Jump to content
  • Advertisement
Sign in to follow this  
dutchmeat

[VB 6.0] detect injections

This topic is 3712 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Hello, I'm currently working on an anticheat program for RTCW. This program is written in Visual Basic 6.0. I would like to know if anyone knows a way to detect injections or 'hooks' to a progress(like a game for example). I've already tried to enum all the modules, but that's too slow, because when I finaly get the (complete) modulelist, an hook can already be injected. Also I've tried to check every description of each process running if it's matching a description of a cheat, however, it doesn't get the FileDescription value out of the VersionInformation string(atleast not of the cheat processes). Would it be wise to check every module of the game executable(rtcw) if it's owner is Microsoft, or the game's publisher? With kind regards, Eamon

Share this post


Link to post
Share on other sites
Advertisement
Reversing: Secrets of Reverse Engineering by Eldad Eilam
Exploiting Online Games: Cheating Massively Distributed Systems by Greg Hoglund, Gary McGraw
gamedeception forums
woodmann forums

the practical answer for the dumber hacks is to enumerate the process module list, but an injected module can remove itself from that list. its a problem of escalation - you come up with an antihack, they come up with a better hack. sooner or later you are both writing kernel drivers.

Quote:
Would it be wise to check every module of the game executable(rtcw) if it's owner is Microsoft, or the game's publisher?

Probably not, because the module (or hooked kernel) can always lie. You might call EnumModules or whatever the api is, but the malicious module might have already hooked it, so you might want to traverse the data structure manually, but they might have modified the contents of the structure, ...

There's some good documentation on how punkbuster works on the game deception forums, if you can tolerate noise the script kiddies.

Share this post


Link to post
Share on other sites
Alright, thanks for the info.

One more thing,

Do you think/know if C(++) is more efficient to program an anticheat client than VB?

Share this post


Link to post
Share on other sites
I think this is one of the places where C++ is actually better. Not because of the usual ideological debate, but because for the task at hand, direct pointer manipulation, writing DLL hooks and possibly even raw performance are useful.

It's not exactly my area of expertise, but can control a process through a debugging hook. That allows you to pause an application and gives you time to scan its memory at will. Some copy protections won't like this.

Another hook provided by the Windows API will allow you to monitor when a process loads DLLs, so you could theoretically compile a list of all libraries loaded by an unmodified game and detect when something out of the usual is loaded.

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

We are the game development community.

Whether you are an indie, hobbyist, AAA developer, or just trying to learn, GameDev.net is the place for you to learn, share, and connect with the games industry. Learn more About Us or sign up!

Sign me up!