Hello,

I wanna write an anticheat for a game. So it seems that the cheat itself is editing the memory (for example movement speed). So what I'm gonna do is make my anticheat tool to scan the memory offset and compare the value in the memory to the normal value that is there without editing memory. So I tried memory scanning tools but they show the value in a different address every time. So I need to find not the address but the offset (I think it's called offset actually :D ). I think since the cheat can find the value and edit it, so my anticheat can find the value and check it for correctness :) . But how? What functions I use? Is there already a program that does find the offset if you know the value?

Thanks in advance.

I'm not certain I understand what you mean by the 'offset'. But why not have another variable, that is a somewhat encrypted version of the first, then check the two (by decrypting the second value of course)?

Here's one example of what I mean:

int myvariable = 5;
int myvariable2 = myvariable+16;

To check, do this:

if (myvariable2-16 == myvariable)

If the statement is false, then someone has modified the first value, and you can end the game or whatever else. Though I would suggest going a little more advanced with your second variable's encryption (adding 16 works, but isn't exactly secure). Also remember that anytime you modify the value of myvariable, you must also change myvariable2 to myvariable+16. It's a pretty tedious way to do it, but it works.

That's good idea but I don't have source code for the game. I am not sure too what the offset is but I think it's something like the functions in a dll or exe. Every function in the dll has an offset and to access that function from a different program you need to know the offset, and the offset is static until the you change the exe or dll you opened with LoadLibrary. I think same is for data in the memory. I seem to find the place of the memory with this http://www.codeproject.com/KB/cs/sojaner_memory_scanner.aspx . But it shows a different address every time. If it's in different address every time, how the cheat finds it? Should be through the offset. But I can't seem to find a way to find the offset of that variable I want to scan. :(

This article has been dead for over six months. Start a new discussion instead.