I own a few cheat sites and normally we inject a dll into a process, the way we get detected is they get the dll we injected and make signatures of it. Does anyone have the ability to prevent the dumping of the injected dll? I'm looking for someone who can help me protect the dll and exes ( we also do external memory edits for cheats that are detected eventually also ) from being detected and signatures made of the files. Let me know, feel free to pm me or Skype me, my skype is tuxifiedonline

Thanks guys

You only have 2 protection options:

 

1.) Manual mapping, http://www.codeproject.com/script/Articles/ViewDownloads.aspx?aid=430684

2.) Ring0 hook that prevents process reads from the dll region.

I believe ring0 doesn't help much more with anti cheats like vac because they are detecting kernel level hooks or running at that permission level themselves.

They dont even need to dump it to make signatures...

They dont even need to dump it to make signatures...

well I would assume they need to obtain it to get the signature right? We basically need to avoid the signatures being made of the file, avoiding them getting their hands on it is what we have been trying to do.

Assuming that they are trying to dump it means that the have access to process with the dll running inside. So they can read it and make signatures or i miss something?

Assuming that you're right and they are making signatures on DLL code injected into their process..

Simplest solution I can think of - every copy of DLL must be unique, in a way that code injected into target process is different. So, even if they manage to get their hands on one DLL, they can only make sig for that specific DLL. Additional bonus - you will always know which member leaked his/her copy to public.