Cheat folders and files?
#1

Can someone tell me cheat folders and files that is used for GTA SA & SAMP.

I'm making some launcher with simply file checkig and finding for cheats.
Reply
#2

Why not use go0gle and find it out by your own?
Reply
#3

I did the same thing a month ago.

The most common cheat is the s0b. You can see if a client is using it by checking if directory 'mod_sa' exists and/or ґUninstall mod_sa.exeґ file exists. That's the one way.

Although, you may think that looking for /cleo directory & library files is a good idea; but it's not good at all. You can check for the file names inside the folder. Be aware! They can always rename the cheat and access the game. Many modifications (e.g Speed Limit) uses CLEO library. With that said, you will block mine usage of Speed Limit-er.

Let's assume that you will go with sampfuncs library. Many skins / clean-modifications use sampfuncs. Without sampfuncs many mods & assets that do NOT give any advantage will be blocked by the launcher.

You still can't avoid the rename file solution. You have one possibility; that is to disable usage of ANY modifications that use custom folders & additional files.
Reply
#4

So, you mean, the best solution is to try to find sampfuncs and cleo folder?
Reply
#5

Quote:
Originally Posted by Unkovic
Посмотреть сообщение
So, you mean, the best solution is to try to find sampfuncs and cleo folder?
That and "mod sa" folder.
Checking for "d3d9.dll" would be even better since this is the main component.
Some people delete "d3d9.dll" and basically remove the hack but sometimes forget to delete "mod_sa"
and they will get kicked or whatever you make the client do without using a hack at all.
Reply
#6

You might consider this:

Quote:
Originally Posted by Fratello
Посмотреть сообщение
You still can't avoid the rename file solution. You have one possibility; that is to disable usage of ANY modifications that use custom folders & additional files.
But maybe there is a way getting around by duplicated directorys for GtaSA, one clean and one with goods.

It depends how your launcher will work.

Do someone know is it possible to launch sa:mp with parameters to connect straight to specified server ?
Reply
#7

Blocking d3d9.dll is like blocking ENB too...
Reply
#8

Quote:
Originally Posted by VeryTallMidget
Посмотреть сообщение
You might consider this:



But maybe there is a way getting around by duplicated directorys for GtaSA, one clean and one with goods.

It depends how your launcher will work.

Do someone know is it possible to launch sa:mp with parameters to connect straight to specified server ?
Yes, it is possible. Read: https://sampforum.blast.hk/showthread.php?tid=552526
Reply
#9

Quote:
Originally Posted by Fratello
Посмотреть сообщение
Maybe this is useful, launching game and go straight to server, all this from the same folder.

A tip for creator of this topic:

To create strong defense, you must try any possible offence against yourself !!!

So create a system, and try to abuse it in any way, pretend you are the cheater and want to get around your anti-cheat system... its the only way to make it really work, not just waste your time and have cheaters lough at your effort...
Reply
#10

Quote:
Originally Posted by VeryTallMidget
Посмотреть сообщение
Maybe this is useful, launching game and go straight to server, all this from the same folder.

A tip for creator of this topic:

To create strong defense, you must try any possible offence against yourself !!!

So create a system, and try to abuse it in any way, pretend you are the cheater and want to get around your anti-cheat system... its the only way to make it really work, not just waste your time and have cheaters lough at your effort...
Connection query for the client takes only 2 parameters (IP; PORT).

The launcher would also require usage of sockets to determine if client has joined via default SA-MP launcher or a custom one. Otherwise, launcher of yours would be pretty unnecessary.

I'm afraid that hackers + can change the core of suboit and others (e.g directory name used). And your if statement will be pointless.

In the end, you can't choose between several things. You will manage to get rid of basic cheaters, but some of them, advanced people, will find a bypass.
Reply
#11

Even if I use a clean GTA SA install with no mods whatsoever it's still possible to inject cheats from outside. Even CLEO can be attached to the process, so it won't use the GTA SA directory at all. It can be done with simple coding experience. Then there are also hacks that do not use CLEO and work by hacking the running process (eg. an .exe that alters memory addresses - even Trainers that were meant for SP are partially working for SAMP).

