Detect Running Processes in Developer Help

Page: 1 2
ID:154911
 
Nov 11 2011, 3:22 pm
I'm wondering if it's possible to detect the processes the client has running? I don't need access to anything but the information. So, for example if they're running a well known cheat software, I can detect for it and shut the client down.

Is this possible? It would be a huge help for catching these things.
#1 Nov 11 2011, 3:28 pm
It's more trouble than it's worth. No way to do it with BYOND but you would to run something separately on the client's machine and get that to send information back to the server.
#2 Nov 11 2011, 3:41 pm (Edited on Nov 11 2011, 8:05 pm)
In response to ExPixel (#1)
It can't be that hard to get a list of running processes...

Is there a way to even run something seperately through BYOND?

What about using Browse()? There might be some way to do it through JavaScript, maybe I'll check that out.
Edit: Nope turns out it is not possible through browser based Javascript...
#3 Nov 11 2011, 8:06 pm
Any method to do so would be a huge security risk and be patched by the staff ASAP. Dream Seeker is designed to more-or-less run in its own little sandbox, you aren't supposed to be able to run arbitrary system commands on the clients.

Even if you could exploit some older versions of IE, all someone would have to do is update is prevent you from catching them.

Anything in particular you're trying to stop? Because of BYOND's client-server model, the only reliable cheating method players have is macro programs.
#4 Nov 11 2011, 8:20 pm
In response to DarkCampainger (#3)
DarkCampainger wrote:
the only reliable cheating method players have is macro programs.

Which you could just change the name of the .exe to blah.exe rendering this method useless really.
#5 Nov 11 2011, 8:31 pm
In response to A.T.H.K (#4)
A.T.H.K wrote:
DarkCampainger wrote:
the only reliable cheating method players have is macro programs.

Which you could just change the name of the .exe to blah.exe rendering this method useless really.

Exactly.

The only real way to block macro programs is to make your gameplay not easily macroable. Make it dynamic.

For example, in an online RPG called Tibia, there was a fishing system that was literally "click your fishing rod, click water, get fish 4% of the time". That was easily macroed. They changed it so that fishing used up worms, and so that after you caught a fish on a particular water tile, you couldn't catch a fish there again for a few minutes. This made it much more fun harder for me to macro.
#6 Nov 11 2011, 8:38 pm
In response to DarkCampainger (#3)
Anything in particular you're trying to stop? Because of BYOND's client-server model, the only reliable cheating method players have is macro programs.

Actually, I'm trying to stop people from spoofing their IP with Tor and spoofing BYOND CompID with another program.
There's got to be some way to detect it, IP bans are practically useless now. (I have other types of bans in place, but still, it's irritating).
#7 Nov 11 2011, 8:44 pm
In response to Sprin (#6)
Sprin wrote:
Anything in particular you're trying to stop? Because of BYOND's client-server model, the only reliable cheating method players have is macro programs.

Actually, I'm trying to stop people from spoofing their IP with Tor and spoofing CompID with another program.
There's got to be some way to detect it, IP bans are practically useless now. (I have other types of bans in place, but still, it's irritating).

I'm surprised they can play a game over Tor, I always assumed it would be very slow/high latency.

Unfortunately, because of the way the internet works, there's not much you can do. However, if you have any info on the program people are using to circumvent computer_id, I'm sure the staff would appreciate it if you would pass it on through the support form. They may be able to beef it up a bit more if they know how people are getting around it.

Best defense is to build safeguards into whatever they're abusing, such as by adding spam filters.
#8 Nov 11 2011, 8:51 pm (Edited on Nov 11 2011, 9:08 pm)
In response to DarkCampainger (#7)
Yeah, there is a spam filter. These guys are some real no-lifers, though, so no amount of in-game safeguards will hold them back, which is why they've been banned.

I'll give support all the information I have on the program that spoofs comp_id, it's a bit of a long shot though.

