Overview – Scout Overview – Scout

Table of Contents

The Issue #

One of the most common exploits that offline games encounter is memory modification tools being used to modify sensitive values in your game. They do this by performing multiple scans on the memory of your game looking for a value that is changing. Once they know the memory location of the variable they want to modify, they’ll use the tool to WriteProcessMemory a desired value in that location.

Example #

Everybody’s familiar with the game “RuneScape”, here’s an example of Cheat Engine modifying the memory of the game. It’s important to note that RuneScape is server-side authoritative so modifying the quantity is only reflected on the client; however, if this was a single player game, the modified quantity could wind up being saved.

Detection #

While the full version of Scout relies on stripping read/write access to the protected process from Kernel mode, the Lite version of Scout simply obscures the real value from memory scanners.

To obscure the real value from the memory scanners, Scout will create an encrypted version of the variable and rely on that value for legitimate gets and sets. Scout will also place an unencrypted version to bait the memory scanners into modifying the value. Upon modifying the bait value, a violation will be invoked triggering the UnityEvent defined for this module in the Scout Manager.

Powered by BetterDocs