Design and Implementation of a Windows based Kernel Anti-Cheat to Ensure Realtime Integrity and a Tamper-Free Environment

The goal of this bachelor thesis is to explore the structure and functionality of a modern anti-cheat system and to answer the question of how the various security measures can be circumvented and strengthened. Within the bachelor thesis a prototype of an anti-cheat system for Windows x64 will be developed.

Among other things, the functionality of cheats will be explained and various different methods analyzed. This knowledge will then be used in the development and used to develop methods for the detection and/or blocking of cheats. The components of the anti-cheat system are described successively and implemented in the prototypes. This includes a client and service in user mode and a driver in the kernel mode.

The mentioned components will then be used to investigate the various anti-cheat methods such as detection of debuggers, tools, virtual machines, kernel drivers, code injections and hooks. The driver may implement some of these methods but the main task will be to register appropriate callbacks to restrict memory access to user-mode processes. This work focuses exclusively on client protection. This includes Preventive Protection, which aims to make cheat development more difficult by detecting tools and debuggers.As well as Proactive Protection, which actively looks for known cheats.

To illustrate the effectiveness of the measures discussed, either suitable cheats are developed, which are then detected and blocked by the anti-cheat. Alternatively, the effectiveness of the selected security measures can be illustrated by the functioning of suitable interfaces. The functionality of suitable interfaces can be used to illustrate the effectiveness of the selected security measures. Client-server communication and associated protocols are not covered.