Jump to content
Tuts 4 You

Protecting a dll against being dumped


Recommended Posts

I own a few cheat sites and normally we inject a dll into a process, the way we get detected is they get the dll we injected and make signatures of it. Does anyone have the ability to prevent the dumping of the injected dll? I'm looking for someone who can help me protect the dll and exes ( we also do external memory edits for cheats that are detected eventually also ) from being detected and signatures made of the files. Let me know, feel free to pm me or Skype me, my skype is tuxifiedonline

Thanks guys

Link to comment

I believe ring0 doesn't help much more with anti cheats like vac because they are detecting kernel level hooks or running at that permission level themselves.

Link to comment

They dont even need to dump it to make signatures...

well I would assume they need to obtain it to get the signature right? We basically need to avoid the signatures being made of the file, avoiding them getting their hands on it is what we have been trying to do.
Link to comment

Assuming that they are trying to dump it means that the have access to process with the dll running inside. So they can read it and make signatures or i miss something?

Link to comment

Assuming that you're right and they are making signatures on DLL code injected into their process..

Simplest solution I can think of - every copy of DLL must be unique, in a way that code injected into target process is different. So, even if they manage to get their hands on one DLL, they can only make sig for that specific DLL. Additional bonus - you will always know which member leaked his/her copy to public.

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...