PDA

View Full Version : Confirmation please (GNAT)

i4gMedic
22nd July, 2007, 10:06 AM
### -------------------------------------------------------------
### ANTHCHECKER - PLAYER KICK
### -------------------------------------------------------------
### - Player name : ***
### - Player IP : *.*.*.*
### - Player OS : Windows
### - EngineVer : 436
### - RenderDev : Direct3D d3dDrv.dll
### - RenderVer : UT v436 D3D Renderer - Std/No Delta
### - RenderChksm : FE0656E088236E2F1F1D2195D0AF7040
### - RenderSize : 217088 bytes
### - TimeStamp : 21-07-2007 22:36:02
### ----------------- Additional information -----------------
### - GUID : edW\oD@<hidden>@<hidden>=@<hidden>=B@<hidden>@<hidden>
### - GUID Valid : True
### - KickType : 9
### - AnthChecker : v1.37 (Build 2)
### - Reason : Client loaded an illegal library! (hacked)
### - File : GNAT_1Nf.dll
### - Checksum : 160bf6b4cf95ec9042a8839001b86992
### - Ident : HACKED - Unknown Package
### -------------------------------------------------------------


Thought that GNAT thing was whitelisted, so I prefer to ask to be sure.
PizzaMan
22nd July, 2007, 11:00 AM
I dont think it is on the whitelist. It is part of a private anticheat. You shouldnt normally get those logs, but I can think of a couple of situations where it can happen.

Its certainly not a cheat.
i4gMedic
22nd July, 2007, 11:19 AM
OK, thanks.
dodgethis
24th July, 2007, 07:27 AM
I dont think it is on the whitelist. It is part of a private anticheat. You shouldnt normally get those logs, but I can think of a couple of situations where it can happen.

Its certainly not a cheat.

As long as one or more classes from the GNAT package are kept alive (class with RF_Native/RF_Keep) the dll will remain loaded in the memory.
PizzaMan
24th July, 2007, 12:22 PM
As long as one or more classes from the GNAT package are kept alive (class with RF_Native/RF_Keep) the dll will remain loaded in the memory.

Yes. What I ment was, normally you will not get logs like this one because Gnat shuts down the client if it detects UTDC (this is to stop UTDC from detecting Gnat on the client, which would cause false positives on UTDC servers). So on this server, UTDC is either not installed or not active.
AnthraX
24th July, 2007, 01:03 PM
I'll change the kicktype for GNAT packages to 8 (possible hack rather than hack) but I can't really whitelist the entire series because it's private and I don't have access to it.
dodgethis
24th July, 2007, 05:04 PM
I'll change the kicktype for GNAT packages to 8 (possible hack rather than hack) but I can't really whitelist the entire series because it's private and I don't have access to it.

I believe you can just MD5 the dll a client gets send and add that to validate the files can't you?