Open source anticheat for protecting your software against tampering and reverse engineering.
- Detects loaded dlls which are not digitally signed.
- Detects loaded kernel modules which are not digitally signed.
- Strips permissions of handles that are attempted to be opened to any of our protected processes.
- Detects system threads which have a start address outside of any legitimate kernel module.
- Detects system threads which are attached to any of our protected processes.
- Detects process threads which have a start address outside of any legitimate module in the respective protected process.
- Detects debugged attached via the PEB's
BeingDebuggedbyte. - Force-triggering PatchGuard (KPP) checks to run (causes bugcheck to occur if there are any violations of PatchGuard's checks).
- Causing bugcheck if PatchGuard (KPP) is disabled / has an invalid context.
- Checking usage of reserved MSRs (model specific registers).
- Sending non maskable interrupts and analyzing the rip to detect execution outside of valid kernel modules.
- Resolving all driver imports manually.
I have tested the anticheat on Windows 10 22H2 and Windows 11 24H2, but I have implemented offsets for each build from Windows 10 1507 -> Windows 11 24H2, so the anticheat should in theory function for all the Windows 10 and Windows 11 versions currently released to the public.
- papstuc for the nocrt portable executable library used.
- jonomango, Satoshi Tanda, and Petr Beneš for their contributions to the ia32-doc project.
This project has been placed under the GNU General Public License, if there are any specific enquiries regarding usage, please contact the founder of the project noahware.