Anti-cheat update

[GigiaJ]

With the current anti-cheat update the project is unusable for a number of reasons. Most importantly, the anti-cheat is preventing debugger attaching, IDA de-compiling, and any other process that'd require attaching.

List of programs that cause a crash:

• Cheat Engine (simply running the process crashes the game)
• winDbg (on attach)
• Ollydbg (on attach)
• x32dbg (on attach)
• VS debugger (on attach)
• Squalr (on memory scan)

In addition to crashing the program ReClass doesn't appear to show any class data anymore. With the base address within it appearing as "DEADBABE" which is an obvious false base address. Even upon using the real base address it doesn't appear to show any info, could be from wrong addresses (unlikely) or the data is being hidden from Reclass. Without ReClass reversing becomes inconveniently more painful to go through.

[GigiaJ]

A dump file can be obtain via memory at run-time. I've read that the page access will also need to be changed from PAGE_NOACCESS to PAGE_READ_EXECUTE. Pages go from NOACCESS to READ_EXECUTE based on in-game behavior. Virtual memory isn't allocated until a call is made to tell the packer to unpack the code.

[GigiaJ]

Currently trying to debug via VirtualBox and WinDBG by kernel debugging

[GigiaJ]

Test PBE account has been banned despite zero live games played. It's possible that crash logs are sent to the server automatically on crash, which if so would be a very mild issue. It could also be that they're sending loads more data to the server than previously about the computer at hand. With many variables at hand I can't really be certain as to what happened that would cause this issue, but it's not unlikely that the cause was directly related to injecting/debugging.

[GigiaJ]

It's also possible that hardware has been logged and somewhere in the registry has been changed/updated to flag my computer, so I'll run a check of the registry to make sure this isn't the case.

[GigiaJ]

Registry appears to be all clear. Will have to wait for live release of the anti-cheat now due to my testing account being banned.

[GigiaJ]

Upon further inspection there are files created around the time I force crashed on PBE conveniently named PKM. These are likely files sent to server regardless of whether you opt into sending them or not and then wiped.

[GigiaJ]

It appears that the anti-cheat won't see live servers for some time. So progress on this is on hiatus until further notice.

[GigiaJ]

Anti-cheat has now been released and will require further researching into bypassing it.

[GigiaJ]

To Do: -Create a modified Cheat Engine to bypass AC -Attaching a debugger to game (looking into anti-anti-debugging techniques) -Injecting hooks and having them remain within the game without having to re-hook