Re: Protection required for online games
Posted: Wed Aug 28, 2013 11:31 am
Hi Tony,
Sorry for the delay in reply. There is the following situation with the game protection.
1. Nothing can avoid memory editing inside the process. How usually this is being dealing to avoid that:
- hide the process from processes list, to avoid the memory editing tools to just find the process to edit. This protection is used in GameGuard which you're using. Good way to hide the game process can be made only using drivers technology. Driver should also use undocumented Windows features, and it should be made for almost each version of Windows, since there are many changes in these undocumented functions between different versions of Windows. Driver is the main problem of such method, it is quite unstable, that's because you have so many issues with GameGuard. Moreover, it may cause false alerts from antiviruses and may be incompatible with the active/runtime protections of the antiviruses too (they also use drivers technology).
- another way to avoid memory editing - remove the code/data that is being edited to another location. For example, if cheaters modify the code then you may apply Virtual Machine feature to this code and this will help to avoid memory editing. If there is edited the data (not the code), then you may find the code that use this data, and, for eg, modify it so to replace the data to another location. That's difficult - yes, but possible.
2. Anti-injection - imagine, there are few kinds of code injection. Some kinds can be bypassed, but some - do not. So, there is no ideal method to avoid injection at all!
So, 2 protection techniques described above may help only.
Sorry for the delay in reply. There is the following situation with the game protection.
1. Nothing can avoid memory editing inside the process. How usually this is being dealing to avoid that:
- hide the process from processes list, to avoid the memory editing tools to just find the process to edit. This protection is used in GameGuard which you're using. Good way to hide the game process can be made only using drivers technology. Driver should also use undocumented Windows features, and it should be made for almost each version of Windows, since there are many changes in these undocumented functions between different versions of Windows. Driver is the main problem of such method, it is quite unstable, that's because you have so many issues with GameGuard. Moreover, it may cause false alerts from antiviruses and may be incompatible with the active/runtime protections of the antiviruses too (they also use drivers technology).
- another way to avoid memory editing - remove the code/data that is being edited to another location. For example, if cheaters modify the code then you may apply Virtual Machine feature to this code and this will help to avoid memory editing. If there is edited the data (not the code), then you may find the code that use this data, and, for eg, modify it so to replace the data to another location. That's difficult - yes, but possible.
2. Anti-injection - imagine, there are few kinds of code injection. Some kinds can be bypassed, but some - do not. So, there is no ideal method to avoid injection at all!
So, 2 protection techniques described above may help only.