KR101249764B1 - method for detecting and blocking game-hack process - Google Patents
method for detecting and blocking game-hack process Download PDFInfo
- Publication number
- KR101249764B1 KR101249764B1 KR1020100076787A KR20100076787A KR101249764B1 KR 101249764 B1 KR101249764 B1 KR 101249764B1 KR 1020100076787 A KR1020100076787 A KR 1020100076787A KR 20100076787 A KR20100076787 A KR 20100076787A KR 101249764 B1 KR101249764 B1 KR 101249764B1
- Authority
- KR
- South Korea
- Prior art keywords
- game
- cpu
- access
- security
- hack
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
- Debugging And Monitoring (AREA)
Abstract
The present invention relates to a method for detecting and blocking a game hack process that is executed on a gamer client system and whose access is blocked.
The method for detecting access blocking game hack process according to the present invention includes a first step in which a security process stores a list of access permission execution processes, and a process (CPU allocation process) information in which the security process is assigned a CPU. A second step of extracting, and a third step of determining, by the security process, the CPU allocation process as an access blocking game hack if the CPU allocation process is not included in the access permission execution process list.
Description
The present invention relates to a method for detecting a game hack process, and more particularly, to a method for detecting and blocking a game hack process, which is executed in a gamer client system and whose access is blocked.
The widespread use of high-speed Internet has led to the rapid growth of the online game population and the development of numerous online games. However, the concept and concept of game security is still weak. Illegal programs in computers are called hacks or hacking programs, and hacks or hacking programs in games are called game hacks. These game hacks refer to programs that manipulate files, memory, etc. of a particular game process.
Game hacks allow gamers to easily win games by manipulating the game's memory to change certain data, such as stats and stamina, increasing the speed or number of blows in martial arts games, or granting macro functions. This is why gamers want to install game hacks for online games. However, the use of game hacks in online games can cause problems such as a balance breakdown among users, a heavy load on the game server, and the like. In other words, if some users play games while benefiting in an abnormal way, the balance with other users is broken, and in serious cases, the overall balance of the online game is broken and the game server is overloaded. Done.
Therefore, game providers have installed a security program for gamers along with the game. When the user executes the game program, the game process is executed and the security process is executed in succession. In addition, if the gamers interrupt the security process while the game is running, the game process is also stopped. That is, the security process is executed together with the game process during the online game, and the executed security process blocks the execution of the game hack.
Generally, a 'program' or a 'file' refers to a command set written in order to execute a computer, and a 'process' refers to a program running in the computer. That is, the game program is executed as a game process on the gamer computer, the security program is executed as the security process, and the security process detects and blocks the game hacks executed on the computer.
The security process accesses an arbitrary process executed during the game and analyzes its characteristics to determine whether it is a game hack, and if it is determined to be a game hack, blocks the execution of the game process or game hack process.
In this way, the security process accesses a specific process and analyzes its characteristics to determine whether the process is a game hack, thereby blocking the game hacker from executing the game hack. However, some game hacks have recently been hidden from the security process by manipulating kernel APIs, or preventing the security process from obtaining its own handle object. This is called access blocking. Because security processes cannot access game hacks that are blocked, they cannot analyze their features or block their execution.
That is, the game security process typically detects game hacks using the handle object. Since the game hacks that are blocked from access prevent the security process from obtaining its own handle object, the game security process operates through the handle object of the process. It is impossible to monitor or block. In addition, even if the game hack makes the process memory scan totally or partially impossible, the security process cannot control or block it. Therefore, a countermeasure against this is required.
SUMMARY OF THE INVENTION An object of the present invention, which is devised to solve the above-mentioned problems of the prior art, is to provide a method for detecting and blocking the execution of an approach blocked game hack.
In accordance with an aspect of the present invention, there is provided a method for detecting an access blocking game hack process, comprising: a first step in which a security process stores a list of access permission execution processes, and a process in which the security process is assigned a central processing unit (CPU); A second step of extracting (CPU allocation process) information; and a third step of determining, by the security process, the CPU allocation process as an access blocking game hack if the CPU allocation process is not included in the access permission execution process list. It is characterized by.
In addition, the access blocking game hack process execution blocking method according to the present invention, the first step of the security process stores the access permission execution process list, and the process that the security process is assigned a central processing unit (CPU) (CPU allocation process) ) A second step of extracting information; a third step of determining, by the security process, the CPU allocation process as an access blocking game hack if the CPU allocation process is not included in the access permission execution process list; And a fourth step of preventing the access blocking game hack from being allocated to the CPU.
