In pursuit of a deeper understanding of low-level programming and reverse engineering, I took to the development of a program that functions as a basic form of an anti-cheat or anti-virus that could be used in the context of not only ensured gameplay integrity but also general security and protection against malicious code for a specific process. Initially, this project began as a test bed to evaluate the detection vectors triggered by methods used in my own memory-hacking program. Through independent research, I studied techniques used by well-known industry-level anti-cheats and incorporated similar procedures into my application. Some aspects of my code drew inspiration from the reversed, decompiled IDA output of the aforementioned software binaries.
There is also a dynamic link library (DLL) component created specifically for this program to showcase how certain hooks are triggered and how they can also be circumvented using various techniques.
- DLL inject detection (LoadLibrary)
- Return address integrity checks on various Windows API / Native API function exports via detour hooks
- Kernel-level return address integrity checks on all syscalls via instrumentation callbacks
- Compute and cache all valid module base and end addresses on startup by walking the PEB
- Scan all opened handles to our process
- Restructure/reorganize project
- Clean/Optimize code