3

I know this is a very specific question, but cheating in games is a hot topic, I was wondering if obfuscating base address of important pointers and obfuscating member variables offsets is a valid anti-cheating measure?

Member variables addresses usually change when the game is restarted, while base addresses of pointers are always the same, so cheaters find base addresses of game objects, which hold important data, then add offsets to get to member variables to read information stored inside them (like game->player[0]->health).

If game developers added a random number of variables (or just some data) before the declaration of the game class pointer and added some random length data before important member variables (e.g. before game->player and player->health), wouldn't it put an additional burden to cheaters? They would have to find base addresses anew everytime the game is recompiled, or find some other more time-consuming methods of finding important member variables in memory.

I'm not a C++ programmer, does C++ allow to do this during compile-time or maybe even during game launch? Are there any tools for that or would you need to write a custom parser for this? Or maybe this approach wouldn't work at all for some reason?

EDIT: I'm mostly talking about online games, where you have to connect to a game server, so I'm sure there is a way to make sure that cheaters can't avoid updating the exe file, if it was forced by game DEVs (by changing game packet structure for both server and client for example).

Yekoor
  • 79
  • 3
  • 5
    I don't know why you believe "base addresses of pointers are always the same". ASLR is designed for the express purpose of making them not always the same. – Ben Voigt Sep 06 '22 at 15:27
  • 2
    On modern operating systems you will get random base addresses for every program run. – Jesper Juhl Sep 06 '22 at 15:28
  • 1
    @Ben Voigt But can't you turn off ASLR in windows? If yes, cheaters can just turn it off and the problem is solved. – Yekoor Sep 06 '22 at 15:29
  • Note: [this is being discussed in the above question](https://en.wikipedia.org/wiki/Address_space_layout_randomization), not Age, Sex, Language, Religion. It's not supposed to thwart video gamer cheats, but the more important target of slowing malicious s who want to with your computer. – user4581301 Sep 06 '22 at 15:30
  • 1
    @user4581301 I know about ASLR, but afaik you can just turn it off it windows, which renders it useless as an anticheating measure, so I wondered if it's possible and if it makes sense to implement your own "ASLR" into the game. – Yekoor Sep 06 '22 at 15:36
  • 1
    The whole point of "always connected" games is to eliminate need to protect the end user executable by keeping the important logic on the server. – user7860670 Sep 06 '22 at 15:36
  • 1
    @user7860670 you can't keep everything on the server, like for example locations of other players. This allows cheaters to create ESP hacks, that would show cheaters where other players are located on the map. – Yekoor Sep 06 '22 at 15:37
  • In this case server should not send to client locations of the other players that the client is not supposed to see atm. – user7860670 Sep 06 '22 at 15:40
  • @user7860670 it makes little sense, if an enemy is right next to you, behind some bush, your game needs to know his location, to produce sounds etc, this surely doesn't work. – Yekoor Sep 06 '22 at 15:41
  • Yes, you should only do rendering and sending client actions to server on the client side, also you should validate user actions on the server side. – Mehran Sep 06 '22 at 15:46
  • 1
    @Yekoor: Yes, I was mentioning not because "OS-level ASLR will thwart cheaters" (as you say, they can just turn that off) but as an example proving technical feasibility. Of course, the game may detect if ASLR is disabled as one of its anti-cheat measures. https://stackoverflow.com/a/47106209/103167 – Ben Voigt Sep 06 '22 at 15:47
  • @Mehran there are many situations when the game has to know something, but you as a player shouldn't have access to it. Such situations should be minimizes, yes, but you CAN'T completely avoid them. Like enemy in the bush right next to you, as I described above. Another example are aimbots, cheats just aim for enemy's head for you. You can't do aiming server-side. – Yekoor Sep 06 '22 at 15:50
  • If you are trying to defeat aslr or you are trying to write code to defeat cheaters - welcome to the real world, you will eventually fail. Meaning; aslr makes some things hard - but not impossible. – Jesper Juhl Sep 06 '22 at 15:52
  • @JesperJuhl: I definitely agree. That's [what I call the "#1 Law of Software Licensing"](https://stackoverflow.com/a/4532568/103167): **You don't control your software once you allow it to be installed on a computer you don't control.** This question doesn't seem to ask whether changing memory layout will be effective, only whether it is possible. It is. – Ben Voigt Sep 06 '22 at 15:56
  • @Jesper Juhl yeah, I know it's impossible to totally beat cheating. I'm wondering if it can be made more difficult and time consuming, so I came up with this idea. Since I haven't heard of anyone doing it, I was wondering why and if this approach can actually work to slow down game hacking or if my idea has some flaw. – Yekoor Sep 06 '22 at 15:57

1 Answers1

0

The way to make an online game cheap proof is to not trust the clients.

Everything else isn't going to work; you are just painting over the cheats, not blocking them.

The second best way is to validate that the system you are running on isn't corrupted -- detect cheating programs and their activities.

Something as simple as what you describe isn't going to slow down people hacking your game more than a few minutes the first time you do it, then seconds on later releases. Meanwhile it would waste resources and could make legitimate debugging by developers be a pain.

Security is about the ratio between the effort required by legitimate users and the effort required by illegitimate users. A good security system, like public key cryptography, has this ratio in the trillions of trillions of trillions. The system you describe has a ratio on the range of 3ish -- 3 times more annoying for cheaters (hacking the executable) than legitimate users (software developers) -- based on my guess. And 3ish sucks.

Anti-cheat measures should be looked at in two ways. First, if you are an established producer of major games, then you'll have a serious anti-cheat system already built, and you'll incorporate that into your games. If you aren't a producer of major games, then your goal is to become a major game, and cheating is basically not a big problem until you are. (The effort required to cheat at a game doesn't scale with the game user base; so games with larger user bases get more prolific cheats.)

Yakk - Adam Nevraumont
  • 262,606
  • 27
  • 330
  • 524