HS Application Programming-
The game client developer can implement the hack prevention and hacking tool detection features in the following sequence:
AhnLab V3 Nominated as Top Product by AV-TEST on October 2020 Evaluation AhnLab Warns of Phishing Website Disguised as Popular Out-of-Stock Items More. ^ Ahnlab Announces HackShield - The Most Progressive MMOG Anti-Hacking Software. 2005-11-15 2008-09-03. ( 原始内容 存档于2010-02-15).
Write HackShield update function (AhHS_HSUpdateEx): If you are using HackShield Update, write the HackShield update function to automatically update the HackShield module.
Write HackShield monitoring function (AhnHS_StartMonitor): If HackShield Monitoring Server (HSMS) is installed, write the function to send hack and error information to the server.
Write HackShield initialization function (AhnHS_Initialize): Write a code to call the HackShield initialization function to check the file manipulation status and initialize the data.
Write HackShield service start function (AhnHS_StartService): Write a code to call the service start function to block hacking attacks and detect hacking tools.
Write HackShield callback function (AhnHS_Callback): Write a callback function to block hacking attacks and detect hacking tools.
Write HackShield service stop function (AhnHS_StopService): Add stop function call in part to terminate the program to stop the hack prevention and hacking tool detection features.
Write HackShield complete function (AhnHS_Uninitialize): Write a code to call the service stopping function and complete function.
These are the basic HS functions a developer need to write
Now HS needs a licence key to be applied before it can be used
Issuing License Key
You need a license issued from AhnLab to apply HackShield.
You can get a license key issued as follows:
1. Send the name of the executable file that uses EhSvc.dll, the publisher‟s name (region), game developer‟s name, and game program name to AhnLab and request a license key.
2. A unique 4-digit game code and 24-digit character string license key will be issued.
3. Send the issued game code and the license key as the parameters of the Initialization function, _AhnHS_Initialize.
Write HackShield initialization function
After the preparation is complete for programming, call the initialization function, _AhnHS_Initialize. The hack prevention and hacking tool detection features can be executed only when the initialization function is successfully called.
The routine that initializes the game client program instance or the main window calls the initialization function.
Calling the initialization function when EhSvc.dll file is manipulated or the file version is not correct will result in an error (HS_ERR_INVALID_FILES)
The part which calls the HackShield function from the game client program, not the HackShield interface DLL file, EhSvc.dll, could be manipulated. Therefore, it is recommended that the packer program encrypts, compresses and distributes the game client files, to prevent file manipulation in the game client program.But, HackShield provides a feature that prevents games from being started by a cracked executable file using the server interface client crack. This is why _AhnHS_Initialize function is virtualized.
Some users and hackers may attack the program by running a program in the lower compatibility mode provided on the Windows XP. If a program runs on the lower compatibility mode, the current system, Windows XP, will be considered as Windows 98, ME, or Windows 2000. This will cause unexpected results. If the initialization function of HackShield module running on the lower compatibility mode is called, an error (HS_ERR_COMPATIBILITY_MODE_RUNNING) will be returned.
upto this today, i will add more when i will have time
In this series i will keep sharing some of the hackshield sdk info a reverser should know before laying his hand over hackshield. It will be a long series.
DISCLAIMER : I & ANY OTHER 3RD PARTY ARE NOT AFFILIATED ANYWAY WITH AHN LAB ,INC. YOU ARE ONLY ALLOWED TO UTILIZE THE KNOWLEDGE IN A WAY THAT WONT HARM/INVALIDATES ANY COMPANY POLICY AND IN EVENT OF ANY LOSS YOU AND ONLY YOU WILL BE THE ONE TO BE BLAMED.
Why this disclaimer, Ahn Lab doesn’t allow anyone except their clients to peek into their protection features and other details. But we are doing it only for learning process right?
