iw4x-client/src/Components/Modules/AntiCheat.hpp

#pragma once

#ifndef DEBUG
// Hide AntiCheat in embeded symbol names
#define AntiCheat SubComponent
#else
# ifndef DISABLE_ANTICHEAT
#  define DISABLE_ANTICHEAT
# endif
#endif

// Uncomment to enable process protection (conflicts with steam!)
#define PROCTECT_PROCESS

namespace Components
{
	class AntiCheat : public Component
	{
	public:
		AntiCheat();
		~AntiCheat();

		class LibUnlocker
		{
		public:
			LibUnlocker()
			{
				UninstallLibHook();
			}
			~LibUnlocker()
			{
				InstallLibHook();
			}
		};

		static void CrashClient();

		static void InitLoadLibHook();

		static void ReadIntegrityCheck();
		static void ScanIntegrityCheck();
		static void FlagIntegrityCheck();

		static unsigned long ProtectProcess();

		static void PatchVirtualProtect(void* vp, void* vpex);
		static void PatchThreadCreation();

		static void VerifyThreadIntegrity();

		static void QuickCodeScanner1();
		static void QuickCodeScanner2();

		static void UninstallLibHook();
		static void InstallLibHook();

        static void CheckStartupTime();
        static void SystemTimeDiff(LPSYSTEMTIME stA, LPSYSTEMTIME stB, LPSYSTEMTIME stC);

	private:
		enum IntergrityFlag
		{
			NO_FLAG = (0),
			INITIALIZATION = (1 << 0),
			MEMORY_SCAN = (1 << 1),
			SCAN_INTEGRITY_CHECK = (1 << 2),

#ifdef PROCTECT_PROCESS
			READ_INTEGRITY_CHECK = (1 << 3),
#endif

			MAX_FLAG,
		};

		static Utils::Time::Interval LastCheck;
		static unsigned long Flags;

		static void PerformScan();
		static void PatchWinAPI();

		static void NullSub();

		static bool IsPageChangeAllowed(void* callee, void* addr, size_t len);
		static void AssertCalleeModule(void* callee);

#ifdef DEBUG_LOAD_LIBRARY
		static HANDLE LoadLibary(std::wstring library, HANDLE file, DWORD flags, void* callee);
		static HANDLE WINAPI LoadLibaryAStub(const char* library);
		static HANDLE WINAPI LoadLibaryWStub(const wchar_t* library);
		static HANDLE WINAPI LoadLibaryExAStub(const char* library, HANDLE file, DWORD flags);
		static HANDLE WINAPI LoadLibaryExWStub(const wchar_t* library, HANDLE file, DWORD flags);
#endif

		static BOOL WINAPI VirtualProtectStub(LPVOID lpAddress, SIZE_T dwSize, DWORD  flNewProtect, PDWORD lpflOldProtect);
		static BOOL WINAPI VirtualProtectExStub(HANDLE hProcess, LPVOID lpAddress, SIZE_T dwSize, DWORD flNewProtect, PDWORD lpflOldProtect);

		static void LostD3DStub();
		static void CinematicStub();
		static void SoundInitStub(int a1, int a2, int a3);
		static void SoundInitDriverStub();

		static void DObjGetWorldTagPosStub();
		static void AimTargetGetTagPosStub();

		static void AcquireDebugPrivilege(HANDLE hToken);

		static NTSTATUS NTAPI NtCreateThreadExStub(PHANDLE hThread, ACCESS_MASK desiredAccess, LPVOID objectAttributes, HANDLE processHandle, LPTHREAD_START_ROUTINE startAddress, LPVOID parameter, BOOL createSuspended, DWORD stackZeroBits, DWORD sizeOfStackCommit, DWORD sizeOfStackReserve, LPVOID bytesBuffer);
		static int ValidateThreadTermination(void* addr);
		static void ThreadEntryPointStub();

		static std::mutex ThreadMutex;
		static std::vector<DWORD> OwnThreadIds;
		static std::map<DWORD, std::shared_ptr<Utils::Hook>> ThreadHookMap;

		static Utils::Hook CreateThreadHook;
		static Utils::Hook LoadLibHook[6];
		static Utils::Hook VirtualProtectHook[2];
	};
}
[General] Basic refactoring 2017-01-20 08:36:52 -05:00			`#pragma once`

