {
            std::cout << "Sending input now." << std::endl;
            INPUT input[2];
            input[0].type = INPUT_MOUSE;
            input[0].mi.dwFlags = MOUSEEVENTF_LEFTDOWN;    
            input[1].type = INPUT_MOUSE;
            input[1].mi.dwFlags = MOUSEEVENTF_LEFTUP;
            SendInput(2, input, sizeof(INPUT));
        }


        Sleep(1);
    }
}


int main(int argc, char** argv)
{
    std::thread keybind(ShotbotBypassExample);
    keybind.joinable();


    HHOOK hook = SetWindowsHookEx( WH_MOUSE_LL, ReplaceMousehook, GetModuleHandle(0), NULL );
    MSG message;
    while (GetMessage(&message,NULL,0,0)) {
        TranslateMessage( &message );
        DispatchMessage( &message );
    }
    return 0;
}

回答1:

Install your own hook, don't call CallNextHookEx. Their hook won't be called then (if it's older).

Furthermore, when you install your hook, check your process for loaded DLL's. Any DLL loaded later may contain a hook which overrides your hook.

来源：https://stackoverflow.com/questions/21210698/how-can-i-protect-against-this-bypass