So to make sure you should not only check the GTA SA folder but also running processes, modified addresses and much more. Otherwise it will be useless. This will maybe keep away people that don't know what they are doing but at the same time annoy those who run legit mods, like graphic mods or ENB.

Another simple method (which proved to work for some other Launcher I don't want to mention here) is running a non-modified game through the launcher and leave it running in the background. Then start a second instance which is modded. Sounds too simple to be working, but it does for bad launchers or "anti cheats".
Reply
#12

Quote:
Originally Posted by Unkovic
Посмотреть сообщение
I'm making some launcher with simply file checkig and finding for cheats.
What programming language are you using ?
Can you work with memory and sockets ?


Quote:
Originally Posted by NaS
Посмотреть сообщение
So to make sure you should not only check the GTA SA folder but also running processes, modified addresses and much more.
Do you know what to look for ?
I mean from gta_sa.exe proccess.
Reply
#13

Quote:
Originally Posted by VeryTallMidget
Посмотреть сообщение
What programming language are you using ?
Can you work with memory and sockets ?




Do you know what to look for ?
I mean from gta_sa.exe proccess.
Let's refresh this topic.
C# and I will work with sockets.

I think this:

find mod sa folder, (or mod_sa.exe if it exists), look for cheats processes (exes), looks for sampfuncs d3d9.dll
It will also check if gta_sa.exe is already running, and check if you are already connected to the server (socket).

Also it will blocks connections without launcher to the server
Reply
#14

I don't think that forcing the launcher to all players is a good idea, for example I don't want to download something unless it is from a trusted site ("Microsoft Things", Steam, etc) or open source (qbittorrent etc).

For the regular users, it may work.
Reply
#15

Quote:
Originally Posted by 10MIN
Посмотреть сообщение
I don't think that forcing the launcher to all players is a good idea, for example I don't want to download something unless it is from a trusted site ("Microsoft Things", Steam, etc) or open source (qbittorrent etc).

For the regular users, it may work.
It is not real launcher, i may wont force users, i may force the cheaters.
Reply
#16

Quote:
Originally Posted by Unkovic
Посмотреть сообщение
It is not real launcher
Then what it is? An asi mod? A modified version of gta_sa.exe/d3d9.dll?
Reply
#17

Quote:
Originally Posted by Unkovic
Посмотреть сообщение
Let's refresh this topic.
C# and I will work with sockets.

I think this:

find mod sa folder, (or mod_sa.exe if it exists), look for cheats processes (exes), looks for sampfuncs d3d9.dll
It will also check if gta_sa.exe is already running, and check if you are already connected to the server (socket).
That helps against noobs, but anyone that knows what they are doing can circumvent all of this (either by simple renaming, which you didn't catch so far, or by injecting externally - eg. d3d9.dll which at that point can be named anything).
Reply
#18

Quote:
Originally Posted by 10MIN
Посмотреть сообщение
Then what it is? An asi mod? A modified version of gta_sa.exe/d3d9.dlll
Yes, thanks.

Quote:
Originally Posted by NaS
Посмотреть сообщение
That helps against noobs, but anyone that knows what they are doing can circumvent all of this (either by simple renaming, which you didn't catch so far, or by injecting externally - eg. d3d9.dll which at that point can be named anything).
So, what will you do?
Reply
#19

Most of the hack/cheat users are not so advanced users to manipulate they'r computer to get around it.
Reply
#20

Quote:
Originally Posted by VeryTallMidget
Посмотреть сообщение
Most of the hack/cheat users are not so advanced users to manipulate they'r computer to get around it.
That is true! I live in Serbia, and many cheaters are kids, which want position (admin, vip..) and if they dont get it, they use cheats on server and something. Also Idk how they can rename a file, if a file is dll, I think the program wont work after renaming dll and also this will check if someething gets turned on, started (.exe). and i dont know how that can be avoided. I think there is no enough smart cheater on Balkan to do that xD
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)