發(fā)布時間：2018-11-21 10:15

【摘要】：網(wǎng)絡游戲日益增多,外掛的數(shù)量也與日俱增,越來越多的人使用外掛。游戲外掛侵犯了游戲運營商的知識產(chǎn)權(quán),嚴重破壞了游戲的平衡性,縮短了游戲的壽命。因此保護游戲的安全、維護游戲的平衡性是需要重點解決的問題。 論文分析了國內(nèi)外反外掛系統(tǒng),對反外掛系統(tǒng)的實際使用情況進行了調(diào)研。本文分別提供游戲客戶端、服務端的保護以及游戲漏洞挖掘的方法。游戲客戶端的保護使用windows驅(qū)動掃描進程特征,匹配特征碼上報給服務器。服務端基于交換機鏡像分光,在游戲服務端截獲通信協(xié)議匹配外掛行為。游戲漏洞挖掘?qū)τ螒蜃鋈娴陌踩O(jiān)測,發(fā)掘出可被外掛利用的地方,防止利用漏洞破壞游戲公平性�？蛻舳说拿孛軖呙枳酉到y(tǒng)能在外掛開啟了自身保護的情況下檢測出外掛；它的進程特征檢測提供ActiveProcessLinks、虛擬內(nèi)存、物理內(nèi)存三種方式；它掃描進程的原型PTE去匹配進程特征碼,即使外掛掛鉤了讀進程內(nèi)存的函數(shù)。服務端的旁路反外掛子系統(tǒng)找出多個行為特征封殺外掛,因為外掛編寫者接觸不到子系統(tǒng),所以不容易破防；游戲漏洞挖掘子系統(tǒng)使用逆向手段反匯編出游戲邏輯,利用客戶端計算服務端不計算或計算不全的原則找出漏洞,形成安全測試文檔提供給游戲開發(fā)商。 論文設計并實現(xiàn)了三個子系統(tǒng),形成游戲反外掛系統(tǒng)的全面保護。自身防御方面：驅(qū)動掃描不使用HOOK技術(shù),不會被繞過；客戶端服務端通信復用游戲的通信連接,且用了加密及認證對通信數(shù)據(jù)進行保護。所以論文闡述的反外掛系統(tǒng)能有效打擊外掛的同時,且客戶端保護和服務端旁路反外掛系統(tǒng)方面也有很好的自身保護。
[Abstract]:With the increasing number of online games, more and more people use them. Game add-on infringes the intellectual property rights of game operators, seriously disrupts game balance and shortens game life. Therefore, to protect the security of the game and maintain the balance of the game is a key problem to be solved. This paper analyzes the anti-external-storage system at home and abroad, and investigates the actual application of anti-external-storage system. This paper provides the game client, server protection and game vulnerability mining methods. Game client protection using windows driver scanning process features, matching signature to report to the server. The server based on switch mirror splitters intercepts communication protocol matching behavior in game server. Game vulnerability mining to do a comprehensive security monitoring of the game, to find out the place can be used, to prevent the use of vulnerabilities to undermine the fairness of the game. The secret scanning subsystem of client can detect the external store under the condition that the external store turns on its own protection, and its process feature detection provides three ways of ActiveProcessLinks, virtual memory and physical memory. It scans the process's prototype PTE to match the process signature, even if the plug-in hook up the read process memory function. Server side of the bypass anti-external subsystem to find out a number of behavior features to block the plug-in, because the external script can not contact the subsystem, so it is not easy to break down; The game vulnerability mining subsystem disassembles the game logic by reverse means, and finds out the vulnerability by using the principle that the client computing service side does not calculate or the calculation is incomplete, and forms a security test document to be provided to the game developer. This paper designs and implements three subsystems to form the overall protection of the game anti-external system. Self defense: drive scan does not use HOOK technology, will not be bypassed; client server communication multiplexing game communication connection, and used encryption and authentication to protect the communication data. Therefore, the anti-plug-in system described in this paper can effectively attack the external plug-in, and the client side protection and server side bypass anti-external storage system also has good self-protection.
【學位授予單位】：中國科學院大學(工程管理與信息技術(shù)學院)
【學位級別】：碩士
【學位授予年份】：2013
【分類號】：TP309;TP311.52

【參考文獻】

相關(guān)期刊論文 前8條

1 劉坤;;結(jié)合逆向工程和fuzz技術(shù)的Windows軟件漏洞挖掘模型研究[J];成都信息工程學院學報;2008年02期

2 景蕊,劉利軍,懷進鵬;基于協(xié)議分析的網(wǎng)絡入侵檢測技術(shù)[J];計算機工程與應用;2003年36期

3 梁曉;李毅超;;基于線程調(diào)度的進程隱藏檢測技術(shù)研究[J];計算機科學;2006年10期

4 胡和君;范明鈺;;基于內(nèi)存搜索的隱藏進程檢測技術(shù)[J];計算機應用;2009年01期

5 周天陽;朱俊虎;王清賢;;基于多特征匹配的隱藏進程檢測方法[J];計算機應用;2011年09期

6 徐良華;孫玉龍;高豐;朱魯華;;基于逆向工程的軟件漏洞挖掘技術(shù)[J];微計算機信息;2006年24期

7 李延會;岳彩祥;徐金艷;李亞斐;;基于Winpcap的數(shù)據(jù)包捕獲和協(xié)議分析系統(tǒng)的設計與實現(xiàn)[J];中國科技信息;2009年10期

8 徐蕾;;利用操作系統(tǒng)異常處理保護進行反調(diào)試[J];科技資訊;2008年07期

，

本文編號：2346679