CN106295326A - A kind of inline hook method and system for obtaining video card content - Google Patents
A kind of inline hook method and system for obtaining video card content Download PDFInfo
- Publication number
- CN106295326A CN106295326A CN201610662988.7A CN201610662988A CN106295326A CN 106295326 A CN106295326 A CN 106295326A CN 201610662988 A CN201610662988 A CN 201610662988A CN 106295326 A CN106295326 A CN 106295326A
- Authority
- CN
- China
- Prior art keywords
- function
- hook
- video card
- game
- address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/54—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by adding security routines or objects to programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/448—Execution paradigms, e.g. implementations of programming paradigms
- G06F9/4482—Procedural
- G06F9/4484—Executing subprograms
- G06F9/4486—Formation of subprogram jump address
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44521—Dynamic linking or loading; Link editing at or after load time, e.g. Java class loading
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
Abstract
The present invention relates to live field of playing, disclose a kind of inline hook method for obtaining video card content, comprise the following steps: step S1, between the function of object function said module, search the address in a space;Step S2, writes in another module by hook function logic function, and described hook function logic function includes the forgery function in order to be performed by object function;Step S3, constructs a hook instruction, and hook instruction makes object function jump in the address, space that step S1 finds;Step S4, object function jumps in the module containing hook function logic function again, the forgery function during object function performs hook function logic function simultaneously.The invention also discloses a kind of system for obtaining video card content.The present invention, it can be avoided that the hook mode having recognized that is judged by accident by safety detection program, effectively reduces the workload that game manufacturer is loaded down with trivial details.
Description
Technical field
The present invention relates to live field of playing, be specifically related to a kind of inline hook method for obtaining video card content and be
System.
Background technology
In software engineering, hook refers to the assembly code of amendment program, it may be assumed that the antiderivative assembly instruction of amendment program is
Jmp instructs, and makes programming jump arrive at forgery function, after having performed forgery function logics, then jumps to original function assembly instruction and continue
Continuous execution original function logic.
Currently, in order to present, to spectators, live picture of preferably playing, live software of playing all can use institute of game manufacturer
The hook mode of accreditation, when i.e. main broadcaster is live, live software of playing is to game client process DirectX 9 dynamic link library mould
Present function in block carries out hook, and live software of playing just can obtain the display content in video card, and will show content
It is sent to service end by network;Viewer accesses service end, just can watch the live picture of game of the main broadcaster of high-quality.But trip
Play manufacturer can add safety detection program in the client of game, in order to enter the function in the game process of detection client
Row detection, it is judged that whether function is by hook, if by hook, then judging the address redirected by the function of hook, if jumping to
In other module outside function said module, then hook is judged as illegally, and terminates the operation of game.
But, game manufacturer is in order to accelerate the popularization of game, it will usually live company cooperates with playing, and makes game straight
Columbia Broadcasting System carries out live popularization to the game of oneself.Meanwhile, in order to play live software can stable operation, can be to the peace of self
Full detection program is revised accordingly, thus carries out adaptation with the hook mode of live software of playing, it is to avoid inherently safe detects
Program produces erroneous judgement to the hook mode of live software of playing.But the hook side of the live software of playing of each live company of playing
Formula all differs, and game manufacturer is required for each hook mode, adapts to one by one safety detection program revise, thus one
One is adaptive, and its workload is the greatest, and the most loaded down with trivial details.
Summary of the invention
For defect present in prior art, it is an object of the invention to provide a kind of in obtaining video card content
Connection hook method and system, it is to avoid the hook mode having recognized that is judged by accident by safety detection program, effectively reduces game manufacturer
Loaded down with trivial details workload.
For reaching object above, the present invention adopts the technical scheme that: comprise the following steps:
Step S1, searches the address in a space between the function of object function said module;
Step S2, writes in another module by hook function logic function, and described hook function logic function includes using
With the forgery function performed by object function;
Step S3, constructs a hook instruction, and hook instruction makes object function jump to the space that step S1 finds
In address;
Step S4, object function jumps in the module containing hook function logic function again, and object function performs simultaneously
Forgery function in hook function logic function.
On the basis of technique scheme, described object function is the DirectX 9 dynamic link library mould of game component
Present function in block.
On the basis of technique scheme, the internal memory of the address of described step S1 void is more than or equal to 5 bytes.
On the basis of technique scheme, in described step S3, before constructing described hook instruction, by object function
Memory attribute is revised as writeable.
On the basis of technique scheme, described hook instruction is JMP Address assembly instruction, wherein Address
The address in the space for finding in step S1, JMP represents and redirects.
On the basis of technique scheme, in described step S4, after object function has performed described forgery function, return to
In module belonging to original, then the memory attribute of object function it is revised as read-only and performs.
The present invention also provides for a kind of system for obtaining video card content, and this system includes: live end, control end and service
End;
Described live end is used for running game assembly, play live software and safety detection program, described game component bag
Include multiple module, and each module includes multiple function;
Described control end is used for searching the address in a space in the module containing object function, and in another module
Middle write hook function logic function, makes object function first jump in address, space, then jumps to containing hook function logic
In the module of function, and perform hook function logic function;After being finished, described control end is additionally operable to make the live software of game
Obtain the game picture of display in video card, and the game picture of acquisition is sent to service end;
Described service end is for receiving the game picture that live software of playing sends.
On the basis of technique scheme, described object function is the DirectX 9 dynamic link library mould of game component
Present function in block.
On the basis of technique scheme, described live end and control end are respectively positioned in the PC of game main broadcaster, and game
PC and the service end of main broadcaster carry out communication by the Internet.
Compared with prior art, the advantage of a kind of inline hook method for obtaining video card content of the present invention is:
Object function first jumps in own module, after the detection by the safety detection program of game, then jumps in other module
Hook, performs to forge function, makes the game picture that the live software of game gets in video card.Use two grades of modes redirected, logical
Cross the detection of game security detection program, it is to avoid the erroneous judgement to this hook mode of the safety detection program in game, manufacturer of playing
Also need not spend extra energy that safety detection program carries out adaptive amendment the hook mode having recognized that, it is right to make
The hook of the Present function detection by safety detection program, i.e. by the accreditation of game manufacturer, the permission live software of game
Revise non-core game component, use the way of live software own adaptation safety detection program of playing so that game manufacturer is not
For each live software of playing, safety detection program must be modified, effectively reduce the work of game manufacturer programming personnel
Amount, and then reduce the cost of manufacture of whole game.
The advantage of a kind of system for obtaining video card content of the present invention is: controls end and makes the mesh in live end memory
Scalar functions carries out secondary and redirects, by the detection of the safety detection program of game so that live software of playing normally obtains main broadcaster
Game picture in video card, i.e. avoids safety detection program to carry out the hook mode of game manufacturer accreditation itself by mistake
Sentence, also mitigate game manufacturer and safety detection program is made the workload of adaptation amendment, just also ensure that game main broadcaster simultaneously
The most live.
Accompanying drawing explanation
Fig. 1 is the flow chart of a kind of inline hook method for obtaining video card content of the present invention.
Detailed description of the invention
Below in conjunction with accompanying drawing, the present invention is described in further detail.
Shown in Figure 1, the present invention provides a kind of inline hook method for obtaining video card content, makes game live soft
Part obtains, by the hook mode of game manufacturer accreditation, the picture that video card shows, the method specifically includes following steps:
Step S1: search the address in a space in the module belonging to object function, and the internal memory of the address in space is more than
Or equal to 5 bytes, in the present embodiment, this object function is the Present in game component DirectX 9 dynamic linked library modular
Function, carries out hook to this object function, and live software of then playing just can get the game picture in video card.By hook
The module belonging to object function be usually in a DLL (Dynamic Link Library, dynamic link library) file, and module
Each function between have space, the 0xCC data for 16 systems generally filled in this space, i.e. fill for the most initial
The variable changed, thus the internal memory address more than or equal to the space of 5 bytes can be found the most easily.
Step S2: be written in another module by hook function logic function, will be written to by hook function logic function
In other module outside object function said module.Hook function logic function includes the forgery in order to be performed by object function
Function, the function forging function concrete can be: prints parameter, amendment and the ginseng of invocation target function that object function calls
Number and the execution flow process etc. of change object function.After object function has performed forgery function, live software of playing just can obtain
Get the game picture in video card.
