Official site anti-cheat Ultra Core Protector

Home Download F.A.Q. Addons Monitor Forum Support Advertise English version site UCP Anti-Cheat  Russian version site UCP Anti-Cheat
Ultra Core Protector - is the client-server anti-cheat freeware, for server protection from unscrupulous players.

Abilities Supported games  
Half-Life
Condition Zero
Counter-Strike 1.6
Day of Defeat
Adrenaline Gamer
Team Fortress Classic
Counter-Strike Source
MU Online
Ragnarok Online
Half-Life 2 Deathmatch
Adrenaline Gamer 2
Team Fortress 2
MTA FairplayKD Driver Reversed and Exploited for RPM

So, I wanted to know how they make the HWIDs and I eneded up reversing most of their kernel driver
…and what I was searching for wasn’t there

Anyway, I’ll upload the IDA database so you can look at the pseudocode to see how basic kernel protection looks like
Also, it’s worth it to look at how they whitelist certain processes based on filename only

The driver is controlled using IOCTL and any usermode process can use it

It can be exploited for kernel mode memory reading but not writing
However only x86 processes can use it safely since it only accepts a 32bit pointer for the read buffer

I’ll also include an example project that demonstrates how to use it for RPM (compile in x86)
(You might need to traverse the module list from PEB)

Here is a part from their own RPM implementation

MTA FairplayKD

This is my example code in action

MTA FairplayKD 2

Now that I think about it, I didn’t see a command for closing the handle xP