PDA

View Full Version : BUSTED: yesur

Draco
05-19-2008, 03:54 PM
Another one busted running Helios.

[UTDCv18] +---------------------------------------------------+
[UTDCv18] Client have hooked functions
[UTDCv18] Player Name......: yesur
[UTDCv18] Player IP........: 71.54.8.91:26061
[UTDCv18] Client UT Version: v.4.36
[UTDCv18] Client OS........: NotFound
[UTDCv18] Server Received..: Initial check
[UTDCv18] Altered addresses: 10B00000?10300000?10100000?PVTBL-40234218?RVTBL-40234178?GVTBL-40233f48?4022e75c-DI-Unknown?
[UTDCv18] Hook Match.......: Helios hook v4.3-v4.4
[UTDCv18] Suspect Processes: TeaTimer.exe,HelioS-Hook-v4.4.exe,
[UTDCv18] Date/Time........: 19-05-2008 / 09:58:59
[UTDCv18] +---------------------------------------------------+
[UTDCv18] +---------------------------------------------------+
[UTDCv18] Additional memory scan information for player: yesur/71.54.8.91:26061
[UTDCv18] Corruption hash..: D6A1DAA64C2C2E0115A4FBBE609A8FFE
[UTDCv18] Altered addresses: 77A00104-77A00000/77EE0000,GameEngine0 B7F420->40233F48(Unknown),Render0 B3F500->40234178(Unknown),SmallFont B019F0->40234120(Unknown),MouseCursor AF0A80->402340A0(Unknown),WhiteTexture 2791F80->402340A0(Unknown),ChkChecked 4096840->402340A0(Unknown),ChkUnchecked 40966C0->402340A0(Unknown),ChkCheckedDisabled 4096780->402340A0(Unknown),WarShell 5298C00->40234018(Unknown),CTFFlag 4811400->40234018(Unknown),BlueFlag 40960C0->402340A0(Unknown),RedFlag 4094380->402340A0(Unknown),ALplayer0 4D0DC00->40234218(Unknown),UTLadder30 B09380->40234120(Unknown),CHair5 2795E80->402340A0(Unknown),CHair6 2791140->402340A0(Unknown),PVTBL-40234218,RVTBL-40234178,GVTBL-40233f48,
[UTDCv18] +---------------------------------------------------+

~Johnny Jones
BebeDoll
05-20-2008, 07:21 AM
Either there's a heck of alot of cheaters in Fla....or.... hyst

Nice Job Draco :)
ddrblank
05-22-2008, 09:46 AM
Can you detect any program that a user of your server has up or only programs that help them cheat?
Draco
05-22-2008, 11:04 AM
It depends... I know of one guy who was busted because he had an Internet Explorer page open that had helios in the name while playing. The UTDC we use is quite specific in what it looks for in the clients memory. We have case recently where a guy was coming on to our servers using a Toshiba Laptop and kept getting logged over and over for 2 different programs running in the background on his machine. After researching it, it turns out these programs come with the laptop and are used for Zooming in and out on the desktop.

~Johnny Jones
ddrblank
05-22-2008, 01:13 PM
By chance, was that guys name HughTheHand? He's one of my friends, he moved away but came back with a Toshiba lappy, I don't remember if the desktop zoomed in and out though. (He's also the person who got me to get the game :D)