As described above, according to the present invention, since it is possible to detect whether or not the game hack is blocked, there is an advantage of preventing the use of game hacks by gamers in online games.
1 is a diagram illustrating a CPU allocation environment in a Windows operating system.
2 is an operation flowchart illustrating a method for detecting a game nucleus of a blocked access process according to an embodiment of the present invention.
Hereinafter, with reference to the accompanying drawings will be described in more detail a method for detecting and blocking the execution of the game hack process according to an embodiment of the present invention.
1 is a diagram illustrating a context switch implementation in a Windows operating system.
Typically, computer hardware includes a central processing unit (CPU) 110 and a
The process occupying the
A plurality of processes that want to use the
All processes running on the Windows
The present invention is conceived based on the operation of the computer system, and the security process monitors the process of the context switch of the scheduler of the Windows
2 is an operation flowchart illustrating a method for detecting a game nucleus of a blocked access process according to an embodiment of the present invention. It is a matter of course that the security process must be allocated a CPU in order to execute the access blocking game hack detection method according to the present invention. Typically, one quantum given to a process with CPU occupancy time is 10 milliseconds, allowing multiple processes to operate at substantially the same time.
The security process is executed in the Windows operating system and stores a list of permitted processes (hereinafter, referred to as an access execution process) (S21).
The security process hooks the context switch signal output from the Windows operating system to the central processing unit (S22), analyzes the context switching signal, and extracts the process (hereinafter referred to as CPU allocation process) information allocated to the central processing unit (CPU). And store in a list (S23).
The security process checks whether the CPU allocation process extracted in step S23 is included in the access permission execution process list (S24), and if so (S25), proceeds to step S22 to hook the next context switch signal. If not included in step S25, the CPU allocation process is determined to be an access blocking game hack (S26). In general, most of the normal processes running on the Windows operating system are allowed access. However, the blocked process running while the game is running is almost 100% likely to be a game hack process. The game hack process, which is blocked, cannot be analyzed by the security process even if the game is manipulated. Accordingly, the security process according to the present invention determines the blocked access process that operates with CPU allocation as the game hack process.
Next, the security process checks whether the access blocking game hack determined in step S26 is included in the CPU allocation block list (S27). If the approach blocking game hack is first detected and not included in the CPU allocation block list (S28), the access blocking game hack is prevented from receiving the CPU allocation, and the access blocking game hack is included in the CPU access blocking list (S29). As a way to prevent the access blocking game hack from receiving CPU allocation, there is a method of adjusting the scheduler of the Windows operating system, removing the work contents of the access blocking game hack from the queue, and preventing the context switch from being used.
If the access blocking game hack is included in the CPU allocation block list (S28), this action prevents the access blocking game hack from being detected and receives the CPU allocation, but the access blocking game hack is returned to the CPU through the kernel manipulation. Corresponds to the case in which it is detected while using, in which case the game process is forcibly terminated (S30).
This protects normal game players by preventing gamers from benefiting from online games using illegal access blocking game hacks.
110: central processing unit (CPU) 120: memory
121:
123: cue
Claims (8)
A second step of the security process hooking a context switch signal to extract process (CPU allocation process) information to which a CPU is allocated from the context switch signal;
The third security process checks whether the CPU allocation process is included in the access permission execution process list, and determines that the CPU allocation process is an access blocking game hack if the CPU allocation process is not included in the access permission execution process list; Approach blocking game nuclear detection method comprising the step.
