PROTECTING AGAINST POLYMORPHIC CHEAT CODES IN A VIDEO GAME
First Claim
1. A network device useable in managing detecting cheat code in a executable code, comprising:
- a network interface component for receiving and sending information a network;
a processor, in communication with the network interface component that includes machine instructions that cause the processor to perform operations, including;
receiving a hook/parasite signature from a client device, wherein the hook/parasite signature provides information about modification to a game client and a suspect code residing on the client device, wherein the modification to the game client includes a hook from the game client to the suspect code;
analyzing the hook/parasite signature information to detect one or more cheat code elements;
generating a probability value based on a weighted combination of the one or more cheat code elements;
if the probability value indicates that the suspect code is game cheat code, implementing a cheat prevention policy; and
storing information from the hook/parasite signature for use in detecting changes to the suspect code directed toward hiding the cheat code elements.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments are directed towards protecting against polymorphic cheat codes in a video game environment. A detour analyzer analyzes game code in client memory for possible hooks to parasite code. For each detected hook to parasite code, hook and/or parasite information is determined to generate a hook/parasite signatures, which are sent to a remote network device. Based on the hook/parasite signatures a weighted combination of scores are generated that is useable to determine a probability value that the parasite code is cheat code. If the determined probability value indicates cheat code, the user of the client device may be banned from future game play. Additionally, the hook/parasite signature information may be used to update the data store to detect polymorphic changes in the cheat code.
-
Citations
20 Claims
-
1. A network device useable in managing detecting cheat code in a executable code, comprising:
-
a network interface component for receiving and sending information a network; a processor, in communication with the network interface component that includes machine instructions that cause the processor to perform operations, including; receiving a hook/parasite signature from a client device, wherein the hook/parasite signature provides information about modification to a game client and a suspect code residing on the client device, wherein the modification to the game client includes a hook from the game client to the suspect code; analyzing the hook/parasite signature information to detect one or more cheat code elements; generating a probability value based on a weighted combination of the one or more cheat code elements; if the probability value indicates that the suspect code is game cheat code, implementing a cheat prevention policy; and storing information from the hook/parasite signature for use in detecting changes to the suspect code directed toward hiding the cheat code elements. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer based method of detecting cheat code in a computer game environment, comprising:
-
analyzing, on a client device, a game client to detect a modification to the game client that includes a hook to suspect code; examining, on the client device, the game client modification and the suspect code to generate one or more hook signatures and a parasite signature; providing the hook and parasite signatures over a network to a server device; analyzing, on the server device, the hook and parasite signatures to detect one or more cheat code elements; generating, on the server device, a probability value based on the one or more cheat code elements; if the probability value indicates that the suspect code is game cheat code, implementing a cheat prevention policy that includes at least inhibiting participation by a user associated with the client device in a subsequent use of the game client; and storing information from the hook and parasite signatures for use in detecting changes to the suspect code directed toward hiding the cheat code elements. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A system for detecting cheat code within a game environment over a network, comprising:
-
a client device, comprising; memory having an executable game code and suspect code within; and a detour analyzer that is configured to perform actions, including; analyzing the game client to detect a modification to the game client that includes a plurality of hooks to suspect code; examining the game client modification and the suspect code to generate a plurality of hook signatures and a parasite signature; and providing the plurality of hook signatures and parasite signature over the network; and a network device that is configured to perform actions, including; analyzing, on the server device, the plurality of hook and parasite signatures to detect one or more cheat code elements; generating, on the server device, a probability value based on the one or more cheat code elements; if the probability value indicates that the suspect code is game cheat code, implementing a cheat prevention policy; and storing information from the hook and parasite signatures for use in detecting changes to the suspect code directed toward hiding the cheat code elements. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification