上回書說完檢測方法就戛然而止了,這篇文章就來談談如何過檢測。
首先回顧一下平台對作弊的檢測方法,檢測開始前平台准備一個單位列表,在列表中,有玩家可見的單位和玩家視野外的單位。
地圖腳本會強迫玩家點擊每個在列表里的單位。
如果玩家選中了不可見的單位(視野外或者隱身單位)或者玩家沒有選中可見單位 都會提高作弊的置信程度
1 for _,__0x0150__ in ipairs(__0x7633__[__0x2073__]) do 2 __0x0519__:__0x1929__(__0x0150__) 3 local __0x7637__=__0x0015__.__0x0941__(__0x3247__.selection()) 4 if __0x7637__==__0x0150__ then 5 __0x2740__.__0x7611__=__0x2740__.__0x7611__+1 6 __0x0288__.info('!hack! __0x2740__.__0x7611__ + 1',__0x2740__.__0x7611__) 7 if __0x7637__==__0x0196__ then 8 __0x2740__.__0x7613__=__0x2740__.__0x7613__+1 9 __0x0288__.info('!hack! __0x2740__.__0x7613__ + 1',__0x2740__.__0x7613__) 10 end 11 end
那么如何來bypass整個檢測呢,最直接的方法就是不開啟視野外點擊這個功能,只在大地圖上顯示模型。
當然這樣的方法是消極的做法。下面上我的解決方案。
既然地圖腳本使用lua來寫的,肯定有個模塊從外部調用了war3的內部函數來點擊單位,只要找到被外部的函數地址剩下的就好辦了。
經過分析 其實是 War3Plugin.dll 調用了 位於game.dll+0x425FD0處的函數 為了方便稱為'selectfunc'。
接下來就有多種做法,其中之一是根據傳給selectfunc的參數找到該單位的地址,通過判斷該單位是否可見來決定跳轉是否直接返回。
當然這個方法非常復雜,且效率不高,每個單位都要判斷一次。
我采用的方法更加簡單明了,首先當然是hook這個函數
函數之間存在着一些間隙,在間隙中可以放置一些額外的代碼,替換到函數入口的push指令 jmp到設計好的代碼地址。
在6F425FC6處調用bypass函數 該函數的主要作用是暫時關閉視野外點擊的作弊功能,在一段時間后再開啟。
返回后是一條push指令 因為之前替換掉了selectfunc第一條指令 需要再給它補上。
然后又是一個跳轉 跳轉到函數中 正常執行。
這樣的作法被叫做hook,hook的釋義是鈎子,這個函數一經調用 這個鈎子就能捕獲到這一信息。
那么函數具體應該如何實現?該函數在玩家正常點擊時也會被調用,總不能一點擊就關閉作弊功能。這時候就要根據程序的堆棧來判斷該函數是否從外部被調用。
用調試器附加war3,在該函數開頭處設下斷點,隨意選中一個單位,此時程序已經被中斷。
觀察調用堆棧發現最近的返回地址在 [esp + 0x30] 處 那么以后只要判斷棧中存放的地址是否指向程序內部即可。(事實上 game.dll 中多個過程調用了這個函數,需要逐一進行處理)
即如果是從內部調用就直接return 如果不是則暫時關閉作弊功能1秒
下面來看一看過檢測的效果
[info]: !hack! __0x2740__.__0x7612__ + 1 1 [info]: !hack! __0x2740__.__0x7612__ + 1 2 [info]: !hack! __0x2740__.__0x7612__ + 1 3 [info]: !hack! __0x2740__.__0x7612__ + 1 4 [info]: !hack! __0x2740__.__0x7612__ + 1 5 [info]: !hack! __0x2740__.__0x7612__ + 1 6 [info]: !hack! __0x2740__.__0x7612__ + 1 7 [info]: !hack! __0x2740__.__0x7612__ + 1 8 [info]: !hack! __0x2740__.__0x7612__ + 1 9 [info]: !hack! __0x2740__.__0x7612__ + 1 10 [info]: !hack! __0x2740__.__0x7612__ + 1 11 [info]: !hack! __0x2740__.__0x7612__ + 1 12 [info]: !hack! __0x2740__.__0x7612__ + 1 13 [info]: !hack! __0x2740__.__0x7612__ + 1 14 [info]: !hack! __0x2740__.__0x7612__ + 1 15 [info]: !hack! __0x2740__.__0x7612__ + 1 16 [info]: !hack! __0x2740__.__0x7612__ + 1 17 [info]: !hack! __0x2740__.__0x7612__ + 1 18 [info]: !hack! __0x2740__.__0x7612__ + 1 19 [info]: !hack! __0x2740__.__0x7612__ + 1 20 [info]: !hack! __0x2740__.__0x7612__ + 1 21 [info]: !hack! __0x2740__.__0x7612__ + 1 22 [info]: !hack! __0x2740__.__0x7612__ + 1 23 [info]: !hack! __0x2740__.__0x7612__ + 1 24 [info]: !hack! __0x2740__.__0x7612__ + 1 25 [info]: !hack! __0x2740__.__0x7612__ + 1 26 [info]: !hack! __0x2740__.