Computers And Games: 4Th International Conference, Cg 2004, Ramat

Search for more papers by this author

School of Cybersecurity, Korea University, Seoul, Rep. of Korea

Search for more papers by this author

Department of Information Security, Seoul Women’s University, Seoul, Rep. of Korea

Search for more papers by this author

Corresponding Author

School of Cybersecurity, Korea University, Seoul, Rep. of Korea

Correspondence

Kyounggon Kim, School of Cybersecurity, Korea University, Seoul, Rep. of Korea.

Đang xem: Computers and games: 4th international conference, cg 2004, ramat

Trust & Safety of Cyber Security Center, LINE Corporation, Tokyo, Japan

Search for more papers by this author

School of Cybersecurity, Korea University, Seoul, Rep. of Korea

Search for more papers by this author

Department of Information Security, Seoul Women’s University, Seoul, Rep. of Korea

Search for more papers by this author

Corresponding Author

School of Cybersecurity, Korea University, Seoul, Rep. of Korea

Correspondence

Kyounggon Kim, School of Cybersecurity, Korea University, Seoul, Rep. of Korea.

PDF
Please review our Terms and Conditions of Use and check box below to share full-text version of article.

Xem thêm: Cách Lên Đồ Cho Butterfly Mùa 10, Hướng Dẫn Chơi Butterfly Liên Quân Mobile Mùa 19

Shareable Link

Use the link below to share a full-text version of this article with your friends and colleagues. Learn more.

Xem thêm: 1️⃣ Bảng Ngọc Warwick Top Mua 9 2019, Bảng Ngọc Warwick Đi Rừng Lmht Mùa 10

Therefore, security solutions are not the best way to safeguard games. When a security solution is bypassed, DLL injection and code injection are possible using several techniques.

2.2 Memory forgery and alteration

If the security solution is bypassed, the attacker can then analyze the online game client and attempt to attack based on the analysis. One of the methods of attack is memory forgery and alteration. Memory forgery and alteration changes some options and values used by the game client on the operating system to make the game easier and faster. Memory forgery and alteration uses the process illustrated in Figure1.

Figure2 depicts the method that can be used by malware to inject a malicious DLL into other processes. First, the malware opens the process using the OpenProcess function, which returns an open handle that is responsible for checking the process privileges; this handle is used to grant the right access to the target process. Second, the malware allocates memory using the VirtualAllocEx function to specify the correct path for the malicious DLL. Third, it writes the DLL path using the WriteProcessMemory function. Once the path has been created, the malware initiates the CreateRemoteThread function to create a thread on the target process, instructing the thread to load the malicious DLL remotely. As a result, the malware attaches the malicious DLLs on the target process and can compromise critical data on the victim’s machine.