soufi
asked on
Making sure I don't get fake screenshots (Anti-Cheat)
I'm writing an anti-cheat client that monitors a user's system while they play games to make sure they aren't cheating. I realize this may seem unethical, but the idea is that the player will voluntarily install and run the client in order to participate in online leagues and tournaments (where cheating is becoming more and more common).
One of the measures I use to make sure the player isn't cheating is to periodically capture their screen. Many cheats allow users to see through walls or gain other similar unfair advantages. If I can spot these artificial enhancements in the screenshot, I've caught a cheater.
This method works wonderfully against most cheats, but fails against the superior ones. Expensive, subscription based cheats have started "spoofing" screenshots by hooking bitblt/stretchblt, disabling the cheat, and returning a "clean" screenshot, after which the cheat is reactivated. I've tried getting around this by using directx and the front buffer to capture the screen (since all the cheats I've studied only worry about bitblt/stretchblt, and now glreadpixels), but when I test this method in fullscreen games I get black screenshots.
To make matters worse, most "good" cheats run in kernel mode, making it a lot tougher to spot/control them. This is why I'm hoping I can find a way to insure real screenshots so I don't have to make a driver to scan for cheats. So, is it possible to keep these cheats from spoofing my screenshots (or get clean directx screenshots in full screen mode)?
One of the measures I use to make sure the player isn't cheating is to periodically capture their screen. Many cheats allow users to see through walls or gain other similar unfair advantages. If I can spot these artificial enhancements in the screenshot, I've caught a cheater.
This method works wonderfully against most cheats, but fails against the superior ones. Expensive, subscription based cheats have started "spoofing" screenshots by hooking bitblt/stretchblt, disabling the cheat, and returning a "clean" screenshot, after which the cheat is reactivated. I've tried getting around this by using directx and the front buffer to capture the screen (since all the cheats I've studied only worry about bitblt/stretchblt, and now glreadpixels), but when I test this method in fullscreen games I get black screenshots.
To make matters worse, most "good" cheats run in kernel mode, making it a lot tougher to spot/control them. This is why I'm hoping I can find a way to insure real screenshots so I don't have to make a driver to scan for cheats. So, is it possible to keep these cheats from spoofing my screenshots (or get clean directx screenshots in full screen mode)?
Is this for a bespoke game or to monitor an existing product - & if so which one?
ASKER
It's for monitoring existing products. The goal is for it to be general purpose enough to be used with most multiplayer games, however I'm currently focusing on Valve's Source Engine (mainly Counter-Strike: Source). Valve does have their own anti-cheat system (VAC), but it doesn't catch most of the subscription based and private cheats. One limitation to working with Source games is the fact that I have to tread softly and make sure my client does not behave like a cheat, causing the player to get banned. For the most part this just means I can't hook into the game.
Hope that clears things up!
Hope that clears things up!
You should make your game apply a tag in a hidden layer of the screenshot, with some kinda of id from server, example:
Day one between 1:00 AM AND 2:AM your server send the tag (KILL), write this in a hidden layer and keep the history of all tags and data for reference.
But actually its impossible block cheaters, see Blizzard, they keep trying process glidder (the best wow bot actually) but never got they out of business, and glidder programers sell they bot and features, so its profitable like the game.
Some part of Glidder is coded in assemble to get direct access in Keyboard and Mouse, and other features who make the software invisible to anti-cheat programs...
The real point is make your game something with dynamic menus and who need a real interaction from the player, and not same thing, kill same mobs, answer same questions, etc... This apply for functions and objects too, if your game always work with same name of funcion or object the bots gonna intercept they and do anything...
The basic cheat on games online years ago its change the memory address, in wow for example the address change everytime when you run the game, and if you change some important data the game goes to error screen sending the data to blizzard...
I hope you can understand me, english isnt my native language, sorry if you dont get something.
Day one between 1:00 AM AND 2:AM your server send the tag (KILL), write this in a hidden layer and keep the history of all tags and data for reference.
But actually its impossible block cheaters, see Blizzard, they keep trying process glidder (the best wow bot actually) but never got they out of business, and glidder programers sell they bot and features, so its profitable like the game.
Some part of Glidder is coded in assemble to get direct access in Keyboard and Mouse, and other features who make the software invisible to anti-cheat programs...
The real point is make your game something with dynamic menus and who need a real interaction from the player, and not same thing, kill same mobs, answer same questions, etc... This apply for functions and objects too, if your game always work with same name of funcion or object the bots gonna intercept they and do anything...
The basic cheat on games online years ago its change the memory address, in wow for example the address change everytime when you run the game, and if you change some important data the game goes to error screen sending the data to blizzard...
I hope you can understand me, english isnt my native language, sorry if you dont get something.
ASKER
Thanks for the comment, Wisdown.
The client that I am making is not for my own game-- it's meant to be used in commercial games not developed by me, so some of your suggestions don't apply. Also, I don't know of any way to apply a tag to an image until after it's created by a call to something like bitblt, at which point it will be too late.
Here's the way I see it happening:
1. I get the tag from the server.
2. I make a call to something like bitblt or stretchblt, which will give me a screen capture.
3. The cheat hooks the screen capture function, and keeps it from executing until the cheats have been turned off, so the screenshot returned is clean (e.g. some cheats give the user a configuration option that delays the bitblt by x milliseconds).
4. When that function returns, I save the Image and write the tag into it. I still have no idea if this is a genuine screenshot or one taken after the cheats have been turned off.
I should add that I'm not trying to block cheaters, but catch them. I realize that anti-cheat is generally a losing battle, but I'd like to make my client as strong as possible. For awhile, even the best cheats weren't spoofing screenshots made from glreadpixels, that's beginning to change. If I could even find anoher tricky way to take screenshots that thwarted cheat developers for even a little while, I'd at least have a small victory.
The client that I am making is not for my own game-- it's meant to be used in commercial games not developed by me, so some of your suggestions don't apply. Also, I don't know of any way to apply a tag to an image until after it's created by a call to something like bitblt, at which point it will be too late.
Here's the way I see it happening:
1. I get the tag from the server.
2. I make a call to something like bitblt or stretchblt, which will give me a screen capture.
3. The cheat hooks the screen capture function, and keeps it from executing until the cheats have been turned off, so the screenshot returned is clean (e.g. some cheats give the user a configuration option that delays the bitblt by x milliseconds).
4. When that function returns, I save the Image and write the tag into it. I still have no idea if this is a genuine screenshot or one taken after the cheats have been turned off.
I should add that I'm not trying to block cheaters, but catch them. I realize that anti-cheat is generally a losing battle, but I'd like to make my client as strong as possible. For awhile, even the best cheats weren't spoofing screenshots made from glreadpixels, that's beginning to change. If I could even find anoher tricky way to take screenshots that thwarted cheat developers for even a little while, I'd at least have a small victory.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.