一级黄色片免费播放|中国黄色视频播放片|日本三级a|可以直接考播黄片影视免费一级毛片

高級搜索

留言板

尊敬的讀者、作者、審稿人, 關(guān)于本刊的投稿、審稿、編輯和出版的任何問題, 您可以本頁添加留言。我們將盡快給您答復(fù)。謝謝您的支持!

姓名
郵箱
手機(jī)號碼
標(biāo)題
留言內(nèi)容
驗(yàn)證碼

一種基于內(nèi)核事件的Windows系統(tǒng)游戲反外掛方法

傅建明 楊錚 羅陳可 黃堅(jiān)偉

傅建明, 楊錚, 羅陳可, 黃堅(jiān)偉. 一種基于內(nèi)核事件的Windows系統(tǒng)游戲反外掛方法[J]. 電子與信息學(xué)報(bào), 2020, 42(9): 2117-2125. doi: 10.11999/JEIT190695
引用本文: 傅建明, 楊錚, 羅陳可, 黃堅(jiān)偉. 一種基于內(nèi)核事件的Windows系統(tǒng)游戲反外掛方法[J]. 電子與信息學(xué)報(bào), 2020, 42(9): 2117-2125. doi: 10.11999/JEIT190695
Jianming FU, Zheng YANG, Chenke LUO, Jianwei HUANG. An Anti-cheat Method of Game Based on Windows Kernel Events[J]. Journal of Electronics & Information Technology, 2020, 42(9): 2117-2125. doi: 10.11999/JEIT190695
Citation: Jianming FU, Zheng YANG, Chenke LUO, Jianwei HUANG. An Anti-cheat Method of Game Based on Windows Kernel Events[J]. Journal of Electronics & Information Technology, 2020, 42(9): 2117-2125. doi: 10.11999/JEIT190695

一種基于內(nèi)核事件的Windows系統(tǒng)游戲反外掛方法

doi: 10.11999/JEIT190695
基金項(xiàng)目: 國家自然科學(xué)基金(61972297, U1636107)
詳細(xì)信息
    作者簡介:

    傅建明:男,1969年生,教授,研究方向?yàn)閻阂獯a檢測和漏洞檢測與防御

    楊錚:男,1995年生,碩士生,研究方向?yàn)橄到y(tǒng)安全

    羅陳可:男,1996年生,碩士生,研究方向?yàn)橄到y(tǒng)安全與二進(jìn)制安全

    黃堅(jiān)偉:男,1996年生,碩士生,研究方向?yàn)榫W(wǎng)絡(luò)安全

    通訊作者:

    傅建明 jmfu@whu.edu.cn

  • 中圖分類號: TN918; TP309

An Anti-cheat Method of Game Based on Windows Kernel Events

Funds: The National Natural Science Foundation of China(61972297, U1636107)
  • 摘要: 針對目前客戶端反外掛方法的諸多局限,該文提出一種基于內(nèi)核事件的網(wǎng)絡(luò)游戲反外掛方法,并實(shí)現(xiàn)了反外掛系統(tǒng)CheatBlocker。該方法通過監(jiān)控Windows系統(tǒng)中的內(nèi)核事件監(jiān)視和攔截進(jìn)程間的異常訪問及異常模塊注入,同時從內(nèi)核注入反外掛動態(tài)加載庫(DLL)用以阻斷鼠標(biāo)鍵盤的模擬。實(shí)驗(yàn)結(jié)果表明,CheatBlocker可防御進(jìn)程模塊注入外掛和用戶輸入模擬類外掛,且具有較低的性能開銷。而且,CheatBlocker無需修改內(nèi)核數(shù)據(jù)或代碼,相比于目前的反外掛系統(tǒng)具有更好的通用性與兼容性。
  • 圖  1  基于跨進(jìn)程訪問的注入方法

    圖  2  基于系統(tǒng)機(jī)制的注入方法

    圖  3  反外掛系統(tǒng)

    圖  4  模塊注入防御

    圖  5  防御用戶輸入模擬

    表  1  反外掛DLL Hook函數(shù)

    模擬類型相關(guān)APIAPI 描述
    WindowSimulationSendMessage直接向指定窗口發(fā)送消息
    PostMessage將消息至于指定窗口的消息隊(duì)列上
    RtlUserSendMessageSendMessage內(nèi)部調(diào)用API
    RtlUserPostMessagePostMessage內(nèi)部調(diào)用API
    GlobalSimulationSendInput直接模擬鼠標(biāo)或鍵盤操作
    mouse_event模擬鼠標(biāo)
    keyboard_event模擬鍵盤
    下載: 導(dǎo)出CSV

