search

winsiderss / systeminformer

A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. @ http://www.windows-internals.com
https://systeminformer.sourceforge.io
MIT License
10.53k stars 1.36k forks source link

replace all NtReadVirtualMemory occurrances with safe variant #2079

Open jdpatdiscord opened 1 month ago

jdpatdiscord commented 1 month ago

Hi, I've ran into issues with a new and innovative anticheat method where an anticheat will posit pages that will never be read by the game and therefore purposefully invalidate the page, and if a function like NtReadVirtualMemory is called it causes the page to be marked as valid, which the anticheat detects by doing QueryWorkingSetEx or NtQueryVirtualMemory otherwise.

The new function I've created has a new setting that is off by default because I have found in testing that Windows naturally invalidates pages and causes random regions of memory to not be read. However it seems to have not caused problems within core functionality thus far and the user just notices missing pages scattered about.

I've marked this PR as a draft for feedback. I am considering adding a UI element to toggle this setting so users can be safe or unsafe easily.

github-actions[bot] commented 1 month ago

CLA Assistant Lite bot All contributors have signed the CLA ✍️ ✅

jdpatdiscord commented 1 month ago

I have read the CLA Document and I hereby sign the CLA