This is a collation of some of my thoughts [5amish, keep that in mind when reading obvious flaws
]
Ok. Assuming that Solodovnikov's little "protector" only checks crc & soldat does not one should implement an extra check as there exist simple ways of unpacking this due to crack-groups proliferating their wares.
Obviously the core the the problem lies in memory hacks that occur on the fly by some little app injecting a dll that suits a users function or just simply poking a memval. The former may be dealt with by checking what the hell is trying to access the executable & terminating if undesirable. This will not always work however as one might simply dump a chunk of memory & scan through it parsing things as necessary. A neat trick is to unhook the program from windows task manager as gameguard does, people must therefore resort to extensive memory dumps & analysis of even simple obfuscating functions (i.e cycling addr's, false addr's & dummys work quite effectively).
The one thing that should be implemented regardless is the ability to download a list of hack identifiers [so Hwds] with each launch (As opposed to messy hard-coding, which is inefficient & quickly outdated).
The problem with external protection, things such as punkbuster is that unless the coder knows what the hell they are doing they are relatively easy to trash (im not implying anything about the security of pb) by those that wish to.
Heh, then again, you could just compile some bits on runtime
Date Posted: January 19, 2007, 02:00:14 PM
I've had a thought about taking care of aimbots.
It would require storing mouse coords in some form of array, then analysing the path a mouse takes to move to an enemy, if you analyse the path the mouse takes from some arbitrary point you could in theory build a statistical model & any users with purely linear (or close to it) motion may be banned.
