You are an unregistered user, you can register here
Navigation

Information

Site

Donations
If you wish to make a donation you can by clicking the image below.


 
Go Back   The Unreal Admins Page > Forums > Hosted Forums > UTPure > Anti-Cheat Development > Anti-Cheat Developer's Corner

Reply
Thread Tools Display Modes
  #1  
Unread 26th July, 2007, 10:10 PM
lism lism is offline
Godlike
 
Join Date: May 2006
Posts: 324
Default Basic check method.

I'm having an issue with a current hook. So far it bypassed our Native anti, but i figured out why already, the hook closes itself as soon as you 'activate' the functions of the hook, and the functions are loaded into UT itself.

Now i took a look at CSHP 4.0 (source) and the following noticed me:
Quote:
if (zzMyConsole.GetPropertyText("Elf") != "")
return 14; // ("(ELFBot)");
This would simply search anything related to 'Elf' on the players side right? In the meantime i'm trying to decompile and execute the Bot to at least get a glimp of the hooked code into the game, but would it work if i'm able to catch a certain code that's hooked and put it in like that?

My feeling tells me i'm not, but i'm still figuring out ways to make it detect it. Native is atm a no go , i'm awaiting the Source of Hguard for demo.

Also, what is the most basic looks of an anti in Uscript including the classes for looking for a certain text?
Reply With Quote
  #2  
Unread 26th July, 2007, 10:21 PM
dodgethis dodgethis is offline
Godlike
 
Join Date: Jul 2007
Posts: 261
Default

Quote:
Originally Posted by lism View Post
I'm having an issue with a current hook. So far it bypassed our Native anti, but i figured out why already, the hook closes itself as soon as you 'activate' the functions of the hook, and the functions are loaded into UT itself.

Now i took a look at CSHP 4.0 (source) and the following noticed me:


This would simply search anything related to 'Elf' on the players side right? In the meantime i'm trying to decompile and execute the Bot to at least get a glimp of the hooked code into the game, but would it work if i'm able to catch a certain code that's hooked and put it in like that?

My feeling tells me i'm not, but i'm still figuring out ways to make it detect it. Native is atm a no go , i'm awaiting the Source of Hguard for demo.

Also, what is the most basic looks of an anti in Uscript including the classes for looking for a certain text?
The function you posted on looks for properties named ELF in the console. (GetPropertyText is called in there)
Reply With Quote
  #3  
Unread 26th July, 2007, 10:28 PM
lism lism is offline
Godlike
 
Join Date: May 2006
Posts: 324
Default

That means when a msg of 'Elf' Appears in the console it's catched on that matter? Hmmmkay
Reply With Quote
  #4  
Unread 26th July, 2007, 11:04 PM
lism lism is offline
Godlike
 
Join Date: May 2006
Posts: 324
Default

So lets say i have some strings on a bot, for example
Quote:
?ProcessEvent@UObject@@UAEXPAVUFunction@@PAX1@Z
How am i able to block it since it's injected into Core & Engine.dll ?

I don't think i can do wisely enough with CSHP for example. If anyone can show me a plain open source anti on how it's looking for hooks, that would be great. Memory-scanning is'nt an option, we don't have that yet in Native.
Reply With Quote
  #5  
Unread 27th July, 2007, 04:47 PM
dodgethis dodgethis is offline
Godlike
 
Join Date: Jul 2007
Posts: 261
Default

Quote:
Originally Posted by lism View Post
That means when a msg of 'Elf' Appears in the console it's catched on that matter? Hmmmkay
No, it searches for properties which go by the name elf in the console like this:

Code:
Var Bool elf;
And detects those. The only way to detect the hooks is to check whether the mem img/disk img aint the same and or check vTable, Import Address Table/Export Address Table, Bytes of the function for calls outside the games dll's, breakpoints etc.
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT +1. The time now is 08:31 AM.


 

All pages are copyright The Unreal Admins Page.
You may not copy any pages without our express permission.