Back to Details

graphics-api-hooking

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Graphics API Hooking & Rendering

图形API挂钩与渲染

Overview

概述

This skill covers graphics API resources from the awesome-game-security collection, including DirectX, OpenGL, and Vulkan hooking techniques, overlay rendering, and graphics debugging.
本技能涵盖了来自awesome-game-security合集的图形API资源,包括DirectX、OpenGL和Vulkan的挂钩技术、覆盖渲染以及图形调试内容。

DirectX

DirectX

DirectX 9

DirectX 9

cpp
// Key functions to hook
IDirect3DDevice9::EndScene
IDirect3DDevice9::Reset
IDirect3DDevice9::Present
cpp
// Key functions to hook
IDirect3DDevice9::EndScene
IDirect3DDevice9::Reset
IDirect3DDevice9::Present

DirectX 11

DirectX 11

cpp
// Key functions to hook
IDXGISwapChain::Present
ID3D11DeviceContext::DrawIndexed
ID3D11DeviceContext::Draw
cpp
// Key functions to hook
IDXGISwapChain::Present
ID3D11DeviceContext::DrawIndexed
ID3D11DeviceContext::Draw

DirectX 12

DirectX 12

cpp
// Key functions to hook
IDXGISwapChain::Present
ID3D12CommandQueue::ExecuteCommandLists
cpp
// Key functions to hook
IDXGISwapChain::Present
ID3D12CommandQueue::ExecuteCommandLists

VTable Hooking

VTable Hooking

cpp
// DX11 Example
typedef HRESULT(__stdcall* Present)(IDXGISwapChain*, UINT, UINT);
Present oPresent;

HRESULT __stdcall hkPresent(IDXGISwapChain* swapChain, UINT syncInterval, UINT flags) {
    // Render overlay here
    return oPresent(swapChain, syncInterval, flags);
}

// Hook via vtable
void* swapChainVtable = *(void**)swapChain;
oPresent = (Present)swapChainVtable[8];  // Present is index 8
cpp
// DX11 Example
typedef HRESULT(__stdcall* Present)(IDXGISwapChain*, UINT, UINT);
Present oPresent;

HRESULT __stdcall hkPresent(IDXGISwapChain* swapChain, UINT syncInterval, UINT flags) {
    // Render overlay here
    return oPresent(swapChain, syncInterval, flags);
}

// Hook via vtable
void* swapChainVtable = *(void**)swapChain;
oPresent = (Present)swapChainVtable[8];  // Present is index 8

OpenGL

OpenGL

Key Functions

关键函数

cpp
wglSwapBuffers
glDrawElements
glDrawArrays
glBegin/glEnd (legacy)
cpp
wglSwapBuffers
glDrawElements
glDrawArrays
glBegin/glEnd (legacy)

Hook Example

挂钩示例

cpp
typedef BOOL(WINAPI* wglSwapBuffers_t)(HDC);
wglSwapBuffers_t owglSwapBuffers;

BOOL WINAPI hkwglSwapBuffers(HDC hdc) {
    // Render overlay
    return owglSwapBuffers(hdc);
}
cpp
typedef BOOL(WINAPI* wglSwapBuffers_t)(HDC);
wglSwapBuffers_t owglSwapBuffers;

BOOL WINAPI hkwglSwapBuffers(HDC hdc) {
    // Render overlay
    return owglSwapBuffers(hdc);
}

Vulkan

Vulkan

Key Functions

关键函数

cpp
vkQueuePresentKHR
vkCreateSwapchainKHR
vkCmdDraw
vkCmdDrawIndexed
cpp
vkQueuePresentKHR
vkCreateSwapchainKHR
vkCmdDraw
vkCmdDrawIndexed

Instance/Device Layers

实例/设备层

  • Use validation layers for debugging
  • Custom layers for interception
  • Layer manifest configuration
  • 使用验证层进行调试
  • 自定义层用于拦截
  • 层清单配置

Universal Hook Libraries

通用挂钩库

Kiero

Kiero

  • Cross-API hook library
  • Supports DX9/10/11/12, OpenGL, Vulkan
  • Automatic method detection
  • 跨API挂钩库
  • 支持DX9/10/11/12、OpenGL、Vulkan
  • 自动方法检测

Universal ImGui Hook

Universal ImGui Hook

  • Pre-built ImGui integration
  • Multiple API support
  • Easy deployment
  • 预构建的ImGui集成
  • 多API支持
  • 部署简便

