杨铮,
罗陈可,
黄坚伟
武汉大学国家网络安全学院 空天信息安全与可信计算教育部重点实验室 武汉 430072
基金项目:国家自然科学基金(61972297, U1636107)
详细信息
作者简介:傅建明:男,1969年生,教授,研究方向为恶意代码检测和漏洞检测与防御
杨铮:男,1995年生,硕士生,研究方向为系统安全
罗陈可:男,1996年生,硕士生,研究方向为系统安全与二进制安全
黄坚伟:男,1996年生,硕士生,研究方向为网络安全
通讯作者:傅建明 jmfu@whu.edu.cn
中图分类号:TN918; TP309计量
文章访问数:1670
HTML全文浏览量:914
PDF下载量:94
被引次数:0
出版历程
收稿日期:2019-09-09
修回日期:2020-06-13
网络出版日期:2020-07-18
刊出日期:2020-09-27
An Anti-cheat Method of Game Based on Windows Kernel Events
Jianming FU,,Zheng YANG,
Chenke LUO,
Jianwei HUANG
Key Laboratory of Aerospace Information Security and Trusted Computing of Ministry of Education, School of Cyber Science and Engineering, Wuhan University, Wuhan 430072, China
Funds:The National Natural Science Foundation of China(61972297, U1636107)
摘要
摘要:针对目前客户端反外挂方法的诸多局限,该文提出一种基于内核事件的网络游戏反外挂方法,并实现了反外挂系统CheatBlocker。该方法通过监控Windows系统中的内核事件监视和拦截进程间的异常访问及异常模块注入,同时从内核注入反外挂动态加载库(DLL)用以阻断鼠标键盘的模拟。实验结果表明,CheatBlocker可防御进程模块注入外挂和用户输入模拟类外挂,且具有较低的性能开销。而且,CheatBlocker无需修改内核数据或代码,相比于目前的反外挂系统具有更好的通用性与兼容性。
关键词:游戏外挂/
反外挂/
模块注入/
内核事件
Abstract:In view of many limitations of current client anti plug-in methods, an anti-cheat method based on kernel events is proposed, and the network game anti-cheat system called CheatBlocker is implemented. This method uses the kernel event monitoring provided by Windows to intercept the abnormal access between processes and the injection of abnormal modules. At the same time, the anti-cheat Dynamic Loaded Library (DLL) injected from the kernel can block the simulation of the mouse keyboard. The experimental results show that CheatBlocker can defend against process module injection cheating and user input simulation cheating, and has low performance overhead. Moreover, CheatBlocker does not need to modify the kernel data or code which ensures the integrity of the kernel and is more compatible than the current anti-cheat systems.
Key words:Game cheating/
Anti-cheating/
Module injection/
Kernel event
PDF全文下载地址:
https://jeit.ac.cn/article/exportPdf?id=96390a9d-a568-49f2-8ebf-0943139b3654
