The following is the effect of successfully bypassing the inline hook:
I. Introduction
In the previous chapters, the principles and code implementation of inline hook, iat hook, seh/veh hook, etc. were described. When talking about inline hook, it was also mentioned that the method of forging the function header + offset of 5 bytes bypasses the inline hook . After all, this method is a bit "non-mainstream".
Under normal circumstances, any anti-cheating or cheating devices will not directly call those key API functions carelessly, most of them will take memory loading DLL + redirection to repair these files to ensure that the DLL export function is absolutely "clean", so as to ensure The following anti-cheat strength. When I was writing the anti-cheating system in the early days, in order to ensure that the Windows API functions I called were "clean" to a certain extent, I almost built most of the function pointer libraries. Here, in order to prevent everyone from