League of Legends Anti-Cheat (New Riot AC)

Durum
Üzgünüz bu konu cevaplar için kapatılmıştır...
S

safra333

Konuyu başlatan
Onaylı Üye
Katılım
3 Haz 2020
Mesajlar
118
Tepki puanı
5
Yaş
23
I will share some things I know about the Riot AC.
This could probably help people who started their platform.


I must admit this Anti-Cheat is one of the best
* Detecting Debuggers
When you attach Cheat Engine or a debugger it uses a very specific method of interacting with the target process. Then League of Legends detects this procedure before you even attach Cheat Engine by closing League of Legends.exe
* NtQueryInformationProcess
League of Legends.exe also uses this to retrieve a DWORD_PTR value that is the port number of the debugger for the process. A nonzero value indicates that the process is being run under the control of a ring 3 debugger

* When does League of Legends.exe start Anticheat?
When analyzing the procedures. After champion selection > when starting League of Legends.exe for 0% to 40% of the loading screen before starting the match. Anticheat is loading its modules (This means the AC is still starting)
^ - "It's no use injecting a code when AntiCheat modules are loading. You will be detected the same way. But it is safer to inject during this time."

* What does it detect?

> Enumerating the Modules.
> Hooking LoadLibrary.
> DllMain Pattern Scanning.
> TLS Callback to Capture Threads.
> Debugger to Capture Threads or Loaded Modules: CreateRemoteThread, NtCreateThreadEx and RtlCreateUserThread.
^ - "all functions are detected"

> Riot AntiCheat is synchronized with callbacks like "issue order", new path, createobject.
^ - "Yes practically the Evade are fucked"

> There is no point in breaking Anticheat in League of Legends.exe. Stub.dll is also implementing AC.

> Riot detects hotfix. Not safe using a safe script in older versions of League of Legends.exe

> Riot has a module that scans your hard drive. - "During startup AC looks for files that match as Trojan:Win32/Malware"
^ - "Why? I don't know either."

> The AC also looks for the path corresponding to the injected DLL in the process.

> They also have a blacklist of dlls.
List:
main.dll
curl.dll
new.dll
old.dll
ensoulsharp.sandbox.dll
riotdump.dll
networkweb.dll
LeagueSharp.Core.dll
LeagueSharp.Sandbox.dll
vm3dum.dll
EloBuddy.Core.dll
EloBuddy.SandBox.dll
System.Xml.Linq.dll
System.Data.dll
System.ServiceModel.Internals.dll
System.Transactions.dll
System.Core.dll
System.dll
System.Xml.dll
System.Drawing.dll
System.IdentityModel.dll
System.Transactions.ni.dll
D3DX9_43.dll
System.ServiceModel.ni.dll
System.Data.ni.dll
System.Data.dll
System.Configuration.ni.dll
System.Core.ni.dll

> In addition to focusing on public platforms, it also focuses on injection methods.

Credits: Exint (CC)
 
T

tunkfu

Onaylı Üye
Katılım
6 Mar 2016
Mesajlar
111
Tepki puanı
3
Yaş
24
3. parti olarak skin hilesi de dahil mi?
 
W

wiredx

Süper Üye
Katılım
10 Mar 2019
Mesajlar
632
Çözümler
5
Tepki puanı
42
Yaş
22
pasted from uc.com
 
V

vuduymanh

Cezalı Üye
Banlı Üye
Katılım
11 Haz 2020
Mesajlar
88
Tepki puanı
2
Yaş
23
xong r ma dang choi ne
 
T

tioluciifer

Onaylı Üye
Katılım
11 Haz 2020
Mesajlar
51
Tepki puanı
3
Yaş
23
I think this will be useful for some people who are starting to try to create scripts
 
F

FanOFMemoryHacks

***Remember Me in Your Prayers***
Ultra Üye
Katılım
7 May 2018
Mesajlar
2,940
Çözümler
15
Tepki puanı
203
Copied but still great info.
 
S

sangasang

Show Some Love
Onaylı Üye
Katılım
4 Haz 2020
Mesajlar
55
Tepki puanı
2
Yaş
21
Sharing is caring appreciate it bro
 
Durum
Üzgünüz bu konu cevaplar için kapatılmıştır...