Anti Injection

(Damnit, didn't mean to post twice... browser lagged)

The most efficient way is to make most of the player data server side. In the world we live in now, nothing is really uncrackable. However, basic protection like SCT hooks on WriteProcessMemory, filtering out your process from the call(not disabling completely, this would be a very poor protection method if you did) monitor register access and you could monitor OpenProcess. Also, you could create a new low-priority thread in your game to run constant checksums, or check the first 22 bytes of any important or commonly attacked methods. We can't really give you much until you tell us which kinda game you're protecting.

Also, before doing any kernel-level(ring 0) hooking you really should go for the SCT first. Lastly, after all your libraries are loaded, call DisableThreadLibraryCalls APIs, this will stop the DLL_PROCESS_ATTACH and DLL_PROCESS_DETACH notifications to the dllmain method. This could stop most of the dlls from starting.

AltF5 and Jetamay actually pretty well covered this, haha. You can also make use of some APIs to detect things, of course. The most cheesy is ReadProcessMemory. But, it might be easiest for you and I posted examples before.

Nifty suggestions by Jetamay.
Never heard of DisableThreadLibraryCalls, but that would be quite a kool way to stop Dlls loading since they couldn't return success on in the DLL_PROCESS_ATTACH

Although I have seen remote code execution using assembly and remote threads in as simple of a language as VB6, and it seems to work as long as the process isn't protected by DEP.

I guess basically if remote threads are prevented by hooking CreateRemoteThread, NtCreateThread, ZwCreateThread, and RtlCreateUserThread then external execution will not take place.
(Not sure of any other ways to start remote threads really)

Although you will also need to hook WriteProcessMemory, NtWriteVirtualMemory, and ZwWriteVirtualMemory to ensure nothing is written to your process, so that values in memory cannot be changed.

If you did IAT or Runtime patching, then it would be in usermode, which could still allow drivers to execute code on your process, but going into the kernel for a process's protection seems a little overkill.


@Jetamay
What is an SCT Hook ?
Never heard of that one before.

ok i understand but most of the kids that play on my server download hacks and the hack was made for all servers like mine so really if i can stop .dlls from loading then im good cuz most would stop hacking cuz they can't just download a hack and then run it


This is my code i need everthing thats already in there its makes sure the version is updated or they can't play on the server but what i need know is how to added anti injection to what i have here im really brand new to c++ can you help me out man i heard ur a god a c++

You of course can only monitor which .dlls are loaded beings the program won't even load without some windows .dlls' that naturally load into all executables, if you didn't know. I suppose one of us will come up with some example for you and post it, when we have time. Oh and, you can't really have that link in your signature, sorry. You can move it to your profile's homepage though.

yep yep sig is gone and i know that some .dlls have to load what i really want to make this .dll in to like a hack sheild for my server but im still learning c++ but it would be nice to make it have

*anti injection from dll's
*hash files in the same folder as the game and delete 1's that match a hack
*Block writetoprossesmemory
*check if sheild is uptodate


thats ideal what i want to make if you could help me that would be great i make a lot off the Private server and always willing to pay people that help me out

thx

Here is 2 places I learned how to do API hooking via Runtime Patching:
CodeProject: API hooking for hotpatchable operating systems. Free source code and programming help
And
CodeProject: API Hooking with MS Detours. Free source code and programming help

So maybe start with that and experiment with other API hooks and once you get the hang of it, then prevent WriteProcessMemory by hooking WriteProcessMemory (kernel32.dll), NtWriteVirtualMemory (ntdll.dll), and ZwWriteVirtualMemory (ntdll.dll)

I would also prevent remote threads but that is up to you.
Also, now that I think about it, you will also need to hook SetWindowsHookEx because the system will automatically map Dlls into that process if a certain condition is met for a window hook.
DisableThreadLibraryCalls might have already prevent SetWindowsHookEx from working, but I am not 100% sure.
Here is some info on how remote threads and cause code execution in another process (it mainly shows via CreateRemoteThread)
CodeProject: Three Ways to Inject Your Code into Another Process. Free source code and programming help

FYI - This entire process is really going to take a lot of research and time to understand and get fully working.

For any API hooking, you are basically going to need a Dll which is to be remotely injected into all currently existing processes, and also any new process that is started.
All currently existing processes, isn't too bad (just enumerate them all and then use the VirtualAllocEx, WriteProcessMemory, and CreateRemoteThread method here:
CodeProject: Three Ways to Inject Your Code into Another Process. Free source code and programming help

To ensure you get any newly created process, you will need to hook CreateProcessA, CreateProcessW, CreateProcessExA, CreateProcessExW, and NtCreateProcess (possibly some others relating to threads)
Basically what this will allow you to do is catch the creation of new processes, and then allow you to suspend its 1st thread, and run your code to inject(map) your Dll into that process.
Somewhat described here under "Figuring out when to inject the hook DLL"
CodeProject: API hooking revealed. Free source code and programming help
And here:
http://www.codeprojec*****m/KB/DLL/funapihook.aspx

Search for: CREATE_SUSPENDED




Some other articles you might want to look over or print out and read when you get some time: (These mainly explain the concepts in the articles above, but with various uses)
http://www.codeprojec*****m/KBsdk/Remote.aspx
http://www.codeprojec*****m/KB/DLL/RemoteLib.aspx
http://www.codeprojec*****m/KB/winsdk...ioWinLock.aspx
http://www.codeprojec*****m/KB/system...nAPICalls.aspx
http://www.codeprojec*****m/KB/system...unleashed.aspx
http://www.codeprojec*****m/KB/DLL/hooks.aspx


The hooking is about the only thing I can give advice on since I do not understand hashing, nor networking to check whether or not software is up-to-date.
And, what exactly do you mean by: *anti injection from dll's ?

ok wow random ban from so mod anyways

i already have the hook and it works

but i want to stop other .dll's from being hooked
and the hash part (like a md5 hash check)
and like the check to see if version is updated and like match it to some website

I've done some like this before for a friend's server application. I simply creates a .dll that loaded into your own application and worked as 'security.' There is so much you can do and so much you won't be just given, on one site. But for a start, simply create a .dll that runs a ReadProcessMemory on certain important offsets in your application, and if the OpCodes don't match up, call ExitProcess. It's the most basic of what you're saying. I think my Game Hacking,or Game Creating, tutorial has an RPM example you can use.

do you have a link? and can't i use the code i have right now to read the memory?

It was another moderator who banned you for just 1 day for bumping a thread, by the way and, I told you the name of the threads I put it in, you should try searching 'threads started by toymaker' to find it, in my profile. You'll need self motivation to do this so by making you find it yourself, consider yourself my padawan on the matter. Gogogo...

of im stuck here i can change the address but i can't read it??
the problem is where the if is.
i want to check *time and if time = 7 then wirte 7 like a frezze almost

whats wrong i don't get it?