    表  2  實(shí)驗(yàn)環(huán)境

    VMCPU內(nèi)存操作系統(tǒng)
    VM12 cores1 GBWin7 SP1 (64 bit)
    VM22 cores1 GBWin7 SP1 (32 bit)
    下載: 導(dǎo)出CSV

    表  3  外掛測試樣本

    外掛工具相關(guān)外掛技術(shù)外掛行為描述
    FIFA 10FIFA Cheater 0.5CreateRemoteThread 注入內(nèi)存修改
    Mr.Anti.Fun CheatCreateRemoteThread 注入內(nèi)存修改
    CPY FIFA CheaterQueueUserApc 注入代碼注入
    FIFA Auto Runner窗口模擬掛機(jī)腳本
    CROSS FIRESniper Rifle 1.0CreateRemoteThread 注入內(nèi)存修改
    LOCK Health CheaterQueueUserApc 注入內(nèi)存修改
    Ice Modz 6041 Rc1Hook Windows 消息注入內(nèi)存修改
    Crossfire Hacker線程劫持注入代碼注入
    Remote Dll Injector所有注入技術(shù)DLL注入
    Assassin Wall Cf窗口模擬掛機(jī)腳本
    Auto-Shooter輸入法注入/全局模擬掛機(jī)腳本
    Antifun GOLD Getter線程劫持注入/窗口模擬掛機(jī)腳本
    下載: 導(dǎo)出CSV

    表  4  反外掛系統(tǒng)防御效果對比

    外掛技術(shù)反外掛系統(tǒng)
    CheatBlockerNprotectXrayWardenGameGuardEasyAntiCheat
    創(chuàng)建遠(yuǎn)程線程注入
    插入APC注入××
    線程劫持注入×
    Hook Windows消息注入××
    輸入法注入×××
    全局模擬××××
    窗口模擬××××
    是否支持64位系統(tǒng)×
    下載: 導(dǎo)出CSV

    表  5  反外掛系統(tǒng)系統(tǒng)開銷對比

    系統(tǒng)開銷No Anti-CheatCheatBlockerNprotectXrayWardenGameGuardEasyAntiCheat
    平均CPU占用 (%)23.528.725.826.423.330.829.4
    平均內(nèi)存占用(%)35.335.834.737.536.536.735.8
    平局啟動時間(s)20.124.623.422.822.328.925.7
    下載: 導(dǎo)出CSV
  • 騰訊游戲研發(fā)部游戲安全中心. 游戲安全: 手游安全技術(shù)入門[M]. 北京: 電子工業(yè)出版社, 2016.

    Game Security Center of Tencent Game R & D Department. Game Security: Introduction to Mobile Security Technology[M]. Beijing: Electronic Industry Press, 2016.
    YAN J J and CHOI H J. Security issues in online games[J]. The Electronic Library, 2002, 20(2): 125–133. doi: 10.1108/02640470210424455
    YAN J and RANDELL B. A systematic classification of cheating in online games[C]. The 4th ACM SIGCOMM Workshop on Network and System Support for Games, New York, USA, 2005: 1–9. doi: 10.1145/1103599.1103606.
    KABUS P, TERPSTRA W W, CILIA M, et al. Addressing cheating in distributed MMOGs[C]. The 4th ACM SIGCOMM Workshop on Network and System Support for Games, New York, USA, 2005: 1–6. doi: 10.1145/1103599.1103607.
    CHOI Y, CHANG S J, KIM Y, et al. Detecting and monitoring game bots based on large-scale user-behavior log data analysis in multiplayer online games[J]. The Journal of Supercomputing, 2016, 72(9): 3572–3587. doi: 10.1007/s11227-015-1545-2
    羅平, 徐倩華. 網(wǎng)絡(luò)游戲外掛技術(shù)及檢測[J]. 計(jì)算機(jī)工程與設(shè)計(jì), 2007, 28(6): 1273–1276. doi: 10.3969/j.issn.1000-7024.2007.06.011

    LUO Ping and XU Qianhua. Hack technology and detection of online games[J]. Computer Engineering and Design, 2007, 28(6): 1273–1276. doi: 10.3969/j.issn.1000-7024.2007.06.011
    楊英杰, 冷強(qiáng), 常德顯, 等. 基于屬性攻擊圖的網(wǎng)絡(luò)動態(tài)威脅分析技術(shù)研究[J]. 電子與信息學(xué)報(bào), 2019, 41(8): 1838–1846. doi: 10.11999/JEIT181025

