Official site anti-cheat Ultra Core Protector

Home Download F.A.Q. Addons Monitor Forum Support Advertise English version site UCP Anti-Cheat  Russian version site UCP Anti-Cheat
Ultra Core Protector - is the client-server anti-cheat freeware, for server protection from unscrupulous players.

Abilities Supported games  
Half-Life
Condition Zero
Counter-Strike 1.6
Day of Defeat
Adrenaline Gamer
Team Fortress Classic
Counter-Strike Source
MU Online
Ragnarok Online
Half-Life 2 Deathmatch
Adrenaline Gamer 2
Team Fortress 2
How kernel mode injection works?

1) Get the address of KdVersionBlock from KPCR. (__readfsdword)

2) Get the address of MmLoadedUserImageList from KdVersionBlock.

3) Get the base address of ntdll from MmLoadedUserImageList.

4) Parse the export table of ntdll to locate LdrLoadDll.

5) Find a thread to hijack. (ZwQuerySystemInformation)

6) Open the target process. (PsLookupProcessByProcessId)

7) Open the target thread. (PsLookupThreadByThreadId)

8) Attach to target process’s address space. (KeAttachProcess)

8) Allocate memory in target process’s address space. (ZwAllocateVirtualMemory)

9) Copy the DLL name and APC routine into target process’s address space. (memcpy,RtlInitUnicodeString)

10) Set ApcState.UserApcPending to TRUE to force the target thread to execute the APC routine.

11) Allocate an APC object from nonpaged pool. (ExAllocatePool)

12) Initialize the APC and insert it to the target thread. (KeInitializeApc,KeInsertQueueApc)

13) The target thread executes the APC routine in target process’s address space. The APC routine calls LdrLoadDll to load the DLL.

14) Wait for the APC routine to complete.

15) Free the allocated memory. (ZwFreeVirtualMemory,ExFreePool)

16) Detach from target process’s address space. (KeDetachProcess)

17) Dereference the target process and target thread. (ObDereferenceObject)