[teknogrebo]

Anxiro, you should be using FStrEq(test1, "-1"), or strcmp(test1, "-1") == 0, otherwise you just testing the address of the strings in memory. I'm surprised that you say the code worked, as I can't see how. (But I'm not going to slag you off for trying)

[anxiro]

Hey.

Ye the code I used was working. As I told I removed it because it didn't work anymore (the file scan, which realy realy did work. dont ask me how ). I rewrote the code and realy thanks for the correction



Isn't this just an idea to use?

[vancelorgin]

Scanning for "hlh_" cvar's won't ban innocent players, as the vars simply don't exist unless the hack was loaded. To my knowledge, no HL2 hack yet uses the built in cvar system - nowadays they have their own or don't need it. It's still useful for catching sv_cheat locks - very circumventable, but worth having :s

[anxiro]

I love that post, Vance
You can check if the server has set the sv_cheats to 1, right?
If so, continue scan, else Plugin_stop?

[vancelorgin]

The server will always have sv_cheats as 0, it's the client's percieved sv_cheats that is changed, so if GetClientConVarValue "sv_cheats" returns a 1, they hax. This assumes that the var is evaluated without filtering out server side cvars, as that would render this check useless, though you can still check mat_ vars, r_ vars, and lots of other stuff.

[showdax]

Does this actually work for sv_cheats? I've only been able to get client cvars flagged as USERINFO with IVEngineServer::GetClientConVarValue().

Edit: These are the only client cvars flagged as USERINFO in CS:S:

Code:

"cl_autobuy","0       ",,,,,"USERINFO",,,,,,,,,"CLIENTDLL",,,,"The order in which autobuy will attempt to purchase items"
"cl_autohelp","1       ","ARCHIVE",,,,"USERINFO",,,,,,,,,"CLIENTDLL",,,,"Auto-help"
"cl_autowepswitch","0       ","ARCHIVE",,,,"USERINFO",,,,,,,,,"CLIENTDLL",,,,"Automatically switch to picked up weapons (if more powerful)"
"cl_class","0       ","ARCHIVE",,,,"USERINFO",,,,,,,,,"CLIENTDLL",,,,"Default class when joining a game"
"cl_cmdrate","30      ","ARCHIVE",,,,"USERINFO",,,,,,,,,,,,,"Max number of command packets sent to server per second"
"cl_interp","0       ",,,,,"USERINFO",,,,,,,,,"CLIENTDLL",,,,"Interpolate object positions starting this many seconds in past"
"cl_interp_npcs","0       ",,,,,"USERINFO",,,,,,,,,"CLIENTDLL",,,,"Interpolate NPC positions starting this many seconds in past (or cl_interp, if greater)"
"cl_lagcompensation","1       ",,,,,"USERINFO",,,,,,,,,"CLIENTDLL",,,,"Perform server side lag compensation of weapon firing events."
"cl_predict","1       ",,,,,"USERINFO",,,,,,,,,"CLIENTDLL",,,,"Perform client side prediction."
"cl_predictweapons","1       ",,,,,"USERINFO",,,,,,,,,"CLIENTDLL",,,,"Perform client side prediction of weapon effects."
"cl_rebuy","0       ",,,,,"USERINFO",,,,,,,,,"CLIENTDLL",,,,"The order in which rebuy will attempt to repurchase items"
"cl_spec_mode","3       ","ARCHIVE",,,,"USERINFO",,,,,,,,,"CLIENTDLL",,,,"spectator mode"
"cl_team","0       ","ARCHIVE",,,,"USERINFO",,,,,,,,,"CLIENTDLL",,,,"Default team when joining a game"
"cl_updaterate","20      ","ARCHIVE",,,,"USERINFO",,,,,,,,,,,,,"Number of packets per second of updates you are requesting from the server"
"closecaption","0       ","ARCHIVE",,,,"USERINFO",,,,,,,,,"CLIENTDLL",,,,"Enable close captioning."
"english","1       ",,,,,"USERINFO",,,,,,,,,"CLIENTDLL",,,,"If set to 1, running the english language set of assets."
"name","0       ","ARCHIVE",,,,"USERINFO",,,"PRINTABLEONLY",,,,,,,,,,"Current user name"
"rate","7500    ",,,,,"USERINFO",,,,,,,,,,,,,"Max bytes/sec the host can receive data"
"voice_loopback","0       ",,,,,"USERINFO",,,,,,,,,,,,,""

Edit #2: From the SDK docs:

Quote:

FCVAR_USERINFO Some console variables contain client information the server needs to know about, like the player's name or his network settings. These variables must be flagged as FCVAR_USERINFO, so they get transmitted to the server and updated every time the user changes them. When the player changes on of these variables the engine notifies the server code via ClientSettingsChanged(). Then the game server can query the engine for specific client settings with GetClientConVarValue().

[vancelorgin]

There's gotta be some way to get the rest :/

[DeatH.NL]

Can't u just release ur version, so I can test it on my server: 83.149.113.1:27025? Because i dont know nothing about coding, so release ur version and then ill test it. Or just mail it to me, so my server will be some kind of beta anti-cheat server.
PM me back please

[CodeWeasel]

hmm...this thread got me thinking...

Is there a way to work with the Windows API through SourceMod/the engine? Cause if it were possible, you could step through the processes like with Process32First and Process32Next, and check for hooks into the engine...

If anything, you could do some sort of thing where you require a separate program like C-D using this technique...which I think C-D does already... Heh, that might be a fun weekend project, seeing as I pretty much have all of the code from when I wrote my process management utility... (http://www.freewebs.com/wombatex/bpk.htm)

Anyway, I'm just blabbering...code talk makes me all warm and fuzzy inside

[vancelorgin]

A) Providing access to system API from SM plugins goes against the ideas of portability and security

2) Even if plugins had access to those API's, they'd enumerate running processes on the server, thus telling you clearly if the dedicated server was using an aimbot

and D) Enumeration of processes and modules in search of certain names as a cheat detection method has never and will never work, as it can be evaded by simply renaming.

I wish I felt fuzzy.