ImGui Integration

ImGui集成

Setup (DX11)

配置(DX11)

cpp
// In Present hook
ImGui_ImplDX11_Init(device, context);
ImGui_ImplWin32_Init(hwnd);

// Render
ImGui_ImplDX11_NewFrame();
ImGui_ImplWin32_NewFrame();
ImGui::NewFrame();

// Your rendering code
ImGui::Begin("Overlay");
// ...
ImGui::End();

ImGui::Render();
ImGui_ImplDX11_RenderDrawData(ImGui::GetDrawData());
cpp
// In Present hook
ImGui_ImplDX11_Init(device, context);
ImGui_ImplWin32_Init(hwnd);

// Render
ImGui_ImplDX11_NewFrame();
ImGui_ImplWin32_NewFrame();
ImGui::NewFrame();

// Your rendering code
ImGui::Begin("Overlay");
// ...
ImGui::End();

ImGui::Render();
ImGui_ImplDX11_RenderDrawData(ImGui::GetDrawData());

Window Procedure Hook

窗口过程挂钩

cpp
// Required for ImGui input
LRESULT CALLBACK WndProc(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam) {
    if (ImGui_ImplWin32_WndProcHandler(hWnd, msg, wParam, lParam))
        return true;
    return CallWindowProc(oWndProc, hWnd, msg, wParam, lParam);
}
cpp
// Required for ImGui input
LRESULT CALLBACK WndProc(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam) {
    if (ImGui_ImplWin32_WndProcHandler(hWnd, msg, wParam, lParam))
        return true;
    return CallWindowProc(oWndProc, hWnd, msg, wParam, lParam);
}

Overlay Techniques

覆盖渲染技术

External Overlay

外部覆盖层

1. Create transparent window
2. Set WS_EX_LAYERED | WS_EX_TRANSPARENT
3. Use SetLayeredWindowAttributes
4. Render with GDI+/D2D
5. Position over game window
1. 创建透明窗口
2. 设置WS_EX_LAYERED | WS_EX_TRANSPARENT
3. 使用SetLayeredWindowAttributes
4. 借助GDI+/D2D进行渲染
5. 定位到游戏窗口上方

DWM Overlay

DWM覆盖层

- Hook Desktop Window Manager
- Render in DWM composition
- Higher privilege requirements
- Better anti-detection
- 挂钩桌面窗口管理器(Desktop Window Manager)
- 在DWM合成阶段渲染
- 需要更高权限
- 反检测能力更强

Steam Overlay Hijack

Steam覆盖层劫持

- Hook Steam's overlay functions
- Use existing overlay infrastructure
- Requires Steam running
- 挂钩Steam的覆盖层函数
- 利用现有覆盖层基础设施
- 需要Steam处于运行状态

NVIDIA Overlay Hijack

NVIDIA覆盖层劫持

- Hook GeForce Experience overlay
- Native-looking overlay
- May require specific drivers
- 挂钩GeForce Experience覆盖层
- 呈现原生风格的覆盖层
- 可能需要特定驱动版本

Shader Manipulation

着色器操作

Wallhack Implementation

透视挂实现

hlsl
// Disable depth testing
OMSetDepthStencilState(depthDisabledState, 0);

// Or in pixel shader
float4 PSMain(VS_OUTPUT input) : SV_Target {
    // Always pass depth test
    return float4(1, 0, 0, 0.5);  // Red transparent
}
hlsl
// Disable depth testing
OMSetDepthStencilState(depthDisabledState, 0);

// Or in pixel shader
float4 PSMain(VS_OUTPUT input) : SV_Target {
    // Always pass depth test
    return float4(1, 0, 0, 0.5);  // Red transparent
}

Chams (Character Highlighting)

角色高亮(Chams)

hlsl
// Replace model shader
float4 PSChams(VS_OUTPUT input) : SV_Target {
    if (isEnemy) {
        return float4(1, 0, 0, 1);  // Red
    }
    return float4(0, 1, 0, 1);      // Green
}
hlsl
// Replace model shader
float4 PSChams(VS_OUTPUT input) : SV_Target {
    if (isEnemy) {
        return float4(1, 0, 0, 1);  // Red
    }
    return float4(0, 1, 0, 1);      // Green
}

Rendering Concepts

渲染概念

World-to-Screen

世界坐标转屏幕坐标

cpp
D3DXVECTOR3 WorldToScreen(D3DXVECTOR3 pos, D3DXMATRIX viewProjection) {
    D3DXVECTOR4 clipCoords;
    D3DXVec3Transform(&clipCoords, &pos, &viewProjection);
    
    if (clipCoords.w < 0.1f) return invalid;
    
