CN111389012A

CN111389012A - Method, device and system for anti-plug-in

Info

Publication number: CN111389012A
Application number: CN202010119299.8A
Authority: CN
Inventors: 朱飞; 管炜; 夏晖
Original assignee: Perfect World Zhengqi Shanghai Multimedia Technology Co ltd
Current assignee: Perfect World Zhengqi Shanghai Multimedia Technology Co ltd
Priority date: 2020-02-26
Filing date: 2020-02-26
Publication date: 2020-07-10
Anticipated expiration: 2040-02-26
Also published as: WO2021169225A1; CN112473148B; CN111389012B; CN112473148A

Abstract

The application provides a method, a device and a system for anti-cheating, wherein the method comprises the following steps: monitoring preset detection points in the game application to obtain plug-in feature information detected at the preset detection points in the current game stage; when the game stage is finished, generating anti-plug-in game data information corresponding to the game stage according to the plug-in feature information and the normal game data information corresponding to the game stage; and sending the anti-plug-in game data information corresponding to the game stage to a first server so that the first server can determine whether plug-in characteristic information exists in the anti-plug-in game data information by comparing the anti-plug-in game data information with normal game data information corresponding to the game stage from a game server. According to the scheme of the application, a disorienting and concealed anti-plug-in mechanism is adopted, so that the difficulty of a plug-in developer in counterfeiting the data package can be greatly increased.

Description

Method, device and system for anti-plug-in

Technical Field

The application relates to the technical field of computers, in particular to a technical scheme for anti-plug-in.

Background

The plug-in refers to a cheating program which can help players to obtain benefits by modifying games, and the main application principle is to modify normal codes or data of the games so as to change the capabilities of game characters. Since plug-ins can destroy game fairness, plug-in detection is necessary.

In the prior art, the following anti-cheating scheme is generally adopted: the method comprises the steps of establishing a feature library of mainstream plug-in software, detecting the plug-in software by intercepting various malicious behaviors (such as injection of a game process, attempt to acquire various operation authorities of the game process and the like), and realizing protection by actively defending the behaviors, such as forbidding read-write access of an external process to a game. The above prior art solution has the following drawbacks: 1) plug-in samples need to be collected ceaselessly, the characteristics of each plug-in sample are extracted and brought into a characteristic library, the process needs to be iterated ceaselessly, technicians need to follow the process in time if new plug-ins are generated or the plug-ins adopt variant technology to change the characteristics of the plug-ins, otherwise an anti-plug-in system is likely to fail, plug-in software on the market is numerous in types, and therefore more manpower and material resources need to be invested to maintain the characteristic library all the time; 2) the game needs to be played between the system bottom layer and the plug-in, for example, a driver is loaded on the system layer to intercept the read-write of the game progress, and the technical countermeasure of the system bottom layer enables the anti-plug-in party to be in a relatively unfavorable position, because on one hand, the game accessing modes of the bottom layer are many, the workload of all the plugs is large, meanwhile, some normal software may have the access requirements on the game, the game is easy to be mistakenly injured under the complicated and changeable user environment, and in addition, the technical countermeasure of the system bottom layer is easy to be unstable, and the injury to the user is caused; 3) active defense measures adopted in the prior art adopt a mode of timely feedback at a client, for example, once a plug-in behavior is detected, the access of the plug-in behavior to a game process is immediately prohibited, so that a plug-in developer is easy to debug the game machine, and then a rule is searched to bypass active defense.

Disclosure of Invention

The application aims to provide a technical scheme for anti-cheating and hiding.

According to an embodiment of the present application, there is provided a method for anti-cheating, for a user equipment, wherein the method includes:

monitoring preset detection points in the game application to obtain plug-in feature information detected at the preset detection points in the current game stage;

when the game stage is finished, generating anti-plug-in game data information corresponding to the game stage according to the plug-in feature information and the normal game data information corresponding to the game stage;

and sending the anti-plug-in game data information to a first server so that the first server determines whether plug-in feature information exists in the anti-plug-in game data information by comparing the anti-plug-in game data information with normal game data information corresponding to the game stage from a game server.

According to another embodiment of the present application, there is also provided a method for anti-cheating, for a first server, wherein the method includes:

receiving anti-cheating game data information corresponding to a current game stage in the game application from user equipment;

and comparing the anti-plug-in game data information with normal game data information corresponding to the game stage from a game server, and determining whether plug-in feature information exists in the user equipment according to a comparison result.

There is also provided, in accordance with another embodiment of the present application, a method for anti-cheating, wherein the method includes:

the method comprises the steps that user equipment monitors preset detection points in a game application to obtain plug-in feature information detected at the preset detection points in a current game stage;

when the game stage is finished, the user equipment generates anti-plug-in game data information corresponding to the game stage according to the plug-in characteristic information and the normal game data information corresponding to the game stage;

the user equipment sends the anti-plug-in game data information corresponding to the game stage to a first server;

the first server receives anti-cheating game data information corresponding to the game stage from the user equipment;

the first server compares the anti-plug-in game data information with normal game data information corresponding to the game stage from the game server, and determines whether plug-in feature information exists in the anti-plug-in game data information according to a comparison result.

There is also provided, in accordance with another embodiment of the present application, a first apparatus for anti-cheating in a user equipment, wherein the first apparatus includes:

the device comprises a device for monitoring preset detection points in the game application and acquiring the plug-in feature information detected at the preset detection points in the current game stage;

and the device is used for sending the anti-plug-in game data information corresponding to the game stage to a first server so that the first server can determine whether plug-in feature information exists in the anti-plug-in game data information by comparing the anti-plug-in game data information with normal game data information corresponding to the game stage from a game server.

There is also provided, in accordance with another embodiment of the present application, a second apparatus for anti-cheating in a server, wherein the second apparatus includes:

means for receiving from the user device anti-cheating game data information corresponding to a current game stage in the game application;

and the device is used for comparing the anti-plug-in game data information with normal game data information corresponding to the game stage from the game server and determining whether plug-in feature information exists in the anti-plug-in game data information according to a comparison result.

According to another embodiment of the present application, there is also provided a system for anti-cheating, including a user equipment and a server, where the user equipment includes the first apparatus described in the present application, and the server includes the second apparatus described in the present application.

There is also provided, in accordance with another embodiment of the present application, apparatus, wherein the apparatus includes: a memory for storing one or more programs; one or more processors coupled with the memory, the one or more programs, when executed by the one or more processors, causing the one or more processors to perform operations comprising:

and sending the anti-plug-in game data information corresponding to the game stage to a first server so that the first server can determine whether plug-in characteristic information exists in the anti-plug-in game data information by comparing the anti-plug-in game data information with normal game data information corresponding to the game stage from a game server.

and comparing the anti-plug-in game data information with normal game data information corresponding to the game stage from a game server, and determining whether plug-in feature information exists in the anti-plug-in game data information according to a comparison result.

According to another embodiment of the present application, there is also provided a computer-readable storage medium having a computer program stored thereon, the computer program being executable by a processor to:

Compared with the prior art, the method has the following advantages: 1) the method comprises the steps that a preset detection point is arranged in a game application (such as a key function or a key memory data area) to realize plug-in detection by monitoring the preset detection point and reporting plug-in characteristic information, so that the idea of anti-plug-in without changing the changes can be realized, even if a new plug-in occurs, game data must be acquired and tampered through a link monitored by the preset detection point, and the anti-plug-in party does not need to follow the characteristics of plug-in software frequently to detect, so that the technical maintenance cost of the anti-plug-in party is greatly reduced; 2) the method adopts a confusing and hidden anti-plug-in mechanism, and reports anti-plug-in game data information according to a game stage, and is not easy to attract the attention of a plug-in developer due to the fact that plug-in characteristic information is mixed in normal game data information reported in a staged manner, and in addition, the anti-plug-in game data information simultaneously comprises the normal game data information and the plug-in characteristic information, so that the difficulty of counterfeiting a data package by the plug-in developer can be greatly increased, and the plug-in developer is difficult to modify or intercept the anti-plug-in game data information reported in a staged manner; 3) the method adopts a delay punishment mechanism, the user equipment end does not stop and warn the external software when detecting the external behavior, but reports the external characteristic information detected at the preset detection point in each game stage to the server end when each game stage is finished, the server end judges whether the external behavior exists at the user equipment end and determines whether punishment is performed or not and how punishment is performed, namely, the server end performs delay punishment on a player using the external software, and the delay punishment mode ensures that an external developer cannot confirm which behavior characteristics in the external software trigger safety alarm, thereby greatly increasing the difficulty of debugging the external software to avoid detection by the external developer.