Step S3: call the VirtualProtect instruction in Windows api function by the memory attribute of object function
It is revised as writeable, because the code segment of object function is read-only and not writeable, needs object function before hook
Memory attribute is revised as writeable, then constructs a hook instruction, and hook instruction makes object function jump to what step S1 found
In the address in space, hook instruction is JMP Address assembly instruction, the space that Address finds in being step S1 herein
Address, JMP represents and redirects.
Step S4: object function jumps in the module containing hook function logic function, object function performs simultaneously
Forgery function in hook function logic function, object function returns in original affiliated module, so after having performed forgery function
After again the memory attribute of object function is revised as read-only and perform.For hook function logic function present position in the module
Memory address, also need the VirtualProtect called in Windows API (window application interface) function to refer to
Order, is revised as writeable by the memory attribute of this memory address, is subsequently adding another JMP Address instruction, JMP herein
JMP in Address instruction represents and redirects, and the function of the Address in JMP Address instruction herein is: preserve current fortune
The value of the depositor of row, calls forgery function, recovers the value of depositor, the presumptive instruction of performance objective function.The most again by interior
The memory attribute depositing address is revised back read-only and performs.So, jump to containing hook function logic function when object function
Time in module, just can recall forgery function, it is simple to performed by object function, after object function has performed forgery function, make
Object function jumps back in original affiliated module.
By above step, i.e. use two grades of modes redirected, make object function first jump in own module, the most again
Jump to hook in other module, perform to forge function, thus by the detection of safety detection program, it is to avoid the safety in game
The erroneous judgement to this hook mode of the detection program, game manufacturer also need not spend extra energy to the hook mode having recognized that
Safety detection program is carried out adaptive amendment, makes the detection by safety detection program of the hook to Present function, the most logical
Cross the accreditation of game manufacturer, use the way of live software own adaptation safety detection program of playing so that game manufacturer need not
For each live software of playing, safety detection program is modified, effectively reduce the work of game manufacturer programming personnel
Amount, and then reduce the cost of manufacture of whole game.Live software of playing just can get the game picture in video card.
The present invention also provides for a kind of system for obtaining video card content based on above-mentioned inline hook method, this system bag
Include live end, control end and service end.Live end and control end be respectively positioned on game main broadcaster PC (personal computer, individual
People's computer) in, service end is positioned at the machine room of live company, and PC and the service end of game main broadcaster are led to by the Internet
News.
Live end runs multiple modules of game, play live software and safety detection program;Control end for containing
There is the address searching a space in the module of object function, and in another module, write hook function logic function, then
Making object function first jump in the address in space, object function is in DirectX 9 dynamic linked library modular of game component
Present function, object function jumps in the module containing hook function logic function again, and performs hook function logic
Function, after having performed hook function logic function, controls end and makes the live software of game obtain the game picture of display in video card,
And the game picture of display in the video card of acquisition is sent to service end;Service end is for receiving the trip that live software of playing sends
Play picture, spectators pass through smart machine or pc access service end, i.e. may be viewed by the live picture of game main broadcaster.
This system by use two grades redirect by the way of, DirectX 9 dynamic chain to the game component of game client
The Present function connect in library module carries out hook, by the detection of the safety detection program of game so that live software of playing
The game picture of display can be obtained in video card, it is to avoid safety detection program non-core group that game manufacturer itself is had recognized that
The amendment of part is judged by accident, has both alleviated game manufacturer and safety detection program is made the workload of adaptation amendment, also ensured simultaneously
Game main broadcaster's is the most live.
The present invention is not limited to above-mentioned embodiment, for those skilled in the art, without departing from
On the premise of the principle of the invention, it is also possible to make some improvements and modifications, these improvements and modifications are also considered as the protection of the present invention
Within the scope of.The content not being described in detail in this specification belongs to prior art known to professional and technical personnel in the field.
