Question about HackShield

[sidman11]

Hi guys,

this is sidman11 and I just wanted to know, how does AnhLab detect hacks?
I just had an idea that I code code a process name changer if it searches for process names....

Thanks!

[Vizz]

Well i don't think it searches the process names, it's more harder then that.

[sidman11]

ok thanks, was expecting that lol....

[Mouzie]

Hi guys,

this is sidman11 and I just wanted to know, how does AnhLab detect hacks?
I just had an idea that I code code a process name changer if it searches for process names....

Thanks!

Ahem. Hackshield runs like Punkbuster: So here is a list.

Real-time scanning of memory, a feature also prominent in many spyware programs, by placing a Hackshield Client on players' computers searching for known hacks/cheats using a built-in database.

Throttled two-tiered background auto-update system using multiple Internet Master Servers to provide end-user security ensuring that no false or corrupted updates can be installed on players' computers.

Frequent status reports (encrypted) are sent to the Server by all players. When necessary, the Server raises a violation which (depending upon settings) will cause the offending player to be removed from the game.

Admins can also manually remove players from the game for a specified number of minutes or permanently ban if desired.

Servers can be configured to instruct clients to calculate partial MD5 hashes of files inside the game installation directory. The results are compared against a set configuration and differences logged, and optionally, the client removed from the server.

Admins can request actual screenshot samples from specific players and/or can configure the Server to randomly grab screenshot samples from players during gameplay.

An optional "bad name" facility is provided so that Admins can prevent players from using offensive player names containing unwanted profanity or racial slurs.

Search functions are provided for Admins who wish to search player's keybindings and scripts for anything that may be known to exploit the game.

Can be configured to allow players to self-administer game servers when the Server Administrator is not present entirely without the need for passwords, in which the players can call votes to have a player removed from the server.

Servers have an optional built-in mini HTTP web server interface that allows the game server to be remotely administered via a web browser from anywhere over the Internet.

Admins can stream their server logs in real time to another location. Non-profit organizations like CBL, LGA/LGN.

[sidman11]

Ahem. Hackshield runs like Punkbuster: So here is a list.

Real-time scanning of memory, a feature also prominent in many spyware programs, by placing a Hackshield Client on players' computers searching for known hacks/cheats using a built-in database.

Throttled two-tiered background auto-update system using multiple Internet Master Servers to provide end-user security ensuring that no false or corrupted updates can be installed on players' computers.

Frequent status reports (encrypted) are sent to the Server by all players. When necessary, the Server raises a violation which (depending upon settings) will cause the offending player to be removed from the game.

Admins can also manually remove players from the game for a specified number of minutes or permanently ban if desired.

Servers can be configured to instruct clients to calculate partial MD5 hashes of files inside the game installation directory. The results are compared against a set configuration and differences logged, and optionally, the client removed from the server.

Admins can request actual screenshot samples from specific players and/or can configure the Server to randomly grab screenshot samples from players during gameplay.

An optional "bad name" facility is provided so that Admins can prevent players from using offensive player names containing unwanted profanity or racial slurs.

Search functions are provided for Admins who wish to search player's keybindings and scripts for anything that may be known to exploit the game.

Can be configured to allow players to self-administer game servers when the Server Administrator is not present entirely without the need for passwords, in which the players can call votes to have a player removed from the server.

Servers have an optional built-in mini HTTP web server interface that allows the game server to be remotely administered via a web browser from anywhere over the Internet.

Admins can stream their server logs in real time to another location. Non-profit organizations like CBL, LGA/LGN.

are they even allowed to that? i dont remember a clause in the privacy policy that says their allowed to scan our computers...

thanks...

[Mouzie]

are they even allowed to that? i dont remember a clause in the privacy policy that says their allowed to scan our computers...

thanks...

By signing the TOS (Term of Services), you are agreeing to allows them to scan your computer for their services (Combat Arms).

You're not force to agree with them and thus you can unstall Combat Arms.

Like most anticheat program, you're allowing yourself to be check for hacks or cheats programs.

[sidman11]

I didn't read the ToS...
too long...
the privacy policy was shorter so I read that lol

[Mouzie]

I didn't read the ToS...
too long...
the privacy policy was shorter so I read that lol

Almost nobodies read the TOS/TOA, it is there. Trust me.

[Rocco]

that's the problem with a lot of Gamers they don't Read it they just click next,next,next,install blah blah blah and that is how some games get you by the balls man.

its like Mirco-shaft that's how they got a lot of cracked/leaked copy's of Vista and even windows 7 many asked them how they said "read our TOS"

when they installed the software it sent a call to home and it downloads all of your comps info+ ISP info "that's how we found them" lol its in there FBI report goggle it I found it toooo funny...

but yes sadly nexion can freely do it via the client they cannot add any new files or programs to your system that are standalone with out having to update there TOS I saw that when they released the "Fire team" mode tehy also had you install a folder call NGM ( nexion Game manager) and I think that's where a lot of the hacks are getting found.

I also know it has something to do with the CShell.dll I know its where the filters are for cursing and when I used to use the older hacks ( when the bypass's worked ) it would often crash and say it was the CShell.dll that had the error.

so to all the would be hackers out there I think its ether the CShell.dll or the NGM..just a idea...

[sidman11]

t

sadly nexion can freely do it via the client they cannot add any new files or programs to your system that are standalone with out having to update there TOS I saw that when they released the "Fire team" mode tehy also had you install a folder call NGM ( nexion Game manager) and I think that's where a lot of the hacks are getting found.

NGM is a module that launches up every time you start combat arms (thus the NGM.exe process), or any other other nexon game. until now there wasn't a need to have a separate patcher/updater but now the updates are all funneled through this NGM.

[Rocco]

thanks for the info Mate I will be putting it to good use.

[Mouzie]

that's the problem with a lot of Gamers they don't Read it they just click next,next,next,install blah blah blah and that is how some games get you by the balls man.

its like Mirco-shaft that's how they got a lot of cracked/leaked copy's of Vista and even windows 7 many asked them how they said "read our TOS"

when they installed the software it sent a call to home and it downloads all of your comps info+ ISP info "that's how we found them" lol its in there FBI report goggle it I found it toooo funny...

but yes sadly nexion can freely do it via the client they cannot add any new files or programs to your system that are standalone with out having to update there TOS I saw that when they released the "Fire team" mode tehy also had you install a folder call NGM ( nexion Game manager) and I think that's where a lot of the hacks are getting found.

I also know it has something to do with the CShell.dll I know its where the filters are for cursing and when I used to use the older hacks ( when the bypass's worked ) it would often crash and say it was the CShell.dll that had the error.

so to all the would be hackers out there I think its ether the CShell.dll or the NGM..just a idea...

'

Please notes that Window 7, is a free software to download and use for enjoyment, it is in the BETA stage and still an amazing program.

=3