Coding a small anti cheat .dll help

[ShadowRayz]

I wanna code a not complex anti-cheat .dll.

Features:

-Checksum of critical files. (No idea how to do yet, need to learn)

-Search for programs with a specific title that the cheat's have.

-Search for specific processes, like packet editors.

-Loop every few sec the three above features.

I wanna make it a .dll and hook it into the main executable, so it will be harder to beat and will take a reverser to code out the hook to the .dll from the main executable, of course i could just write a .exe that will be launched with the main executable but what will stop anyone from Opening Task-Mgr and killing it?...

any suggestions in the matter?

thx

[GEEK]

have you yourself written any code yet?

if yes what are you not able to accomplish?

it is not difficult to achieve what you are trying

ppl will help you when you are stuck somewhere but you got to take the initiative

[human]

1. from your post i tell you dont waste time its beyond your abilities.

if you wanna use it for commercial project buy and use punkbuster.

because i dont help people that will earn money based on my knowledge.

2. hook? well most av will not let you hook process. so why waste time.

if you do game you intergrate checks inside.

3. too much checks like crc checking, will be slow and slow down game. so another waste of time.

4. there are many anticheat engines yet people still cheat.

so another waste of time

[GEEK]

maybe be its hard on ShadowRayz but i just love the way human replies every time 'Straight from the heart'

[atom0s]

Be careful with this, as it would and will be very easy to remove the anti-cheat module from running. Also, bypassing and excluding hacking applications is not a tough thing to do.

Some suggestions for each thing you mentioned though:

1. You would need to read the contents of each file and create a checksum using a standard calculation for crc32, or create your own or something else on that line. You should look into CreateFile, CreateFileMapping, MapViewOfFile to load the data into memory, then google around for how to do a crc calculation of a memory block. Theres quiet a few examples around the net.

2. You can scan the window titles using EnumWindows API. You can also use FindWindow as well.

3. You can do this via CreateToolhelp32Snapshot inside the tlhelp32 API set, or you can use the psapi method of EnumProcesses.

4. You should take very heavy measures with this step. Using basics such as a timer or thread inside the DLL can easily be hijacked and overwritten or completely nulled out from running. Instead, you should incorporate things directly into the program code to tie into the DLL to make it more of an issue to simply just remove it from running.

[0xFF]

1) Checksum critical files ? let me get it first by the below example:

get original user32.dll MD5 hash, and compare it to the user one, this is what you mean ?

2) Making a hardcoded list of Windows Caption is a pain in the *** for coders, just use RPM to detect some malware activities...

3) Kinda same to 2, just using Tool Help functions, create a snap shot of running processes and loop around it within a hardcoded array of process list and compare, if found then use TerminteProcess on it.

4) use a condition loop (in a thread, and don't forget to Sleep(10) to avoid 100% CPU usage)

if you need more detailed answer, reply.