Claims (9)
1., for obtaining an inline hook method for video card content, after object function is carried out hook, obtain video card content, its
It is characterised by, comprises the following steps:
Step S1, searches the address in a space between the function of object function said module;
Step S2, writes in another module by hook function logic function, and described hook function logic function includes in order to quilt
The forgery function that object function performs;
Step S3, constructs a hook instruction, and hook instruction makes object function jump to the address, space that step S1 finds
In;
Step S4, object function jumps in the module containing hook function logic function again, and object function performs hook simultaneously
Forgery function in function logic function.
A kind of inline hook method for obtaining video card content, it is characterised in that: described target
Function is the Present function in DirectX 9 dynamic linked library modular of game component.
A kind of inline hook method for obtaining video card content, it is characterised in that: described step
The internal memory of the address of S1 void is more than or equal to 5 bytes.
A kind of inline hook method for obtaining video card content, it is characterised in that: described step
In S3, before constructing described hook instruction, the memory attribute of object function is revised as writeable.
A kind of inline hook method for obtaining video card content, it is characterised in that: described hook
Instruction is JMP Address assembly instruction, the wherein address in the space that Address finds in being step S1, and JMP represents jumping
Turn.
A kind of inline hook method for obtaining video card content, it is characterised in that: described step
In S4, after object function has performed described forgery function, return to, in original affiliated module, then be belonged to by the internal memory of object function
Property be revised as read-only and perform.
7. the system for obtaining video card content based on hook method inline described in claim 1, it is characterised in that should
System includes: live end, control end and service end;
Described live end is used for running game assembly, play live software and safety detection program, and described game component includes many
Individual module, and each module includes multiple function;
Described control end is for searching the address in a space in the module containing object function, and writes in another module
Enter hook function logic function, make object function first jump in address, space, then jump to containing hook function logic function
Module in, and perform hook function logic function;After being finished, described control end is additionally operable to make the live software of game obtain
The game picture of display in video card, and the game picture of acquisition is sent to service end;
Described service end is for receiving the game picture that live software of playing sends.
A kind of system for obtaining video card content, it is characterised in that: described object function is trip
Present function in DirectX 9 dynamic linked library modular of play assembly.
A kind of system for obtaining video card content, it is characterised in that: described live end and control
End is respectively positioned in the PC of game main broadcaster, and the PC of game main broadcaster and service end carry out communication by the Internet.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610662988.7A CN106295326B (en) | 2016-08-12 | 2016-08-12 | Inline hook method and system for acquiring content of display card |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610662988.7A CN106295326B (en) | 2016-08-12 | 2016-08-12 | Inline hook method and system for acquiring content of display card |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106295326A true CN106295326A (en) | 2017-01-04 |
| CN106295326B CN106295326B (en) | 2020-02-07 |
Family
ID=57669175
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610662988.7A Active CN106295326B (en) | 2016-08-12 | 2016-08-12 | Inline hook method and system for acquiring content of display card |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106295326B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108021357A (en) * | 2017-11-20 | 2018-05-11 | 北京奇虎科技有限公司 | The optimization method and device of routine call |
| CN109344028A (en) * | 2018-09-13 | 2019-02-15 | 西安交通大学 | A kind of process behavior monitoring device that exempting from superuser right and method |
| WO2019136861A1 (en) * | 2018-01-09 | 2019-07-18 | 武汉斗鱼网络科技有限公司 | Method and device for implementing hook function based on high-level programming language |
| CN111913742A (en) * | 2018-07-03 | 2020-11-10 | 武汉斗鱼网络科技有限公司 | Program processing method and related equipment |
| CN113918935A (en) * | 2021-12-15 | 2022-01-11 | 飞天诚信科技股份有限公司 | Method and device for processing function when being hook |
