Detecting SendInput

[Opieo]

I am making a little game application on the side. I intend for my program to use DirectInput.
I was wondering if there was any way to detect the difference between the input coming from the keyboard itself or if somebody is trying to fake input using the SendInput function.

Might anybody know if this is possible at all?

I have tried googling Detect SendInput and similar but have not found anything helpful for being able to tell the difference between real keyboard input, and somebody using a program somewhere to SendInput (I know of the exact SendInput function being available to at least Delphi, C#, C++, Python, and something similar for a couple other languages, it is a Windows function from my understanding).

~
“Your request is not unlike your lower intestine: stinky, and loaded with danger.” — Ace Ventura.

 

[whosrdaddy]

if I read this post correctly, I don't think you will ever tell the difference. Are you trying to stop bots?

/Daddy

-----------------------------------------------------
What You See Is What You Get
Never underestimate tha powah of tha google!

 

[strongm]

You probably want to investigate a low level keyboard hook, specifically WH_KEYBOARD_LL Hook. The lParam of this hook's callback function (LowLevelKeyboardProc) points to a KBDLLHOOKSTRUCT structure which contains an 8-bit flag. Bit 5 of this flag indicates whether the keyboard event is real or injected.

 

[Opieo]

Yes my goal is to stop botting.
Strong, thank you for a nudge in that direction. I will look into it.

~
“Your request is not unlike your lower intestine: stinky, and loaded with danger.” — Ace Ventura.

 

[whosrdaddy]

Opie, my point is that there are a LOT of ways faking keyboard input some of them are easily detectable (like the keyboard hook), others not. If the hacker writes a low level filter for the keyboard driver, you'll never be able to detect that.

/Daddy

-----------------------------------------------------
What You See Is What You Get
Never underestimate tha powah of tha google!

 

[Opieo]

They could also end up writing their own DLL and have the DLL send keyboard input. I was just wondering how much effort would be required to stop SendInput since it is so easily implemented. I know it is impossible to stop all methods. Just trying to cover some of the easier bases.

~
“Your request is not unlike your lower intestine: stinky, and loaded with danger.” — Ace Ventura.

 

[Opieo]

Detecting it could be pretty easy depending on how far down one goes (and the trouble one is willing to go through).
After more extensive research, I have decided that it is not worth my time.
Basically I would need API hooks so far down that I would be at the rootkit level (without the rootkit activity).
See this link for the structure that contains a single bit to indicate whether it is legitimate or injected.
MSDN Article

There is also a program that does this kind of stuff, called GameGuard, and it causes problems with some other programs because it operates at this level.
I do not want that sort of reputation, and if people are really that determined, so be it.
I know that botting is impossible to stop to an extent. If people want to bot it, they will just be the ones missing out on the fun (that is if my game is as fun as I am hoping it will be).

~
“Your request is not unlike your lower intestine: stinky, and loaded with danger.” — Ace Ventura.

 

[strongm]

That link is to the structure I already advised you about

 

[Opieo]

That it is.
And now there is a direct link to it.
Thank you for pointing me in the direction I needed to be pointed. My experience with API hooking is still very small, and mostly follows the high level hooking where I have borrowed code from others.
Thank you again guys.

~
“Your request is not unlike your lower intestine: stinky, and loaded with danger.” — Ace Ventura.