Ahnlab Hackshield
Features of HackShield Pro:
Memory-access block
“Blocks memory access through Windows API (OpenProcess, Read/WriteProcessMemory and etc.). It protects memory in kernel level to block hack attacks that manipulate executable codes or return values.” This thing a bitch, patches critical kernel apis to stop peeking inside the game client
Speed Hack block:
Speed Hack is a program that controls time to arbitrarily speed game up or slow game down by using the Windows time functions or timer processing microprocessor. To block Speed Hack, HackShield frequently monitors the difference between the system time and logical time of the operating system in the microprocessor level. If the difference exceeds a certain value, this could be considered as a speed hack.Note that the detection speed could differ according to the user system, operating system or game type.
Enhanced auto-mouse detection *
Detects auto-mouse to prevent server overload and arbitrary control of the game. A new feature of detecting auto-mouse that runs as a hardware such as USB, has been added to HackShield 2.0 as well as automouse that runs as a program.
File manipulation detection
Checks the integrity of HackShield files when HackShield is initialized and/or when a game is running to make sure the files are the ones initially distributed. It also detects if the files have been modified or if the file names have been changed.In simpler words client crc checks
Debugging detection
Detects all debugging tracing to prevent games from being debugged. If any debugger, such as SoftICE, is detected when initializing HackShield, then HackShield returns an error to block it.
Signature-based detection
Provides signatures-based detection. If a hacking tool is detected using a predefined signature, an error message with the path of the program is displayed.
Server-side detection *
Interoperates with the server to monitor manipulation of executable files and memory in real time and check HackShield operation status. In HackShield Pro, it was inconvenient to manage the file/memory CRC of the client in the server. So, a new Artificial Intelligence (AI) feature that automatically manages the file/memory CRC in the server has been added to HackShield 2.0.
Data file/message encryption
Encrypts important data files and messages sent and received between the server and the client, to secure data even when they are exposed.
Memory heuristic detection *
Memory heuristic detection has been added: it identifies the characteristics of hacking tools in the memory to counter new hack attacks in which no signature exists yet. When a hacking tool is detected by the memory heuristic detection engine, an error message “Unknown: error code” will be displayed.
HackShield update *
When HackShield update is available, it is updated through the HackShield Update server.
HackShield hacking monitoring system *
Monitors hack attacks and errors occurred in the game client in real time. You can access the HackShield hacking monitoring system through the web, and generate various reports.
* features are either enhanced from previous generation or newly added
Client File Types
There are other files which come with the sdk but those are for server only and doesnt required
next i will keep describing hackshield driver exceptions which can occur during startup
HackShield Driver Error
[ErrorCode: 0x00000102] Failed to initialize HackShield driver
Symptoms
1. An error message (Error Code: 0x00000102) occurs, and the game does not run.
Cause
An error occurred when the HackShield driver is initialized.
There could be a program that might prevent the driver from being initialized
Solution
1. It could be a temporary error, restart the game.
2. There could be a program that might prevent the driver from being initialized. Restart the computer
and then run the game again.
If the error persists after following the above procedure, perform the step below:
Get information on the system in which the error occurred and send the log file to AhnLab. For details, refer to [4. Error Information Collection Method > Collecting and analyzing error information using AhnReport > Collecting HackShield log].
[ErrorCode: 0x00000108] Failed to initialize HackShield module
Symptoms
1. An error message (Error Code:0x00000108) occurs, and the game does not run.
Cause
An error occurred as HackShield is not compatible with Symantec’s EndPoint Protection.
This error does not occur in EndPoint Protection version released from 2010.
Solution
Visit Symantec website, and download the latest EndPoint Protection and reinstall it
If the error persists after following the above procedure, perform the step below:
Get information on the system in which the error occurred and send the log file to AhnLab. For details, refer to [4. Error Information Collection Method > Collecting and analyzing error information using AhnReport > Collecting HackShield log].
[ErrorCode: 0x00000203 – 4] Failed to start HackShield driver
Symptoms
1. An error message (Error Code: 0x00000203 or 0x00000204) occurs, and the game does not run.
Cause
An error occurred when the HackShield driver is loaded.
There could be a program that might prevent the HackShield driver from being loaded.
Solution
1. It could be a temporary error, restart the game.
2. There could be a program that might prevent the driver from being initialized. Restart the computer
and then run the game again
Ahnlab Hackshield Download
If the error persists after following the above procedure, perform the step below:
Get information on the system in which the error occurred and send the log file to AhnLab. For details, refer to [4. Error Information Collection Method > Collecting and analyzing error information using AhnReport > Collecting HackShield log].