    D3DXVECTOR3 NDC;
    NDC.x = clipCoords.x / clipCoords.w;
    NDC.y = clipCoords.y / clipCoords.w;
    
    D3DXVECTOR3 screen;
    screen.x = (viewport.Width / 2) * (NDC.x + 1);
    screen.y = (viewport.Height / 2) * (1 - NDC.y);
    
    return screen;
}
cpp
D3DXVECTOR3 WorldToScreen(D3DXVECTOR3 pos, D3DXMATRIX viewProjection) {
    D3DXVECTOR4 clipCoords;
    D3DXVec3Transform(&clipCoords, &pos, &viewProjection);
    
    if (clipCoords.w < 0.1f) return invalid;
    
    D3DXVECTOR3 NDC;
    NDC.x = clipCoords.x / clipCoords.w;
    NDC.y = clipCoords.y / clipCoords.w;
    
    D3DXVECTOR3 screen;
    screen.x = (viewport.Width / 2) * (NDC.x + 1);
    screen.y = (viewport.Height / 2) * (1 - NDC.y);
    
    return screen;
}

View Matrix Extraction

视图矩阵提取

- From device constants
- Pattern scanning
- Engine-specific locations
- Reverse engineered addresses
- 从设备常量中提取
- 特征码扫描
- 引擎特定位置
- 逆向工程获取地址

Debugging Tools

调试工具

PIX for Windows

PIX for Windows

  • Frame capture and analysis
  • GPU profiling
  • Shader debugging
  • 帧捕获与分析
  • GPU性能分析
  • 着色器调试

RenderDoc

RenderDoc

  • Open-source frame debugger
  • Multi-API support
  • Resource inspection
  • 开源帧调试器
  • 多API支持
  • 资源检查

NVIDIA Nsight

NVIDIA Nsight

  • Performance analysis
  • Shader debugging
  • Frame profiling
  • 性能分析
  • 着色器调试
  • 帧性能剖析

Anti-Detection Considerations

反检测注意事项

Present Hook Detection

Present挂钩检测

- VTable integrity checks
- Code section verification
- Call stack analysis
- VTable完整性检查
- 代码段验证
- 调用栈分析

Evasion Techniques

规避技术

- Trampoline hooks
- Hardware breakpoints
- Timing obfuscation
- 跳板挂钩
- 硬件断点
- 时间混淆

Performance Optimization

性能优化

Best Practices

最佳实践

1. Minimize state changes
2. Batch draw calls
3. Use instancing
4. Cache resources
5. Profile regularly
1. 最小化状态变更
2. 批量绘制调用
3. 使用实例化渲染
4. 缓存资源
5. 定期性能剖析

Common Issues

常见问题

- Flickering: Double buffer sync
- Artifacts: Clear state properly
- Performance: Reduce overdraw
- 闪烁:双缓冲区同步
- 图形瑕疵:正确清理状态
- 性能问题:减少过度绘制

Resource Organization

资源组织

The README contains:
  • DirectX 9/11/12 hook implementations
  • OpenGL hook libraries
  • Vulkan interception tools
  • ImGui integration examples
  • Overlay frameworks
  • Shader modification tools
本README包含:
  • DirectX 9/11/12挂钩实现
  • OpenGL挂钩库
  • Vulkan拦截工具
  • ImGui集成示例
  • 覆盖层框架
  • 着色器修改工具

Data Source

数据源

Important: This skill provides conceptual guidance and overview information. For detailed information including:
  • Specific GitHub repository links
  • Complete project lists with descriptions
  • Up-to-date tools and resources
  • Code examples and implementations
Please fetch the complete data from the main repository:
https://raw.githubusercontent.com/gmh5225/awesome-game-security/refs/heads/main/README.md
The main README contains thousands of curated links organized by category. When users ask for specific tools, projects, or implementations, retrieve and reference the appropriate sections from this source.
重要说明:本技能仅提供概念性指导与概述信息。如需以下详细内容:
  • 具体GitHub仓库链接
  • 带描述的完整项目列表
  • 最新工具与资源
  • 代码示例与实现
请从主仓库获取完整数据:
https://raw.githubusercontent.com/gmh5225/awesome-game-security/refs/heads/main/README.md
主README包含数千个按类别整理的链接。当用户询问特定工具、项目或实现时,请从此源中检索并引用相应章节。