MemWars — Game-Security Pen-Testing Framework

MemWars — Game-Security Pen-Testing Framework (Master Thesis)

Built a Windows-kernel-aware exploitation lab that pressure-tests commercial anti-cheat engines and reveals zero-day bypasses.

Date: Mar 2018 – Jan 2019 (M.Sc. thesis submission 2 Jan 2019) (GitHub)
Roles: Security Researcher · C++ Developer · Reverse-Engineer
Team size: 1
Institution: Philipps-Universität Marburg
Core Stack:
Engine: C++17 · C · Objective-C · Lua 5.3 (scripting)
Windows Internals: WinAPI · Capcom vulnerable driver · LSASS RPC · Direct3D 11
Tooling/DevOps: Visual Studio · CMake · WinDbg · IDA Pro · GoogleTest · GitHub Actions

Show more ↓

1. Problem

Game publishers rely on client-side anti-cheat to keep competitive matches fair, yet modern cheats operate from the Windows kernel and routinely slip through. Developers lacked a repeatable way to measure how easily their titles could be compromised. (GitHub)

2. Solution Overview

I authored MemWars, a four-layer, modular penetration-testing framework that automates both classic and kernel-level game-hacking techniques:

Layer	Purpose	Representative Tech
Core	Win-privilege helpers, process discovery	WinAPI
Attack Methods	7 basic + 4 advanced exploit modules	DLL/Driver loaders, Shellcode
Pen-Test Routines	Measure success, log evidence	GoogleTest, JSON reports
Lua Interface	Scriptable orchestration & fuzzing	Lua 5.3

Implemented attack catalogue: DLL/Socket/IAT hooks, Thread Hijack, D3D 11 overlay, LSASS abuse, Hidden-Kernel-DLL injection, Manual-mapped driver, more. (GitHub)

3. Impact

Evaluated four mainstream anti-cheat suites (VAC, EAC, BattlEye, Warden) across 9 AAA titles; kernel-mode exploits bypassed 100 % of client protections while user-mode exploits were mostly stopped.
Confirmed a persistent Manual-Mapped-Driver bypass that remained undetected by VAC after six weeks of live gameplay.
MemWars open-sourced on GitHub & grew to 200+ commits, 48 stars.

4. My Contributions

Designed the architecture, implemented every exploit & defensive hook, built Lua DSL, wrote automated evaluation suite, and authored the 90-page thesis.

5. Key Challenges & Mitigations

Challenge	Mitigation / Result
Microsoft driver-signing barrier	Leveraged Capcom CVE driver to load unsigned kernel payloads
Preventing in-game crashes	Dynamic sandbox & timeout watchdog inside each Lua routine
Keeping attacks stealthy	Shared-memory comms; no IOCTL footprint