4

I was searching around in regards how to prevent an application from being killed but haven't really found an answer that describes how it works for antivirus applications for example.

What I am looking forward to do is a tool (similar to Gameguard, xTrap) to prevent cheating on my a simple online game I made on XNA.

In the process of doing features to prevent the user to cheat on my game I was wondering how AVG, Norton and others antivirus application work in harmony with the OS not allowing admin users to close their application but yet shutting down gracefully ?

With out using a second application to watch my anticheat application is it possible to catch kill events on it so I can atleast close my game when that happens ?

I was also considering using my game as a watcher for my anticheat and viceversa to whenever 1 of them goes off the other goes as well but I would like to understand the above as well.

From what I have seen people easyly bypass these kinda of things with simple detours on those calls so maybe having my game as watcher for the anticheater wouldn't be so efficient either ...

Would love some answers, advices, piece of codes related to what I could improve as security for my game and anticheat application.

Also information preventing debuggers such as olly and the such to attach to it.

Cœur
  • 37,241
  • 25
  • 195
  • 267
Guapo
  • 3,446
  • 9
  • 36
  • 63
  • Generally speaking, if you don't want people tampering with your program, don't run your program on their computers. It's their hardware; they will find a way to make it work like they want. – cdhowie Jan 05 '11 at 02:29
  • unhappyly that does not seem to be an option and even if I cannot prevent 100% of them I am sure a great portion of them can be prevented and another great portion would give up half way. – Guapo Jan 05 '11 at 02:33
  • If you're not willing to take the code out of the user's hands entirely, then the best way of dealing with the issue is to have the server *validate* what the game client sends to make sure it's reasonable. The server should be able to make sure that what the client claims it's doing is actually possible. – Anon. Jan 05 '11 at 02:38
  • @Guapo: Perhaps. Generally I find it a better approach to obscure stored values behind some math so they aren't as readily apparent. That will foil most game trainers right away. – cdhowie Jan 05 '11 at 02:38
  • If that would solve all the problems would be nice but it does not... also there are the postmessage, sendmessage, keybd_events to emulate key being send and so forth. – Guapo Jan 05 '11 at 02:55
  • Is this only on Windows? – Hut8 Jan 05 '11 at 02:58
  • currently yes I am only focusing windows OS – Guapo Jan 05 '11 at 02:59

1 Answers1

4

Only way i can think of is by hooking/injecting code/dll into task manager or kernel32.

Each process killing ends up with call to "TerminateProcess".

Start point: http://www.codeproject.com/KB/vista/api-hooks.aspx

Try to google on: TerminateProcess hook

HABJAN
  • 9,212
  • 3
  • 35
  • 59
  • Thanks a lot that is the first answer I get in regards one of the questions. I will check on that. – Guapo Jan 05 '11 at 09:50