[Rob_Maate]

Yoyo.

I've just started work on a project, but it's come to my attention that there are certain parts of it that appear to be a little out of my scope.

My idea is rather simple - A separate, standalone application that a user may run on their home PC along with their SA-MP client, that will report information to a plugin on the server about the status and integrity of the files contained within the specified GTA directory listed in the active process of SA-MP.

This client application currently is scripted in Visual Basic. I have completely implemented the checking utility (Works like an antivirus, will recieve various definition updates as new cheats/trainers are created) and have been able to successfully transmit either a pass/fail command to a remote php script.

As I am not familiar with the plugin scripting for SA-MP, I need either one or a few people to hop onboard and help me out.

As a community, we suffer from an overwhelming lack of collective enthusiasm in the war against non-ethical players. It's around about time we started to globally implement methods to protect not only ourselves, but our peers from retards that only choose to play in an attempt to ruin other people's fun and enjoyment.

Please, if you could be of any assistance at all, don't hesitate to contact me.

[Vince]

Most players don't like to install a separate client plugin to play on a specific server, they'll just go to another server. The best way to block cheats and hacks is by blocking the d3d9.dll; the library that is responsible for DirectX drawings (I think). Unfortunately that would also disable certain CLEO mods.

[Toreno]

Even if people do install a separate client plugin in order to play on a specific server, they will find a way reporting they don't use cheats, like ****** said. Also, I think people should use regular anti cheats filterscripts/includes, so if a player starts cheating, whether if he joins a randomly server or not, he'll eventually get banned and will be totally mad or post a sorry thread on forums which is so hilarious. I like banning cheaters, it's the enjoyment of creating a community.

[Rob_Maate]

I'm not quite sure that it has to be as simple as what you've stated ******.

What I'm thinking is that a session ID would be created, sent through some sort of online checking process and then passed back to the server. If valid, the server would display a message stating that the client is clean.

It wouldn't be a 'required' thing persay, much more an optional tool that could be used in instances where a player is either

a) suspected of hacks
b) unbanned after using hacks (as a condition of re-entry)
c) applying for a position in the community.

Obviously players would be encouraged to go ahead and install it from the word go
but even if they choose not to - this to me it seems like it could drastically curb the number of wrongdoers in the general community.

This isn't for blatant RPG'ers and masscarspawners, I'm talking more about healthhackers, the occasional 'slip a sniper in' sort of player.

They are the ones that are hard to spot. If you see someone airbreaking around, you KNOW they'r gonna get the hammer.

[Rob_Maate]

Alright - Imagine this.

What if I was to get a new piece of paper every 30 minutes.

I cut that piece of paper in half, but in an odd way so the two parts are perfect matches but it'd be hard to replicate.
When I SEE you, I give you half of the page.
On that page is some sort of randomly generated algorithm.

You work it out, you scribble down the answer. Then you come back to me, join your piece with mine. If it fits? I continue. If it doesn't, I tell you to gtfo till you have the correct bit of paper.

Say the bit of paper fits perfectly, I then look at the answer written down. If it's the answer to the random equation I generated, bingo now we can talk about the weather n what not.

What I'm thinking is basically constant server validation.

The client is really only a processor in this environment, meaning I ask it a question and it gives me an answer. If at any time it wasn't the answer I asked it, it can gtfo (if that makes sense) and won't print the code. If it DOES all match up and it finds mod_**.dll or w/e it headshots the noob.

[Rob_Maate]

I've had a bit of a think about it.

The key IS validation.

I've worked in pub's my whole life, and if it's taught me anything, it's that a bullshit story always falls apart when you push it far enough.

I'd like to introduce the concept of "Prove it" validation.

Basically, this involves chasing the client all the way back to an area that would have required extensive Operating System modification to actually pass.

Obviously with this method it would produce a small percentage of false errors, so you wouldn't PUNISH past a certain point into the cycle, but it would be enough to warrant suspicion.

In simple terms:

SERVER: Hi, what is 5 * 6?
CLIENT: 30!
SERVER: Good, now, do you have any cheats?
CLIENT: <Lie> No!
SERVER: OK, now how big was the file you scanned.
CLIENT: <Lie> It was xx-250!
SERVER: OK, Windows, How big is the file specified?
WINDOWS: xx!
SERVER:

Obviously this is a VERY poor example, and the implimentation would be fucking horrible I'm aware.
But it's this line of approach I am going to take, forcing the modder to have to answer questions so hard to answer that either they won't go that far or will have to do a complete system modification just to spawn a gun in a game.

[Rob_Maate]

Is there a way to remotely connect to a windows service to obtain this information?