changing mouse cursor

Posted By: Kartoffel

changing mouse cursor - 03/12/17 15:01

Does one of you guys know how to change the cursor image using the windows api?

Note that I'm not talking about 'mouse_map' (which just makes the windows cursor invisible and draws another cursor inside the engine window).

I'd like to change the windows cursor directly to get rid of these 1-2 frames (visual) lag.

Posted By: Uhrwerk

Re: changing mouse cursor - 03/12/17 17:49

Shouldn't mouse_sync use hardware support and get rid of exactly that lage?

http://www.conitec.net/beta/amouse_sync.htm

Posted By: Ch40zzC0d3r

Re: changing mouse cursor - 03/12/17 18:46

ShowCursor to show/hide the standard windows cursor
SetCursor to set the cursor
LoadCursor to load a windows standard cursor by name
LoadImage to load a custom image for the cursor

Posted By: Kartoffel

Re: changing mouse cursor - 03/12/17 19:56

@Uhrwerk: I tried it before but it doesn't really change anything. Seems like it's output related.

@Ch40zzC0d3r: I just gave it a shot and it's working (kind of). Thanks for the info.. I actually expected it to be trickier than that

The only annoying thing is that I have to set the cursor each frame again. I don't think it's supposed to be like that, probably a contradiction with acknex resetting the mouse pointer.
Also using a custom cursor file for some reason doesn't work. Not sure if the file isn't being found or if something else is the problem, but I guess I can figure that out myself.

but thanks again guys

Posted By: Ch40zzC0d3r

Re: changing mouse cursor - 03/12/17 20:00

Check the handle return value and GetLastError, fixing non working windows apis is usually pretty easy and straight forward (atleast in the usermode world and non native apis)

To fix the loop to set the cursor you should just hook the SetCursor API of acknex itself and ignore everything which was not set by you.
You can use a simple detours but the easiest hooking technique would be an IAT hook imo.

Posted By: Kartoffel

Re: changing mouse cursor - 03/12/17 20:17

Oh wow. I should probably try LoadCursorFromFile instead of LoadCursor which loads it from a resource, duh
problem solved

regarding win-api hooks I'm not sure how that stuff exactly works but for now I'm okay with setting it inside the main while loop

Posted By: Kartoffel

Re: changing mouse cursor - 03/12/17 21:37

edit: well shit. I guess there's no way around using a hook... the cursor sometimes resets after I change it and it begins to flicker back and forth or do other things :S

Posted By: Ch40zzC0d3r

Re: changing mouse cursor - 03/13/17 20:00

If you need help with it just ask, its pretty easy if you know some assembly

Posted By: Kartoffel

Re: changing mouse cursor - 03/13/17 21:31

So I google'd a bit about windows api hooks and I think I understand the basic principle (at least to some extent). Hooking window messages like key presses seem fairly straight forward to me, but I don't exactly know how hooking specific functions should work.

...soo, yeah, I'd appreciate a little help in case you have time

Posted By: Ch40zzC0d3r

Re: changing mouse cursor - 03/14/17 09:46

What you found is probably SetWindowsHookEx which ha nothing to do with the hook we need at all. It can set hooks on the WindowMessage handler of a process.

What we need is called a detours (if we use bytepatches to create a hook)
I guess the detours is easier for beginners and since the windows apis are hotpatchable this will work on any OS version too, no need for the IAT hook for now.
So how does it work?

There is a function prologue for windows apis which looks like this:

Code:

74EEEEDA k>  8BFF                             MOV EDI,EDI
74EEEEDC     55                               PUSH EBP
74EEEEDD     8BEC                             MOV EBP,ESP

As you can see this are exactly 5 bytes thanks to the mov edi, edi

So we will place a jmp instruction there (a jmp is also 5 bytes) and copy the bytes to our trampoline which will first execute those 5 overwritten bytes and ten jumps back past the jump (first 5 bytes) to execute the rest of the bytes.

There are alot of hooking libs out there, but you dont need any special stuff. If you still feel like you can use MS Detours for example (x86 version is free), or PolyHook.
Heres a very simple hooking function which works fine for your needs:

Code:

void *CreateDetour(BYTE *src, const BYTE *dst, const int len)
{
	BYTE *jmp = (BYTE*)malloc(len + 5);
	DWORD dwBack;

	VirtualProtect(jmp, len+5, PAGE_EXECUTE_READWRITE, &dwBack);
	VirtualProtect(src, len, PAGE_EXECUTE_READWRITE, &dwBack);
	Memcpy(jmp, src, len); 

	jmp += len;
	jmp[0] = 0xE9;
	*(DWORD*)(jmp + 1) = (DWORD)src + len - (DWORD)jmp - 5;

	src[0] = 0xE9;
	*(DWORD*)(src + 1) = (DWORD)dst - (DWORD)src - 5;

	for(int i = 5; i < len; i++)
		src[i] = 0x90;

	VirtualProtect(src, len, dwBack, &dwBack);

	return(jmp - len);
}

And its usage:

Code:

typedef int (WINAPI *tMessageBoxA)(HWND hWnd, LPCTSTR lpText, LPCTSTR lpCaption, UINT uType);
tMessageBoxA oMessageBoxA;

int WINAPI hkMessageBoxA(HWND hWnd, LPCTSTR lpText, LPCTSTR lpCaption, UINT uType)
{
	return oMessageBoxA(hWnd, lpText, "Hooked :)", uType);
}

...

oMessageBoxA = (tMessageBoxA)CreateDetour((BYTE*)GetProcAddress(GetModuleHandle("user32.dll"), "MessageBoxA")), (BYTE*)hkMessageBoxA, 5);

MessageBoxA(0, "Test", "Test", 0);

The size is always 5 for windows apis because of the mov edi, edi (hotpatchable image)

Posted By: Kartoffel

Re: changing mouse cursor - 03/14/17 14:36

well that's some hacky stuff

I'm fine with it, though, since what I'm working on is mostly for personal use.
So, thanks a lot for the explanation! I'll give it a shot later.

edit: I had to make some adjustments to your example (because lite-c syntax ._.) but I got it working now. Still have to test it with SetCursor, though.

Posted By: Kartoffel

Re: changing mouse cursor - 03/14/17 15:40

works perfectly, thank you!

Posted By: Ch40zzC0d3r

Re: changing mouse cursor - 03/14/17 16:42

Great to hear

And I wouldnt call this hacky at all, thats what most Antiviruses and Anticheats do in usermode, even your recording software uses a simple jump hook like this