    YANG Yingjie, LENG Qiang, CHANG Dexian, et al. Research on network dynamic threat analysis technology based on attribute attack graph[J]. Journal of Electronics &Information Technology, 2019, 41(8): 1838–1846. doi: 10.11999/JEIT181025
    CHANG H and ATALLAH M J. Protecting software code by guards[C]. ACM CCS-8 Workshop DRM on Security and Privacy in Digital Rights Management, Berlin, Germany, 2001: 160–175. doi: 10.1007/3-540-47870-1_10.
    THE L B and KHANH V N. GameGuard: A windows-based software architecture for protecting online games against hackers[C]. The Symposium on Information and Communication Technology, Hanoi, Vietnam, 2010: 171–178. doi: 10.1145/1852611.1852643.
    梁光輝, 龐建民, 單征. 基于代碼進(jìn)化的惡意代碼沙箱規(guī)避檢測技術(shù)研究[J]. 電子與信息學(xué)報(bào), 2019, 41(2): 341–347. doi: 10.11999/JEIT180257

    LIANG Guanghui, PANG Jianmin, and SHAN Zheng. Malware sandbox evasion detection based on code evolution[J]. Journal of Electronics &Information Technology, 2019, 41(2): 341–347. doi: 10.11999/JEIT180257
    WOO J, KANG A R, and KIM H K. The contagion of malicious behaviors in online games[J]. ACM SIGCOMM Computer Communication Review, 2013, 43(4): 543–544. doi: 10.1145/2534169.2491712
    AHMAD M A, KEEGAN B, SRIVASTAVA J, et al. Mining for gold farmers: Automatic detection of deviant players in mmogs[C]. 2009 International Conference on Computational Science and Engineering, Vancouver, Canada, 2009: 340–345. doi: 10.1109/cse.2009.307.
    KWON H, MOHAISEN A, WOO J, et al. Crime scene reconstruction: Online gold farming network analysis[J]. IEEE Transactions on Information Forensics and Security, 2017, 12(3): 544–556. doi: 10.1109/tifs.2016.2623586
    CHUNG Y, PARK C Y, KIM N R, et al. Game bot detection approach based on behavior analysis and consideration of various play styles[J]. ETRI Journal, 2013, 35(6): 1058–1067. doi: 10.4218/etrij.13.2013.0049
    DUH H B L and CHEN V H. Cheating behaviors in online gaming[C]. The 3rd International Conference on Online Communities and Social Computing, Berlin, Germany, 2009: 567–573. doi: 10.1007/978-3-642-02774-1_61.
    傅建明, 彭碧琛, 杜浩. 一種組件加載漏洞的動態(tài)檢測[J]. 清華大學(xué)學(xué)報(bào): 自然科學(xué)版, 2012, 52(10): 1356–1363, 1369. doi: 10.16511/j.cnki.qhdxxb.2012.10.007

    FU Jianming, PENG Bichen, and DU Hao. Dynamic detection of component loading vulnerability[J]. Journal of Tsinghua University:Science and Technology, 2012, 52(10): 1356–1363, 1369. doi: 10.16511/j.cnki.qhdxxb.2012.10.007
    HOGLUND G and MCGRAW G. Exploiting Online Games: Cheating Massively Distributed Systems[M]. New York, USA: Addison-Wesley Professional, 2007: 119–125.
    WEBB S D and SOH S. Cheating in networked computer games: A review[C]. The 2nd International Conference on Digital Interactive Media in Entertainment and Arts, Perth, Australia, 2007: 105–112. doi: 10.1145/1306813.1306839.
    LIU H I and LO Y T. DaCAP-a distributed Anti-Cheating peer to peer architecture for massive multiplayer on-line role playing game[C]. The 8th IEEE International Symposium on Cluster Computing and the Grid (CCGRID), Lyon, France, 2008: 584–589. doi: 10.1109/ccgrid.2008.49.
    SEBASTIO S, AMORETTI M, MURGA J R, et al. Honest vs Cheating Bots in PATROL-based Real-time Strategy MMOGs[M]. CAGNONI S, MIROLLI M, and VILLANI M. Evolution, Complexity and Artificial Life. Heidelberg: Germaay, Springer, 2014: 225–238. doi: 10.1007/978-3-642-37577-4_15.
  • 加載中
圖(5) / 表(5)
計(jì)量
  • 文章訪問數(shù):  4173
  • HTML全文瀏覽量:  3395
  • PDF下載量:  201
  • 被引次數(shù): 0
出版歷程
  • 收稿日期:  2019-09-09
  • 修回日期:  2020-06-13
  • 網(wǎng)絡(luò)出版日期:  2020-07-18
  • 刊出日期:  2020-09-27

目錄

    /

    返回文章
    返回