A second step of the security process hooking a context switch signal to extract process (CPU allocation process) information to which a CPU is allocated from the context switch signal;
The third security process checks whether the CPU allocation process is included in the access permission execution process list, and determines that the CPU allocation process is an access blocking game hack if the CPU allocation process is not included in the access permission execution process list; Steps,
And a fourth step of preventing the security process from allocating the CPU to the access blocking game hack.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020100076787A KR101249764B1 (en) | 2010-08-10 | 2010-08-10 | method for detecting and blocking game-hack process |
PCT/KR2011/005720 WO2012020948A2 (en) | 2010-08-10 | 2011-08-04 | Method for detecting and blocking a game-hack process |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020100076787A KR101249764B1 (en) | 2010-08-10 | 2010-08-10 | method for detecting and blocking game-hack process |
Publications (2)
Publication Number | Publication Date |
---|---|
KR20120014674A KR20120014674A (en) | 2012-02-20 |
KR101249764B1 true KR101249764B1 (en) | 2013-04-03 |
Family
ID=45568017
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020100076787A KR101249764B1 (en) | 2010-08-10 | 2010-08-10 | method for detecting and blocking game-hack process |
Country Status (2)
Country | Link |
---|---|
KR (1) | KR101249764B1 (en) |
WO (1) | WO2012020948A2 (en) |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100385601B1 (en) * | 2000-06-29 | 2003-05-27 | 주식회사 참좋은인터넷 | System and method for managing information in database |
KR20090111576A (en) * | 2008-04-22 | 2009-10-27 | 주식회사 안철수연구소 | Method for protecting program using virtual desktop |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100483700B1 (en) * | 2003-12-03 | 2005-04-19 | 주식회사 잉카인터넷 | Method to cut off an illegal process access and manipulation for the security of online game client by real-time |
KR100685672B1 (en) * | 2004-11-29 | 2007-02-23 | 주식회사 안철수연구소 | Preventing method of computer programmed automatic input |
KR100681696B1 (en) * | 2004-11-29 | 2007-02-15 | 주식회사 안철수연구소 | Method for preventing from inventing data of memory in a computer application program |
KR100645983B1 (en) * | 2005-08-31 | 2006-11-14 | (주)와이즈로직 | Module for detecting an illegal process and method thereof |
-
2010
- 2010-08-10 KR KR1020100076787A patent/KR101249764B1/en active IP Right Grant
-
2011
- 2011-08-04 WO PCT/KR2011/005720 patent/WO2012020948A2/en active Application Filing
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100385601B1 (en) * | 2000-06-29 | 2003-05-27 | 주식회사 참좋은인터넷 | System and method for managing information in database |
KR20090111576A (en) * | 2008-04-22 | 2009-10-27 | 주식회사 안철수연구소 | Method for protecting program using virtual desktop |
Also Published As
Publication number | Publication date |
---|---|
WO2012020948A2 (en) | 2012-02-16 |
WO2012020948A3 (en) | 2012-04-19 |
KR20120014674A (en) | 2012-02-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
RU2703156C2 (en) | Computer security systems and methods using asynchronous introspection exceptions | |
JP5697206B2 (en) | System, method and program for protecting against unauthorized access | |
US10083294B2 (en) | Systems and methods for detecting return-oriented programming (ROP) exploits | |
US7937615B2 (en) | Method for improving reliability of multi-core processor computer | |
AU2009286432B2 (en) | Heuristic method of code analysis | |
KR102075372B1 (en) | Exception handling in a data processing apparatus having a secure domain and a less secure domain | |
DK2840496T3 (en) | PROCEDURE, SYSTEM AND EXECUTABLE CODE TO MANAGE THE USE OF HARDWARE RESOURCES OF A COMPUTER SYSTEM | |
US11654365B2 (en) | Secure anti-cheat system | |
JP6196356B2 (en) | Action capture method and apparatus for virtual system based on container | |
KR20180018531A (en) | Behavioral malware detection using an interpreter virtual machine | |
Yu et al. | NCQ vs. I/O scheduler: Preventing unexpected misbehaviors | |
JP2005166051A (en) | Method for preventing unauthorized access to process | |
EP2812836A1 (en) | Exception handling in a data processing apparatus having a secure domain and a less secure domain | |
JP2020018517A5 (en) | ||
KR20120014673A (en) | Method for dectecting falsification of process by inserting disguised dll | |
KR100460009B1 (en) | Method and system for loading of the image resource | |
KR101249764B1 (en) | method for detecting and blocking game-hack process | |
US20120191803A1 (en) | Decommissioning factored code | |
US10528387B2 (en) | Computer processing system with resource optimization and associated methods | |
KR100457405B1 (en) | Method of detecting whether speed hack is in use | |
US11194615B2 (en) | Dynamic pause exiting | |
KR101252185B1 (en) | method for blocking hack using thread check | |
KR20110032839A (en) | Game security method using trace of excuting game hack tool | |
KR101530531B1 (en) | Malicious Module Handling System and Method | |
KR101252188B1 (en) | control method of accessing virtual memory data |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A201 | Request for examination | ||
E902 | Notification of reason for refusal | ||
E902 | Notification of reason for refusal | ||
E701 | Decision to grant or registration of patent right | ||
GRNT | Written decision to grant |