Anti-Rename System

Ian* · 07/31/2010, 00:07

Quote:

Originally Posted by Huseby

Easy, stop useing binary files. -.-
It gota be better ways to do this than makeing them unable to rename the file.

yep there is another solution.write a dll file that performs a check of processes to see if your conquer.exe is reunning. (like YourSeverCO.exe is running, else botjail.)

Huseby · 07/31/2010, 02:32

If hybrid is still bothered with his aimbot, hel just do like Comimic has done, make it generate a random process name.

Nullable · 07/31/2010, 21:37

You can use a protector or something(ex. Engima) or you can inline-patch co GetModuleFileName() and lstrcmp the name vs. your co exe name

WarpGeorge · 07/31/2010, 21:57

Huseby if you didn't fully read one of my replies think again before answering. I repeat, like I said before, I will not start creating a C# Source because I don't need to start over and learn C# and then to learn how to implement things into. I don't want to make it for profit, all I want it's a fun server. I'll think about how to stop this and I thank to people who gave me some good answers. I'll try my best. If anyone has another opinion about this please tell me !

Korvacs · 08/02/2010, 00:15

Honestly if you think you can get people to run an external app 24/7 in order to stop them renaming the conquer.exe, then you have a really neive view on people, a simple way around that would be to just kill your process. Then rename, then aimbot.

You just cant avoid this, its their computer, if you want to stop people aimbotting then you will have to at the very least pipe people through a proxy and inspect their packets to see if they are aiming, although this would be more easily done at the game server.

Fish* · 08/09/2010, 13:24

make ur own windows?
windows NRA
Windows (Not Rename Able)

© Haydz · 08/09/2010, 22:42

Quote:

Originally Posted by grillmad

make ur own windows?
windows NRA
Windows (Not Rename Able)

Because that's useful for a client isn't it.

Fish* · 08/10/2010, 12:19

Quote:

Originally Posted by © Haydz

Because that's useful for a client isn't it.

yup it is.
xDDD

lol it was sarcasm :P

andyd123 · 08/10/2010, 15:57

If you know enough to prevent the windows file system from renaming files, which is obviously very difficult to do without using some form of mallicious software, then you shouldn't have a problem writing your own server from scratch, especially considering all the information you need is public..

Ian* · 08/12/2010, 12:55

You are struck with two very strong disadvantages here.

Binary server, and obviously, the client's also in binary form.
Now if you did what korvacs was saying, pipe them threw some sort of proxy before the data is sent to your server, that would work, but what's to stop someone from just bypassing the proxy and sending data directly to your server instead?

If you had a source server, C# or whatever it may be, you could forward all data threw to a proxy, modify/ re-encrypt or do whatever you like to the packets, and then have all the data processed threw the server.

This would be a way to completely stop aimbotting (at least until someone wants to write a proxy for your proxy and then send it to the game server), speedhacking and what have you.

But using a binary server, you really have no options as far as protection goes.

An alternative to someone with programming experience, write a driver, keep the service running 24/7 on the machine and have it monitor the file "X:\MyServer\MyServer.exe". If that file is renamed (or just goes out of site to the scanner) then create a new one with a backup stored in a hidden folder on the computer, and delete any executable files inside that folder which you don't define.

It's really flawed though, just because windows doesn't offer any support for preventing file renaming, moving, deleting etc etc (Wonder why? -> Hackers maybe?)

Anyways, you're options are too limited and for you, I'm sorry to say, it can't be done.

Case closed?

Nullable · 08/12/2010, 15:20

Why does the solution has to include writing a driver in the process, it isn't needed when you can simply hack a few win32 apis, particularly GetModuleHandle.

Simply inline patch the application, with the help of a small codecave and add code that calls GetModuleHandle with the argument passed as the name of YOUR exe, if the name matches and the module exists, it will return value that isn't equal to NULL, else it will return NULL.

Code:

PUSH 0x000000 ;ptr to string that contains the name of YOUR exe
CALL GetModuleHandleA ;copy the address from somewhere that calls it in the exe
CMP EAX, 0
JZ 0x0000 ;if they are equal jmp to addr where your codecave calls ExitProcess
;codecave epilog
PUSH 0
CALL ExitProcess ;again copy the address from somewhere that calls it in the exe

Small note: it won't prevent users from renaming it, but it will exit if the application file was renamed provided that you place the codecave in a proper place.

WarpGeorge · 08/18/2010, 00:42

Well, after long researches, I've finaly prevent people from using the Hybrids aimbot so this thread can be closed.
I've didn't made much thing but if anyone want help or want to disable the Hybrids aim and still want to be able for futher edits (not using the 4Bo**ers system, I have my own one) PM me.

Korvacs · 08/18/2010, 11:35

What did you do?

WarpGeorge · 08/18/2010, 12:42

Well, if you really want to know PM me and i'll tell you. i changed my mind and dont want to give that away for anyone bcoz i've searched alot for it and it's not easy to find one...

Korvacs · 08/20/2010, 09:56

Ugh ok, so much for sharing in the community, i cant imagine many people are interested in it tbh.

Closed.