Drawings

Other features, objects and advantages of the present application will become more apparent upon reading of the following detailed description of non-limiting embodiments thereof, made with reference to the accompanying drawings in which:

FIG. 1 is a flow chart illustrating a method for anti-cheating in a user device according to an embodiment of the present application;

FIG. 2 is a flow chart illustrating a method for preventing cheating in a server according to an embodiment of the present application;

FIG. 3 is a schematic flow chart diagram illustrating a system method for anti-cheating according to one embodiment of the present application;

FIG. 4 is a schematic structural diagram of a first apparatus for anti-cheating in a user equipment according to an embodiment of the present application;

FIG. 5 is a diagram illustrating a second apparatus for anti-cheating in a server according to an embodiment of the present application;

FIG. 6 illustrates an exemplary system that can be used to implement the various embodiments described in this application.

The same or similar reference numbers in the drawings identify the same or similar elements.

Detailed Description

Before discussing exemplary embodiments in more detail, it should be noted that some exemplary embodiments are described as processes or methods depicted as flowcharts. Although a flowchart may describe the operations as a sequential process, many of the operations can be performed in parallel, concurrently, or simultaneously. In addition, the order of the operations may be re-arranged. The process may be terminated when its operations are completed, but may have additional steps not included in the figure. The processes may correspond to methods, functions, procedures, subroutines, and the like.

The term "device" in this context refers to an intelligent electronic device that can perform predetermined processes such as numerical calculations and/or logic calculations by executing predetermined programs or instructions, and may include a processor and a memory, wherein the predetermined processes are performed by the processor executing program instructions prestored in the memory, or performed by hardware such as an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA), a Digital Signal Processor (DSP), or performed by a combination of the above two.

The technical scheme of the application is mainly realized by computer equipment. Wherein the computer device comprises a network device and a user device. The network device includes, but is not limited to, a single network server, a server group consisting of a plurality of network servers, or a Cloud Computing (Cloud Computing) based Cloud consisting of a large number of computers or network servers, wherein Cloud Computing is one of distributed Computing, a super virtual computer consisting of a collection of loosely coupled computers. The user equipment includes but is not limited to PCs, tablets, smart phones, IPTV, PDAs, wearable devices, and the like. The computer equipment can be independently operated to realize the application, and can also be accessed into a network to realize the application through the interactive operation with other computer equipment in the network. The network in which the computer device is located includes, but is not limited to, the internet, a wide area network, a metropolitan area network, a local area network, a VPN network, a wireless Ad Hoc network (Ad Hoc network), and the like.

It should be noted that the above-mentioned computer devices are only examples, and other computer devices that are currently available or that may come into existence in the future, such as may be applicable to the present application, are also included within the scope of the present application and are incorporated herein by reference.

The methodologies discussed hereinafter, some of which are illustrated by flow diagrams, may be implemented by hardware, software, firmware, middleware, microcode, hardware description languages, or any combination thereof. When implemented in software, firmware, middleware or microcode, the program code or code segments to perform the necessary tasks may be stored in a machine or computer readable medium such as a storage medium. The processor(s) may perform the necessary tasks.

Specific structural and functional details disclosed herein are merely representative and are provided for purposes of describing example embodiments of the present application. This application may, however, be embodied in many alternate forms and should not be construed as limited to only the embodiments set forth herein.

It will be understood that, although the terms first, second, etc. may be used herein to describe various elements, these elements should not be limited by these terms. These terms are only used to distinguish one element from another. For example, a first element may be termed a second element, and, similarly, a second element may be termed a first element, without departing from the scope of example embodiments. As used herein, the term "and/or" includes any and all combinations of one or more of the associated listed items.

The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of example embodiments. As used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used herein, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.

It should also be noted that, in some alternative implementations, the functions/acts noted may occur out of the order noted in the figures. For example, two figures shown in succession may, in fact, be executed substantially concurrently, or the figures may sometimes be executed in the reverse order, depending upon the functionality/acts involved.

The present application is described in further detail below with reference to the attached figures.

The method comprises the steps of loading a game application and an electronic game client into a game application process in a mode of injecting D LL (Dynamic L ink L ibrary, a Dynamic link library), setting a preset detection point inside the game application by the anti-plugin module, not limiting the installation sequence of the game application and the electronic game client in the embodiment, namely the game application may be installed before the electronic game client is installed in the user equipment, or the game application may be downloaded and installed in the electronic plug-in game client after the electronic game client is installed, not limiting the loading scene of the anti-plugin module in the embodiment, for example, if a user downloads and installs the game application in the electronic game client, the electronic game client may load the anti-plugin module into the game client immediately after the game application is installed, and the game application module may be loaded and installed in the electronic plug-in the game client and the game application monitor the game application in the game application process according to the game application process data obtained in the first step S5913, and the game application data obtained by the game application monitoring step S2, and the game application monitor the game application data obtained by the game server.

In step S11, the user equipment monitors a preset detection point inside the game application, and obtains the external hanging feature information detected at the preset detection point in the current game stage. In some embodiments, the step S11 is performed by an anti-cheating module. In some embodiments, the preset detection point may be set up in any sensitive data area inside the game application, preferably, the preset monitoring point includes, but is not limited to, a key function detection point and/or a key memory detection point, the key function detection point refers to a detection point set up for a key function inside the game, the key memory detection point refers to a detection point set up for key memory data inside the game, and the positioning of the key function and the key memory data comes from the work of a large amount of reverse engineering; in some embodiments, the key function may be any function that has a key function in the game (e.g., has a key impact on the identification of key actions in the game or the outcome of a tournament) or that is most disruptive to the balance of the game that will usually be of interest, for example, for shooting type game application, the functions which most destroy the balance of the game and are provided by the mainstream plug-in are mainly perspective and automatic aiming, functions related to perspective and automatic aiming (such as a function for acquiring position information of characters in the game, a function for determining or adjusting the colors of the characters, a function for determining or adjusting the visual field orientation of the characters and the like) can be regarded as key functions, in some embodiments, the anti-plug-in module is loaded into a game application process, and the calling of the key functions in the game process needs to pass through the anti-plug-in module firstly through the key functions in the inline hook game; in some embodiments, key memory data includes, but is not limited to, memory data associated with key functions within the game, such as character position information, character color (or lighting) information, character view orientation information, and the like. In some embodiments, the game stage is used to represent one of the stages in the game process of the user, and the game stage in the game process may be divided in various ways, such as for a game of sports type, a small play in the game may be used as one game stage, and for another example, the game stage may be divided according to a predetermined time length (e.g. 5 minutes). In some embodiments, the plug-in feature information includes any information related to plug-in detection obtained by monitoring the preset detection point; in some embodiments, the store-on feature information is used to indicate a store-on feature detected at the preset detection point, optionally, the store-on feature information includes, but is not limited to: a detection point type (a key function detection point or a key memory detection point), a detection point identifier, a plug-in type or a cheating type (perspective or automatic aiming, etc.), a timestamp, and the like. It should be noted that, in some embodiments, the plug-in feature information may be null, and if the data to be recorded is not detected at the preset detection point in the current game stage, the plug-in feature information in the game stage is null. In some embodiments, the user equipment monitors preset detection points inside the game application, and records all data detected at the preset detection points in the current game stage as the plug-in feature information corresponding to the game stage. In some embodiments, the user equipment monitors preset detection points inside the game application, and records data that satisfies a predetermined recording condition and is detected at the preset detection points in a current game stage as plug-in feature information corresponding to the game stage (that is, selectively reports the detected data).

In step S12, when the game stage is finished, the user equipment generates anti-plug-in game data information corresponding to the game stage according to the plug-in feature information and the normal game data information corresponding to the game stage. In some embodiments, the step S12 is performed by an anti-cheating module; in some embodiments, the normal game data information refers to personal game data generated in a current game stage and collected by the anti-plug-in module, as an example, a small game is taken as a game stage, and the normal game data information corresponding to the small game represents personal game data of a player collected in the small game, such as game data of how many times the game is fired, how many times the game is hit, how many killing is caused, how many life values remain after the small game is ended, and the like. In some embodiments, if the current game stage is finished, the anti-cheating module combines the normal game data information acquired in the game stage with cheating feature information recorded in the game stage (or combines the normal game data information and cheating feature information according to a predetermined rule to have better concealment) to generate anti-cheating game data information corresponding to the game stage. In some embodiments, if the current game stage is finished, the anti-cheating module generates anti-cheating game data information corresponding to the game stage by hiding cheating-on feature information recorded in the game stage as a field in normal game data information corresponding to the game stage, optionally, the cheating feature information recorded in the game stage may be divided into at least one field, and each field may be hidden in the normal game data information corresponding to the game stage according to a predetermined rule (e.g., inserted at a predetermined position or inserted every predetermined number of bits), the application does not limit the concrete way of hiding the plug-in characteristic information in order to hide the plug-in characteristic information in the normal game data information, if the plug-in feature information can be inserted into any position in the normal game data information, and if the number of the divided fields of the plug-in feature information can be adjusted based on requirements; as an example, the anti-cheating module collects normal game data information of each player in each game, such as how many times the game is fired, how many times the game is hit, how many times the game is killed, how many remaining life values after the game is finished, and the like, and then hides cheating feature information (such as cheating if the game is cheated, whether cheating types are perspective or automatic aiming, and the like) detected at a preset detection point in the game in each game as a field in the normal game data information reported by each game, and then performs uniform encryption transmission to increase the difficulty of analysis and positioning of developers. In some embodiments, if the current game stage is finished, the anti-plug-in module processes (such as statistics, screening, calculation, and the like) the plug-in feature information according to a predetermined rule, and combines the processed data with the normal game data information acquired in the game stage (or combines the processed data with the normal game data information according to the predetermined rule), so as to generate anti-plug-in game data information corresponding to the game stage. In some embodiments, if the current game stage is finished and the corresponding cheating feature information of the game stage is empty, the normal game data information collected in the game stage is directly used as the anti-cheating game data information corresponding to the game stage.

In step S13, the user equipment sends the anti-plug-in game data information corresponding to the game stage to a first server, so that the first server determines whether plug-in feature information exists in the anti-plug-in game data information by comparing the anti-plug-in game data information with normal game data information corresponding to the game stage from a game server. In some embodiments, the game server is a server for storing normal game data information corresponding to each game stage, and the "normal game data information corresponding to the game stage from the game server" is game data information generated by the game server in the game stage; in some embodiments, the game server refers to a dedicated service server matched with the electronic competition client. It should be noted that the first server may be any server connected to the user equipment through a network, and this application is not limited to this; in some embodiments, the first server is the game server, the first server can directly read locally stored normal game data information corresponding to the game stage, and the scheme that the game server is used as the first server can enable plug-in detection to be more convenient and faster and has higher safety; in other embodiments, the first server may be any other network device besides the game server, the first server and the game server are connected through a network, and the first server obtains the normal game data information corresponding to the game stage sent by the game server. In some embodiments, the user equipment encrypts the anti-cheating game data information corresponding to the game stage and sends the encrypted data information to the first server. In some embodiments, the anti-plugin module in the user equipment encrypts the anti-plugin game data information corresponding to the game stage, and provides the encrypted data information to the electronic competition client, so that the electronic competition client sends the encrypted data information to the first server, that is, the anti-plugin module is responsible for generating and encrypting packet data (that is, the anti-plugin game data information corresponding to each game stage), and the electronic competition client is only responsible for forwarding information; it should be noted that, because the anti-plug-in module works inside the game application, if the anti-plug-in module is directly sensitive to the communication with the first server, a plug-in developer may analyze the communication between the game application and a certain IP through a package capture tool, and through the forwarding of the electronic contest client, the anti-plug-in module does not directly interact with the first server, so that the anti-plug-in process has stronger concealment and security. As an example, taking a csgo game as an example, a PVP (Player versus Player) electronic competition client is installed in a user device, the electronic competition client embeds an anti-plug-in module into a program of the csgo game by injecting dll, and sets a preset detection point in a sensitive data area related to character position information, character color and character view orientation in the csgo game, if an external user injects or reads and writes game data in the csgo game by plugging, in a game stage, when the external plug-in executes a function of modifying character color, acquiring character position information or modifying character view orientation to realize automatic aiming, the anti-plug-in module records plug-in characteristics by monitoring the preset detection point, and encrypts and reports anti-plug-in game data information (including plug-in characteristics and normal game data) corresponding to the game stage to the PVP electronic competition client when the game stage is over, the PVP electronic competition client sends the encrypted data to a server corresponding to the csgo game so that the server can delay and punish the plug-in user.

It should be noted that, for each game stage in the game process, the user equipment performs the above step S11, step S12, and step S13 to report the anti-cheating game data information corresponding to the game stage to the server corresponding to the game application, that is, the user equipment repeatedly performs the above steps S11, step S12, and step S13 until the game is ended.

In some embodiments, the preset detection points include key function detection points, and the step S11 includes: and monitoring the key function detection point to obtain the plug-in characteristic information detected at the key function detection point in the current game stage, wherein if a function calling event corresponding to the key function detection point occurs in the current game stage, the plug-in characteristic information detected at the key function detection point is obtained by tracing the code source of an upper stack caller corresponding to the function calling event based on stack backtracking. In some embodiments, the anti-plugin module modifies the function header code of the key function through the key function inside the inline hook game application to take over the call of the key function inside the game application to monitor caller information, if a plugin exists, the call of the plugin code to the key function must first pass through the anti-plugin module, and the anti-plugin module can trace where the stack caller code at the upper layer comes through a stack backtracking manner, and as long as there is a call from outside the game application, the call is regarded as a suspicious call and recorded. Since the function on the x86 platform is called and then all the functions are saved with the return address, a group of data such as the return address and parameters of each level of function is called a stack frame, when the key function in the game application is called, the anti-plug-in module can check which module the caller's code segment comes from by tracing the stack frame, and only the call from the inside of the game application is considered to be legal. As an example, a csgo game is a shooting game with a competitive first-person perspective, due to the characteristics of the csgo game, the function which most damages the balance of the game and is provided by a mainstream plug-in is mainly perspective and automatic aiming, and no matter perspective or automatic aiming, the plug-in must acquire character position information in the csgo game, so that key function detection points are established at a plurality of key functions related to the character position in the csgo game, an anti-plug-in module monitors the key function detection points, if a function calling event corresponding to the key function detection points occurs in the current game stage, a code source of an upper-layer stack caller corresponding to the function calling event is traced back based on a stack trace, and if the code source is outside the csgo game, namely, a call from an unknown code exists, plug-in feature information corresponding to the key function detection points is recorded (the plug-in feature information includes but is not limited to the code source information, A timestamp corresponding to the function call event, etc.), if the code source is normal logic in the csgo game, no record is made.