[ErrorCode: 0x00010301] Hooking Detection
Symptoms
1. An error message (Error Code: 0x00010301) occurs, and the game is terminated.
Cause
Hooking has been detected in a system file or HackShield file.
There could be a conflict with a program installed on your PC.
(HackShield 5.3.7.1 version may detect steam programs.)
Solution
A. Terminate the Steam program. Or, remove the program.
If hacking attacks keep on being detected after following the above procedure, perform the step below:
Get information on the system in which the error occurred and send the log file to AhnLab. For details, refer to [4. Error Information Collection Method > Collecting and analyzing error information using AhnReport > Collecting HackShield log].
[ErrorCode: 0x00010302] Failed to load HackShield driver
Symptoms
1. An error message (Error Code: 0x00010302) occurs, and the game is terminated.
Cause
The HackShield driver has not been properly loaded.
There could be a program that might prevent the HackShield driver from being loaded.
Solution
1. It could be a temporary error, restart the game.
2. There could be a program that might prevent the driver from being initialized. Restart the computer
and then run the game again.
If the error persists after following the above procedure, perform the step below:
Get information on the system in which the error occurred and send the log file to AhnLab. For details, refer to [4. Error Information Collection Method > Collecting and analyzing error information using AhnReport > Collecting HackShield log].
[ErrorCode: 0x00000203 – 4] Failed to start HackShield driver
Symptoms
1. An error message (Error Code: 0x00000203 or 0x00000204) occurs, and the game does not run.
Cause
An error occurred when the HackShield driver is loaded.
There could be a program that might prevent the HackShield driver from being loaded.
Solution
1. It could be a temporary error, restart the game.
2. There could be a program that might prevent the driver from being initialized. Restart the computer and then run the game again.
If the error persists after following the above procedure, perform the step below:
Get information on the system in which the error occurred and send the log file to AhnLab. For details, refer to [4. Error Information Collection Method > Collecting and analyzing error information using AhnReport > Collecting HackShield log].
[ErrorCode: 0x00010301] Hooking Detection
Symptoms
1. An error message (Error Code: 0x00010301) occurs, and the game is terminated.
Cause
Hooking has been detected in a system file or HackShield file.
There could be a conflict with a program installed on your PC.
(HackShield 5.3.7.1 version may detect steam programs.)
Solution
A. Terminate the Steam program. Or, remove the program.
If hacking attacks keep on being detected after following the above procedure, perform the step below:
Get information on the system in which the error occurred and send the log file to AhnLab. For details, refer to [4. Error Information Collection Method > Collecting and analyzing error information using AhnReport > Collecting HackShield log].
[ErrorCode: 0x00010302] Failed to load HackShield driver
Symptoms
1. An error message (Error Code: 0x00010302) occurs, and the game is terminated.
Cause
The HackShield driver has not been properly loaded.
There could be a program that might prevent the HackShield driver from being loaded.
Solution
1. It could be a temporary error, restart the game.
2. There could be a program that might prevent the driver from being initialized. Restart the computer and then run the game again.
If the error persists after following the above procedure, perform the step below:
Get information on the system in which the error occurred and send the log file to AhnLab. For details, refer to [4. Error Information Collection Method > Collecting and analyzing error information using AhnReport > Collecting HackShield log].
[ErrorCode: 0x00000004] Application compatibility error when initializing HackShield
Symptoms
1. An error message (Error Code: 0x00000004) occurs, and the game is terminated.
Cause
The game client has been executed in Windows Compatibility Mode.
Solution
2. Right-click on the game icon, and select Properties.
3. Select the Compatibiltiy tab as the picture below.
4. Check whether compatibility mode is enabled. Disable it.
If the error persists after following the above procedure, perform the step below:
Get information on the system in which the error occurred and send the log file to AhnLab. For details, refer to [4. Error Information Collection Method > Collecting and analyzing error information using AhnReport > Collecting HackShield log].
This is the possible external HS errors which can occur and will be visible to the end user, on next part we will focus on internal exceptions that can occur during gameplay