UltimateAntiCheat is an open source usermode anti-cheat system made to detect and prevent common attack vectors in game hacking, including: memory editing, module & code injection, debugging, unsigned drivers, open handles, and more. The project also features a client-server design with a heartbeat being sent every 60 seconds to clients. No privacy-invasive techniques are used.
This project is meant to serve as an educational/research tool and is not intended to be commercial software or overly complex to crack. It includes many fundamental protection techniques, and we aim to cover as many attack surfaces as possible such that the attacker is not able to gain a foothold from usermode into our process without being detected (some kernelmode or hardware-based attacks will also be detected). Any modification to a single aspect will lead to being detected: for example, if someone tries to debug our code from usermode, they will likely re-map and perform memory edits to try and disable debugger detection which leads to their memory edit or remapping being detected. It's recommended that if possible you run VMProtect or a similar program on the compiled binary for added security through obscurity. The project should be integrated to your game or software directly as source code instead of a stand-alone DLL in order to avoid DLL proxying/spoofing attacks.
If there is anything not working for you (throws unhandled exceptions, can't build, etc) please raise an issue and I will answer it ASAP. If you have code suggestions or techniques you'd like to see added, or want assistance with adding anti-cheat to your game, please send me an email. More techniques and better design will be added to the project over time, and the file changelog.md
contains a dated updates list. Visual Studio 2022 is used as the IDE, and it's recommended you use this for project viewing and compilation.
OpenProcess
detection)ntdll.Ordinal8
patching)NtSetInformationThread
initializeVEH
patching, module name renaming).text
section checks, WINAPI hook checks, IAT hook checks)NumberOfSections
, SizeOfImage
, & AddressOfEntryPoint
to prevent dynamic info lookups (process manipulation)ret
patching (anti-DLL/shellcode injection)Networking support is available in the project - the server can be found in the Server
folder as its own solution. Using networking is optional, and can be turned on/off through the variable bool bNetworkingAvailable
in the file main.cpp
(as part of the Settings
class). If you choose to use networking, please follow the instructions in the README.md file of the server.
The preprocessor definition _WIN32_WINNT=0x...
can be used to target different versions of Windows at compile-time. For example, using 0x0A00 will target Windows 10 and above, and 0x0601 will target Windows 7 and above. Certain features might only work on newer Windows versions and are excluded from compilation based on this value. The client will also fetch the machine's windows version at program startup, in main.cpp
.
If you're looking for full database integration and bonus protective features for your small to mid-sized commercial game/software: a robust, load-tested backend can be provided for a small licensing fee.
The GNU Affero general public license is used in this project. Please be aware of what you can and cannot do with this license: for example, you do not have permission to rip this project into your own commercial project or use this project in your own code base without it being open source. You do have permission to use this project if your project is also open source. Using this project for a "private game server" or any other stolen code/binaries automatically violates the license.