In some embodiments, the preset detection point includes a key memory detection point, and the step S11 includes: and detecting the memory data area corresponding to the key memory detection point frame by frame to obtain the plug-in characteristic information detected at the key memory detection point in the current game stage, wherein the plug-in characteristic information is used for indicating whether the data in the memory data area is consistent with the state of the data which is modified by the internal function of the game application at the last time. In some embodiments, if the plug-in feature information indicates that the data in the memory data area is inconsistent with the state of the data which is modified by the internal function of the game application last time, it indicates that the plug-in code segment illegally modifies the data. In some embodiments, the anti-cheating module records cheating feature information only when detecting that data in the memory data area is inconsistent with a state of being modified by the internal function of the game application last time, and does not record if the inconsistency is not detected in the current game stage. As an example, key memory detection points are set in a csgo game and key memory data areas such as character position information, character luminous information and the like, during the game, corresponding key memory data areas are detected frame by frame for the key memory detection points, the state of the data when the data are modified by an internal function of the csgo game last time is recorded, and once inconsistency occurs, plug-in feature information corresponding to the key memory detection points is recorded, wherein the plug-in feature information indicates that the data in the memory data areas are inconsistent with the state when the data are modified by the internal function of the game application at the last time.

In some embodiments, the preset detection points include a key function detection point and a key memory detection point, and the user equipment monitors the key function detection point and the key memory detection point at the same time, specifically: monitoring the key function detection point to obtain plug-in feature information detected at the key function detection point in the current game stage, wherein if a function calling event corresponding to the key function detection point occurs in the current game stage, the plug-in feature information detected at the key function detection point is obtained by tracing a code source of an upper stack caller corresponding to the function calling event based on stack backtracking, and the plug-in feature information detected at the key memory detection point in the current game stage is obtained by detecting a memory data area corresponding to the key memory detection point frame by frame, wherein the plug-in feature information is used for indicating whether data in the memory data area is consistent with a state of being modified by a game application internal function at the last time.

In some embodiments, the method further comprises: and the user equipment receives penalty information aiming at the game account logged in the user equipment, which is sent by the first server or the second server, and executes penalty operation according to the penalty information. In some embodiments, the penalty information includes any information indicating a penalty for a game account logged into the user device (which has a plug-in feature), and preferably, the penalty information includes, but is not limited to, a game account to be penalized, a penalty operation, and the like. In some embodiments, the penalty information sent by the server to the user device is used to indicate penalty operations that need to be performed in the user device, such as prohibiting a player from logging on the user device, kicking the player out of a current game, and so forth. In some embodiments, the electronic competition client in the user equipment receives penalty information sent by the first server for the game account logged in the user equipment, and the electronic competition client provides the penalty information to the game application so that the game application performs penalty operation according to the penalty information, for example, the electronic competition client receives penalty information sent by the server for the currently logged game account in the csgo game, the penalty information is used for indicating that the game account is permanently sealed, and then the electronic competition client provides the penalty information to the csgo game so that the csgo game seals the game account according to the penalty information. It should be noted that, unlike the existing active anti-plug-in software, the scheme of the application does not perform any prevention and warning on the plug-in software at the user equipment end, but reports the suspicious plug-in behavior occurring in the game stage to the server at the end of each game stage, and the server determines whether to punish and how to punish, that is, the server performs the delay punishment, so that the plug-in developer cannot confirm which behavior characteristics in the plug-in software trigger the safety alarm, thereby greatly increasing the difficulty of debugging the plug-in software to avoid detection by the plug-in developer.

Fig. 2 is a flowchart illustrating a method for preventing cheating in a first server according to an embodiment of the present application. The method according to the present embodiment includes step S21 and step S22. In step S21, the first server receives from the user device anti-cheating game data information corresponding to a current game stage in the game application; in step S22, the first server compares the anti-plug-in game data information with the normal game data information corresponding to the game stage from the game server, and determines whether plug-in feature information exists in the anti-plug-in game data information according to the comparison result.

In step S21, the first server receives from the user device anti-cheating game data information corresponding to a current game stage in the game application. In some embodiments, the server receives anti-plug-in game data information corresponding to a current game stage sent by a power competition client of the user equipment, wherein the anti-plug-in game data information is generated by an anti-plug-in module in the user equipment according to plug-in feature information detected at the preset detection point in the game stage and acquired normal game data information. The anti-cheating game data information is described in detail in the foregoing embodiments, and is not described in detail herein.

In step S22, the first server compares the anti-plug-in game data information with the normal game data information corresponding to the game stage from the game server, and determines whether plug-in feature information exists in the anti-plug-in game data information according to the comparison result. In some embodiments, the game server corresponding to the game application is the first server, and the game server directly compares the received anti-cheating game data information corresponding to one game stage with the normal game data information corresponding to the game stage stored in the game server. In some embodiments, the first server is a server other than the game server, and the first server receives normal game data information corresponding to the game stage sent by the game server, and compares the anti-plug-in game data information from the user equipment with the normal game data information from the game server. In some embodiments, in the case that no plug-in exists in the user equipment, the anti-plug-in game data information corresponding to the game stage reported by the user equipment to the first server and the normal game data information corresponding to the game stage from the game server should be consistent, when the user equipment has a plug-in, the anti-plug-in game data information corresponding to the game stage reported by the user equipment is inconsistent with the normal game data information corresponding to the game stage from the game server, so that the first server compares the data information, it can be determined whether the anti-cheating game data information contains cheating feature information, specifically, if the anti-cheating game data information and the cheating feature information are consistent, if the external hanging feature information does not exist in the anti-external hanging game data information reported in the game stage, if the external hanging feature information does not meet the external hanging feature information, determining that the cheating feature information exists in the anti-cheating game data information reported in the game stage. In some embodiments, if the anti-plug-in game data reported by one game stage includes plug-in feature information, the game stage is suspected of using plug-ins, the first server reports the plug-in feature information to the second server for recording, and if the anti-plug-in game data reported by one game stage does not include the plug-in feature information, the game stage is not suspected of using plug-ins, and the first server does not need to record.

The first server may repeatedly execute the steps S21 and S22 for multiple times to perform a comparison operation on the anti-plug-in game data information reported in each game stage to determine whether a plug-in feature exists.

In some embodiments, the method further comprises: and the first server judges whether a preset plug-in condition is met or not according to the stage report record of each game stage in the user equipment within a recent period of time, and if so, determines that a plug-in behavior exists in the user equipment. In some embodiments, if it is determined that a plug-in behavior exists in the user equipment, the first server sends plug-in feature information corresponding to the plug-in behavior to a second server, so that the second server determines whether to delay punishment on a game account logged in the user equipment. In some embodiments, the phase reporting records include any record related to the reporting condition of each game phase, such as identification information of the game phase that has received the corresponding anti-cheating game data information, the number of game phases that have not received the corresponding anti-cheating game data information continuously, and the like. In some embodiments, the predetermined plug-in condition comprises any predetermined condition for determining whether a plug-in action is present, optionally the predetermined plug-in condition comprises at least any one of: the number of game stages which do not receive the corresponding anti-cheating game data information continuously is larger than or equal to a first number threshold value; the number of game stages which do not receive the corresponding anti-cheating game data information is greater than or equal to a second number threshold; the ratio of the number of game stages which do not receive the corresponding anti-cheating game data information to the total number of game stages is larger than or equal to a preset ratio threshold value. As an example, the first server treats the normal reporting of the game session packets as heartbeat data, and monitors whether the game stage data packets are reported normally, if the first server finds that the game stage reported data packets are continuously lost, the reported data packet is intercepted due to the interference of the link by the plug-in software, the first server can directly judge that the cheating (namely the plug-in behavior exists) exists after the first confirmation, or archive and leave the case after the first confirmation, judge that the cheating exists after the continuous confirmation for a plurality of times, the number of times of the multiple continuous determinations may be fixed or adjustable, and a number value preset based on experience or a different number value set for different game scenes or a rule for adjusting the number value may be stored in the first server.

