How to read UTDC logs
UTDC have a few different checks which can be diffecult to figure out how to act on, so here is some help:
Log headline: Client have hooked functions This one shouldn't give any false positives. If you get a hook match unknown and no suspect processes from which you can identify the cheat then post the log on the UTDC forum for clarification. Log headline: Client have failed integrity check The client have failed the file MD5 check. As file corruptions do occur, you need to know if the failed MD5 hash match a cheat file or you need to ask for the file that failed the check, to check if it's a cheat or file corruption. If you can't do any of the above to identify the file as a cheat, then assume that it was a file corruption that cause the failed check. If other players fail the check with the same bad MD5 hash you can assume it's a cheat file or a legit file you don't know about. Search the forums or ultimately get the file to check if it's a cheat. Log headline: Client have corrupt memory Corrupt memory can be caused by a cheat or some computer error. From UTDC v.1.7 there is given a MD5 hash, that express the pattern of the corruption. A cheat will (almost) always give the same hash. Therefore you can treat this hash same way as the hash for the file check and determine if it's a cheat the same way as a client that fail integrity check. Log headline: Client is using a cheat There should be enough log information to determine if it's a false positive. If you are in doubt then search the UTDC forum and post there. There is a problem with false positives with the speedhack detection, so player kick is default off for this. Screenshotting From UTDC v.1.7 you can screenshot the clients to look for any suspicious things. It can be bypassed by some cheats, so it isn't 100% reliable and shouldn't be proff for *not* cheating. ***the end*** |
Thank you very much for that.
One thing, though, we use hidden admin, and I haven't attempted to try a screenshot on anyone. But when I do, I suppose I must log in to regular admin, right? (stupid questions get smart answers) |
Oops sorry, I started a new thread here: http://www.unrealadmin.org/forums/sh...333#post124333
|
Quote:
[UTDCv20c] Client have corrupt memory .. [UTDCv20c] Corruption hash..: DC75B03DA903207E6DC95FA15177C33C So according to the above I should think it's a cheat, but then again their altered addresses (always the same either) starts with 7C9: [UTDCv20c] Altered addresses: 7C90E88C-25FF9090/1B89090,7C90E890-5F0E001E/BA000001, which is supposed to be false positives. Now what? With 5 different guys with all the same stuff are they all cheating or is this actually something legit that nobody knows? |
This page has a section "How to read UTDC logs": http://wiki.unrealadmin.org/UTDC
|
Yes, that's where first Troublesome (and later I) quoted from.
So can you answer my question? |
Unanswered..Yes i asked before,,lol
UTDC 20C KICKS ME FOR CORRUPT MEMORY
OK ..I HAVE CHANGED NOTHING SINCE THE PREVIOUS VERSION Idont know how to find the problem..cant access AMLP.. OR LOG.. etc.. [UTDCv20c] Corruption hash..: EE636CF6C7A3AE394075468C828E2C1F [UTDCv20c] Altered addresses: 7C90D584-65E99090/19B89090,7C90D588-BA936F7A/BA000000,7C917188-E9909090/68909090,7C91718C-936EDD80/C4, [UTDCv20c] Date/Time........: 07-12-2007 / 18:39:37 Kicked.. OK U MADE THE THING, NOW TELL ME WHAT MY PROBLEM IS PLEASE SO I CAN FIX IT... [ROF]Mortal-Karma M.K John.. |
I don't think he or anyone can help you.
All I ever heard here is that these are all false positives. But what is causing them seems to be beyond anyone's knowledge. And the author doesn't seem to reply anymore anyway. If ZSZ would kick for corrupt Memory then our server would be empty. Good job, Troublesome, on UTDCv18 - I really like it! But as for 20 or 20c (even bypassed yet by Helios as we could read in another threat) - honestly - I think it was a GIANT step backwards! |
Quote:
That was a big improvement |
Agreed. There were ALOT of new bugs introduced, but there were alot of big fixes.
A step in the right direction. Not a huge step, but a step nevertheless :P |
All times are GMT +1. The time now is 09:54 AM. |