[LineEndings] Fix them all 2017-01-19 16:23:59 -05:00			`#ifndef DEBUG`
			`// Hide AntiCheat in embeded symbol names`
			`#define AntiCheat SubComponent`
[AntiCheat] Use simpler compiler expression 2017-06-23 04:04:43 -04:00			`#else`
[AntiCheat] Fix duplicate anticheat definition 2017-06-28 15:30:00 -04:00			`# ifndef DISABLE_ANTICHEAT`
			`# define DISABLE_ANTICHEAT`
			`# endif`
[LineEndings] Fix them all 2017-01-19 16:23:59 -05:00			`#endif`

[AntiCheat] Disable process protection as it conflicts with steam 2017-01-26 14:41:39 -05:00			`// Uncomment to enable process protection (conflicts with steam!)`
[AntiCheat] Reenable process protection 2017-01-27 16:04:26 -05:00			`#define PROCTECT_PROCESS`
[AntiCheat] Disable process protection as it conflicts with steam 2017-01-26 14:41:39 -05:00
[LineEndings] Fix them all 2017-01-19 16:23:59 -05:00			`namespace Components`
			`{`
			`class AntiCheat : public Component`
			`{`
			`public:`
			`AntiCheat();`
			`~AntiCheat();`

[AntiCheat] Introduce LibUnlocker 2018-05-10 11:24:03 -04:00			`class LibUnlocker`
			`{`
			`public:`
			`LibUnlocker()`
			`{`
			`UninstallLibHook();`
			`}`
			`~LibUnlocker()`
			`{`
			`InstallLibHook();`
			`}`
			`};`

[LineEndings] Fix them all 2017-01-19 16:23:59 -05:00			`static void CrashClient();`

			`static void InitLoadLibHook();`

			`static void ReadIntegrityCheck();`
			`static void ScanIntegrityCheck();`
			`static void FlagIntegrityCheck();`

[AntiCheat] More process security and debug priviledge acquisition 2017-03-04 07:51:41 -05:00			`static unsigned long ProtectProcess();`

[AntiCheat] Patch virtual protect 2017-03-26 14:41:37 -04:00			`static void PatchVirtualProtect(void* vp, void* vpex);`
[AntiCheat] Prevent dll injection - Hook native LdrLoadDll to prevent injection - Hook native LdrpLoadDll to prevent injection - Hook NtCreateThreadEx to log threads created by this process and kill remote threads 2017-06-10 14:24:42 -04:00			`static void PatchThreadCreation();`

			`static void VerifyThreadIntegrity();`
[AntiCheat] Patch virtual protect 2017-03-26 14:41:37 -04:00
[General] Small code fixes and optimization 2017-06-14 06:06:04 -04:00			`static void QuickCodeScanner1();`
			`static void QuickCodeScanner2();`
[AntiCheat] Add redundant code scanners 2017-06-11 15:24:32 -04:00
[AntiCheat] Uninstall lib hooks before writing minidumps 2017-07-02 07:41:31 -04:00			`static void UninstallLibHook();`
			`static void InstallLibHook();`

[AntiCheat] Detect if process is being started suspended in order to inject a dll to disable the anti cheat 2019-01-06 13:56:06 -05:00			`static void CheckStartupTime();`
			`static void SystemTimeDiff(LPSYSTEMTIME stA, LPSYSTEMTIME stB, LPSYSTEMTIME stC);`

[LineEndings] Fix them all 2017-01-19 16:23:59 -05:00			`private:`
			`enum IntergrityFlag`
			`{`
			`NO_FLAG = (0),`
			`INITIALIZATION = (1 << 0),`
			`MEMORY_SCAN = (1 << 1),`
			`SCAN_INTEGRITY_CHECK = (1 << 2),`
[AntiCheat] Disable process protection as it conflicts with steam 2017-01-26 14:41:39 -05:00
			`#ifdef PROCTECT_PROCESS`
[LineEndings] Fix them all 2017-01-19 16:23:59 -05:00			`READ_INTEGRITY_CHECK = (1 << 3),`
[AntiCheat] Disable process protection as it conflicts with steam 2017-01-26 14:41:39 -05:00			`#endif`
[LineEndings] Fix them all 2017-01-19 16:23:59 -05:00
			`MAX_FLAG,`
			`};`

