Posted September 27, 200519 yr I'm sure most of you have heard of "rootkits". They've been around forever for Linux/UNIX (as a linux/unix box is more likely to be a dedicated server), but are becoming increasingly popular on Windows to hide files/processes from things like anti-virus/spyware scanners. I haven't done any really in-depth research about how things like Punkbuster and VAC work, but I can safely guess that they have to work using client-side Win32 API functions. :shifty: Say you wrote a program to modify every possible Win32 API function that can find/open a handle to an existing process so that it can NEVER attach to randomhack.exe, (in theory) there is NO way that any sort of client-side scan (like VAC) would be able to detect the process running. I realize that this wouldn't work for loaders, but programs that are entirely 3rd party and rely on memory scanning/rewriting would be perfect candidates. If existing Windows rootkits can hide themselves and their processes/files from Norton and other "hardcore" virus-scanners, why hasn't this avenue been explored for game hacking? (Or has it?) I realize that modifying your system kernel isn't exactly easy (on windows anyways, heh), but this seems like it could be worth exploring. What do you think?
September 27, 200519 yr so with hack loaders (99.9% of cs and css hacks) this wont work... but with things like memory/color aimbots, it would? things that dont attach themselves to the hl2 process would be protected with this method?
September 27, 200519 yr Author so with hack loaders (99.9% of cs and css hacks) this wont work... but with things like memory/color aimbots, it would? things that dont attach themselves to the hl2 process would be protected with this method? In theory yes, as there'd be no way for the client-side scans to detect running processes scanning another process's memory. The scan wouldn't be able to detect a "compromised" system, since it would have to use the compromised system's API functions to scan itself.
September 27, 200519 yr MAKONG']Dumb. Yes. You really think noone else thought about that before? I'm pretty sure someone did. And it doesn't just work like that.
September 27, 200519 yr Author Well, I was hoping for more thoughts from you intelligent people than "it doesn't just work like that". I'm pretty sure someone has thought of it before, since almost EVERYTHING has been thought of before, but I'm wondering why it was not pursued as an option. I'm going to experiment with some of this stuff later on one of my VMWare installations.
September 29, 200519 yr Well, look at the idea as communism. It's a great idea, but it doesn't just work that way.
