上回书说完检测方法就戛然而止了,这篇文章就来谈谈如何过检测。
首先回顾一下平台对作弊的检测方法,检测开始前平台准备一个单位列表,在列表中,有玩家可见的单位和玩家视野外的单位。
地图脚本会强迫玩家点击每个在列表里的单位。
如果玩家选中了不可见的单位(视野外或者隐身单位)或者玩家没有选中可见单位 都会提高作弊的置信程度
1 for _,__0x0150__ in ipairs(__0x7633__[__0x2073__]) do 2 __0x0519__:__0x1929__(__0x0150__) 3 local __0x7637__=__0x0015__.__0x0941__(__0x3247__.selection()) 4 if __0x7637__==__0x0150__ then 5 __0x2740__.__0x7611__=__0x2740__.__0x7611__+1 6 __0x0288__.info('!hack! __0x2740__.__0x7611__ + 1',__0x2740__.__0x7611__) 7 if __0x7637__==__0x0196__ then 8 __0x2740__.__0x7613__=__0x2740__.__0x7613__+1 9 __0x0288__.info('!hack! __0x2740__.__0x7613__ + 1',__0x2740__.__0x7613__) 10 end 11 end
那么如何来bypass整个检测呢,最直接的方法就是不开启视野外点击这个功能,只在大地图上显示模型。
当然这样的方法是消极的做法。下面上我的解决方案。
既然地图脚本使用lua来写的,肯定有个模块从外部调用了war3的内部函数来点击单位,只要找到被外部的函数地址剩下的就好办了。
经过分析 其实是 War3Plugin.dll 调用了 位于game.dll+0x425FD0处的函数 为了方便称为'selectfunc'。
接下来就有多种做法,其中之一是根据传给selectfunc的参数找到该单位的地址,通过判断该单位是否可见来决定跳转是否直接返回。
当然这个方法非常复杂,且效率不高,每个单位都要判断一次。
我采用的方法更加简单明了,首先当然是hook这个函数
函数之间存在着一些间隙,在间隙中可以放置一些额外的代码,替换到函数入口的push指令 jmp到设计好的代码地址。
在6F425FC6处调用bypass函数 该函数的主要作用是暂时关闭视野外点击的作弊功能,在一段时间后再开启。
返回后是一条push指令 因为之前替换掉了selectfunc第一条指令 需要再给它补上。
然后又是一个跳转 跳转到函数中 正常执行。
这样的作法被叫做hook,hook的释义是钩子,这个函数一经调用 这个钩子就能捕获到这一信息。
那么函数具体应该如何实现?该函数在玩家正常点击时也会被调用,总不能一点击就关闭作弊功能。这时候就要根据程序的堆栈来判断该函数是否从外部被调用。
用调试器附加war3,在该函数开头处设下断点,随意选中一个单位,此时程序已经被中断。
观察调用堆栈发现最近的返回地址在 [esp + 0x30] 处 那么以后只要判断栈中存放的地址是否指向程序内部即可。(事实上 game.dll 中多个过程调用了这个函数,需要逐一进行处理)
即如果是从内部调用就直接return 如果不是则暂时关闭作弊功能1秒
下面来看一看过检测的效果
[info]: !hack! __0x2740__.__0x7612__ + 1 1 [info]: !hack! __0x2740__.__0x7612__ + 1 2 [info]: !hack! __0x2740__.__0x7612__ + 1 3 [info]: !hack! __0x2740__.__0x7612__ + 1 4 [info]: !hack! __0x2740__.__0x7612__ + 1 5 [info]: !hack! __0x2740__.__0x7612__ + 1 6 [info]: !hack! __0x2740__.__0x7612__ + 1 7 [info]: !hack! __0x2740__.__0x7612__ + 1 8 [info]: !hack! __0x2740__.__0x7612__ + 1 9 [info]: !hack! __0x2740__.__0x7612__ + 1 10 [info]: !hack! __0x2740__.__0x7612__ + 1 11 [info]: !hack! __0x2740__.__0x7612__ + 1 12 [info]: !hack! __0x2740__.__0x7612__ + 1 13 [info]: !hack! __0x2740__.__0x7612__ + 1 14 [info]: !hack! __0x2740__.__0x7612__ + 1 15 [info]: !hack! __0x2740__.__0x7612__ + 1 16 [info]: !hack! __0x2740__.__0x7612__ + 1 17 [info]: !hack! __0x2740__.__0x7612__ + 1 18 [info]: !hack! __0x2740__.__0x7612__ + 1 19 [info]: !hack! __0x2740__.__0x7612__ + 1 20 [info]: !hack! __0x2740__.__0x7612__ + 1 21 [info]: !hack! __0x2740__.__0x7612__ + 1 22 [info]: !hack! __0x2740__.__0x7612__ + 1 23 [info]: !hack! __0x2740__.__0x7612__ + 1 24 [info]: !hack! __0x2740__.__0x7612__ + 1 25 [info]: !hack! __0x2740__.__0x7612__ + 1 26 [info]: !hack! __0x2740__.__0x7612__ + 1 27 [info]: !hack! __0x2740__.__0x7612__ + 1 28 [info]: !hack! __0x2740__.__0x7612__ + 1 29 [info]: !hack! __0x2740__.__0x7612__ + 1 30 [info]: !hack! __0x2740__.__0x7612__ + 1 31 [info]: !hack! __0x2740__.__0x7612__ + 1 32 [info]: !hack! __0x2740__.__0x7612__ + 1 33 [info]: !hack! __0x2740__.__0x7612__ + 1 34 [info]: !hack! __0x2740__.__0x7612__ + 1 35 [info]: !hack! __0x2740__.__0x7612__ + 1 36 [info]: !hack! __0x2740__.__0x7612__ + 1 37 [info]: !hack! __0x2740__.__0x7612__ + 1 38 [info]: !hack! __0x2740__.__0x7612__ + 1 39 [info]: !hack! __0x2740__.__0x7612__ + 1 40 [info]: !hack! __0x2740__.__0x7612__ + 1 41 [info]: !hack! __0x2740__.__0x7612__ + 1 42 [info]: !hack! __0x2740__.__0x7612__ + 1 43 [info]: !hack! __0x2740__.__0x7612__ + 1 44 [info]: !hack! __0x2740__.__0x7612__ + 1 45 [info]: !hack! __0x2740__.__0x7612__ + 1 46 [info]: !hack! __0x2740__.__0x7612__ + 1 47 [info]: !hack! __0x2740__.__0x7612__ + 1 48 [info]: !hack! __0x2740__.__0x7612__ + 1 49 [info]: !hack! __0x2740__.__0x7612__ + 1 50 [info]: !hack! __0x2740__.__0x7612__ + 1 51 [info]: !hack! __0x2740__.__0x7612__ + 1 52 [info]: !hack! __0x2740__.__0x7612__ + 1 53 [info]: !hack! __0x2740__.__0x7612__ + 1 54 [info]: !hack! __0x2740__.__0x7612__ + 1 55 [info]: !hack! __0x2740__.__0x7612__ + 1 56 [info]: !hack! __0x2740__.__0x7612__ + 1 57 [info]: !hack! __0x2740__.__0x7612__ + 1 58 [info]: !hack! __0x2740__.__0x7612__ + 1 59 [info]: !hack! __0x2740__.__0x7612__ + 1 60 [info]: !hack! __0x2740__.__0x7612__ + 1 61 [info]: !hack! __0x2740__.__0x7612__ + 1 62 [info]: !hack! __0x2740__.__0x7612__ + 1 63 [info]: !hack! __0x2740__.__0x7612__ + 1 64 [info]: !hack! __0x2740__.__0x7612__ + 1 65 [info]: !hack! __0x2740__.__0x7612__ + 1 66 [info]: !hack! __0x2740__.__0x7612__ + 1 67 [info]: !hack! __0x2740__.__0x7612__ + 1 68 [info]: !hack! __0x2740__.__0x7612__ + 1 69 [info]: !hack! __0x2740__.__0x7612__ + 1 70 [info]: !hack! __0x2740__.__0x7612__ + 1 71 [info]: !hack! __0x2740__.__0x7612__ + 1 72 [info]: !hack! __0x2740__.__0x7612__ + 1 73 [info]: !hack! __0x2740__.__0x7612__ + 1 74 [info]: !hack! __0x2740__.__0x7612__ + 1 75 [info]: !hack! __0x2740__.__0x7612__ + 1 76 [info]: !hack! __0x2740__.__0x7612__ + 1 77 [info]: !hack! __0x2740__.__0x7612__ + 1 78 [info]: !hack! __0x2740__.__0x7612__ + 1 79 [info]: !hack! __0x2740__.__0x7612__ + 1 80 [info]: !hack! __0x2740__.__0x7612__ + 1 81 [info]: !hack! __0x2740__.__0x7612__ + 1 82 [info]: !hack! __0x2740__.__0x7612__ + 1 83 [info]: !hack! __0x2740__.__0x7612__ + 1 84 [info]: !hack! __0x2740__.__0x7612__ + 1 85 [info]: !hack! __0x2740__.__0x7612__ + 1 86 [info]: !hack! __0x2740__.__0x7612__ + 1 87 [info]: !hack! __0x2740__.__0x7612__ + 1 88 [info]: !hack! __0x2740__.__0x7612__ + 1 89 [info]: !hack! __0x2740__.__0x7612__ + 1 90 [info]: !hack! __0x2740__.__0x7612__ + 1 91 [info]: !hack! __0x2740__.__0x7612__ + 1 92 [info]: !hack! __0x2740__.__0x7612__ + 1 93 [info]: !hack! __0x2740__.__0x7612__ + 1 94 [info]: !hack! __0x2740__.__0x7612__ + 1 95 [info]: !hack! __0x2740__.__0x7612__ + 1 96 [info]: !hack! __0x2740__.__0x7612__ + 1 97 [info]: !hack! __0x2740__.__0x7612__ + 1 98 [info]: !hack! __0x2740__.__0x7612__ + 1 99 [info]: !hack! __0x2740__.__0x7612__ + 1 100 [info]: !hack! __0x2740__.__0x7612__ + 1 101 [info]: !hack! __0x2740__.__0x7612__ + 1 102 [info]: !hack! __0x2740__.__0x7612__ + 1 103 [info]: !hack! __0x2740__.__0x7612__ + 1 104 [info]: !hack! __0x2740__.__0x7612__ + 1 105 [info]: !hack! __0x2740__.__0x7612__ + 1 106 [info]: !hack! __0x2740__.__0x7612__ + 1 107 [info]: !hack! __0x2740__.__0x7612__ + 1 108 [info]: !hack! __0x2740__.__0x7612__ + 1 109 [info]: !hack! __0x2740__.__0x7612__ + 1 110 [info]: !hack! __0x2740__.__0x7612__ + 1 111 [info]: !hack! __0x2740__.__0x7612__ + 1 112 [info]: !hack! __0x2740__.__0x7612__ + 1 113 [info]: !hack! __0x2740__.__0x7612__ + 1 114 [info]: !hack! __0x2740__.__0x7612__ + 1 115 [info]: !hack! __0x2740__.__0x7612__ + 1 116 [info]: !hack! __0x2740__.__0x7612__ + 1 117 [info]: !hack! __0x2740__.__0x7612__ + 1 118 [info]: !hack! __0x2740__.__0x7612__ + 1 119 [info]: !hack! __0x2740__.__0x7612__ + 1 120 [info]: !hack! __0x2740__.__0x7612__ + 1 121 [info]: !hack! __0x2740__.__0x7612__ + 1 122 [info]: !hack! __0x2740__.__0x7612__ + 1 123 [info]: !hack! __0x2740__.__0x7612__ + 1 124 [info]: !hack! __0x2740__.__0x7612__ + 1 125 [info]: !hack! __0x2740__.__0x7612__ + 1 126 [info]: !hack! __0x2740__.__0x7612__ + 1 127 [info]: !hack! __0x2740__.__0x7612__ + 1 128 [info]: !hack! __0x2740__.__0x7612__ + 1 129 [info]: !hack! __0x2740__.__0x7612__ + 1 130 [info]: !hack! __0x2740__.__0x7612__ + 1 131 [info]: !hack! __0x2740__.__0x7612__ + 1 132 [info]: !hack! __0x2740__.__0x7612__ + 1 133 [info]: !hack! __0x2740__.__0x7612__ + 1 134 [info]: !hack! __0x2740__.__0x7612__ + 1 135 [info]: !hack! __0x2740__.__0x7612__ + 1 136 [info]: !hack! __0x2740__.__0x7612__ + 1 137 [info]: !hack! __0x2740__.__0x7612__ + 1 138 [info]: !hack! __0x2740__.__0x7612__ + 1 139 [info]: !hack! __0x2740__.__0x7612__ + 1 140 [info]: !hack! __0x2740__.__0x7612__ + 1 141 [info]: !hack! __0x2740__.__0x7612__ + 1 142 [info]: !hack! __0x2740__.__0x7612__ + 1 143 [info]: !hack! __0x2740__.