BattlEye problems

[Seitan 8]

Could you please test the new version?

Testing new version:

People get kicked for folowing reasons: "Update failed" "Client not responding" and new one which also happend to me when i tryed to take a screenshot "DirectX_3DHook"

I know the idea is nice. But it is causing more problems then it does good at the moment.

BattlEye --->

[$able 2]

"Client not responding" is normal when people's game crashes (often you see the losing connection message before).

Anyway, I just was on the SES server and saw mass kicking for "Client not responding" after the server timed out. I am sorry, but this is normal if the connection breaks up completely.

Btw, it seems that the server is completely unreachable at the moment, I can't join it anymore. This is related to the server's connection or the server crashed internally (hence the timeout).

[Yoma 0]

"Client not responding" is normal when people's game crashes (often you see the losing connection message before).

Anyway, I just was on the SES server and saw mass kicking for "Client not responding" after the server timed out. I am sorry, but this is normal if the connection breaks up completely.

Btw, it seems that the server is completely unreachable at the moment, I can't join it anymore. This is related to the server's connection or the server crashed internally (hence the timeout).

"Client not responding" is indeed the message i get too.

But not only on the SES server, on about every server i've connected to that has BE enabled at some point i got this.

Could it simply be related to dsync on connection.

The more players are on the server, the more it occurs.

I'm pretty sure that in a lot of cases the server has not crashed, but is simply "busy". (if it would have crashed, i wouldn't be able to reconnect 10 seconds later to find the others still playing same map)

That said, i too cannot connect to the SES server at the moment.

"DirectX_3DHook"

Is most likely the message it will give when user uses stuff like fraps/TSoverlay or rivatuner and the likes that can display FPS/ change information DX displays onscreen.

It's completely comprehensible that they block stuff like that.

I can imagine it would be very very possible to write an overlay that would light up/mark enemies, make vegetation/buildings transparent etc etc. A lot of cheats could occur there i guess. BIS should at least have a fps counter you can open, so people can look at their fps without being kicked.

[Lolsav 0]

I understand the reasons Yoma stated but im not happy with it. Many ppl like to make videos from what happens online, using FRAPS or other tool. If that is going to be a problem... that´s not good news.

Wonder if it happens with TSdisplay also? The tool to show who is talking on TS

[Yoma 0]

I understand the reasons Yoma stated but im not happy with it. Many ppl like to make videos from what happens online, using FRAPS or other tool. If that is going to be a problem... that´s not good news.

Wonder if it happens with TSdisplay also? The tool to show who is talking on TS

I think you mean TS Overlay.

edit!

Sorry seems TS display is a tool also!

[$able 2]

"Client not responding" is indeed the message i get too.

But not only on the SES server, on about every server i've connected to that has BE enabled at some point i got this.

Could it simply be related to dsync on connection.

The more players are on the server, the more it occurs.

I'm pretty sure that in a lot of cases the server has not crashed, but is simply "busy". (if it would have crashed, i wouldn't be able to reconnect 10 seconds later to find the others still playing same map)

That said, i too cannot connect to the SES server at the moment.

No, even with very bad desync it should be all fine, as long as you don't fully time out. This is probably what is happening here for you (at some point, as you said).

Regarding "Direct3D Hook", as I wrote above, overlay programs such as Fraps and TSO cannot be used anymore. These tools hook the game's renderer the same way as cheats (e.g. wall/fog/ESP hacks) do and are therefore picked up by BE's heuristic scanner. Just because some popular tools use these methods doesn't mean that they are actually legitimate.

[stilton 0]

hi

just thought i'd stick my oar in because the overlay feature affects SoftTH, which is the only way people can use Triplehead in arma without buying the matrox device.

that is without getting kicked for the DirectX hook thingy.

it'd be really great if i was able to play on BattlEye servers without uninstalling softTH and changing all the configs around, but if it wont be allowed i'll simply stop playing on BattlEye servers.

i've read and understand the position that these tools aren't considered 'legitimate' because they affect the way the game renderer passes information or whatnot and cheats can be programmed in the same way/manner. I'm no programmer but wouldnt it be possible to detect the difference? or some way around it??

Because i like both less cheats and softTH in arma.. and would like it if the two could coexist, but personally the SoftTH is more important to me. So as i say, no disrespect to the BattlEye effort but i'll be sticking to non-BattlEye servers and hope the situation is resolved

[aussie dave 0]

@Yoma

Was this you?

Quote[/b] ]23:18:18 Player hanzoh kicked off by BattlEye: Direct3D Hook #1

[cross 1]

Yea I think Fraps, TSO and Gamecam are really important tools for serious leagues and tourneys. For sharing advertising etc... I'm sure disallowing them will effect BE applicability on such servers.

But then again BE is almost only important for non-tactical, non-pasworded public play servers which prefer clean playing to "frapability"

[Yoma 0]

@Yoma

Was this you?