In some embodiments, the method further comprises: and if the anti-plug-in game data information contains plug-in feature information, sending the plug-in feature information to a second server so that the second server can determine whether to delay and punish the game account number logged in the user equipment. In some embodiments, the second server may determine whether to impose a deferral penalty on a game account logged in the user device by a manual determination or an automatic determination. In some embodiments, the second server and the first server are the same device (it should be noted that, since the first server may be the same device as the game server, the first server, the second server and the game server may be the same device), that is, it is directly determined in the first server whether to perform a delay penalty on the game account logged in the user device; in some embodiments, an anti-plug-in management background may be established in the first server, the first server provides the anti-plug-in management background with the plug-in behavior related information recorded based on the determined plug-in behavior, so as to determine whether a penalty mechanism is triggered by the anti-plug-in management background, for example, the first server finds that a plug-in feature exists in a reported data packet through comparison, the first server reports the plug-in feature to the anti-plug-in management background, so as to determine whether the penalty mechanism is triggered by the anti-plug-in management background, for example, if the first server determines that a predetermined plug-in condition is met according to the stage reporting record (for example, the anti-plug-in game data information reported by the user equipment end is not received in a plurality of rounds in succession), the first server regards as being disturbed by the plug-in (equal to the plug-in behavior), and reports the corresponding plug, after the anti-plug-in management background is judged manually or automatically, a punishment mechanism can be triggered. In some embodiments, the second server is a different device from the first server, the second server is connected to the first server through a network, and the first server sends the external hanging behavior related information recorded based on the determined external hanging behavior to the second server so as to determine whether to perform a delay penalty on the game account logged in the user device by the second server. In some embodiments, the more severe the plug-in behavior, the more penalized, such as for using a plug-in game account in a critical tournament.

In some embodiments, after obtaining the external hanging feature information, the second server performs the following operations: if the punishment triggering condition is met, generating punishment information aiming at the game account logged in the user equipment; and sending the penalty information to the first server or the user equipment. In some embodiments, the penalty information generated by the second server may be used to indicate penalty actions that need to be performed at the game server (e.g., blocking a player's game account, prohibiting a player from logging on for a certain period of time, etc.), or may be used to indicate penalty actions that need to be performed at the user device (e.g., prohibiting a player from logging on the user device, kicking a player off of the current game, etc.). In some embodiments, the second server sends penalty information to the first server, the penalty information indicating penalty operations that need to be executed in the game server, the first server receives the penalty information, if the first server is the game server, the first server executes corresponding penalty operations directly according to the penalty information, and if the first server is not the game server, the first server sends the penalty information to the game server so as to execute corresponding penalty operations in the game server. In some embodiments, the second server establishes a direct connection with the user equipment terminal through a network, and the second server directly sends penalty information to the user equipment (optionally, the second server may send the penalty information to the electronic contest client, and then the electronic contest client provides the penalty information to the game application, or the second server may directly provide the penalty information to the game application), and the penalty information is used for indicating penalty information of penalty operation required to be executed in the user equipment so as to execute corresponding penalty operation in the user equipment; in some embodiments, the second server sends penalty information to the first server, the penalty information indicating penalty operations that need to be performed in the user device, the first server then sending the penalty information to the user device (optionally, the first server may send the penalty information to the electronic contest client, which then provides the penalty information to the gaming application by the electronic contest client, or the first server may provide the penalty information directly to the gaming application). In some embodiments, for a key match in a game application, the second server may record related information after determining that a store-in behavior exists and provide the related information to a related person for secondary confirmation, for example, the second server reports a game account number with the store-in behavior in a currently finished game of a small round to the related supervisor for secondary confirmation, and if it is determined that the store-in behavior still exists through the secondary confirmation, a delay penalty mechanism is triggered.

In some embodiments, the penalty trigger conditions include any condition for triggering a penalty mechanism, which in some embodiments includes, but is not limited to: the external hanging accumulated time length exceeds the preset time length, the external hanging times exceed the preset times, the external hanging behavior reaches the punishment level, the external hanging is used in the key game, the punishment indication input by the operator is received, and the like. In some embodiments, the generating penalty information for the game account logged in the user equipment if the penalty trigger condition is met includes: and judging whether a punishment triggering condition is met or not according to the plug-in behavior related information, and if so, generating punishment information aiming at the game account logged in the user equipment by the second server. As an example, the second server determines that a penalty trigger condition is met according to the information related to the plug-in behavior, the second server generates penalty information for a game account logged in the user equipment, the penalty information indicates that the game account is played out of the current game, and then the second server sends the penalty information to an electronic competition client in the user equipment, and the electronic competition client provides the penalty information to the game application, so that the game application performs a penalty operation of playing out the game account out of the current game based on the penalty information.

In some embodiments, the generating penalty information for the game account logged in the user equipment if the penalty trigger condition is met includes: and if the punishment triggering condition is met, generating punishment information corresponding to the game account by combining the historical punishment record corresponding to the game account. In some embodiments, the historical penalty record is used to record historical penalty conditions for the game account, such as historical penalty times, penalty operations per time, and the like. In some embodiments, if the punishment triggering condition is met, the second server determines a punishment measure for the game account at this time by combining with a historical punishment record corresponding to the game account, and generates corresponding punishment information. As an example, the second server determines that the game account a uses a plug-in and meets a penalty trigger condition, the current plug-in behavior of the a is supposed to be under the penalty of kicking out of the server, however, the historical penalty record of the a indicates that the history of the a is punished twice, and the second server determines a aggravation penalty based on the historical penalty record and generates penalty information indicating to block the game account a.

FIG. 3 is a flow chart illustrating a system method for anti-cheating according to an embodiment of the present application. The method according to the present embodiment includes step S31, step S32, step S33, step S34, and step S35. In step S31, the user equipment monitors a preset detection point inside the game application, and obtains the information of the external hanging feature detected at the preset detection point in the current game stage; in step S32, when the game stage is finished, the user equipment generates anti-plug-in game data information corresponding to the game stage according to the plug-in feature information and the normal game data information corresponding to the game stage; in step S33, the user equipment sends the anti-cheating game data information corresponding to the game stage to a first server; in step S34, the first server receives anti-cheating game data information corresponding to the game stage from the user equipment; in step S35, the first server compares the anti-plug-in game data information with the normal game data information corresponding to the game stage from the game server, and determines whether plug-in feature information exists in the anti-plug-in game data information according to a comparison result. The related operations have been described in detail in the foregoing embodiments, and are not described in detail herein.

In some embodiments, the predetermined detection points include key function detection points and/or key memory detection points. In some embodiments, the preset detection points include key function detection points, and the step S31 includes: and the user equipment monitors the key function detection point to obtain the plug-in characteristic information detected at the key function detection point in the current game stage, wherein if a function calling event corresponding to the key function detection point occurs in the current game stage, the plug-in characteristic information detected at the key function detection point is obtained by tracing the code source of an upper stack caller corresponding to the function calling event based on stack backtracking. In some embodiments, the preset detection point includes a key memory detection point, and the step S31 includes: and the user equipment performs frame-by-frame detection on the memory data area corresponding to the key memory detection point to obtain the plug-in feature information detected at the key memory detection point in the current game stage, wherein the plug-in feature information is used for indicating whether the data in the memory data area is consistent with the state of the data which is modified by the internal function of the game application at the last time. The related operations have been described in detail in the foregoing embodiments, and are not described in detail herein.

In some embodiments, the step S32 includes a step S321, in which, in the step S321, if the current game stage is ended, the anti-cheating game data information corresponding to the game stage is generated by hiding the cheating feature information recorded in the game stage as a field in the normal game data information corresponding to the game stage. In some embodiments, the step S321 includes: if the current game stage is finished, the plug-in feature information recorded in the game stage is divided into at least one field, and each field is hidden in the normal game data information corresponding to the game stage according to a preset rule so as to generate anti-plug-in game data information corresponding to the game stage. The related operations have been described in detail in the foregoing embodiments, and are not described in detail herein.

In some embodiments, the method further comprises: if it is determined that plug-in feature information exists in the anti-plug-in game data information, the first server sends the plug-in feature information to a second server, so that the second server determines whether to delay punishment on the game account logged in the user equipment. The related operations have been described in detail in the foregoing embodiments, and are not described in detail herein.

