According to JikGuard statistics, among the many security risks faced by the game, the “memory modification” attack accounts for about 11%, and the main way to realize it is to use memory modifiers to tamper with the game memory after obtaining high privileges.
JikGuard Statistics: Percentage of Game Security Risks
Memory modifiers are essentially general-purpose or customized cheating tools that have the ability to find and modify memory. For example, GameGuardian is one of the most common modifiers on the market. In this article, we will analyze GameGuardian modifiers and propose solutions through real cases.
GameGuardian can provide manual memory search and modification functions. As demonstrated in the figure below, GameGuardian modifier searches the data of gold coins several times, determines the memory address of gold coins, and then tampers with it to realize the cheating function of unlimited gold coins.
Modify the number of coins by repeatedly searching and locating the memory
In addition, GameGuardian also supports script calling, through which it can realize locating and modifying memory to achieve the effect of automatic hack, and these scripts are also the main way of spreading many game cheats.
GameGuardian calls lua script to realize the cheating function
In addition to its own memory search and modification, GameGuardian also has an anti-detection function, which is used to prevent being detected by the game.
Demonstration of GameGuardian's anti-detection function
It has been observed that some variants of modifiers even evade detection by stealing the package names of other applications. Undoubtedly, this increases the difficulty of detection. If the game security products do not study the modifiers deeply enough, a lot of errors will be reported in the process of detection.
Since root permissions are required to perform memory modifications, GameGuardian often run virtual machines, virtual frameworks, and other environments. After obtaining root permissions, you can use magisk to hide the process of the game to avoid game detection, so that the traditional means of detection is ineffective, and the difficulty of the fight is greatly increased.
JikGuard has developed a customized strategy to deal with the memory modification problem caused by GameGuardian and its variants. The solution has been applied to many popular games and has proven its excellent protection ability.
