I need someone that have experience in developing anti hack in the past.
My situation is a server MMORPG that receive connection in 6 ports TCP each is a gameserver where the client stay connected, the ports are:
If I put netstat -n will return many things and the people connected on those ports like:
TCP 18.104.22.168:53901 22.214.171.124:52178 ESTABLISHED
TCP 126.96.36.199:53902 188.8.131.52:64521 ESTABLISHED
TCP 184.108.40.206:55903 220.127.116.11:55130 ESTABLISHED
TCP 18.104.22.168:55904 22.214.171.124:4759 ESTABLISHED
TCP 126.96.36.199:55905 188.8.131.52:51532 ESTABLISHED
TCP 184.108.40.206:55906 220.127.116.11:58281 ESTABLISHED
That mean each of this IP are playing in one gameserver different.
I current have a anti hack http://www.gamehackprotector.com/ that close the hack programs that are running in memory or proccess or hidden in ring level 3 or anywhere in the computer, the big problem is that people create a bypass http://www.youtube.com/watch?v=oP4Ugl9YCag that can jump it.
To solve the problem I got one idea, close the connection that when checked is not running the current anti hack GHP.
To close the connection the program get the IP by running netstat -n and only are connected to the gameserver port, them with the client IP it send a packet to client where it ask for a verification, some hash that will not be possible bypass, and the client will be running a dll or some .exe software that will receive this information into a TCP port and will check in memory if the GHP is running, if is running return to the server that everything is fine, server receive it and nothin happen. If the client are not able to provide the return message coded with some hash that is not possible bypass, them the server will execute the netsh command to block that IP address and save the data server block it to unblock after 2 hours.
To make the IP client block we can use netsh or we can use a open source software called Qaas Firewall http://sourceforge.net/projects/qaaswall-window/files/ by a command like blockq.exe IP client it block it, and with other like unblockq.exe IP client it unblock it.
This is my idea to fix the bypass problem one time I do not have source code of GHP but I can talk with them to include my DLL in my compilation so I can make a way to avoid bypass and can keep the safe anti hack solution of GHP that can close alot of programs, cheats, hidden and everything.
I want people to make it in C or C++, because the Java or Delphi or other languages will need frameworks and most of clients do not have it. But C or C++ do not need framework and if need, will be one allready came with the game that is the Microsoft Visual C++ 6.0. But is best do not need it. I put people know Assembly because maybe someone know a way to fix that, one time the bypass are made by using OllyDbg or something related with Assembly.
I am open for other ideas for anti hack solution, I prefere to talk with people that allready have done in the past something similar.