In some embodiments, the method further comprises: if the punishment triggering condition is met, the second server generates punishment information aiming at the game account logged in the user equipment; and sending the penalty information to the first server or the user equipment. The related operations have been described in detail in the foregoing embodiments, and are not described in detail herein.

In some embodiments, if a penalty trigger condition is met, the second server generates penalty information for the game account logged in the user equipment, including: and the second server judges whether a punishment triggering condition is met or not according to the plug-in behavior related information, and if so, the second server generates punishment information aiming at the game account logged in the user equipment. The related operations have been described in detail in the foregoing embodiments, and are not described in detail herein.

In some embodiments, the method further comprises: the first server receives the penalty information from the second server, wherein the penalty information is used for indicating penalty operation needing to be executed in a game server; if the first server is the game server, the first server directly executes corresponding punishment operation according to the punishment information; if the first server is not the game server, the first server sends the penalty information to the game server so as to execute corresponding penalty operation in the game server. The related operations have been described in detail in the foregoing embodiments, and are not described in detail herein.

In some embodiments, the method further comprises: the first server receiving the penalty information from the second server, the penalty information indicating penalty operations that need to be performed in the user equipment; and the first server sends the penalty information to the user equipment. The related operations have been described in detail in the foregoing embodiments, and are not described in detail herein.

In some embodiments, the method further comprises: and the user equipment receives the penalty information sent by the first server and executes penalty operation according to the penalty information. The related operations have been described in detail in the foregoing embodiments, and are not described in detail herein.

In some embodiments, the method further comprises: the user equipment receives the penalty information sent by the second server, wherein the penalty information is used for indicating penalty operation needing to be executed in the user equipment; and the user equipment executes punishment operation according to the punishment information. The related operations have been described in detail in the foregoing embodiments, and are not described in detail herein.

In some embodiments, if a penalty trigger condition is met, the second server generates penalty information for the game account logged in the user equipment, including: and if the punishment triggering condition is met, the second server generates punishment information corresponding to the game account by combining the historical punishment record corresponding to the game account. The related operations have been described in detail in the foregoing embodiments, and are not described in detail herein.

In some embodiments, the method further comprises: and the first server judges whether a preset plug-in condition is met or not according to the stage report record of each game stage in the user equipment within a recent period of time, and if so, determines that a plug-in behavior exists in the user equipment. In some embodiments, the predetermined plug-in condition comprises at least any one of: the number of game stages which do not receive the corresponding anti-cheating game data information continuously is larger than or equal to a first number threshold value; the number of game stages which do not receive the corresponding anti-cheating game data information is greater than or equal to a second number threshold; the ratio of the number of game stages which do not receive the corresponding anti-cheating game data information to the total number of game stages is larger than or equal to a preset ratio threshold value. The related operations have been described in detail in the foregoing embodiments, and are not described in detail herein.

Fig. 4 shows a schematic structural diagram of a first apparatus for anti-plug-in a user equipment according to an embodiment of the present application. The first means of the present embodiment includes the monitoring means 11, the generating means 12, and the transmitting means 13. The monitoring device 11 is configured to monitor a preset detection point inside a game application, and obtain plug-in feature information detected at the preset detection point in a current game stage; the generating device 12 is configured to generate anti-cheating game data information corresponding to the game stage according to the cheating feature information and the normal game data information corresponding to the game stage when the game stage is finished; the sending device 13 is configured to send the anti-plug-in game data information corresponding to the game stage to a first server, so that the first server determines whether plug-in feature information exists in the anti-plug-in game data information by comparing the anti-plug-in game data information with normal game data information corresponding to the game stage from a game server. In some embodiments, the predetermined detection points include key function detection points and/or key memory detection points. The related operations have been described in detail in the foregoing embodiments, and are not described in detail herein.

In some embodiments, the preset detection points include key function detection points, and the monitoring device 11 is configured to: and monitoring the key function detection point to obtain the plug-in characteristic information detected at the key function detection point in the current game stage, wherein if a function calling event corresponding to the key function detection point occurs in the current game stage, the plug-in characteristic information detected at the key function detection point is obtained by tracing the code source of an upper stack caller corresponding to the function calling event based on stack backtracking. The related operations have been described in detail in the foregoing embodiments, and are not described in detail herein.

In some embodiments, the preset detection points include key memory detection points, and the monitoring device 11 is configured to: and monitoring the key memory detection point to obtain the plug-in characteristic information detected at the key memory detection point in the current game stage, wherein the plug-in characteristic information detected at the key memory detection point is obtained by detecting a memory data area corresponding to the key memory detection point frame by frame, and the plug-in characteristic information is used for indicating whether the data in the memory data area is consistent with the state of the data which is modified by the internal function of the game application at the last time. The related operations have been described in detail in the foregoing embodiments, and are not described in detail herein.

In some embodiments, the first device further includes a penalty device (not shown) configured to receive penalty information sent by the first server for the game account logged in the user equipment, and perform a penalty operation according to the penalty information. The related operations have been described in detail in the foregoing embodiments, and are not described in detail herein.

In some embodiments, the generating device 12 is configured to, if the current game stage is finished, generate the anti-cheating game data information corresponding to the game stage by hiding the cheating feature information recorded in the game stage as a field in the normal game data information corresponding to the game stage. In some embodiments, if the current game stage is finished, generating anti-cheating game data information corresponding to the game stage by hiding cheating feature information recorded in the game stage as a field in normal game data information corresponding to the game stage, where the generating comprises: if the current game stage is finished, the plug-in feature information recorded in the game stage is divided into at least one field, and each field is hidden in the normal game data information corresponding to the game stage according to a preset rule so as to generate anti-plug-in game data information corresponding to the game stage. The related operations have been described in detail in the foregoing embodiments, and are not described in detail herein.

Fig. 5 is a schematic structural diagram of a second apparatus for anti-plug-in a first server according to an embodiment of the present application. The second device according to the present embodiment comprises a receiving device 21 and a comparing device 22. The receiving device 21 is configured to receive anti-cheating game data information corresponding to a current game stage in the game application from the user equipment; the comparison device 22 is configured to compare the anti-plug-in game data information with normal game data information corresponding to the game stage from the game server, and determine whether plug-in feature information exists in the anti-plug-in game data information according to a comparison result. The related operations have been described in detail in the foregoing embodiments, and are not described in detail herein.

In some embodiments, the second apparatus further includes a stage report monitoring device (not shown), where the stage report monitoring device is configured to determine whether a predetermined plug-in condition is met according to a stage report record of each game stage in the user equipment in a recent period of time, and if so, determine that a plug-in behavior exists in the user equipment. In some embodiments, the predetermined plug-in condition comprises at least any one of: the number of game stages which do not receive the corresponding anti-cheating game data information continuously is larger than or equal to a first number threshold value; the number of game stages which do not receive the corresponding anti-cheating game data information is greater than or equal to a second number threshold; the ratio of the number of game stages which do not receive the corresponding anti-cheating game data information to the total number of game stages is larger than or equal to a preset ratio threshold value. The related operations have been described in detail in the foregoing embodiments, and are not described in detail herein.

In some embodiments, the second device further comprises a second sending device (not shown). And the second generating device is used for sending the plug-in feature information to a second server if the plug-in feature information exists in the anti-plug-in game data information, so that the second server determines whether to delay and punish the game account number logged in the user equipment.

In some embodiments, the second apparatus further comprises: means for receiving penalty information from the second server for game accounts logged into the user device; means for sending the penalty information to the user equipment if the penalty information is indicative of a penalty operation that needs to be performed in the user equipment; means for providing the penalty information to a game server if the penalty information is indicative of a penalty operation that needs to be performed in the game server. The related operations have been described in detail in the foregoing embodiments, and are not described in detail herein.

