Category Archives: AntiCheat
Obtaining A Protected Process’s Directory Table Base Using IPIs
Kernel-level anti-cheats — for example Easy Anti-Cheat — implement defenses intended to prevent attackers from trivially reading or writing a protected process’s memory from a kernel context. Yet many adversaries operate at the kernel level too and will attempt physical-memory reads/writes to bypass normal protections. It’s therefore critical for anti-cheat authors to understand how physical…
Creating a .NET IL Obfuscator Using Fody
In game development, keeping core logic and runtime data obscured is key—not just to protect your intellectual property, but to stay a step ahead of anyone attempting to reverse engineer or exploit your game. While commercial obfuscators and code virtualizers exist, they often come with heavy overhead and limited flexibility for custom features. This is…
Asynchronous Analysis of Windows KPRCBs for Detection of Unsigned Kernel Shellcode Execution
Introduction What This Post Covers In this article, we’ll explore: The goal is to provide a practical framework for engineers who need to reason about what processors are doing at runtime and ensure that all kernel instructions can be traced back to trusted, signed system images. What is “Unsigned Kernel Shellcode”? In recent years, it’s…