Jump to content

Simple (Anti-Access) Protection

Tyrar

By Tyrar,
in Hack Protection & Security

 Share

Recommended Posts

Tyrar Rookie

Tyrar 7

Posted
Posted

I've found a File (AntiAccess.h) in Extern/include/YmirBase and I was wondering whats inside.

It's content is pretty small and simple, the following Function will disable every write access to the current process.

Of course it's not all you have to do for a fully working protection, but i thought this Function in addition with another good anti cheat will work very good.

BOOL EL_FORCEINLINE EL_DenyProcessAccess( void )
{
	BYTE	abyBuffer[0x200];
	PACL	pACL;
	SID_IDENTIFIER_AUTHORITY stIdentifierAuthority = SECURITY_WORLD_SID_AUTHORITY;
	PSID pSid = NULL;
	BOOL bRet = FALSE;
	DWORD dwSize = 0;
	HANDLE hToken = NULL;
	HANDLE hProcess = ::GetCurrentProcess();
	PTOKEN_USER pUserInfo = NULL;

 	if( ::AllocateAndInitializeSid( &stIdentifierAuthority, 1, SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, &pSid ) == FALSE )
		goto Cleanup;
	if( ::OpenProcessToken( hProcess, TOKEN_QUERY, &hToken ) == FALSE )
		goto Cleanup;
	::GetTokenInformation( hToken, TokenUser, NULL, NULL, &dwSize );
	if( dwSize > 1024 )
		goto Cleanup;
	pUserInfo = (PTOKEN_USER) ::GlobalAlloc( GPTR, dwSize );
	if( pUserInfo == NULL )
		goto Cleanup;
	if( ::GetTokenInformation( hToken, TokenUser, pUserInfo, dwSize, &dwSize ) == FALSE )
		goto Cleanup;
	pACL = (PACL) &abyBuffer;
	if( ::InitializeAcl( pACL, 0x200, ACL_REVISION ) == FALSE )
		goto Cleanup;
	// Deny except PROCESS_TERMINATE and PROCESS_SET_SESSIONID
	if( ::AddAccessDeniedAce( pACL, ACL_REVISION, PROCESS_CREATE_PROCESS | PROCESS_DUP_HANDLE | PROCESS_VM_WRITE | PROCESS_VM_READ | PROCESS_VM_OPERATION | PROCESS_CREATE_THREAD, pSid ) == FALSE )
		goto Cleanup;
	// Allow SYNCHRONIZE, PROCESS_QUERY_INFORMATION, PROCESS_SET_INFORMATION, PROCESS_SET_QUOTA and PROCESS_TERMINATE
	if( ::AddAccessAllowedAce( pACL, ACL_REVISION, SYNCHRONIZE | PROCESS_QUERY_INFORMATION | PROCESS_SET_INFORMATION | PROCESS_SET_QUOTA | PROCESS_TERMINATE, pUserInfo->User.Sid ) == FALSE )
		goto Cleanup;
	if( ::SetSecurityInfo( hProcess, SE_KERNEL_OBJECT, PROTECTED_DACL_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION, 0, 0, pACL, 0 ) != ERROR_SUCCESS )
		goto Cleanup;
	bRet = TRUE;
Cleanup:
	if ( hToken )
		::CloseHandle( hToken );
	if ( pSid )
		::FreeSid( pSid );
	return bRet;
}
  • Love 6
Link to comment
Share on other sites
  • Replies 11
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Tyrar
Tyrar

I've found a File (AntiAccess.h) in Extern/include/YmirBase and I was wondering whats inside. It's content is pretty small and simple, the following Function will disable every write access to the cu

Tyrar
Tyrar

#include <YmirBase/AntiAccess.h> ... EL_DenyProcessAccess(); You should call the Function as fast as possible. It's not very effective against Cheat Engine or OllyDBG, but a few injectors won't

Night
Night

http://msdn.microsoft.com/en-us/library/ms173696.aspx   i will test it later

  • Former Staff
.InyaProduction Mentor

.InyaProduction 1079

Posted
  • Former Staff
Posted

A python injection protection is already included to the bin (crashes on injection) im not sure if normal dll injection is already fixed too. The python loader as mix didnt crash the binary so i guess its not (even if the loader is useless cause the reason above)

Anyone have an Idea how to include the stuff from above? :D

Link to comment
Share on other sites
  • Former Staff
.InyaProduction Mentor

.InyaProduction 1079

Posted
  • Former Staff
Posted

Cheat engine isnt pretty effective on hacking anyways. Some speedhacks etc. OllyDBG is more critical.

I never worked with Olly. Lets say i got an totaly new encryption algorythm and packer like lzo4 instead of minlzo. Would it be possible to write an unpacker with Olly?

Link to comment
Share on other sites
  • 3 months later...
 Share
Go to topic listing

Announcements



×
×
  • Create New...

Important Information

Terms of Use / Privacy Policy / Guidelines / We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.