Yea. Looking at the MQ source, even client side, there is only so much that can be done about this program.
MQ is completely open source, meaning anyone can make changes to the program and recompile it. It blocks itself from debugger checks by modifying assembly values in the first few sequences of code. Meaning, the only real easy way to check if MQ is running is to check the currently running modules (DLLs) and see if any of the MQ files are running.
One situation there is that someone could change the name of the DLLs. So, to do a further check at this point, you could obtain the memory address of the modules and check one of the functions based on the ordinal numbers, and see if it returns an expected value. But if someone were to find a way to decompile the checker and figure out what is being inspected, all they would have to do is change that function.
Client side checks are hard. It is why Everquest Live still has issues with MacroQuest, and why companies like GameGuard constantly have to update their programs.
In the end, the best we can do is just put in extra checks into the server code, to help prevent certain issues.
__________________
Hmm.
|
Hybrid Mode