| CN113975816A (en) * | 2021-12-24 | 2022-01-28 | 北京蔚领时代科技有限公司 | Hook-based graphics card distribution method using graphics card through DirectX interface |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103823683A (en) * | 2014-02-27 | 2014-05-28 | 北京六间房科技有限公司 | Video recording device and method |
| CN105808256A (en) * | 2016-03-08 | 2016-07-27 | 武汉斗鱼网络科技有限公司 | Method and system for constructing legal stack return value by avoiding function call detection |
| CN105808251A (en) * | 2016-03-03 | 2016-07-27 | 武汉斗鱼网络科技有限公司 | Virtual function table based method and system for bypassing security detection by hijack |
-
2016
- 2016-08-12 CN CN201610662988.7A patent/CN106295326B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103823683A (en) * | 2014-02-27 | 2014-05-28 | 北京六间房科技有限公司 | Video recording device and method |
| CN105808251A (en) * | 2016-03-03 | 2016-07-27 | 武汉斗鱼网络科技有限公司 | Virtual function table based method and system for bypassing security detection by hijack |
| CN105808256A (en) * | 2016-03-08 | 2016-07-27 | 武汉斗鱼网络科技有限公司 | Method and system for constructing legal stack return value by avoiding function call detection |
Non-Patent Citations (1)
| Title |
|---|
| 贺新征: "《中国优秀硕士学位论文全文数据库 信息科技辑》", 31 July 2008 * |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108021357A (en) * | 2017-11-20 | 2018-05-11 | 北京奇虎科技有限公司 | The optimization method and device of routine call |
| WO2019136861A1 (en) * | 2018-01-09 | 2019-07-18 | 武汉斗鱼网络科技有限公司 | Method and device for implementing hook function based on high-level programming language |
| CN111913742A (en) * | 2018-07-03 | 2020-11-10 | 武汉斗鱼网络科技有限公司 | Program processing method and related equipment |
| CN109344028A (en) * | 2018-09-13 | 2019-02-15 | 西安交通大学 | A kind of process behavior monitoring device that exempting from superuser right and method |
| CN109344028B (en) * | 2018-09-13 | 2020-09-15 | 西安交通大学 | Super-user-permission-free process behavior monitoring device and method |
| CN113918935A (en) * | 2021-12-15 | 2022-01-11 | 飞天诚信科技股份有限公司 | Method and device for processing function when being hook |
| CN113918935B (en) * | 2021-12-15 | 2022-04-01 | 飞天诚信科技股份有限公司 | Method and device for processing function when being hook |
| CN113975816A (en) * | 2021-12-24 | 2022-01-28 | 北京蔚领时代科技有限公司 | Hook-based graphics card distribution method using graphics card through DirectX interface |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106295326B (en) | 2020-02-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106295326A (en) | A kind of inline hook method and system for obtaining video card content | |
| CN109951547B (en) | Transaction request parallel processing method, device, equipment and medium | |
| CN102164050B (en) | Log parsing method and log parsing node device | |
| CN106302442B (en) | A kind of network communication resolve packet method based on Java language | |
| CN112988400B (en) | Video memory optimization method and device, electronic equipment and readable storage medium | |
| CN110413386A (en) | Multiprocessing method, apparatus, terminal device and computer readable storage medium | |
| CN109271245A (en) | A kind of control method and device of block processes task | |
| CN110149382A (en) | Data synchronization method, system, main server, synchronization client and medium | |
| CN105204789B (en) | API (application program interface) debugging log printing method and device | |
| WO2006053068A2 (en) | Method and system of retrieving avatar data unique to a user | |
| CN103617066A (en) | Workflow engine and implementation method thereof | |
| CN106021445A (en) | Cached data loading method and apparatus | |
| US20020199171A1 (en) | Generic Java rule engine framework | |
| CN108255585A (en) | SDK exception controls and application program operation method, device and its equipment | |
| CN109358908A (en) | A kind of method, apparatus and storage medium of the SPD information obtaining memory bar | |
| CN101673217B (en) | Method for realizing remote program call and system thereof | |
| CN114328217A (en) | Application testing method, device, equipment, medium and computer program product | |
| CN104699536A (en) | Active assembly progress space distributing method and corresponding device thereof | |
| CN105404635A (en) | Character string matching method and device and heterogeneous computing system | |
| CN110262828A (en) | System business module configuration method, system, readable storage medium storing program for executing and equipment | |
| US20040015816A1 (en) | Coordination synthesis for software systems | |
| CN106997313A (en) | A kind of signal processing method of application program, system and terminal device | |
| CN110060041A (en) | Channel of disbursement cut-in method, system, computer equipment and readable storage medium storing program for executing | |
| CN109388388A (en) | Information interacting method, device, equipment and storage medium between functional module | |
| CN109446762A (en) | Cloud platform access method, device, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |