The Unreal Admins Page - Forums

The Unreal Admins Page - Forums (https://unrealadmin.org/forums/index.php)
-   General Chat (https://unrealadmin.org/forums/forumdisplay.php?f=184)
-   -   How to read UTDC logs (https://unrealadmin.org/forums/showthread.php?t=11702)

Troublesome 30th July, 2005 01:05 PM

How to read UTDC logs
 
UTDC have a few different checks which can be diffecult to figure out how to act on, so here is some help:

Log headline: Client have hooked functions
This one shouldn't give any false positives. If you get a hook match unknown and no suspect processes from which you can identify the cheat then post the log on the UTDC forum for clarification.

Log headline: Client have failed integrity check
The client have failed the file MD5 check. As file corruptions do occur, you need to know if the failed MD5 hash match a cheat file or you need to ask for the file that failed the check, to check if it's a cheat or file corruption. If you can't do any of the above to identify the file as a cheat, then assume that it was a file corruption that cause the failed check. If other players fail the check with the same bad MD5 hash you can assume it's a cheat file or a legit file you don't know about. Search the forums or ultimately get the file to check if it's a cheat.

Log headline: Client have corrupt memory
Corrupt memory can be caused by a cheat or some computer error. From UTDC v.1.7 there is given a MD5 hash, that express the pattern of the corruption. A cheat will (almost) always give the same hash. Therefore you can treat this hash same way as the hash for the file check and determine if it's a cheat the same way as a client that fail integrity check.

Log headline: Client is using a cheat
There should be enough log information to determine if it's a false positive. If you are in doubt then search the UTDC forum and post there. There is a problem with false positives with the speedhack detection, so player kick is default off for this.

Screenshotting
From UTDC v.1.7 you can screenshot the clients to look for any suspicious things. It can be bypassed by some cheats, so it isn't 100% reliable and shouldn't be proff for *not* cheating.

***the end***

BLTicklemonster 27th August, 2005 03:58 AM

Thank you very much for that.

One thing, though, we use hidden admin, and I haven't attempted to try a screenshot on anyone. But when I do, I suppose I must log in to regular admin, right?

(stupid questions get smart answers)

BLTicklemonster 9th July, 2007 06:30 PM

Oops sorry, I started a new thread here: http://www.unrealadmin.org/forums/sh...333#post124333

[ZSZ]Evil_Dragon 19th October, 2007 08:51 AM

Quote:

Originally Posted by Troublesome (Post 66785)
...If other players fail the check with the same bad MD5 hash you can assume it's a cheat file or a legit file you don't know about...

Log headline: Client have corrupt memory
... A cheat will (almost) always give the same hash. Therefore you can treat this hash same way as the hash for the file check and determine if it's a cheat the same way as a client that fail integrity check.
...

Now meanwhile I have 5 different players with this:
[UTDCv20c] Client have corrupt memory
..
[UTDCv20c] Corruption hash..: DC75B03DA903207E6DC95FA15177C33C


So according to the above I should think it's a cheat, but then again their altered addresses (always the same either) starts with 7C9:
[UTDCv20c] Altered addresses: 7C90E88C-25FF9090/1B89090,7C90E890-5F0E001E/BA000001,
which is supposed to be false positives.

Now what? With 5 different guys with all the same stuff are they all cheating or is this actually something legit that nobody knows?

nogginBasher 1st November, 2007 01:00 PM

This page has a section "How to read UTDC logs": http://wiki.unrealadmin.org/UTDC

[ZSZ]Evil_Dragon 2nd November, 2007 12:45 AM

Yes, that's where first Troublesome (and later I) quoted from.

So can you answer my question?

Mortal-Karma 28th December, 2007 10:56 PM

Unanswered..Yes i asked before,,lol
 
UTDC 20C KICKS ME FOR CORRUPT MEMORY

OK ..I HAVE CHANGED NOTHING SINCE THE PREVIOUS VERSION
Idont know how to find the problem..cant access AMLP.. OR LOG.. etc..

[UTDCv20c] Corruption hash..: EE636CF6C7A3AE394075468C828E2C1F
[UTDCv20c] Altered addresses: 7C90D584-65E99090/19B89090,7C90D588-BA936F7A/BA000000,7C917188-E9909090/68909090,7C91718C-936EDD80/C4,
[UTDCv20c] Date/Time........: 07-12-2007 / 18:39:37

Kicked..
OK U MADE THE THING, NOW TELL ME WHAT MY PROBLEM IS PLEASE
SO I CAN FIX IT...

[ROF]Mortal-Karma
M.K
John..

[ZSZ]Evil_Dragon 29th December, 2007 01:15 AM

I don't think he or anyone can help you.
All I ever heard here is that these are all false positives. But what is causing them seems to be beyond anyone's knowledge.
And the author doesn't seem to reply anymore anyway.

If ZSZ would kick for corrupt Memory then our server would be empty.

Good job, Troublesome, on UTDCv18 - I really like it!
But as for 20 or 20c (even bypassed yet by Helios as we could read in another threat) - honestly - I think it was a GIANT step backwards!

[SwS]Next 29th December, 2007 04:41 AM

Quote:

Originally Posted by [ZSZ]Evil_Dragon (Post 136246)
I don't think he or anyone can help you.
All I ever heard here is that these are all false positives. But what is causing them seems to be beyond anyone's knowledge.
And the author doesn't seem to reply anymore anyway.

If ZSZ would kick for corrupt Memory then our server would be empty.

Good job, Troublesome, on UTDCv18 - I really like it!
But as for 20 or 20c (even bypassed yet by Helios as we could read in another threat) - honestly - I think it was a GIANT step backwards!

no 64bit windows does not work on 1.8 or under

That was a big improvement

Baiter 29th December, 2007 07:00 AM

Agreed. There were ALOT of new bugs introduced, but there were alot of big fixes.

A step in the right direction. Not a huge step, but a step nevertheless :P


All times are GMT +1. The time now is 09:54 AM.

 


All pages are copyright The Unreal Admins Page.
You may not copy any pages without our express permission.