How to detect if current process is suspended?
Question
Hello I am making an launcher/anticheat for a game and yesterday I have discovered that users can simply suspend the anticheat thread with Process Explorer and inject hack and then clean up used dlls and then unsuspend it and hack. I have tried to find any way how to detect it but have found only how to suspend a process nothing about how to detect it I have also looked at Application and Process event but found nothing usable.. Now I have added a "timer" inside of the anticheat thread that will shut down the game if there is no process/module scan for 3 sec but when the game is loading it takes almost 100% cpu for some time and for my its about 2sec but on some older processors there are no scans for maybe up to 10sec so its not an option at all..
So is this event logged anywhere? or how can I do so? I know I can find process or thread state but not when all my threads are suspended
1 answers
solution1
1 2017-03-09 23:19:39
There aren't any good option to do... but there are 3 possibilities that might work
Create 2 processes
- First is main process that contains all code and will scan for second process
- Second process will scan for Main process (like @paxdiablo says)
How to bypass it? Select two processes at once and suspend them.
Some users will try to select 2 processes at once.
Search for opened processes and if Process Explorer is running then kill it
How to bypass? Use another task manager with suspending option
Disadvantage? Your AntiCheat-Launcher can be detected by Anti-Virus.
Embed your code in game code (eg. modifications).
I think that it's the best option... but if this game isn't written in C# (eg. Minecraft) then you must learn a new language.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.