anti-cheat-systems

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Anti-Cheat Systems & Analysis

反作弊系统与分析

Overview

概述

This skill covers anti-cheat systems used in games, their detection mechanisms, and research techniques. Understanding anti-cheat helps both defenders (game developers) and security researchers.

本指南涵盖游戏中使用的反作弊系统、其检测机制以及研究技术。了解反作弊技术对防御者（游戏开发者）和安全研究人员均有帮助。

Major Anti-Cheat Systems

主要反作弊系统

Easy Anti-Cheat (EAC)

Kernel-mode driver protection
Process integrity verification
Memory scanning
Used by: Fortnite, Apex Legends, Rust

内核模式驱动保护
进程完整性验证
内存扫描
应用于：Fortnite、Apex Legends、Rust

BattlEye

Kernel driver with ring-0 access
Screenshot capture capability
Network traffic analysis
Used by: PUBG, Rainbow Six Siege, DayZ

拥有Ring-0权限的内核驱动
截图捕获功能
网络流量分析
应用于：PUBG、Rainbow Six Siege、DayZ

Vanguard (Riot Games)

Always-on kernel driver
Boot-time initialization
Hypervisor detection
Used by: Valorant, League of Legends

始终运行的内核驱动
启动时初始化
虚拟机监控程序检测
应用于：Valorant、League of Legends

Valve Anti-Cheat (VAC)

User-mode detection
Signature-based scanning
Delayed ban waves
Used by: CS2, Dota 2, TF2

用户模式检测
基于特征码的扫描
延迟封禁机制
应用于：CS2、Dota 2、TF2

Other Systems

其他系统

PunkBuster: Legacy FPS anti-cheat
FairFight: Server-side statistical analysis
nProtect GameGuard: Korean anti-cheat solution
XIGNCODE3: Mobile game protection
ACE (Tencent): Chinese market protection

PunkBuster：传统FPS游戏反作弊系统
FairFight：服务器端统计分析系统
nProtect GameGuard：韩国反作弊解决方案
XIGNCODE3：移动游戏保护系统
ACE (腾讯)：面向中国市场的保护系统

Detection Mechanisms

检测机制

Memory Detection

内存检测

- Signature scanning for known cheats
- Code integrity verification
- Injected module detection
- Memory modification monitoring

- Signature scanning for known cheats
- Code integrity verification
- Injected module detection
- Memory modification monitoring

Process Detection

进程检测

- Handle enumeration
- Thread context inspection
- Debug register monitoring
- Stack trace analysis

- Handle enumeration
- Thread context inspection
- Debug register monitoring
- Stack trace analysis

Kernel-Level Detection

内核级检测

- Driver verification
- Callback registration monitoring
- System call hooking detection
- PatchGuard integration

- Driver verification
- Callback registration monitoring
- System call hooking detection
- PatchGuard integration

Behavioral Analysis

行为分析

- Input pattern analysis
- Movement anomaly detection
- Statistical improbability flagging
- Network packet inspection

- Input pattern analysis
- Movement anomaly detection
- Statistical improbability flagging
- Network packet inspection

Anti-Cheat Architecture

反作弊架构

User-Mode Components

用户模式组件

Process scanner
Module verifier
Overlay detector
Screenshot capture

进程扫描器
模块验证器
悬浮窗检测器
截图捕获工具

Kernel-Mode Components

内核模式组件

Driver loader
Memory protection
System callback registration
Hypervisor detection

驱动加载器
内存保护模块
系统回调注册器
虚拟机监控程序检测器

Server-Side Components

服务器端组件

Statistical analysis
Replay verification
Report processing
Ban management

统计分析模块
回放验证系统
报告处理模块
封禁管理系统

Research Techniques

研究技术

Static Analysis

静态分析

Dump and analyze AC drivers
Reverse engineer detection routines
Identify signature patterns
Map callback registrations

转储并分析反作弊驱动
逆向工程检测例程
识别特征码模式
映射回调注册

Dynamic Analysis

动态分析

Monitor system calls
Track driver communications
Analyze network traffic
Debug with hypervisor tools

监控系统调用
跟踪驱动通信
分析网络流量
使用虚拟机监控程序工具调试

Bypass Categories

绕过分类

Memory Access

内存访问

Physical memory read/write
DMA-based access
Hypervisor memory virtualization
Driver-based access

物理内存读写
基于DMA的访问
虚拟机监控程序内存虚拟化
基于驱动的访问

Code Execution

代码执行

Manual mapping
Thread hijacking
APC injection
Kernel callbacks

手动映射
线程劫持
APC注入
内核回调利用

Detection Evasion

检测规避

Signature mutation
Timing attack mitigation
Stack spoofing
Module hiding

特征码变异
时序攻击缓解
栈伪造
模块隐藏

Security Features Interaction

安全特性交互

Windows Security

Windows安全

Driver Signature Enforcement (DSE)
PatchGuard/Kernel Patch Protection
Hypervisor Code Integrity (HVCI)
Secure Boot

驱动签名强制（DSE）
PatchGuard/内核补丁保护
虚拟机监控程序代码完整性（HVCI）
安全启动

Virtualization

虚拟化

VT-x/AMD-V detection
Hypervisor presence checks
VM escape detection
Timing-based detection

VT-x/AMD-V检测
虚拟机监控程序存在性检查
虚拟机逃逸检测
基于时序的检测

Ethical Considerations

伦理考量

Research Guidelines

研究准则

Focus on understanding, not exploitation
Report vulnerabilities responsibly
Respect Terms of Service implications
Consider impact on gaming communities

专注于技术理解，而非恶意利用
负责任地报告漏洞
尊重服务条款的约束
考虑对游戏社区的影响

Legal Aspects

法律层面

DMCA considerations
CFAA implications
Regional regulations
ToS enforcement

DMCA相关考量
CFAA相关影响
地区性法规
服务条款执行

Resources Organization

资源整理

Detection Research

检测研究

markdown

- Anti-cheat driver analysis
- Detection routine documentation
- Callback enumeration tools

markdown

- Anti-cheat driver analysis
- Detection routine documentation
- Callback enumeration tools

Bypass Research

绕过研究

markdown

- Memory access techniques
- Injection methods
- Evasion strategies

markdown

- Memory access techniques
- Injection methods
- Evasion strategies

Tools

工具

markdown

- Custom debuggers
- Driver loaders
- Analysis frameworks

markdown

- Custom debuggers
- Driver loaders
- Analysis frameworks

Data Source

数据源

Important: This skill provides conceptual guidance and overview information. For detailed information including:

Specific GitHub repository links
Complete project lists with descriptions
Up-to-date tools and resources
Code examples and implementations

Please fetch the complete data from the main repository:

https://raw.githubusercontent.com/gmh5225/awesome-game-security/refs/heads/main/README.md

The main README contains thousands of curated links organized by category. When users ask for specific tools, projects, or implementations, retrieve and reference the appropriate sections from this source.

重要提示：本指南仅提供概念性指导和概述信息。如需以下详细内容：

特定GitHub仓库链接
带描述的完整项目列表
最新工具与资源
代码示例与实现方案

请从主仓库获取完整数据：

https://raw.githubusercontent.com/gmh5225/awesome-game-security/refs/heads/main/README.md

主README包含数千个按类别整理的精选链接。当用户需要特定工具、项目或实现方案时，请从此源中检索并参考相应章节。