You are an unregistered user, you can register here
Navigation

Information

Site

Donations
If you wish to make a donation you can by clicking the image below.


Site Sponsor

BeyondUnreal News

 
Go Back   The Unreal Admins Page > Forums > Hosted Forums > UTDC > General Chat

Reply
Thread Tools Display Modes
  #1  
Unread 30th July, 2005, 01:05 PM
Troublesome Troublesome is offline
Godlike
 
Join Date: Aug 2004
Posts: 361
Post How to read UTDC logs

UTDC have a few different checks which can be diffecult to figure out how to act on, so here is some help:

Log headline: Client have hooked functions
This one shouldn't give any false positives. If you get a hook match unknown and no suspect processes from which you can identify the cheat then post the log on the UTDC forum for clarification.

Log headline: Client have failed integrity check
The client have failed the file MD5 check. As file corruptions do occur, you need to know if the failed MD5 hash match a cheat file or you need to ask for the file that failed the check, to check if it's a cheat or file corruption. If you can't do any of the above to identify the file as a cheat, then assume that it was a file corruption that cause the failed check. If other players fail the check with the same bad MD5 hash you can assume it's a cheat file or a legit file you don't know about. Search the forums or ultimately get the file to check if it's a cheat.

Log headline: Client have corrupt memory
Corrupt memory can be caused by a cheat or some computer error. From UTDC v.1.7 there is given a MD5 hash, that express the pattern of the corruption. A cheat will (almost) always give the same hash. Therefore you can treat this hash same way as the hash for the file check and determine if it's a cheat the same way as a client that fail integrity check.

Log headline: Client is using a cheat
There should be enough log information to determine if it's a false positive. If you are in doubt then search the UTDC forum and post there. There is a problem with false positives with the speedhack detection, so player kick is default off for this.

Screenshotting
From UTDC v.1.7 you can screenshot the clients to look for any suspicious things. It can be bypassed by some cheats, so it isn't 100% reliable and shouldn't be proff for *not* cheating.

***the end***
Reply With Quote
  #2  
Unread 27th August, 2005, 03:58 AM
BLTicklemonster BLTicklemonster is offline
Holy Shit!!
 
Join Date: May 2004
Posts: 1,001
Default

Thank you very much for that.

One thing, though, we use hidden admin, and I haven't attempted to try a screenshot on anyone. But when I do, I suppose I must log in to regular admin, right?

(stupid questions get smart answers)
Reply With Quote
  #3  
Unread 9th July, 2007, 06:30 PM
BLTicklemonster BLTicklemonster is offline
Holy Shit!!
 
Join Date: May 2004
Posts: 1,001
Default

Oops sorry, I started a new thread here: http://www.unrealadmin.org/forums/sh...333#post124333

Last edited by BLTicklemonster : 9th July, 2007 at 06:43 PM.
Reply With Quote
  #4  
Unread 19th October, 2007, 08:51 AM
[ZSZ]Evil_Dragon's Avatar
[ZSZ]Evil_Dragon [ZSZ]Evil_Dragon is offline
Holy Shit!!
 
Join Date: Jul 2004
Location: Germany
Posts: 659
Default

Quote:
Originally Posted by Troublesome View Post
...If other players fail the check with the same bad MD5 hash you can assume it's a cheat file or a legit file you don't know about...

Log headline: Client have corrupt memory
... A cheat will (almost) always give the same hash. Therefore you can treat this hash same way as the hash for the file check and determine if it's a cheat the same way as a client that fail integrity check.
...
Now meanwhile I have 5 different players with this:
[UTDCv20c] Client have corrupt memory
..
[UTDCv20c] Corruption hash..: DC75B03DA903207E6DC95FA15177C33C


So according to the above I should think it's a cheat, but then again their altered addresses (always the same either) starts with 7C9:
[UTDCv20c] Altered addresses: 7C90E88C-25FF9090/1B89090,7C90E890-5F0E001E/BA000001,
which is supposed to be false positives.

