March 14th, 2013, 11:22 AM
Re: DLL Injection Detection
Wrong, there are a ton of reasons for this to be legit.
But as far as I know there is no legit reason for there to be injected DLLs into this specific game.
Stuff like Ventrillo/mumble uses this for their push-to-talk button among others (global key hook). Videodrivers use this to enable/disable certain features on demand (again key hook). I've seen anti-virus software install Window hooks. Software to help people with disabilities hook all kinds of API functions in "legitimate" ways to either do voice-narating, or zoom/scale text, or display text on a braille device.
I could go on. The list of software that needs to do soem form of hooking/injecting is HUGE.
Plenty "generic" cheats have built in obfuscation. Such as renaming the dll (even each run), even modifying the dll, or building "custom/randomized" versions for each of their paying customers.
if I can get the names of the injected dlls. I could probably have a blacklist of known cheats
You have no realistic way to detect they are hooking API functions other than detecting one of several common tricks which no self respecting hacker would use.
or possibly attempt to see what the injected modules are trying to do, and if they're doing something suspect (like trying to hook OpenGL) I will know if it's being used for cheating.
You have no realistic way to check "what a module is trying to do", other than some basic heuristic testing. Even an experienced programmer will need a good bit of time to figure out what a chunk of assembly code is doing. And it's easy to obfuscate code so that you can't just watch at the entire code in a debugger. (A lot of cheats run on custom VM's, and all you ever see is the basic VM runtime loop).
With all due respects to the people on codeguru, and I know some are awesome.
Like I said in previous if you haven't got experience with the actual hacking process itself... you have no chance of stopping a hacker, you probably don't even have much notion of some of the tools these guys have at their disposal to do their evilness.
Click Here to Expand Forum to Full Width