As you probably already know half-life is plagued with hacks and cheats. My question is since the hack can easily get around the crc check on the dll, is there any way to detect if function call was called by from a pointer from the engine or an intermediate dll. I''v found the source code for hack in question. From what I''v gathered there are two main parts. The first part is getting by the crc check, it does this by using the games actual dll, after it has passed teh check it then injects it''s modified dll and links to the engine. The second part is the actual dll, it acts as a medium between communication of the engine and the game''s actual dll. It''s set up to call the required functions in the game dll but as well add extras such as archieving the positions of other clients, modifying aim, modifying ogl attributes etc. Im not too familar with the win32 api or security algorithms, could somebody give me some insight? Btw this would be from within the game''s actual dll.

I wish that were an alternative but this is for a mod on teh half-life engine, so until Valve releases source to the engine that''s not an option, and I don''t think they''re going to do that anytime soon.

The external DLL is what allows people to make MODs for Half-Life through an SDK where they can compile their own DLLs. Otherwise you would have to release the engine code to everyone, which Valve can''t do. It''s also 10 times easier when you only have to work with actual game logic and not all the techy engine stuff.

quote:Original post by Magmai Kai Holmlor
The cheat''s generally _AREN''T_ in the dlls - their hacks of the exe.

With half-life the executable only acts as a launcher for the actual game. HL''s engine dll relys on the mods plug-in dll for the logic. The problem is the server sends information and the cheats dll can intercept and use the information for things such as displaying positions of other players. Also for example if the player shoots, client game dll -> cheat - modifies the aim to point at one of the players position -> sends to engine dll which in turn sends to server.

The only way I''v heard (other than those of modifying the engine) is to check the call stack to see if the dll function was in fact called directly from the engine, but that involves lower level logic/win32 api stuff which I have no experience with.