Types of game plug-ins
Keyboard and mouse simulation (usually SendInput) is
the common use of button wizards. For some task systems or acquisition systems, the button wizard is used to input operations to simulate manual operations to speed up the collection process. For this type of operation, a server is required. Analyzed, but the impact is not very large, according to the impact effect to see whether to handle
Modifying the data packet and cracking the protocol
Protocol cracking is a common method, mainly for cracking the communication content. For the protocol that uses hash encryption, it will be brutally cracked by the rainbow table. For algorithms that use symmetric encryption, if the key is intercepted or cracked from the file, this decryption behavior will be triggered. If asymmetric encryption is used, the performance loss of the server is too serious and not worth it. Therefore, a good way is to customize a dynamic key to increase the difficulty of being cracked.
Data packet retransmission and tampering
For some projects with strict protocol encryption, it will be difficult to crack the protocol data. If the cheaters cannot crack, they will retransmit or tamper with the package sent to the server, such as a recharge package or purchase a prop package, they will use After the WPE tool intercepts the sent packet, it resends it again. If the server fails to do unique authentication or strict logic check, it will be attacked by this re-sent packet, resulting in the output of a large number of props. The skill pack can also be reissued, so you can release skills indefinitely.
Speed
up the game time or frame rate, let the characters move quickly, fast-forward skill CD, etc., or encounter some difficult levels, slow down the game rhythm, reduce the difficulty of operation, thereby affecting the frame rate of the game, speed up the level, and slow down Evasion skills, etc.
For this kind of behavior, generally the client and server do a heartbeat detection, check the client time to prevent tampering, on the other hand, do a good job of checking the input data of the client, so that the verification data is subject to the service.
Modify local memory (change data, intercept api)
modify memory data, this often occurs in games that are calculated on the main client side of combat logic. This type of plug-in analyzes the memory used by the game and finds the variables in the memory to analyze and guess what the variables represent. Then modify this value, so that the combat power of the character controlled by the player is bursting. For example, the skill CD is directly modified to 0, or the attack value is modified to become larger. On the one hand, the client must encrypt the memory data, and on the other hand, the server must do a good job of verification. The client must not be the standard. The specific form will be discussed later.
Idea reference (long-term update)
Shooting class
Two major plug-in problems faced by FPS games: perspective and self-aim. This is also a problem encountered by most FPS games, such as Overwatch and CrossFire.
Perspective is divided into box perspective and person perspective. I have not studied the specific box perspective. It is probably located through the coordinate system, and the data of the coordinate system is also read from the memory data, so if it is the memory data If you don't protect it well, this will be done too. The character perspective is realized by the logic of hijacking system rendering, which is simple and rude.
Self-sight is a side function of box perspective, but it is more difficult to detect than box perspective. In principle, self-pointing only simulates the movement of the mouse, and does not actually interfere with the game. Therefore, if you want to verify in this way, you can only use the server to analyze whether it is an input device operation, which is relatively difficult.
FPS game: Realize D3D hijacking perspective (API Hook)
FPS game: Realize GDI box perspective (trigonometric function)