Rim/iw4x-client
Rim/iw4x-client
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Merge branch 'feature/anticheat-process-suspention' into 'develop'

Browse Source 
Detect process suspension on startup to inject dlls
This commit is contained in:
TheApadayo 2019-01-16 06:59:04 +01:00
commit 7e40caefd4
4 changed files with 70 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Components/Loader.cpp
View File

@ -72,9 +72,7 @@ namespace Components
Loader::Register(new Renderer()); Loader::Register(new Renderer());
Loader::Register(new UIFeeder()); Loader::Register(new UIFeeder());
Loader::Register(new UIScript()); Loader::Register(new UIScript());
#ifndef DISABLE_ANTICHEAT
Loader::Register(new AntiCheat()); Loader::Register(new AntiCheat());
#endif
Loader::Register(new Changelog()); Loader::Register(new Changelog());
Loader::Register(new Dedicated()); Loader::Register(new Dedicated());
Loader::Register(new Discovery()); Loader::Register(new Discovery());

62
src/Components/Modules/AntiCheat.cpp
View File

@ -824,6 +824,64 @@ namespace Components
__VMProtectEnd; __VMProtectEnd;
} }
void AntiCheat::SystemTimeDiff(LPSYSTEMTIME stA, LPSYSTEMTIME stB, LPSYSTEMTIME stC) {
FILETIME ftA, ftB, ftC;
ULARGE_INTEGER uiA, uiB, uiC;
SystemTimeToFileTime(stA, &ftA);
SystemTimeToFileTime(stB, &ftB);
uiA.HighPart = ftA.dwHighDateTime;
uiA.LowPart = ftA.dwLowDateTime;
uiB.HighPart = ftB.dwHighDateTime;
uiB.LowPart = ftB.dwLowDateTime;
uiC.QuadPart = uiA.QuadPart - uiB.QuadPart;
ftC.dwHighDateTime = uiC.HighPart;
ftC.dwLowDateTime = uiC.LowPart;
FileTimeToSystemTime(&ftC, stC);
}
void AntiCheat::CheckStartupTime()
{
__VMProtectBeginUltra("");
FILETIME creation, exit, kernel, user;
SYSTEMTIME current, creationSt, diffSt;
GetSystemTime(&current);
GetProcessTimes(GetCurrentProcess(), &creation, &exit, &kernel, &user);
FileTimeToSystemTime(&creation, &creationSt);
AntiCheat::SystemTimeDiff(&current, &creationSt, &diffSt);
#ifdef DEBUG
char buf[512];
snprintf(buf, 512, "creation: %d:%d:%d:%d\n", creationSt.wHour, creationSt.wMinute, creationSt.wSecond, creationSt.wMilliseconds);
OutputDebugStringA(buf);
snprintf(buf, 512, "current: %d:%d:%d:%d\n", current.wHour, current.wMinute, current.wSecond, current.wMilliseconds);
OutputDebugStringA(buf);
snprintf(buf, 512, "diff: %d:%d:%d:%d\n", diffSt.wHour, diffSt.wMinute, diffSt.wSecond, diffSt.wMilliseconds);
OutputDebugStringA(buf);
#endif
// crash client if they are using process suspension to inject dlls during startup (aka before we got to here)
// maybe tweak this value depending on what the above logging reveals during testing,
// but 5 seconds seems about right for now
int time = diffSt.wMilliseconds + (diffSt.wSecond * 1000) + (diffSt.wMinute * 1000 * 60);
if (time > 5000) {
Components::AntiCheat::CrashClient();
}
// use below for logging when using StartSuspended.exe
// FILE* f = fopen("times.txt", "a");
// fwrite(buf, 1, strlen(buf), f);
// fclose(f);
__VMProtectEnd;
}
AntiCheat::AntiCheat() AntiCheat::AntiCheat()
{ {
__VMProtectBeginUltra(""); __VMProtectBeginUltra("");
@ -831,13 +889,12 @@ namespace Components
time(nullptr); time(nullptr);
AntiCheat::Flags = NO_FLAG; AntiCheat::Flags = NO_FLAG;
#ifdef DEBUG #ifdef DISABLE_ANTICHEAT
Command::Add("penis", [](Command::Params*) Command::Add("penis", [](Command::Params*)
{ {
AntiCheat::CrashClient(); AntiCheat::CrashClient();
}); });
#else #else
Utils::Hook(0x507BD5, AntiCheat::PatchWinAPI, HOOK_CALL).install()->quick(); Utils::Hook(0x507BD5, AntiCheat::PatchWinAPI, HOOK_CALL).install()->quick();
Utils::Hook(0x5082FD, AntiCheat::LostD3DStub, HOOK_CALL).install()->quick(); Utils::Hook(0x5082FD, AntiCheat::LostD3DStub, HOOK_CALL).install()->quick();
Utils::Hook(0x51C76C, AntiCheat::CinematicStub, HOOK_CALL).install()->quick(); Utils::Hook(0x51C76C, AntiCheat::CinematicStub, HOOK_CALL).install()->quick();
@ -866,6 +923,7 @@ namespace Components
// Set the integrity flag // Set the integrity flag
AntiCheat::Flags |= AntiCheat::IntergrityFlag::INITIALIZATION; AntiCheat::Flags |= AntiCheat::IntergrityFlag::INITIALIZATION;
#endif #endif
__VMProtectEnd; __VMProtectEnd;

4
src/Components/Modules/AntiCheat.hpp
View File

@ -54,6 +54,9 @@ namespace Components
static void UninstallLibHook(); static void UninstallLibHook();
static void InstallLibHook(); static void InstallLibHook();
static void CheckStartupTime();
static void SystemTimeDiff(LPSYSTEMTIME stA, LPSYSTEMTIME stB, LPSYSTEMTIME stC);
private: private:
enum IntergrityFlag enum IntergrityFlag
{ {
@ -114,3 +117,4 @@ namespace Components
static Utils::Hook VirtualProtectHook[2]; static Utils::Hook VirtualProtectHook[2];
}; };
} }

6
src/Components/Modules/CardTitles.cpp
View File

@ -220,6 +220,12 @@ namespace Components
// Table lookup stuff // Table lookup stuff
Utils::Hook(0x62DCC1, CardTitles::TableLookupByRowHookStub).install()->quick(); Utils::Hook(0x62DCC1, CardTitles::TableLookupByRowHookStub).install()->quick();
Utils::Hook::Nop(0x62DCC6, 1); Utils::Hook::Nop(0x62DCC6, 1);
// This is placed here in case the anticheat has been disabled!
// This checks specifically for launching the process suspended to inject a dll
#if !defined(DISABLE_ANTICHEAT)
AntiCheat::CheckStartupTime();
#endif
} }
CardTitles::~CardTitles() CardTitles::~CardTitles()