After releasing the cleo that makes half of hits going trough player without taking damage, new sobeit features and hitting some doubtful players. I decided it is time to move my lazy _ass to do something against it. Some time back I made an application focused against injected .dlls and modified data. It is not focused against basic cheats.exe because everyone would easily turn it off before testing.• What it does?
It is client-side application made in C++ that list all injected DLL libraries in gta_sa.exe and list whole folder of running GTA.• How to test?
Minimize your running game and run the test.exe. It makes result.test which is encrypted to be not so easy modified.• How to decrypt result.test?
Run test_decoder.exe and there enter a path to result.test. It makes result_decrypted.txt.• How can I decide if it is clean or not?
There are 2 ways ^^. Both cleo and sobeit we can see in list of injected modules and GTA:SA directory file list.
(Cleo uses vorbisHooked.dll and *.asi scripts, sobeit uses d3d9.dll in GTA directory [ENB maybe uses it too]).
Or compare size of for example ped.ifp if it is default or not.• Is there any way to evade/corrupt test?
Output is encrypted, so it is not easily editable.
Evade is easy "oops, my game just crashed!" or just rejecting request for the test. If you want to use it at CWs, you would better make it as an rule to run it when someone asks. Clean players should have no problem to shut up cryers. Cheaters will allways look for a reason why not to do it.• What is they ask a friend to do it on his clean game?
It reads from RAM nick and server ip where is minimized game connected.
Game is connected to server 184.108.40.206:7777 with nick Banan.• Application download:http://homies.cz/files/test.exe• Decrypter:http://homies.cz/files/test_decoder.exe• Example how can decrypted result look like:http://tinypaste.com/c22117
Designed for SA:MP 0.3c R1, R2, R3 - for: Game is connected to server ... .
I hope I didn't forget to mention something. Ask for anything.
EDIT: Updated for 0.3d R1, R2.