In some embodiments, system 1000 can be implemented as any of the processing devices in the embodiments of the present application. In some embodiments, system 1000 may include one or more computer-readable media (e.g., system memory or NVM/storage 1020) having instructions and one or more processors (e.g., processor(s) 1005) coupled with the one or more computer-readable media and configured to execute the instructions to implement modules to perform the actions described herein.

For one embodiment, system control module 1010 may include any suitable interface controllers to provide any suitable interface to at least one of the processor(s) 1005 and/or to any suitable device or component in communication with system control module 1010.

The system control module 1010 may include a memory controller module 1030 to provide an interface to the system memory 1015. Memory controller module 1030 may be a hardware module, a software module, and/or a firmware module.

System memory 1015 may be used to load and store data and/or instructions, for example, for system 1000. For one embodiment, system memory 1015 may include any suitable volatile memory, such as suitable DRAM. In some embodiments, the system memory 1015 may include a double data rate type four synchronous dynamic random access memory (DDR4 SDRAM).

For one embodiment, system control module 1010 may include one or more input/output (I/O) controllers to provide an interface to NVM/storage 1020 and communication interface(s) 1025.

For example, NVM/storage 1020 may be used to store data and/or instructions. NVM/storage 1020 may include any suitable non-volatile memory (e.g., flash memory) and/or may include any suitable non-volatile storage device(s) (e.g., one or more hard disk drive(s) (HDD (s)), one or more Compact Disc (CD) drive(s), and/or one or more Digital Versatile Disc (DVD) drive (s)).

NVM/storage 1020 may include storage resources that are physically part of a device on which system 1000 is installed or may be accessed by the device and not necessarily part of the device. For example, NVM/storage 1020 may be accessed over a network via communication interface(s) 1025.

Communication interface(s) 1025 may provide an interface for system 1000 to communicate over one or more networks and/or with any other suitable device. System 1000 may communicate wirelessly with one or more components of a wireless network according to any of one or more wireless network standards and/or protocols.

For one embodiment, at least one of the processor(s) 1005 may be packaged together with logic for one or more controller(s) of the system control module 1010, e.g., memory controller module 1030. For one embodiment, at least one of the processor(s) 1005 may be packaged together with logic for one or more controller(s) of the system control module 1010 to form a System In Package (SiP). For one embodiment, at least one of the processor(s) 1005 may be integrated on the same die with logic for one or more controller(s) of the system control module 1010. For one embodiment, at least one of the processor(s) 1005 may be integrated on the same die with logic of one or more controllers of the system control module 1010 to form a system on a chip (SoC).

In various embodiments, system 1000 may be, but is not limited to being, a server, a workstation, a desktop computing device, or a mobile computing device (e.g., a laptop computing device, a handheld computing device, a tablet, a netbook, etc.).

The present application further provides an apparatus, wherein the apparatus comprises: a memory for storing one or more programs; one or more processors coupled with the memory, the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method for anti-cheating described herein.

The present application also provides a computer-readable storage medium having stored thereon a computer program executable by a processor for performing the method for anti-cheating described herein.

The present application also provides a computer program product which, when executed by a device, causes the device to perform the method for anti-cheating described herein.

It will be evident to those skilled in the art that the present application is not limited to the details of the foregoing illustrative embodiments, and that the present application may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the application being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned. Furthermore, it is obvious that the word "comprising" does not exclude other elements or steps, and the singular does not exclude the plural. A plurality of units or means recited in the system claims may also be implemented by one unit or means in software or hardware. The terms first, second, etc. are used to denote names, but not any particular order.

While exemplary embodiments have been particularly shown and described, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the claims. The protection sought herein is as set forth in the claims below. These and other aspects of the various embodiments are specified in the following numbered clauses:

1. a method for anti-cheating, for a user device, wherein the method comprises:

and sending the anti-plug-in game data information corresponding to the game stage to a first server so that the first server can determine whether plug-in feature information exists in the user equipment by comparing the anti-plug-in game data information with normal game data information corresponding to the game stage from the game server.

2. The method of clause 1, wherein the predetermined detection points include key function detection points and/or key memory detection points.

3. The method according to clause 2, wherein the preset detection points include key function detection points, the monitoring of the preset detection points inside the game application to obtain the information of the cheating feature detected at the preset detection points in the current game stage includes:

and monitoring the key function detection point to obtain the plug-in characteristic information detected at the key function detection point in the current game stage, wherein if a function calling event corresponding to the key function detection point occurs in the current game stage, the plug-in characteristic information detected at the key function detection point is obtained by tracing the code source of an upper stack caller corresponding to the function calling event based on stack backtracking.

4. The method according to clause 2, wherein the preset detection points include key memory detection points, the monitoring of the preset detection points inside the game application to obtain the information of the cheating feature detected at the preset detection points in the current game stage includes:

and detecting the memory data area corresponding to the key memory detection point frame by frame to obtain the plug-in characteristic information detected at the key memory detection point in the current game stage, wherein the plug-in characteristic information is used for indicating whether the data in the memory data area is consistent with the state of the data which is modified by the internal function of the game application at the last time.

5. The method of any of clauses 1-4, wherein the method further comprises:

and receiving penalty information which is sent by the first server or the second server and aims at the game account logged in the user equipment, and executing penalty operation according to the penalty information.

6. The method according to clause 1, wherein, when the game stage is finished, generating anti-plug-in game data information corresponding to the game stage according to the plug-in feature information and the normal game data information corresponding to the game stage comprises:

and if the current game stage is finished, generating anti-cheating game data information corresponding to the game stage by hiding the cheating feature information recorded in the game stage as a field in the normal game data information corresponding to the game stage.

7. The method according to clause 6, wherein, if the current game stage is finished, generating anti-cheating game data information corresponding to the game stage by hiding the cheating feature information recorded in the game stage as a field in the normal game data information corresponding to the game stage, comprises:

if the current game stage is finished, the plug-in feature information recorded in the game stage is divided into at least one field, and each field is hidden in the normal game data information corresponding to the game stage according to a preset rule so as to generate anti-plug-in game data information corresponding to the game stage.

8. A method for anti-cheating on a first server, wherein the method comprises:

9. The method of clause 8, wherein the method further comprises:

and judging whether a preset plug-in condition is met or not according to the stage report records of each game stage in the user equipment within a recent period of time, and if so, determining that a plug-in behavior exists in the user equipment.

10. The method of clause 9, wherein the predetermined plug-in condition comprises at least any one of:

the number of game stages which do not receive the corresponding anti-cheating game data information continuously is larger than or equal to a first number threshold value;

the number of game stages which do not receive the corresponding anti-cheating game data information is greater than or equal to a second number threshold;

the ratio of the number of game stages which do not receive the corresponding anti-cheating game data information to the total number of game stages is larger than or equal to a preset ratio threshold value.

11. The method of any of clauses 8-10, wherein the method further comprises:

and if the fact that the external hanging feature information exists in the anti-external hanging game data information is determined, sending the external hanging feature information in the anti-external hanging game data information to a second server so that the second server can determine whether to delay and punish the game account number logged in the user equipment.

12. The method of clause 11, wherein the method further comprises:

receiving penalty information from the second server for the game account logged in the user device;

if the penalty information is used for indicating penalty operation which needs to be executed in the user equipment, sending the penalty information to the user equipment;

and if the penalty information is used for indicating penalty operation which needs to be executed in the game server, providing the penalty information to the game server.

13. A first apparatus for anti-cheating, wherein the first apparatus comprises:

14. The first apparatus of clause 13, wherein the predetermined detection points include key function detection points and/or key memory detection points.

15. The first apparatus according to clause 14, wherein the preset detection points include key function detection points, and the means for monitoring the preset detection points inside the game application and obtaining the external hanging feature information detected at the preset detection points in the current game stage is configured to:

16. The first apparatus according to clause 14, wherein the preset detection point includes a key memory detection point, and the apparatus for monitoring the preset detection point inside the game application and obtaining the external hanging feature information detected at the preset detection point in the current game stage is configured to:

and monitoring the key memory detection point to obtain the plug-in characteristic information detected at the key memory detection point in the current game stage, wherein the plug-in characteristic information detected at the key memory detection point is obtained by detecting a memory data area corresponding to the key memory detection point frame by frame, and the plug-in characteristic information is used for indicating whether the data in the memory data area is consistent with the state of the data which is modified by the internal function of the game application at the last time.