			`static Utils::Time::Interval LastCheck;`
			`static unsigned long Flags;`

			`static void PerformScan();`
			`static void PatchWinAPI();`

			`static void NullSub();`

[AntiCheat] Patch virtual protect 2017-03-26 14:41:37 -04:00			`static bool IsPageChangeAllowed(void* callee, void* addr, size_t len);`
[LineEndings] Fix them all 2017-01-19 16:23:59 -05:00			`static void AssertCalleeModule(void* callee);`

			`#ifdef DEBUG_LOAD_LIBRARY`
[AntiCheat] Block LoadLibraryEx(A/W) 2017-02-13 12:32:07 -05:00			`static HANDLE LoadLibary(std::wstring library, HANDLE file, DWORD flags, void* callee);`
[LineEndings] Fix them all 2017-01-19 16:23:59 -05:00			`static HANDLE WINAPI LoadLibaryAStub(const char* library);`
			`static HANDLE WINAPI LoadLibaryWStub(const wchar_t* library);`
[AntiCheat] Block LoadLibraryEx(A/W) 2017-02-13 12:32:07 -05:00			`static HANDLE WINAPI LoadLibaryExAStub(const char* library, HANDLE file, DWORD flags);`
			`static HANDLE WINAPI LoadLibaryExWStub(const wchar_t* library, HANDLE file, DWORD flags);`
[LineEndings] Fix them all 2017-01-19 16:23:59 -05:00			`#endif`

[AntiCheat] Patch virtual protect 2017-03-26 14:41:37 -04:00			`static BOOL WINAPI VirtualProtectStub(LPVOID lpAddress, SIZE_T dwSize, DWORD flNewProtect, PDWORD lpflOldProtect);`
[General] Small code fixes and optimization 2017-06-14 06:06:04 -04:00			`static BOOL WINAPI VirtualProtectExStub(HANDLE hProcess, LPVOID lpAddress, SIZE_T dwSize, DWORD flNewProtect, PDWORD lpflOldProtect);`
[AntiCheat] Patch virtual protect 2017-03-26 14:41:37 -04:00
[LineEndings] Fix them all 2017-01-19 16:23:59 -05:00			`static void LostD3DStub();`
			`static void CinematicStub();`
			`static void SoundInitStub(int a1, int a2, int a3);`
			`static void SoundInitDriverStub();`

			`static void DObjGetWorldTagPosStub();`
			`static void AimTargetGetTagPosStub();`

[FileSystem] Remove debug message 2017-06-29 18:41:15 -04:00			`static void AcquireDebugPrivilege(HANDLE hToken);`
[AntiCheat] More process security and debug priviledge acquisition 2017-03-04 07:51:41 -05:00
[AntiCheat] Prevent dll injection - Hook native LdrLoadDll to prevent injection - Hook native LdrpLoadDll to prevent injection - Hook NtCreateThreadEx to log threads created by this process and kill remote threads 2017-06-10 14:24:42 -04:00			`static NTSTATUS NTAPI NtCreateThreadExStub(PHANDLE hThread, ACCESS_MASK desiredAccess, LPVOID objectAttributes, HANDLE processHandle, LPTHREAD_START_ROUTINE startAddress, LPVOID parameter, BOOL createSuspended, DWORD stackZeroBits, DWORD sizeOfStackCommit, DWORD sizeOfStackReserve, LPVOID bytesBuffer);`
			`static int ValidateThreadTermination(void* addr);`
			`static void ThreadEntryPointStub();`

			`static std::mutex ThreadMutex;`
			`static std::vector<DWORD> OwnThreadIds;`
			`static std::map<DWORD, std::shared_ptr<Utils::Hook>> ThreadHookMap;`

			`static Utils::Hook CreateThreadHook;`
			`static Utils::Hook LoadLibHook[6];`
[AntiCheat] Patch virtual protect 2017-03-26 14:41:37 -04:00			`static Utils::Hook VirtualProtectHook[2];`
[LineEndings] Fix them all 2017-01-19 16:23:59 -05:00			`};`
			`}`
[AntiCheat] Detect if process is being started suspended in order to inject a dll to disable the anti cheat 2019-01-06 13:56:06 -05:00