4/2/2023 0 Comments Faceit anti cheat kernel level![]() ![]() Block suspend access to our kernel threads from System(4) process.Block game hwnd access from window APIs(NtUserQueryWindow/NtUserBuildHwndList/NtUserFindWindowEx/NtUserGetForegroundWindow/NtUserSetWindowLong/NtUserWindowFromPoint).ExpLookupHandleTableEntry integrity check.Scan/Analyse VAD entries and hidden VAD entries. ![]() Child process create monitor for our protected apps.Physical memory based SBD scan (MmGetPhysicalMemoryRanges).Anti debug/sandbox/hypervisor/virtualization.Ring3 protection(PPL) for self protected apps.Anti speed hack based time modification detection/manipulation.Anti hook (Inline, IAT, EAT, SSDT, SSSDT, IDT).Enumerate kernel memory for find manually mapped and hidden(unlinked), deleted(file), non-signed drivers, hijacked objects, non device created drivers also check loaded driver file-memory integritys.ARK like Remote Administration tool for manage master server connections.Protected network wrapper API for game client communication.TODO, In development features TODO Main features Common checks File, Driver, Handle, Heap, Module, System object, Process, Virtual memory section, Thread, Window.Detection execute on virtual machine, emulation and generic sandboxes.Detect/Reject Kernel and User mode debugging.Detect/Reject/Analysis game process handle access.Detect/Reject/Analysis game process memory access.Virtual memory hook
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |