Process Protection

Question

I program for a PC game called Crysis Wars, and lately players have been constantly asking for a new game update (a community patch) to fix problems, including a rather ironic scripting error.

There are several game hacks known as Infinium, Gamg, Annihilator & Longpoke which rely on DLL injection methods to place hacks & cheats within the game without the internal anticheat system noticing. These hacks are quite simple and exploit the main game DLL's code through hex value modifications, and some (like Gamg) are made with the game engine's own SDK (I know the creator of this hack).

Like others, I have access to the CryEngine 2 (the game engine) SDK (includes the source code to the main game dll) and I propose to modify the name & location of all game functions (for both client and server) so the existing hacks will not work anymore.

Would this work to stop hacks made with modifying the hex values of the main game dll? I confirm that hacks made with the SDK will no longer function, but I want to check with others before attempting this since it will require a lot of work.

Basically, what I am asking:

Hackers are exploiting a DLL in a game by changing the source code, if I change all functions in the source code and issue a (community) update for the game (without releasing the new source code), would the hackers be able to use the same hacks without any problems?

I apologise if this seems confusing- please do say if I need to be clearer.

Answer 1

You'll break everything, legal and illegal mods. The illegal mods will probably be fixed quite soon; it's quite trivial to reverse-engineer your proposed changes.

A better method is to turn on Data Execution Prevention and hook the VirtualProtect function which is needed to bypass DEP. You'll then be able to catch attempts to install a later hook. Of course, do check that there's no existing hook for VirtualProtect, nor any known DLL hack already present.