For now I'm still going to go ahead and try to run some sort of client-side javascript to detect it, with run(). Any ideas on how to check if the user cancels the run request?
#9 Nov 11 2011, 10:25 pm
In response to Sprin (#8)
I'm not aware of any function called "run".
#10 Nov 12 2011, 12:18 am
In response to DarkCampainger (#9)
You can run say, a javascript file with run(). If I can tell when the user refuses to run it, I can shut down their client from playing the game or something like that.
#11 Nov 12 2011, 1:33 am (Edited on Nov 12 2011, 1:40 am)
In response to Sprin (#10)
Could you not just use javascript via 
src << browse("javascript code goes here")
perhaps maybe its been a long day for me I have edited this post around 4 times...
#12 Nov 12 2011, 11:20 am
In response to A.T.H.K (#11)
That would be perfect, but I went onto StackOverflow, and got told there is no way for browser based Javascript to access the operating system to get the information I need, unfortunately.
#13 Nov 12 2011, 2:52 pm
In response to Sprin (#12)
Yes sorry you will need to run an activex addin for ie.. Where the client has the option to run it or not.

If you know and c# you can use a dll in DM

I was looking into this but with lack of knowledge i ultimately failed.

This can be done by writing your own DLL and use the call function in DM, if you try looking up call or dll in the forums there is a certain way to get the dll to return the value.

I am assuming the above will work client side as the reference quotes 
 usr << call(dll here,proc ut returns to) (arguments,1,2)


The arguments are not needed and so far i do not believe the proc is needed, all in all you can create a dll to return the cpuid hdd id or another piece of hardware from the clients pc, imo stick with cpu id as hdds are easy to change id. If the client can be bothered.

Please correct me if I am wrong, I will continue with writing the dll myself and if successful ill upload it as a lib for all.
#14 Nov 12 2011, 3:12 pm
In response to A.T.H.K (#13)
You'd only be able to access the host's processes using a DLL, and only if hosting from Windows. You can't run a DLL function on a client.
#15 Nov 12 2011, 4:34 pm
In response to Nadrew (#14)
Nadrew wrote:
You'd only be able to access the host's processes using a DLL, and only if hosting from Windows. You can't run a DLL function on a client.

^

Sad maybe someone should request a feature that BYOND can return the CPU ID of the client, I don't know why this was not thought of by Tom in the first place (in a banning perspective).

IP/Key banning is easy to bypass.

I could suggest that IP/KEY ban and file ban, to do this you can send the client a file if file exists when they login ban them... this is also easy to bypass...
#16 Nov 12 2011, 4:58 pm
In response to A.T.H.K (#15)
A.T.H.K wrote:
Nadrew wrote:
You'd only be able to access the host's processes using a DLL, and only if hosting from Windows. You can't run a DLL function on a client.

^

Sad maybe someone should request a feature that BYOND can return the CPU ID of the client, I don't know why this was not thought of by Tom in the first place (in a banning perspective).

This was the idea behind computer_id, however even that has its limits. Ultimately, there is no absolute way to identify someone online. Just limit the damage they can do. If it gets really bad, you could always resort to a white-list (IE only keys that have previously joined the game can connect) until they get bored and go bug someone else.

I could suggest that IP/KEY ban and file ban, to do this you can send the client a file if file exists when they login ban them... this is also easy to bypass...

Creating a cookie in their browser is also a sneaky way, as well as Flash cookies (much harder to get rid of).

But this is all public information, so any black-list barriers you put up will only be temporary.
#17 Nov 12 2011, 5:08 pm
In response to DarkCampainger (#16)
Personally, I ban via key, IP, computer ID, cookie and client-side savefile. If someone's going to be assed getting around it via a VM, I guess you can be proud that they love your game that much.
#18 Nov 12 2011, 5:16 pm
In response to Murrawhip (#17)
Murrawhip wrote:
I guess you can be proud that they love your game that much.

Not always the case.
#19 Nov 13 2011, 4:29 pm (Edited on Nov 13 2011, 4:35 pm)
In response to A.T.H.K (#18)
A.T.H.K wrote:
Murrawhip wrote:
I guess you can be proud that they love your game that much.

Not always the case.

^

Indeed, as I have exactly all those bans in place. There are about 5 people who still try to bypass all of them.
Flattered, maybe. But people with that amount of free time and crackhead energy, are usually the ones who are trying to break your game for their own amusement... So not so good.

PS: I take it there is no way to return if a client has canceled a run() request?
But the DLL can get running windows processes and return the result via call()? I'm assuming they get the 'Ok and Cancel' request, would it return something in that case if the client canceled?
Page: 1 2