17. The first apparatus of any of clauses 13-16, wherein the first apparatus further comprises:

and the device is used for receiving penalty information which is sent by the first server or the second server and aims at the game account logged in the user equipment, and executing penalty operation according to the penalty information.

18. The method according to clause 13, wherein, when the game stage is finished, the means for generating anti-cheating game data information corresponding to the game stage according to the cheating feature information and the normal game data information corresponding to the game stage is configured to:

19. The method according to clause 18, wherein, if the current game stage is finished, generating anti-cheating game data information corresponding to the game stage by hiding the cheating feature information recorded in the game stage as a field in the normal game data information corresponding to the game stage, comprises:

20. A second device for anti-cheating, wherein the second device comprises:

21. The second apparatus of clause 20, wherein the second apparatus further comprises:

and the device is used for judging whether a preset plug-in condition is met or not according to the stage report records of each game stage in the user equipment within a recent period of time, and if so, determining that a plug-in behavior exists in the user equipment.

22. The second apparatus of clause 21, wherein the predetermined plug-in condition comprises at least any one of:

23. The second apparatus of any of clauses 20 to 22, wherein the second apparatus further comprises:

and if the anti-plug-in game data information is determined to have plug-in feature information, sending the plug-in feature information in the anti-plug-in game data information to a second server so that the second server can determine whether to delay and punish the game account number logged in the user equipment.

24. The second apparatus of clause 23, wherein the second apparatus further comprises:

means for receiving penalty information from the second server for game accounts logged into the user device;

means for sending the penalty information to the user equipment if the penalty information is indicative of a penalty operation that needs to be performed in the user equipment;

means for providing the penalty information to a game server if the penalty information is indicative of a penalty operation that needs to be performed in the game server.

25. A method for anti-cheating, wherein the method comprises:

26. The method of clause 25, wherein the preset detection points include key function detection points and/or key memory detection points.

27. The method according to clause 26, wherein the preset detection points include key function detection points, and the user equipment monitors the preset detection points inside the game application to obtain the information of the cheating feature detected at the preset detection points in the current game stage, including:

and the user equipment monitors the key function detection point to obtain the plug-in characteristic information detected at the key function detection point in the current game stage, wherein if a function calling event corresponding to the key function detection point occurs in the current game stage, the plug-in characteristic information detected at the key function detection point is obtained by tracing the code source of an upper stack caller corresponding to the function calling event based on stack backtracking.

28. The method according to clause 26, wherein the preset detection points include key memory detection points, and the user equipment monitors the preset detection points inside the game application to obtain the information of the cheating feature detected at the preset detection points in the current game stage, including:

and the user equipment performs frame-by-frame detection on the memory data area corresponding to the key memory detection point to obtain the plug-in feature information detected at the key memory detection point in the current game stage, wherein the plug-in feature information is used for indicating whether the data in the memory data area is consistent with the state of the data which is modified by the internal function of the game application at the last time.

29. The method according to clause 25, wherein, when the game stage is finished, generating anti-plug-in game data information corresponding to the game stage according to the plug-in feature information and the normal game data information corresponding to the game stage includes:

30. The method according to clause 29, wherein, if the current game stage is finished, generating anti-cheating game data information corresponding to the game stage by hiding cheating the cheating feature information recorded in the game stage as a field in the normal game data information corresponding to the game stage, comprises:

31. The method of any of clauses 25 to 30, wherein the method further comprises:

if it is determined that plug-in feature information exists in the anti-plug-in game data information, the first server sends the plug-in feature information in the anti-plug-in game data information to a second server, so that the second server determines whether to delay punishment on the game account logged in the user equipment.

32. The method of clause 25, wherein the method further comprises:

and the first server judges whether a preset plug-in condition is met or not according to the stage report record of each game stage in the user equipment within a recent period of time, and if so, determines that a plug-in behavior exists in the user equipment.

33. The method of clause 32, wherein the predetermined plug-in condition comprises at least any one of:

34. The method of clause 32 or 33, wherein the method further comprises:

and sending the plug-in feature information corresponding to the plug-in behavior to a second server so that the second server can determine whether to delay and punish the game account number logged in the user equipment.

35. The method of clause 31 or 34, wherein the method further comprises:

the second server receives the plug-in feature information sent by the first server;

if the punishment triggering condition is met, the second server generates punishment information aiming at the game account logged in the user equipment;

and the second server sends the penalty information to the first server or the user equipment.

36. The method according to clause 35, wherein the generating, by the second server, penalty information for the game account logged in the user equipment if the penalty trigger condition is satisfied includes:

and the second server judges whether a punishment triggering condition is met or not according to the received plug-in feature information, and if so, the second server generates punishment information aiming at the game account logged in the user equipment.

37. The method of clause 35 or 36, wherein the method further comprises:

the first server receives the penalty information from the second server, wherein the penalty information is used for indicating penalty operation needing to be executed in a game server;

if the first server is the game server, the first server directly executes corresponding punishment operation according to the punishment information;

if the first server is not the game server, the first server sends the penalty information to the game server so as to execute corresponding penalty operation in the game server.

38. The method of clause 35 or 36, wherein the method further comprises:

the first server receiving the penalty information from the second server, the penalty information indicating penalty operations that need to be performed in the user equipment;

and the first server sends the penalty information to the user equipment.

39. The method of clause 38, wherein the method further comprises:

and the user equipment receives the penalty information sent by the first server and executes penalty operation according to the penalty information.

40. The method of clause 35 or 36, wherein the method further comprises:

the user equipment receives the penalty information sent by the second server, wherein the penalty information is used for indicating penalty operation needing to be executed in the user equipment;

and the user equipment executes punishment operation according to the punishment information.

41. The method according to clause 35, wherein the generating, by the second server, penalty information for the game account logged in the user equipment if the penalty trigger condition is satisfied includes:

and if the punishment triggering condition is met, the second server generates punishment information corresponding to the game account by combining the historical punishment record corresponding to the game account.

42. A system for anti-cheating comprising a user device comprising the first apparatus of any of clauses 13-19 and a first server comprising the second apparatus of any of clauses 20-24.

43. A system for anti-cheating comprising a user device, a first server and a second server, the user device comprising the first apparatus of any of clauses 13-19, the first server comprising the second apparatus of clause 23 or 24.

44. An apparatus, wherein the apparatus comprises:

a memory for storing one or more programs;

one or more processors coupled to the memory,

the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method of any of clauses 1-12.

45. A computer-readable storage medium having stored thereon a computer program executable by a processor to perform the method of any of clauses 1-12.

46. A computer program product which, when executed by an apparatus, causes the apparatus to perform the method of any of clauses 1 to 12.

Claims

1. A method for anti-cheating, for a user device, wherein the method comprises:

2. A method for anti-cheating on a first server, wherein the method comprises:

3. A first apparatus for anti-cheating, wherein the first apparatus comprises:

4. A second device for anti-cheating, wherein the second device comprises:

5. The second apparatus of claim 4, wherein the second apparatus further comprises:

6. A method for anti-cheating, wherein the method comprises:

7. A system for anti-cheating comprising a user device comprising the first apparatus of claim 3 and a first server comprising the second apparatus of claim 4.

8. A system for anti-cheating comprising a user device, a first server and a second server, the user device comprising the first apparatus of claim 3, the first server comprising the second apparatus of claim 5.

9. An apparatus, wherein the apparatus comprises:

a memory for storing one or more programs;

one or more processors coupled to the memory,

the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method recited in claim 1 or 2.

10. A computer-readable storage medium, on which a computer program is stored, which computer program can be executed by a processor to carry out the method according to claim 1 or 2.