如何在我们的(多人)游戏中防止作弊? [英] How to prevent cheating in our (multiplayer) games?

问题描述

如果您正在编写游戏，则应考虑作弊者以及如何防止其作弊.

If you are writing a game you should think about cheaters and how to prevent them from cheating.

我认为不仅是mmo多人游戏，而且也不是单人游戏或自制"的p2p mp游戏.

I don't think only the mmo multiplayer games but also singleplayer or "home-brewed" p2p mp games too.

当游戏完全基于服务器-客户端架构时，我认为这项工作几乎完成了，但是还存在一些墙壁漏洞或其他问题.

When the game is based on completely a server-client architechture, the job is almost done I think, but there is also wall hacks or something else.

我制作了自己的p2p游戏，一段时间后，作弊者出现了.他们只是使用作弊引擎并尝试过Speedhack和Memory hack的脚本专家.

I made my own p2p game and some time later cheaters appeared. They were only scriptkiddies who used cheat engine and tried speedhacks and memory hacks.

大多数speedhacks都会钩住gettickcount.我通过以下简单技巧对Speedhacker进行了分类.我只是跟踪time()-GetTickCount()值，如果差异发生变化，那就是作弊.

Most speedhacks hooks gettickcount. I sorted out speedhackers by the following simple trick. I just tracking the time()-GetTickCount() value and if the difference changes there is cheating.

可以通过将散列的副本保留在某个位置并始终将其移动并始终使用随机值对其进行重新散列来解决内存损坏的问题.不匹配会导致崩溃.

Memory corruptions can be sorted out by keeping a hashed copy somewhere and moving it always and always rehashing it by a random value. Mismatching causes crash.

要彻底弄清作弊引擎，只需检查:

To sort out Cheat Engine at all, just check:

if (OpenFileMapping(FILE_MAP_READ,false,'CEHYPERSCANSETTINGS')!=0)
{
   // Cheat Engine runs.
}

(一个朋友告诉我，我还没有测试过.)

(a friend told me this, I haven't tested it yet.)

这些技巧使骗子最多.但是，当然还有更多的作弊技术. 我打开了此Wiki，以讨论更多另一种作弊技巧以及避免这种作弊的方法.

These tricks sorted out the most cheaters. But there is of course more cheating techniques. I opened this wiki, to discuss more another cheating techniques and the way to avoid them.

推荐答案

我不认为您应该采取任何行动来制止单人游戏作弊.您的用户购买了游戏，只要不与其他人玩游戏，他们就应该可以欺骗.

I don't think you should do anything to stop cheating on single player games. Your users bought the game, they should be able to cheat if they want to, as long as they're not playing against others.

这是我已经完成的几件事.这些主要是针对锦标赛游戏中的反作弊系统而进行的，在这些系统中，金钱受到威胁，并且认为对用户系统的某些入侵程度是可以接受的.对于休闲游戏，我会谨慎一些，因为如果您的游戏不稳定，则可能会导致其系统出现问题.

Here are a few things that I've done. These were mostly done for anti-cheat systems on tournament games, where money is at stake, and certain levels of intrusion on the user's system is considered acceptable. I would be careful about doing some of this stuff on casual games since if your game is not stable there is the potential for causing problems with their system.

1)在可能的情况下，永远不要信任客户"是您最安全的原则.在服务器上执行所有操作，并且仅向客户端提供必要的知识，以呈现他在任何给定时间应在屏幕上看到的内容.即，如果客户不知道隐藏在墙壁后面的玩家的位置，墙壁劈砍不会给用户带来任何好处.对于高速动作游戏而言，这可能非常困难-尤其是在实时阴影等已成为常态的情况下，即使玩家的身体可见，用户也可能需要能够看到阴影-但应始终保持在您选择的顶部.在点对点游戏中也很难做到，但是有一些方法可以限制点对点之间的知识.仅当性能变得过高或超出您的时间/金钱预算时，才应考虑以下各项.

1) Where possible, "Never Trust the Client" is your safest principle to adhere to. Perform all actions on the server, and only give the client as much knowledge as is necessary to render what he should be able to see on the screen at any given time. i.e. if a client doesn't know the position of a player that is hidden behind a wall, a wall hack won't do the user any good. For high-speed action games this can be extremely difficult - especially now that real-time shadows and such are the norm, where the user may need to be able to see a shadow even if the player's body is visible - but it should always be at the top of your options. Also extremely difficult to do on peer-to-peer games, but there are ways to limit knowledge between peers. Only when it becomes performance prohibitive, or outside of your time/money budget, should the following items be considered.

2)打开所有其他进程，并挂接其WriteProcessMemory函数，以使它们无法在游戏进程中写入内存.如果正确完成这一步，将阻止90％的所有作弊和作弊引擎.

2) Open all other processes, and hook their WriteProcessMemory functions so that they can't write to the memory in your game's process. Done right this one step will block 90% of all cheats and cheat engines.

3)做同样的事情，钩住各种鼠标和键盘仿真功能.这样可以防止很多瞄准机器人和其他类型的自动化机器人.

3) Do the same thing, hooking the various mouse and keyboard emulation functions. This will prevent a lot of aimbots and other types of automation bots.

4)在游戏自己的进程中加入VirtualProtectEx/VirtualAllocEx/etc函数，并监视哪些模块正在更改保护级别或分配新的内存块.为了避免在游戏进行大量分配时占用过多CPU资源，您必须对此有所技巧，但是可以做到这一点.

4) Hook into the VirtualProtectEx/VirtualAllocEx/etc functions in your game's own process and monitor which modules are changing protection levels or allocating new memory chunks. You have to be crafty with this in order to prevent it from being too CPU intensive when your game does a lot of allocations, but it can be done.

5)钩入LoadLibrary函数并监视动态加载的所有DLL，以防止DLL注入.

5) Hook into the LoadLibrary functions and monitor any DLLs that are being loaded dynamically, to prevent DLL injection.

6)在游戏连接上使用一些轻量级的多态编码.

6) Use some lightweight polymorphic encoding on your game connections.

7)使用一些反调试技术来防止调试器附加到您的进程. Google进行反调试，您应该可以找到很多东西.

7) Use some anti-debugging techniques to prevent debuggers from attaching to your processes. Google anti-debugging and you should be able to find lots of stuff.

8)使用自定义的专有PE包装器来防止游戏的有用拆卸.

8) Use a custom proprietary PE packer to prevent useful disassembly of your game.

9)熟悉处理透明度和alpha混合的OpenGL或Direct3D函数和方法.

9) Hook into your OpenGL or Direct3D functions and methods that deal with transparency and alpha blending.

10)如果使用着色器，请对您的着色器和着色器常数值进行校验和.

10) If using shaders, checksum your shaders and the shader constant values.

11)在玩家角色上使用其他遮挡剔除技术，以防止在它们的视线被其他几何图形遮挡时根本无法呈现它们.它可能对您的性能也有帮助，也可能无济于事，但它可以防止许多墙壁窃听.

11) Use additional occlusion culling techniques on player characters to prevent them from being rendered at all when the line of sight to them is blocked by other geometry. It may or may not help with your performance also, but it will prevent many wallhacks.

这篇关于如何在我们的(多人)游戏中防止作弊?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！