I am trying to create an anti-cheat detection system for several wide-spread cheating tools/DLLs.
Most of those cheating tools work by injecting the game process and changing several values.
I started of with one of them and by using IDA I could track the memory pointers by looking at the WriteMemoryProcess area in the debugger.
The problem I’m having is with my second attempt with another cheating DLL where I can’t seem to be able to find any useful references to track down the static memory pointers that are changed by it. The anti-cheat technique is very basic, I use memcmp() to detect the cheat injection, for example:
Code:
const char* cleanMem = “\xAC\x51″;
if (memcmp(cleanMem, (void*)0x4AC590, 2))
{
// Cheat detected, take action.
}
The code above, even if it might not be the best approach, works fine. The memory pointer 0x4AC590 is just an example for the one I was able to pinpoint on my first attempt. The problem I’m having is pinpointing the exact game addresses that are targeted by the injected DLL. I’m having a real hard time doing it and most tutorials I have read so far were either too broad or had too much overwhelming info that I couldn’t follow every aspect of it. I would appreciate if someone could give me a few tips on how to precisely track them down.
June 26th, 2012 on 7:20 pm
Hi dude,
I want to support you for example I translate your text into another language like german or spanish.
to expand your growing fan community
my motivation:
i like your detailed work and iam also a part of your “new community”
If you have interest mail me – any IM conntact would be nice
June 26th, 2012 on 7:22 pm
oh and if anyone else has an opinion – Reply
June 26th, 2012 on 9:35 pm
I have two opinions: 1. I’m flattered. 2. I have no idea how to get a hold of you as you left no contact info. Try emailing me
June 30th, 2012 on 5:16 pm
LOL
July 29th, 2012 on 4:11 pm
Hello,
I am trying to create an anti-cheat detection system for several wide-spread cheating tools/DLLs.
Most of those cheating tools work by injecting the game process and changing several values.
I started of with one of them and by using IDA I could track the memory pointers by looking at the WriteMemoryProcess area in the debugger.
The problem I’m having is with my second attempt with another cheating DLL where I can’t seem to be able to find any useful references to track down the static memory pointers that are changed by it. The anti-cheat technique is very basic, I use memcmp() to detect the cheat injection, for example:
Code:
const char* cleanMem = “\xAC\x51″;
if (memcmp(cleanMem, (void*)0x4AC590, 2))
{
// Cheat detected, take action.
}
The code above, even if it might not be the best approach, works fine. The memory pointer 0x4AC590 is just an example for the one I was able to pinpoint on my first attempt. The problem I’m having is pinpointing the exact game addresses that are targeted by the injected DLL. I’m having a real hard time doing it and most tutorials I have read so far were either too broad or had too much overwhelming info that I couldn’t follow every aspect of it. I would appreciate if someone could give me a few tips on how to precisely track them down.
Thank you.