Page 4 of 4 FirstFirst ... 234
Results 31 to 39 of 39

Thread: New Anticheat Idea + Source of "Anti-Thirdperson"

  1. #31
    Über Prodigy & Developer Razo[R]apiD's Avatar
    Join Date
    May 2010
    Location
    Poland, Lublin
    Posts
    3,257

    Default

    We can close the thread if you want to The information isn't private in any way and I think nobody gave any specifics or details - just general ideas and when doing client-side AC it's very important how those ideas are executed as well. Also there is a lot of ways to protect the game and to bypass the protections. It all boils down to creativity I think, but there is also a lot of common knowledge techniques and anti-techniques.

    Also keep in mind that when we will finally have an open source version of the game - all internals and game structures will be available to cheaters, so it will be even easier to create cheats, because not every cheater has to be good in reverse engineering, but with source code available, you can basically compile your own version of the client with all god-features you want and you only need basic coding skills to do that.

  2. #32
    Client Beta Testers Appelpitje's Avatar
    Join Date
    Jan 2012
    Location
    Belgium
    Posts
    571

    Default

    Oh look what Microsoft is comming with: https://msdn.microsoft.com/en-us/lib...(v=vs.85).aspx

  3. #33
    Administrator James's Avatar
    Join Date
    May 2010
    Location
    on the intraweb
    Posts
    3,180

    Default

    I read about something like this a while ago. I also heard something about motherboards having some sort of firmware built in to support something similar to this. Interesting concepts, but I wonder what this will do to all the big name AC's like punkbuster and VAC if those AC's will no longer be required to protect against cheating...

  4. #34
    Developer RyBack's Avatar
    Join Date
    Apr 2014
    Location
    In Front of the screen
    Posts
    1,603

    Default

    Quote Originally Posted by Appelpitje View Post
    Oh look what Microsoft is comming with: https://msdn.microsoft.com/en-us/lib...(v=vs.85).aspx
    Totally useless it's famous = will be cracked always, look at VAC and PB.

  5. #35

    Default

    TruePlay will obviously work only with UWP applications, standard applications (from Steam, Origins, etc) are not affected.

    Built-in firmware is a very deep and generic way of detecting cheats. I think it would require a kernel driver to communicate with it.
    Hooking the kernel function MmCopyVirtualMemory by checking if the target process is the game would already be a step to eliminate cheats in most situations (dynamic dll injection, dynamic read/write process memory writing).
    It is possible to overwrite a kernel function in ring0 by manipulating through the cr0 register, and then write code to this function to jump to a custom function. But this is an extremely dangerous situation as it could cause an hang/bluescreen if not hooked correctly.

    I already thought of a way to avoid this kernel protection in user-mode, but it's better to stay quiet.

  6. #36
    Developer RyBack's Avatar
    Join Date
    Apr 2014
    Location
    In Front of the screen
    Posts
    1,603

    Default

    Quote Originally Posted by Ley0k View Post
    TruePlay will obviously work only with UWP applications, standard applications (from Steam, Origins, etc) are not affected.

    Built-in firmware is a very deep and generic way of detecting cheats. I think it would require a kernel driver to communicate with it.
    Hooking the kernel function MmCopyVirtualMemory by checking if the target process is the game would already be a step to eliminate cheats in most situations (dynamic dll injection, dynamic read/write process memory writing).
    It is possible to overwrite a kernel function in ring0 by manipulating through the cr0 register, and then write code to this function to jump to a custom function. But this is an extremely dangerous situation as it could cause an hang/bluescreen if not hooked correctly.

    I already thought of a way to avoid this kernel protection in user-mode, but it's better to stay quiet.
    now you wanna stay quiet

  7. #37

    Default

    There are kernel-mode and user-mode ways to defeat an anti-cheat (even if they are kernel-mode), and as RR said, you are immortal when you are in Ring0 and I doubt an anti-cheat will hook calls from KeStackAttachProcess (function to attach the current thread to the specified process) for performance reasons.

  8. #38
    Developer RyBack's Avatar
    Join Date
    Apr 2014
    Location
    In Front of the screen
    Posts
    1,603

    Default

    Quote Originally Posted by Ley0k View Post
    There are kernel-mode and user-mode ways to defeat an anti-cheat (even if they are kernel-mode), and as RR said, you are immortal when you are in Ring0 and I doubt an anti-cheat will hook calls from KeStackAttachProcess (function to attach the current thread to the specified process) for performance reasons.
    Now we're talking

  9. #39
    Administrator James's Avatar
    Join Date
    May 2010
    Location
    on the intraweb
    Posts
    3,180

    Default

    Few interesting articles:
    http://i.imgur.com/0bwq8Xg.png
    http://www.gameref.io/ --> I understand the concept, but don't see how it can catch visual hacks like wallhacks, chams, no recoil, no sun, no brush.. ???
    https://www.technologyreview.com/s/4...own-computers/

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •