Anti SuspendThread

[XGLADEADOR]

Hi, how r u? I hope that good
I'm working on a source anticheat of c++, and I dont have more ideas about block or prevent SuspendThread.
By example I use this code

if(Event) {	if((ResumeThread(Event) > 0) || (SuspendThread(Event) > 0)) { 							ExitProcess(0);	}	}

The game run normal, I suspend the process and the antihack dont close the game, but when I Resume the process the antihack close the game by the function ResumeThread is major than 1
Thanks for read and I hope that u can help us. And sorry for my bad english :tongue:

 

[GM-Andromeda]

try to check which thread id was used

 

[XGLADEADOR]

What do u want mean?
ThreadId dont change before or after of Suspend the thread.

 

[Mulegend]

u can´t check suspended thread on ring3 lvl (i think) just check for exit code and restart it

Hint: add your checks on render or protocolcore, if u stop these thread (loop) game will stop too

 

[[RCZ]ShadowKing]

You have 2 ways to check if thread is suspended:
1. Use a timestamp like

DWORD time1 = GetTickCount();
Sleep(10);
if(GetTickCount() - time1 > 15) Close();

This will work because when thread is suspended it's automatically delayed because it takes some time to resume it again and there will be a time difference there bigger than usual.

2. Hook suspend thread or resume thread function and check by thread id.

Both ways are used by viruses to avoid virtual machines, sandboxes and debuggers so using them may result in false positive by noob antivirus.

 

[XGLADEADOR]

Thanks alls for help
I'm trying to fix him and later i tell yours

 

[mauka]

the other way could be a timer.. so u loop and check thread for it state ^^

 

[NanoGuy]

i can suggest you writing some driver that will hook api (openprocess suspendthread) but cheaters will still find how to piss you off..

 

[XGLADEADOR]

@[RCZ]ShadowKing
I'm trying but if I Suspend the Process, the others thread not work and not close the game.
For example: if I Suspend the process and I dont Close the threads and later I Resume the thread, the game exit writing a document "Error".

void TTrying()
{


DWORD time1 = GetTickCount();
Sleep(10);
if(GetTickCount() - time1 > 25) { FILE* FileHwnd1;
fopen_s(&FileHwnd1,Dlog,"a+");
fprintf(FileHwnd1,"Error \n");
fclose(FileHwnd1);
ExitProcess(0); }

TTrying is a simple void, but he is called from 3 diferent threads eachs 100ms

@mauka, how I check the thread state?

 

[walkernight88]

I used in my old anticheat, the resume whole process threads once on timestamp. I know it's not efficient, but it did the trick. Even if you "force a little" the code...