__0x7612__ + 1 144 [info]: !hack! __0x2740__.__0x7612__ + 1 145 [info]: !hack! __0x2740__.__0x7612__ + 1 146 [info]: !hack! __0x2740__.__0x7612__ + 1 147 [info]: !hack! __0x2740__.__0x7612__ + 1 148 [info]: !hack! __0x2740__.__0x7612__ + 1 149 [info]: !hack! __0x0216__.__0x7613__ 0 [info]: !hack! __0x0216__.__0x7614__ 0 [info]: !hack! __0x0216__.__0x7615__ 0 [info]: !hack! __0x0216__.__0x7612__ 0 [info]: !hack! __0x0216__.__0x7616__ 0 [info]: !hack! __0x0216__.__0x7613__ 0 [info]: !hack! __0x0216__.__0x7614__ 0 [info]: !hack! __0x0216__.__0x7615__ 0 [info]: !hack! __0x0216__.__0x7612__ 118 [info]: !hack! __0x0216__.__0x7616__ 0 [info]: !hack! __0x0216__.__0x7613__ 0 [info]: !hack! __0x0216__.__0x7614__ 0 [info]: !hack! __0x0216__.__0x7615__ 0 [info]: !hack! __0x0216__.__0x7612__ 118 [info]: !hack! __0x0216__.__0x7616__ 0 [info]: !hack! __0x0216__.__0x7613__ 0 [info]: !hack! __0x0216__.__0x7614__ 0 [info]: !hack! __0x0216__.__0x7615__ 0 [info]: !hack! __0x0216__.__0x7612__ 118 [info]: !hack! __0x0216__.__0x7616__ 0 [info]: !hack! __0x0216__.__0x7613__ 0 [info]: !hack! __0x0216__.__0x7614__ 0 [info]: !hack! __0x0216__.__0x7615__ 0 [info]: !hack! __0x0216__.__0x7612__ 118 [info]: !hack! __0x0216__.__0x7616__ 0 [info]: !hack! __0x0216__.__0x7613__ 0 [info]: !hack! __0x0216__.__0x7614__ 0 [info]: !hack! __0x0216__.__0x7615__ 0 [info]: !hack! __0x0216__.__0x7612__ 118 [info]: !hack! __0x0216__.__0x7616__ 0 [info]: !hack! __0x0216__.__0x7613__ 0 [info]: !hack! __0x0216__.__0x7614__ 0 [info]: !hack! __0x0216__.__0x7615__ 0 [info]: !hack! __0x0216__.__0x7612__ 0 [info]: !hack! __0x0216__.__0x7616__ 0 [info]: !hack! __0x0216__.__0x7613__ 0 [info]: !hack! __0x0216__.__0x7614__ 0 [info]: !hack! __0x0216__.__0x7615__ 0 [info]: !hack! __0x0216__.__0x7612__ 149 [info]: !hack! __0x0216__.__0x7616__ 0 [info]: !hack! __0x0216__.__0x7613__ 0 [info]: !hack! __0x0216__.__0x7614__ 0 [info]: !hack! __0x0216__.__0x7615__ 0 [info]: !hack! __0x0216__.__0x7612__ 149 [info]: !hack! __0x0216__.__0x7616__ 0 [info]: !hack! __0x0216__.__0x7613__ 0 [info]: !hack! __0x0216__.__0x7614__ 0 [info]: !hack! __0x0216__.__0x7615__ 0 [info]: !hack! __0x0216__.__0x7612__ 149 [info]: !hack! __0x0216__.__0x7616__ 0 [info]: !hack! __0x0216__.__0x7613__ 0 [info]: !hack! __0x0216__.__0x7614__ 0 [info]: !hack! __0x0216__.__0x7615__ 0 [info]: !hack! __0x0216__.__0x7612__ 149 [info]: !hack! __0x0216__.__0x7616__ 0 [info]: !hack! __0x0216__.__0x7613__ 0 [info]: !hack! __0x0216__.__0x7614__ 0 [info]: !hack! __0x0216__.__0x7615__ 0 [info]: !hack! __0x0216__.__0x7612__ 149 [info]: !hack! __0x0216__.__0x7616__ 0
bypass成功