Any questions? Ask us: support@enigmaprotector.com

Protection required for online games

Post here any topics that related to Enigma Protector, its functionality, your misunderstanding, offers to improvements etc etc etc

Re: Protection required for online games

Postby Enigma » Wed Aug 28, 2013 11:31 am

Hi Tony,

Sorry for the delay in reply. There is the following situation with the game protection.

1. Nothing can avoid memory editing inside the process. How usually this is being dealing to avoid that:
- hide the process from processes list, to avoid the memory editing tools to just find the process to edit. This protection is used in GameGuard which you're using. Good way to hide the game process can be made only using drivers technology. Driver should also use undocumented Windows features, and it should be made for almost each version of Windows, since there are many changes in these undocumented functions between different versions of Windows. Driver is the main problem of such method, it is quite unstable, that's because you have so many issues with GameGuard. Moreover, it may cause false alerts from antiviruses and may be incompatible with the active/runtime protections of the antiviruses too (they also use drivers technology).
- another way to avoid memory editing - remove the code/data that is being edited to another location. For example, if cheaters modify the code then you may apply Virtual Machine feature to this code and this will help to avoid memory editing. If there is edited the data (not the code), then you may find the code that use this data, and, for eg, modify it so to replace the data to another location. That's difficult - yes, but possible.

2. Anti-injection - imagine, there are few kinds of code injection. Some kinds can be bypassed, but some - do not. So, there is no ideal method to avoid injection at all!
So, 2 protection techniques described above may help only.
Enigma
Site Admin
 
Posts: 2138
Joined: Wed Aug 20, 2008 2:24 pm

Re: Protection required for online games

Postby Tony » Wed Aug 28, 2013 12:26 pm

Hello mr enigma, could it be possible for you to send me a plugin to make the protected client hidden by using the driver technology as you stated? I would want to test it out if that is ok for you
Tony
 
Posts: 39
Joined: Mon Jul 12, 2010 1:53 pm

Re: Protection required for online games

Postby Enigma » Wed Aug 28, 2013 2:57 pm

No Tony, unfortunately, we do not have such plugin. Moreover, as I said, it's too difficult to make such plugin/driver, to make it stable and functional on all operation systems. This technology itself is not stable, so I doubt you find a solution in this direction.

It would be better to understand what address of your game the cheaters are modifying and then apply a code virtualization feature.
Enigma
Site Admin
 
Posts: 2138
Joined: Wed Aug 20, 2008 2:24 pm

Re: Protection required for online games

Postby Tony » Wed Aug 28, 2013 6:00 pm

There are just too many addresses that can be modified, so what can I do, do you have an alternative method to hide the protected application?? like masking it as a windows process?? or any other suggestions?
Tony
 
Posts: 39
Joined: Mon Jul 12, 2010 1:53 pm

Re: Protection required for online games

Postby Enigma » Fri Aug 30, 2013 12:16 pm

Tony wrote:There are just too many addresses that can be modified


Then it is even more important to apply code virtualization. You will solve the problem with cheaters and also make your client - unique.

Tony wrote:like masking it as a windows process??


Unfortunately no. Hiding process without a driver is impossible...

Tony wrote:or any other suggestions?


Maybe using Executed Processes Checkup, to check the program that injects or modify the memory. It will not help to avoid all memory editing programs, but it will help to avoid most of them. Moreover, you may use checkup only by Window Text, and, for eg, block all programs that contain a text "cheat", "inject" and so on.
Enigma
Site Admin
 
Posts: 2138
Joined: Wed Aug 20, 2008 2:24 pm

Re: Protection required for online games

Postby Tony » Fri Aug 30, 2013 12:59 pm

The problem with the code virtualization is that the cheater edits specific stuff which is not in the client, but other scripts loaded by the client. The client only loads these scripts in execution, so how would I be able to virtualize this code if its not in the client itself? Regarding the process checkup, yeah i know about the "cheat", etc but there are just too many type of memory editors and also source codes where they can just build a new one with a different name and use it.
Mr.Enigma I would pay you if you could build a stable plugin to properly hide a protected process, maybe there could be other ways? or a better method on using the driver technology?
I would be happy to test the plugin for you sir :)
Tony
 
Posts: 39
Joined: Mon Jul 12, 2010 1:53 pm

Re: Protection required for online games

Postby xenoglyph » Sun Sep 01, 2013 12:42 pm

Like he said, you can't really stop memory hacking. ReadProcessMemory/WriteProcessMemory can't really be blocked unless you want to make a driver and hook them system wide. Same goes for hiding processes.

You just can't do the things you want to do, you have think of a more creative solution. If the memory hack is constantly scanning your process looking for the signature to modify you could try putting a fake honeypot target in memory, and then checking to see if it gets modified.
xenoglyph
 
Posts: 6
Joined: Sun Sep 01, 2013 11:42 am

Re: Protection required for online games

Postby Enigma » Mon Sep 02, 2013 6:35 am

Fake signature maybe a helpful way, but not always. Applying code virtualization is the better way.
Enigma
Site Admin
 
Posts: 2138
Joined: Wed Aug 20, 2008 2:24 pm

Re: Protection required for online games

Postby xenoglyph » Fri Sep 13, 2013 11:16 am

Of course, if it's effective for his problem. I assumed he meant some piece of data (not code) was being modified in memory. If it is indeed a piece of data, and it's beyond his control to somehow encrypt that data he doesn't have many options. Your VM wouldn't protect against that, would it? Especially if a pointer to the data could reliably be located, or if the data has a reliable signature to search for.

PS - Just finished a PHP/MySQL online key verification system for Enigma, assuming the rest of the testing goes well I'll be buying it soon
xenoglyph
 
Posts: 6
Joined: Sun Sep 01, 2013 11:42 am

Previous

Return to Basic

Who is online

Users browsing this forum: Google [Bot] and 6 guests