Anti SuspendThread

Results 1 to 10 of 10
  1. #1
    Enthusiast XGLADEADOR is offline
    MemberRank
    Mar 2008 Join Date
    Argentina PAPALocation
    40Posts

    config Anti SuspendThread

    Hi, how r u? I hope that good :)
    I'm working on a source anticheat of c++, and I dont have more ideas about block or prevent SuspendThread.
    By example I use this code

    PHP Code:
    if(Event) {    if((ResumeThread(Event) > 0) || (SuspendThread(Event) > 0)) {                             ExitProcess(0);    }    } 
    The game run normal, I suspend the process and the antihack dont close the game, but when I Resume the process the antihack close the game by the function ResumeThread is major than 1
    Thanks for read and I hope that u can help us. And sorry for my bad english


  2. #2
    el gordito tetas caidas GM-Andromeda is offline
    MemberRank
    Jun 2006 Join Date
    Complex plane.Location
    202Posts

    Re: Anti SuspendThread

    try to check which thread id was used

  3. #3
    Enthusiast XGLADEADOR is offline
    MemberRank
    Mar 2008 Join Date
    Argentina PAPALocation
    40Posts

    Re: Anti SuspendThread

    What do u want mean?
    ThreadId dont change before or after of Suspend the thread.

  4. #4
    Mulegend Server Mulegend is offline
    MemberRank
    May 2006 Join Date
    Montevideo - UruguayLocation
    461Posts

    Re: Anti SuspendThread

    u can“t check suspended thread on ring3 lvl (i think) just check for exit code and restart it

    Hint: add your checks on render or protocolcore, if u stop these thread (loop) game will stop too

  5. #5
    Kingdom of Shadows [RCZ]ShadowKing is offline
    MemberRank
    Jul 2007 Join Date
    1,644Posts

    Re: Anti SuspendThread

    You have 2 ways to check if thread is suspended:
    1. Use a timestamp like
    Code:
    DWORD time1 = GetTickCount();
    Sleep(10);
    if(GetTickCount() - time1 > 15) Close();
    This will work because when thread is suspended it's automatically delayed because it takes some time to resume it again and there will be a time difference there bigger than usual.

    2. Hook suspend thread or resume thread function and check by thread id.

    Both ways are used by viruses to avoid virtual machines, sandboxes and debuggers so using them may result in false positive by noob antivirus.

  6. #6
    Enthusiast XGLADEADOR is offline
    MemberRank
    Mar 2008 Join Date
    Argentina PAPALocation
    40Posts

    Re: Anti SuspendThread

    Thanks alls for help
    I'm trying to fix him and later i tell yours :)

  7. #7
    NN - Nord & Noob mauka is offline
    MemberRank
    Jul 2004 Join Date
    1,728Posts

    Re: Anti SuspendThread

    the other way could be a timer.. so u loop and check thread for it state ^^

  8. #8
    Retired NanoGuy is offline
    MemberRank
    Jul 2012 Join Date
    IsraelLocation
    286Posts

    Re: Anti SuspendThread

    i can suggest you writing some driver that will hook api (openprocess suspendthread) but cheaters will still find how to piss you off..

  9. #9
    Enthusiast XGLADEADOR is offline
    MemberRank
    Mar 2008 Join Date
    Argentina PAPALocation
    40Posts

    Re: Anti SuspendThread

    @[RCZ]ShadowKing
    I'm trying but if I Suspend the Process, the others thread not work and not close the game.
    For example: if I Suspend the process and I dont Close the threads and later I Resume the thread, the game exit writing a document "Error".
    void TTrying()
    {


    DWORD time1 = GetTickCount();
    Sleep(10);
    if(GetTickCount() - time1 > 25) { FILE* FileHwnd1;
    fopen_s(&FileHwnd1,Dlog,"a+");
    fprintf(FileHwnd1,"Error \n");
    fclose(FileHwnd1);
    ExitProcess(0); }
    TTrying is a simple void, but he is called from 3 diferent threads eachs 100ms

    @mauka, how I check the thread state?

  10. #10
    Proficient Member walkernight88 is offline
    MemberRank
    Aug 2008 Join Date
    /etc/cabal/dataLocation
    192Posts

    Re: Anti SuspendThread

    I used in my old anticheat, the resume whole process threads once on timestamp. I know it's not efficient, but it did the trick. Even if you "force a little" the code...



Advertisement