__0x7612__ + 1 27 [info]: !hack! __0x2740__.__0x7612__ + 1 28 [info]: !hack! __0x2740__.__0x7612__ + 1 29 [info]: !hack! __0x2740__.__0x7612__ + 1 30 [info]: !hack! __0x2740__.__0x7612__ + 1 31 [info]: !hack! __0x2740__.__0x7612__ + 1 32 [info]: !hack! __0x2740__.__0x7612__ + 1 33 [info]: !hack! __0x2740__.__0x7612__ + 1 34 [info]: !hack! __0x2740__.__0x7612__ + 1 35 [info]: !hack! __0x2740__.__0x7612__ + 1 36 [info]: !hack! __0x2740__.__0x7612__ + 1 37 [info]: !hack! __0x2740__.__0x7612__ + 1 38 [info]: !hack! __0x2740__.__0x7612__ + 1 39 [info]: !hack! __0x2740__.__0x7612__ + 1 40 [info]: !hack! __0x2740__.__0x7612__ + 1 41 [info]: !hack! __0x2740__.__0x7612__ + 1 42 [info]: !hack! __0x2740__.__0x7612__ + 1 43 [info]: !hack! __0x2740__.__0x7612__ + 1 44 [info]: !hack! __0x2740__.__0x7612__ + 1 45 [info]: !hack! __0x2740__.__0x7612__ + 1 46 [info]: !hack! __0x2740__.__0x7612__ + 1 47 [info]: !hack! __0x2740__.__0x7612__ + 1 48 [info]: !hack! __0x2740__.__0x7612__ + 1 49 [info]: !hack! __0x2740__.__0x7612__ + 1 50 [info]: !hack! __0x2740__.__0x7612__ + 1 51 [info]: !hack! __0x2740__.__0x7612__ + 1 52 [info]: !hack! __0x2740__.__0x7612__ + 1 53 [info]: !hack! __0x2740__.__0x7612__ + 1 54 [info]: !hack! __0x2740__.__0x7612__ + 1 55 [info]: !hack! __0x2740__.__0x7612__ + 1 56 [info]: !hack! __0x2740__.__0x7612__ + 1 57 [info]: !hack! __0x2740__.__0x7612__ + 1 58 [info]: !hack! __0x2740__.__0x7612__ + 1 59 [info]: !hack! __0x2740__.__0x7612__ + 1 60 [info]: !hack! __0x2740__.__0x7612__ + 1 61 [info]: !hack! __0x2740__.__0x7612__ + 1 62 [info]: !hack! __0x2740__.__0x7612__ + 1 63 [info]: !hack! __0x2740__.__0x7612__ + 1 64 [info]: !hack! __0x2740__.__0x7612__ + 1 65 [info]: !hack! __0x2740__.__0x7612__ + 1 66 [info]: !hack! __0x2740__.__0x7612__ + 1 67 [info]: !hack! __0x2740__.__0x7612__ + 1 68 [info]: !hack! __0x2740__.__0x7612__ + 1 69 [info]: !hack! __0x2740__.__0x7612__ + 1 70 [info]: !hack! __0x2740__.__0x7612__ + 1 71 [info]: !hack! __0x2740__.__0x7612__ + 1 72 [info]: !hack! __0x2740__.__0x7612__ + 1 73 [info]: !hack! __0x2740__.__0x7612__ + 1 74 [info]: !hack! __0x2740__.__0x7612__ + 1 75 [info]: !hack! __0x2740__.__0x7612__ + 1 76 [info]: !hack! __0x2740__.__0x7612__ + 1 77 [info]: !hack! __0x2740__.__0x7612__ + 1 78 [info]: !hack! __0x2740__.__0x7612__ + 1 79 [info]: !hack! __0x2740__.__0x7612__ + 1 80 [info]: !hack! __0x2740__.__0x7612__ + 1 81 [info]: !hack! __0x2740__.__0x7612__ + 1 82 [info]: !hack! __0x2740__.__0x7612__ + 1 83 [info]: !hack! __0x2740__.__0x7612__ + 1 84 [info]: !hack! __0x2740__.__0x7612__ + 1 85 [info]: !hack! __0x2740__.