检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:傅建明[1] 杨铮[1] 罗陈可 黄坚伟 FU Jianming;YANG Zheng;LUO Chenke;HUANG Jianwei(Key Laboratory of Aerospace Information Security and Trusted Computing of Ministry of Education,School of Cyber Science and Engineering,Wuhan University,Wuhan 430072,China)
机构地区:[1]武汉大学国家网络安全学院空天信息安全与可信计算教育部重点实验室,武汉430072
出 处:《电子与信息学报》2020年第9期2117-2125,共9页Journal of Electronics & Information Technology
基 金:国家自然科学基金(61972297,U1636107)。
摘 要:针对目前客户端反外挂方法的诸多局限,该文提出一种基于内核事件的网络游戏反外挂方法,并实现了反外挂系统CheatBlocker。该方法通过监控Windows系统中的内核事件监视和拦截进程间的异常访问及异常模块注入,同时从内核注入反外挂动态加载库(DLL)用以阻断鼠标键盘的模拟。实验结果表明,CheatBlocker可防御进程模块注入外挂和用户输入模拟类外挂,且具有较低的性能开销。而且,CheatBlocker无需修改内核数据或代码,相比于目前的反外挂系统具有更好的通用性与兼容性。In view of many limitations of current client anti plug-in methods,an anti-cheat method based on kernel events is proposed,and the network game anti-cheat system called CheatBlocker is implemented.This method uses the kernel event monitoring provided by Windows to intercept the abnormal access between processes and the injection of abnormal modules.At the same time,the anti-cheat Dynamic Loaded Library(DLL)injected from the kernel can block the simulation of the mouse keyboard.The experimental results show that CheatBlocker can defend against process module injection cheating and user input simulation cheating,and has low performance overhead.Moreover,CheatBlocker does not need to modify the kernel data or code which ensures the integrity of the kernel and is more compatible than the current anti-cheat systems.
分 类 号:TN918[电子电信—通信与信息系统] TP309[电子电信—信息与通信工程]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.42