the source is the latest version :P
the source is the latest version :P
Uhhhh...
#1 - Threading in an antihack isn't usually good unless done properly(which requires time checking by the main thread). A hacker can simply suspend your checking threads and your antihack is bypassed. You should have it check in a function that is essential to the game's processing, such as render.
#2 - Why are you using ASM and VirtualProtect at all? You can simply do something like:
#3 - This only checks for jmps at the address of the functions. A hacker can also jmp inside the function, or even hook the vtable and bypass any .text section checking completely. Do some research and you can easily find much better methods of detour detection.Code:DWORD dwAddr = GetProcAddress(hModule, "QueryPerformanceCounter"); if(*((BYTE*)dwAddr) == 0xE9) ...
#4 - At least check for hooks on ExitProcess/GetProcAddress/GetModuleHandle. Those are also easy ways to bypass this "antihack".
Updated link
@ Mootie Ty :P
Last edited by MisterKid; 25-02-12 at 08:31 PM.
hey sir can you add splash thingy?
Erm Mootie your way is invalid.
DWORD dwAddr = GetProcAddress(hModule, "QueryPerformanceCounter");
Will get you the function address when the dll has the export.
Kernal32.dll exports QueryPerformanceCounter right?:P
if(*((BYTE*)dwAddr) == 0xE9)
It is not possible to do it like this :P
I found another way to block functions. The new way just replaces the function if it can find the function addres :P But using the same method you be able to bypass the antihack :S (only if you know the function addres) Most Flyff server has their neuzes unpacked so it would be easy to find the addres.
Why doesn't it work? It seems perfectly valid to me.Originally Posted by MisterKid
dwAddr = DWORD(an x86 address)
dwAddr is cast as a ptr to a BYTE
dwAddr is dereferenced and checked to make sure the function call isn't detoured
It does the exact same thing as what your code does, except less mess and performance overhead. The only thing that doesn't work about it is if the hacker uses a non-standard detour that doesn't use the 0xE9 instruction, but yours doesn't protect against this either. VirtualProtect is completely unnecessary to check the text section of a normal loaded module.
getproc doesnt really return a Dword. But I try converting it and test it again .
:p just interested in it agaib lol
Posted via Mobile Device
some ideas:
Let your anticheat scan itself and the Neuz.exe for modifications.
Let your anticheat send some crypted information to the server, which kicks/bans the user, if the informations are not valid / sent.
Create a driver, which blocks ZwOpenProcess, ZwReadProcessMemory, ZwWriteProcessMemory, etc..
Ignore jmps at the begging of a function (this isn't really efficient, because you still can hook in the mid of the function)
example
Code:int QueryPerformanceCounter_real = (DWORD)GetProcAddress(GetModuleHandle("Kernel32.dll"), "QueryPerformanceCounter") + 5; __declspec(naked) BOOL WINAPI QueryPerformanceCounter_proxy(LARGE_INTEGER *lpPerformanceCount) { __asm { mov edi, edi push ebp mov ebp, esp jmp [QueryPerformanceCounter_real] } }
Last edited by Yazzn; 17-03-12 at 03:23 PM.
make it minimized to tray when opened =))
Which version should I use visual studio?
2003 not open
You need visual studio 2010.
Update link, please ?
this anti hack is obsolete and really easy to bypass as is. Their is ALOT more secure and non by-passable ways to build an anti-hack in your neuz. Their is alot of releases out their that fix almost every major bug. if you are looking for cheat engine, speed hack fixes, and a simple hack detection system look in this source:
http://forum.ragezone.com/f457/goh-f...y-play-922629/
I do not recommend using this source for your live server, its loaded with bugs and back doors.... Just look at the versioncommon and rip the security stuff out for your server. You don't even have to know c++ to do this. just common sense.
And lastly their is a redone version of this out their, quget developed this decent anti-hack. when he couldn't take it any further he released it here. Some flyff servers took his code here and applied it into their neuz directly. At least 1 top flyff server i know of uses this antihack like i said above... Also if you REALLY need an antihack the itak-pro source was leaked and is around somewhere. *I'm not sure if its released here* I dont like itak but it will get the job done for your server for now, maybe since its a source you could make it better then itak himself. Itaks is by passable but its not something a normal player could do ( maybe if they tried..)
and this is all i have to say about this...
Really?but how does the NOP...
I've bypassed GameGuard and Hackshield in various ways... VAC and Warden both have public bypasses available. You think you can make a better anticheat than these huge companies? Good luck sir. By definition, a client-sided anticheat can be bypassed. A clientsided anticheat is merely to keep idiots from messing with things they shouldn't be.
I'm betting itak pro would be able to keep you busy for awhile, which is funny considering is .NET unobfuscated anticheat...
Almost every major bug? I can name dozens of remote code execution exploits that aren't patched publicly and I'm sure there are many more...
Yes, you don't have to understand the potentially backdoored code you're putting into your source... Just copy paste and is all good. ^^
Cool cool... but can anyone reup the source?
Reply With Quote