Now what? With 5 different guys with all the same stuff are they all cheating or is this actually something legit that nobody knows?
__________________
www.zszclan.com



click here to play
Reply With Quote
  #5  
Unread 1st November, 2007, 01:00 PM
nogginBasher nogginBasher is offline
Dominating
 
Join Date: Jun 2005
Location: Bristol UK
Posts: 125
Default

This page has a section "How to read UTDC logs": http://wiki.unrealadmin.org/UTDC
__________________
[ UT servers: XOL DOG 400 CTF | .nzp CTF/LMS/Siege (nB+evil_bill) | RIP ELMS | wHartHog's PigPen crazy CTF ]

Reply With Quote
  #6  
Unread 2nd November, 2007, 12:45 AM
[ZSZ]Evil_Dragon's Avatar
[ZSZ]Evil_Dragon [ZSZ]Evil_Dragon is offline
Holy Shit!!
 
Join Date: Jul 2004
Location: Germany
Posts: 659
Default

Yes, that's where first Troublesome (and later I) quoted from.

So can you answer my question?
__________________
www.zszclan.com



click here to play
Reply With Quote
  #7  
Unread 28th December, 2007, 11:56 PM
Mortal-Karma Mortal-Karma is offline
Forum Newcomer
 
Join Date: Nov 2007
Location: By the Sea
Posts: 4
Default Unanswered..Yes i asked before,,lol

UTDC 20C KICKS ME FOR CORRUPT MEMORY

OK ..I HAVE CHANGED NOTHING SINCE THE PREVIOUS VERSION
Idont know how to find the problem..cant access AMLP.. OR LOG.. etc..

[UTDCv20c] Corruption hash..: EE636CF6C7A3AE394075468C828E2C1F
[UTDCv20c] Altered addresses: 7C90D584-65E99090/19B89090,7C90D588-BA936F7A/BA000000,7C917188-E9909090/68909090,7C91718C-936EDD80/C4,
[UTDCv20c] Date/Time........: 07-12-2007 / 18:39:37

Kicked..
OK U MADE THE THING, NOW TELL ME WHAT MY PROBLEM IS PLEASE
SO I CAN FIX IT...

[ROF]Mortal-Karma
M.K
John..
Reply With Quote
  #8  
Unread 29th December, 2007, 02:15 AM
[ZSZ]Evil_Dragon's Avatar
[ZSZ]Evil_Dragon [ZSZ]Evil_Dragon is offline
Holy Shit!!
 
Join Date: Jul 2004
Location: Germany
Posts: 659
Default

I don't think he or anyone can help you.
All I ever heard here is that these are all false positives. But what is causing them seems to be beyond anyone's knowledge.
And the author doesn't seem to reply anymore anyway.

If ZSZ would kick for corrupt Memory then our server would be empty.

Good job, Troublesome, on UTDCv18 - I really like it!
But as for 20 or 20c (even bypassed yet by Helios as we could read in another threat) - honestly - I think it was a GIANT step backwards!
__________________
www.zszclan.com



click here to play
Reply With Quote
  #9  
Unread 29th December, 2007, 05:41 AM
[SwS]Next [SwS]Next is offline
Unstoppable
 
Join Date: Nov 2007
Posts: 219
Default

Quote:
Originally Posted by [ZSZ]Evil_Dragon View Post
I don't think he or anyone can help you.
All I ever heard here is that these are all false positives. But what is causing them seems to be beyond anyone's knowledge.
And the author doesn't seem to reply anymore anyway.

If ZSZ would kick for corrupt Memory then our server would be empty.

Good job, Troublesome, on UTDCv18 - I really like it!
But as for 20 or 20c (even bypassed yet by Helios as we could read in another threat) - honestly - I think it was a GIANT step backwards!
no 64bit windows does not work on 1.8 or under

That was a big improvement
__________________
CLICK EITHER OF MY SIGS TO DONATE!

Reply With Quote
  #10  
Unread 29th December, 2007, 08:00 AM
Baiter's Avatar
Baiter Baiter is offline
Holy Shit!!
 
Join Date: Apr 2004
Location: Houston, TX
Posts: 1,566
Default

Agreed. There were ALOT of new bugs introduced, but there were alot of big fixes.

A step in the right direction. Not a huge step, but a step nevertheless
__________________
-={SDA}=-Baiter | Maker of Sniper's Heaven
Clan SDA | UT Server Baiter Edition | Play Sniper's Heaven!!! | SDA Gaming Servers
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT +1. The time now is 11:30 AM.


Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.

All pages are copyright The Unreal Admins Page.
You may not copy any pages without our express permission.