游戏反外挂系统设计与实现
发布时间:2018-11-21 10:15
【摘要】:网络游戏日益增多,外挂的数量也与日俱增,越来越多的人使用外挂。游戏外挂侵犯了游戏运营商的知识产权,严重破坏了游戏的平衡性,缩短了游戏的寿命。因此保护游戏的安全、维护游戏的平衡性是需要重点解决的问题。 论文分析了国内外反外挂系统,对反外挂系统的实际使用情况进行了调研。本文分别提供游戏客户端、服务端的保护以及游戏漏洞挖掘的方法。游戏客户端的保护使用windows驱动扫描进程特征,匹配特征码上报给服务器。服务端基于交换机镜像分光,在游戏服务端截获通信协议匹配外挂行为。游戏漏洞挖掘对游戏做全面的安全监测,发掘出可被外挂利用的地方,防止利用漏洞破坏游戏公平性。客户端的秘密扫描子系统能在外挂开启了自身保护的情况下检测出外挂;它的进程特征检测提供ActiveProcessLinks、虚拟内存、物理内存三种方式;它扫描进程的原型PTE去匹配进程特征码,即使外挂挂钩了读进程内存的函数。服务端的旁路反外挂子系统找出多个行为特征封杀外挂,因为外挂编写者接触不到子系统,所以不容易破防;游戏漏洞挖掘子系统使用逆向手段反汇编出游戏逻辑,利用客户端计算服务端不计算或计算不全的原则找出漏洞,形成安全测试文档提供给游戏开发商。 论文设计并实现了三个子系统,形成游戏反外挂系统的全面保护。自身防御方面:驱动扫描不使用HOOK技术,不会被绕过;客户端服务端通信复用游戏的通信连接,且用了加密及认证对通信数据进行保护。所以论文阐述的反外挂系统能有效打击外挂的同时,且客户端保护和服务端旁路反外挂系统方面也有很好的自身保护。
[Abstract]:With the increasing number of online games, more and more people use them. Game add-on infringes the intellectual property rights of game operators, seriously disrupts game balance and shortens game life. Therefore, to protect the security of the game and maintain the balance of the game is a key problem to be solved. This paper analyzes the anti-external-storage system at home and abroad, and investigates the actual application of anti-external-storage system. This paper provides the game client, server protection and game vulnerability mining methods. Game client protection using windows driver scanning process features, matching signature to report to the server. The server based on switch mirror splitters intercepts communication protocol matching behavior in game server. Game vulnerability mining to do a comprehensive security monitoring of the game, to find out the place can be used, to prevent the use of vulnerabilities to undermine the fairness of the game. The secret scanning subsystem of client can detect the external store under the condition that the external store turns on its own protection, and its process feature detection provides three ways of ActiveProcessLinks, virtual memory and physical memory. It scans the process's prototype PTE to match the process signature, even if the plug-in hook up the read process memory function. Server side of the bypass anti-external subsystem to find out a number of behavior features to block the plug-in, because the external script can not contact the subsystem, so it is not easy to break down; The game vulnerability mining subsystem disassembles the game logic by reverse means, and finds out the vulnerability by using the principle that the client computing service side does not calculate or the calculation is incomplete, and forms a security test document to be provided to the game developer. This paper designs and implements three subsystems to form the overall protection of the game anti-external system. Self defense: drive scan does not use HOOK technology, will not be bypassed; client server communication multiplexing game communication connection, and used encryption and authentication to protect the communication data. Therefore, the anti-plug-in system described in this paper can effectively attack the external plug-in, and the client side protection and server side bypass anti-external storage system also has good self-protection.
【学位授予单位】:中国科学院大学(工程管理与信息技术学院)
【学位级别】:硕士
【学位授予年份】:2013
【分类号】:TP309;TP311.52
本文编号:2346679
[Abstract]:With the increasing number of online games, more and more people use them. Game add-on infringes the intellectual property rights of game operators, seriously disrupts game balance and shortens game life. Therefore, to protect the security of the game and maintain the balance of the game is a key problem to be solved. This paper analyzes the anti-external-storage system at home and abroad, and investigates the actual application of anti-external-storage system. This paper provides the game client, server protection and game vulnerability mining methods. Game client protection using windows driver scanning process features, matching signature to report to the server. The server based on switch mirror splitters intercepts communication protocol matching behavior in game server. Game vulnerability mining to do a comprehensive security monitoring of the game, to find out the place can be used, to prevent the use of vulnerabilities to undermine the fairness of the game. The secret scanning subsystem of client can detect the external store under the condition that the external store turns on its own protection, and its process feature detection provides three ways of ActiveProcessLinks, virtual memory and physical memory. It scans the process's prototype PTE to match the process signature, even if the plug-in hook up the read process memory function. Server side of the bypass anti-external subsystem to find out a number of behavior features to block the plug-in, because the external script can not contact the subsystem, so it is not easy to break down; The game vulnerability mining subsystem disassembles the game logic by reverse means, and finds out the vulnerability by using the principle that the client computing service side does not calculate or the calculation is incomplete, and forms a security test document to be provided to the game developer. This paper designs and implements three subsystems to form the overall protection of the game anti-external system. Self defense: drive scan does not use HOOK technology, will not be bypassed; client server communication multiplexing game communication connection, and used encryption and authentication to protect the communication data. Therefore, the anti-plug-in system described in this paper can effectively attack the external plug-in, and the client side protection and server side bypass anti-external storage system also has good self-protection.
【学位授予单位】:中国科学院大学(工程管理与信息技术学院)
【学位级别】:硕士
【学位授予年份】:2013
【分类号】:TP309;TP311.52
【参考文献】
相关期刊论文 前8条
1 刘坤;;结合逆向工程和fuzz技术的Windows软件漏洞挖掘模型研究[J];成都信息工程学院学报;2008年02期
2 景蕊,刘利军,怀进鹏;基于协议分析的网络入侵检测技术[J];计算机工程与应用;2003年36期
3 梁晓;李毅超;;基于线程调度的进程隐藏检测技术研究[J];计算机科学;2006年10期
4 胡和君;范明钰;;基于内存搜索的隐藏进程检测技术[J];计算机应用;2009年01期
5 周天阳;朱俊虎;王清贤;;基于多特征匹配的隐藏进程检测方法[J];计算机应用;2011年09期
6 徐良华;孙玉龙;高丰;朱鲁华;;基于逆向工程的软件漏洞挖掘技术[J];微计算机信息;2006年24期
7 李延会;岳彩祥;徐金艳;李亚斐;;基于Winpcap的数据包捕获和协议分析系统的设计与实现[J];中国科技信息;2009年10期
8 徐蕾;;利用操作系统异常处理保护进行反调试[J];科技资讯;2008年07期
,本文编号:2346679
本文链接:https://www.wllwen.com/falvlunwen/zhishichanquanfa/2346679.html