__0x7612__ + 1 86 [info]: !hack! __0x2740__.__0x7612__ + 1 87 [info]: !hack! __0x2740__.__0x7612__ + 1 88 [info]: !hack! __0x2740__.__0x7612__ + 1 89 [info]: !hack! __0x2740__.__0x7612__ + 1 90 [info]: !hack! __0x2740__.__0x7612__ + 1 91 [info]: !hack! __0x2740__.__0x7612__ + 1 92 [info]: !hack! __0x2740__.__0x7612__ + 1 93 [info]: !hack! __0x2740__.__0x7612__ + 1 94 [info]: !hack! __0x2740__.__0x7612__ + 1 95 [info]: !hack! __0x2740__.__0x7612__ + 1 96 [info]: !hack! __0x2740__.__0x7612__ + 1 97 [info]: !hack! __0x2740__.__0x7612__ + 1 98 [info]: !hack! __0x2740__.__0x7612__ + 1 99 [info]: !hack! __0x2740__.__0x7612__ + 1 100 [info]: !hack! __0x2740__.__0x7612__ + 1 101 [info]: !hack! __0x2740__.__0x7612__ + 1 102 [info]: !hack! __0x2740__.__0x7612__ + 1 103 [info]: !hack! __0x2740__.__0x7612__ + 1 104 [info]: !hack! __0x2740__.__0x7612__ + 1 105 [info]: !hack! __0x2740__.__0x7612__ + 1 106 [info]: !hack! __0x2740__.__0x7612__ + 1 107 [info]: !hack! __0x2740__.__0x7612__ + 1 108 [info]: !hack! __0x2740__.__0x7612__ + 1 109 [info]: !hack! __0x2740__.__0x7612__ + 1 110 [info]: !hack! __0x2740__.__0x7612__ + 1 111 [info]: !hack! __0x2740__.__0x7612__ + 1 112 [info]: !hack! __0x2740__.__0x7612__ + 1 113 [info]: !hack! __0x2740__.__0x7612__ + 1 114 [info]: !hack! __0x2740__.__0x7612__ + 1 115 [info]: !hack! __0x2740__.__0x7612__ + 1 116 [info]: !hack! __0x2740__.__0x7612__ + 1 117 [info]: !hack! __0x2740__.__0x7612__ + 1 118 [info]: !hack! __0x2740__.__0x7612__ + 1 119 [info]: !hack! __0x2740__.__0x7612__ + 1 120 [info]: !hack! __0x2740__.__0x7612__ + 1 121 [info]: !hack! __0x2740__.__0x7612__ + 1 122 [info]: !hack! __0x2740__.__0x7612__ + 1 123 [info]: !hack! __0x2740__.__0x7612__ + 1 124 [info]: !hack! __0x2740__.__0x7612__ + 1 125 [info]: !hack! __0x2740__.__0x7612__ + 1 126 [info]: !hack! __0x2740__.__0x7612__ + 1 127 [info]: !hack! __0x2740__.__0x7612__ + 1 128 [info]: !hack! __0x2740__.__0x7612__ + 1 129 [info]: !hack! __0x2740__.__0x7612__ + 1 130 [info]: !hack! __0x2740__.__0x7612__ + 1 131 [info]: !hack! __0x2740__.__0x7612__ + 1 132 [info]: !hack! __0x2740__.__0x7612__ + 1 133 [info]: !hack! __0x2740__.__0x7612__ + 1 134 [info]: !hack! __0x2740__.__0x7612__ + 1 135 [info]: !hack! __0x2740__.__0x7612__ + 1 136 [info]: !hack! __0x2740__.__0x7612__ + 1 137 [info]: !hack! __0x2740__.__0x7612__ + 1 138 [info]: !hack! __0x2740__.__0x7612__ + 1 139 [info]: !hack! __0x2740__.__0x7612__ + 1 140 [info]: !hack! __0x2740__.__0x7612__ + 1 141 [info]: !hack! __0x2740__.__0x7612__ + 1 142 [info]: !hack! __0x2740__.__0x7612__ + 1 143 [info]: !hack! __0x2740__.