Gamestudio Links
Zorro Links
Newest Posts
Blobsculptor tools and objects download here
by NeoDumont. 03/28/24 03:01
Issue with Multi-Core WFO Training
by aliswee. 03/24/24 20:20
Why Zorro supports up to 72 cores?
by Edgar_Herrera. 03/23/24 21:41
Zorro Trader GPT
by TipmyPip. 03/06/24 09:27
VSCode instead of SED
by 3run. 03/01/24 19:06
AUM Magazine
Latest Screens
The Bible Game
A psychological thriller game
SHADOW (2014)
DEAD TASTE
Who's Online Now
5 registered members (TipmyPip, AndrewAMD, Quad, aliswee, degenerate_762), 970 guests, and 4 spiders.
Key: Admin, Global Mod, Mod
Newest Members
sakolin, rajesh7827, juergen_wue, NITRO_FOREVER, jack0roses
19043 Registered Users
Previous Thread
Next Thread
Print Thread
Rate Thread
Request: Enable Address Space Layout Randomization for the engin #442073
06/10/14 11:21
06/10/14 11:21
Joined: Nov 2012
Posts: 62
Istanbul
T
Talemon Offline OP
Junior Member
Talemon  Offline OP
Junior Member
T

Joined: Nov 2012
Posts: 62
Istanbul
Hello,
I don't think this one would be implemented any time soon but here it goes: ASLR is a decent way to defeat some of the vulnerabilities in an application( wiki )It is available on Windows Vista and later versions. It protects app's memory space so malicious players can't meddle with it to alter scores etc. It would be nice if we had this feature.

Re: Request: Enable Address Space Layout Randomization for the engin [Re: Talemon] #442074
06/10/14 11:36
06/10/14 11:36
Joined: Jul 2000
Posts: 27,977
Frankfurt
jcl Offline

Chief Engineer
jcl  Offline

Chief Engineer

Joined: Jul 2000
Posts: 27,977
Frankfurt
I think this is a too special feature - at least I have not heard yet of an attack on the game engine. For protecting scores you could use simple methods such as mirror variables or a checksum.

Re: Request: Enable Address Space Layout Randomization for the engin [Re: jcl] #442076
06/10/14 11:57
06/10/14 11:57
Joined: Nov 2012
Posts: 62
Istanbul
T
Talemon Offline OP
Junior Member
Talemon  Offline OP
Junior Member
T

Joined: Nov 2012
Posts: 62
Istanbul
Thank you for your quick response, jcl.
I also thought this were an extreme case, it came up during an argument so I decided to make a note here. Maybe one day you will get bored and look for an exotic feature to implement, this will be waiting for you (:
Our game is a free2play FPS game so we'll both see in a few months what type of attacks people will use to gain an advantage.

Re: Request: Enable Address Space Layout Randomization for the engin [Re: Talemon] #442081
06/10/14 14:35
06/10/14 14:35
Joined: Oct 2007
Posts: 5,210
İstanbul, Turkey
Quad Online
Senior Expert
Quad  Online
Senior Expert

Joined: Oct 2007
Posts: 5,210
İstanbul, Turkey
ASLR is no way to prevent such cheats. First, ASLR can be disabled system-wide from registry, or on process-basis by launching the executable in XP compatibility mode.

Second point is that the cheating tools(check cheat engine forums) and malware targeting specific executables have successfully worked around ASLR.

Since you are working on an online game, you should rely on values stored on the server and not trust the client.


3333333333
Re: Request: Enable Address Space Layout Randomization for the engin [Re: Quad] #442083
06/10/14 14:57
06/10/14 14:57
Joined: Nov 2012
Posts: 62
Istanbul
T
Talemon Offline OP
Junior Member
Talemon  Offline OP
Junior Member
T

Joined: Nov 2012
Posts: 62
Istanbul
Originally Posted By: Quad
ASLR is no way to prevent such cheats. First, ASLR can be disabled system-wide from registry, or on process-basis by launching the executable in XP compatibility mode.

Second point is that the cheating tools(check cheat engine forums) and malware targeting specific executables have successfully worked around ASLR.

Since you are working on an online game, you should rely on values stored on the server and not trust the client.


Thanks for the input, I didn't know that. I'm not suggesting that we rely on client side variables, it was just an example. What I'm worried about are things like wallhacks and malware that target gulliable players, which require code injection and/or hooking to specific functions. As I said, we'll see what hackers come up with soon.

Re: Request: Enable Address Space Layout Randomization for the engin [Re: Talemon] #442086
06/10/14 16:53
06/10/14 16:53
Joined: Oct 2011
Posts: 1,082
Germany
C
Ch40zzC0d3r Offline
Serious User
Ch40zzC0d3r  Offline
Serious User
C

Joined: Oct 2011
Posts: 1,082
Germany
lol you can call every game function / engine function with an injected dll.
You shouldnt worry about wallhacks but about teleport, speedhack, weapon/equipment hacks, rank/level hacks and so on.

Last edited by Ch40zzC0d3r; 06/10/14 16:53.

Moderated by  aztec, Spirit 

Gamestudio download | chip programmers | Zorro platform | shop | Data Protection Policy

oP group Germany GmbH | Birkenstr. 25-27 | 63549 Ronneburg / Germany | info (at) opgroup.de

Powered by UBB.threads™ PHP Forum Software 7.7.1