__0x7612__ + 1 144 [info]: !hack! __0x2740__.__0x7612__ + 1 145 [info]: !hack! __0x2740__.__0x7612__ + 1 146 [info]: !hack! __0x2740__.__0x7612__ + 1 147 [info]: !hack! __0x2740__.__0x7612__ + 1 148 [info]: !hack! __0x2740__.__0x7612__ + 1 149 [info]: !hack! __0x0216__.__0x7613__ 0 [info]: !hack! __0x0216__.__0x7614__ 0 [info]: !hack! __0x0216__.__0x7615__ 0 [info]: !hack! __0x0216__.__0x7612__ 0 [info]: !hack! __0x0216__.__0x7616__ 0 [info]: !hack! __0x0216__.__0x7613__ 0 [info]: !hack! __0x0216__.__0x7614__ 0 [info]: !hack! __0x0216__.__0x7615__ 0 [info]: !hack! __0x0216__.__0x7612__ 118 [info]: !hack! __0x0216__.__0x7616__ 0 [info]: !hack! __0x0216__.__0x7613__ 0 [info]: !hack! __0x0216__.__0x7614__ 0 [info]: !hack! __0x0216__.__0x7615__ 0 [info]: !hack! __0x0216__.__0x7612__ 118 [info]: !hack! __0x0216__.__0x7616__ 0 [info]: !hack! __0x0216__.__0x7613__ 0 [info]: !hack! __0x0216__.__0x7614__ 0 [info]: !hack! __0x0216__.__0x7615__ 0 [info]: !hack! __0x0216__.__0x7612__ 118 [info]: !hack! __0x0216__.__0x7616__ 0 [info]: !hack! __0x0216__.__0x7613__ 0 [info]: !hack! __0x0216__.__0x7614__ 0 [info]: !hack! __0x0216__.__0x7615__ 0 [info]: !hack! __0x0216__.__0x7612__ 118 [info]: !hack! __0x0216__.__0x7616__ 0 [info]: !hack! __0x0216__.__0x7613__ 0 [info]: !hack! __0x0216__.__0x7614__ 0 [info]: !hack! __0x0216__.__0x7615__ 0 [info]: !hack! __0x0216__.__0x7612__ 118 [info]: !hack! __0x0216__.__0x7616__ 0 [info]: !hack! __0x0216__.__0x7613__ 0 [info]: !hack! __0x0216__.__0x7614__ 0 [info]: !hack! __0x0216__.__0x7615__ 0 [info]: !hack! __0x0216__.__0x7612__ 0 [info]: !hack! __0x0216__.__0x7616__ 0 [info]: !hack! __0x0216__.__0x7613__ 0 [info]: !hack! __0x0216__.__0x7614__ 0 [info]: !hack! __0x0216__.__0x7615__ 0 [info]: !hack! __0x0216__.__0x7612__ 149 [info]: !hack! __0x0216__.__0x7616__ 0 [info]: !hack! __0x0216__.__0x7613__ 0 [info]: !hack! __0x0216__.__0x7614__ 0 [info]: !hack! __0x0216__.__0x7615__ 0 [info]: !hack! __0x0216__.__0x7612__ 149 [info]: !hack! __0x0216__.__0x7616__ 0 [info]: !hack! __0x0216__.__0x7613__ 0 [info]: !hack! __0x0216__.__0x7614__ 0 [info]: !hack! __0x0216__.__0x7615__ 0 [info]: !hack! __0x0216__.__0x7612__ 149 [info]: !hack! __0x0216__.__0x7616__ 0 [info]: !hack! __0x0216__.__0x7613__ 0 [info]: !hack! __0x0216__.__0x7614__ 0 [info]: !hack! __0x0216__.__0x7615__ 0 [info]: !hack! __0x0216__.__0x7612__ 149 [info]: !hack! __0x0216__.__0x7616__ 0 [info]: !hack! __0x0216__.__0x7613__ 0 [info]: !hack! __0x0216__.__0x7614__ 0 [info]: !hack! __0x0216__.__0x7615__ 0 [info]: !hack! __0x0216__.__0x7612__ 149 [info]: !hack! __0x0216__.__0x7616__ 0
bypass成功