Quote[/b] ]23:18:18 Player hanzoh kicked off by BattlEye: Direct3D Hook #1

Nope i only play as "Yoma", with a xml that refers to my website.

[maddogx 13]

hi

just thought i'd stick my oar in because the overlay feature affects SoftTH, which is the only way people can use Triplehead in arma without buying the matrox device.

that is without getting kicked for the DirectX hook thingy.

it'd be really great if i was able to play on BattlEye servers without uninstalling softTH and changing all the configs around, but if it wont be allowed i'll simply stop playing on BattlEye servers.

i've read and understand the position that these tools aren't considered 'legitimate' because they affect the way the game renderer passes information or whatnot and cheats can be programmed in the same way/manner. I'm no programmer but wouldnt it be possible to detect the difference? or some way around it??

Because i like both less cheats and softTH in arma.. and would like it if the two could coexist, but personally the SoftTH is more important to me. So as i say, no disrespect to the BattlEye effort but i'll be sticking to non-BattlEye servers and hope the situation is resolved

What you are suggesting is a white list for certain programs, such as softTH. This is probably possible, but it would also open a potential attack vector for hack writers. As soon as any specific program is flagged as legitimate, they could make their hacks emulate the legitimate program - thus rendering BattlEye totally useless.

I'm not a BattlEye developer btw., so I may be completely wrong.

[$able 2]

MadDogX is exactly right. However, as detection methods improve from time to time, it might be possible that capture tools that don't modify the rendering will work again in the future (no promises).

[Dwarden 1124]

it's only shown of 'inferior' anticheat design and architecture 'how it works' period ...

(nothing in ungood this is just my opinion how and what some AC do (or done) in general)

there are dozens maybe hundreds valid softwre using several D3D hooks and some other doing direct GPU access ...

in most cases the direct GPU access which avoid the D3Dh is way easier to abuse for cheats (most advanced already use that) ...

and ofcourse WAY harder to detect

so in short such feature looks useful against 'basic' cheats but in the end it's only messing life for normal valid users in same way like copy protections ...

even PunKBuster staff learned over years they can't simply ban ALLsuch software because there are millions of game users with PowerStrip, Xfire, STEAM, ASUS Gameface, GameCam, Fraps, ATT, SoftTH w/e You can imagine using one of these methods ...

and ofc there is way how differ malicious from non malicious use but i don't put my hopes high for single man coded AC to be able handle this ...

and think what's next ?

when BE starts kicks for 'strange' low level drivers / rootkits like processes (AV,AT,AS,FW, HIPS etc) ...

oh well ...

i already went thru all this and i'm not going to do that mistake again ...

good luck with proper approach...

[ravendk 25]

Im sorry to say, but Battle Eye is nothing but problems.. Members of the clan im in keep getting kicked off oure 1.12 server at random..

Ei yesterday after playing for abt 30 min one got kicked off then he rejoined and a other guy got kicked off.. so for us its just a stick in the wheel..

[$able 2]

RavenDK, can you post the violation please?

Dwarden, I have learnt over time that you are a fan of PunkBuster. That is ok, but before accusing other software and praising PunkBuster you should possibly do some more research. I'll give you a snap of info here: PB does kick/silently log for quite some overlay programs as well. And not to mention the tons of other programs with high/low-level functionality that PB refuses to work with. Check their website, some are listed there.

I know quite well how "good" PB is at heuristically detecting hacks (in terms of innovations), but actually I am not here to discuss PB.

I sense I probably won't convince you ever, but I can assure you that I have quite some years of experience and I really know what I am doing. And arguing with manpower is not appropriate. Yes, the situation is not the best, but I can tell you that I am currently working on an innovative and more effective detection method for such hacks. And yes, some sort of whitelisting will have to be used, because there really is no way to tell when a program draws legitimate (e.g. Xfire) or non-legitimate (e.g. ESP hack) stuff to screen.

[ravendk 25]

cant rember the words exactly, but something with not responding (tho the user had a flowing game no lag) and one where it said something sync or something simular ?

[$able 2]

Maybe the server timed out at that time (often you don't notice it immediately)? It was like that on the SES server yesterday.

[-OGN-DarkPhantom 0]

Hmmm I can understand both sides.....

Problem with protected programs that you can't please everyone and you have to look at what's good for the Server or what's good for the client......

There are alot of direct3d programs and alot of clients have being using them for many years and basically the hackers know this.....

But it is hard to drop old habits... especially if in some cases some of these legit programs help out the server admins.

My questions is this [as not a programmer] Can you put in a future upgrade options to either turn on or off D3D and let it be the Server admins decision to have this option running all not ??

[stilton 0]

well its great to know that you guys are at least considering keeping the direct3d method so people can infact have their whitelisted programs...  but until you fix it, there are plenty of Non-battleye servers**

 

I wasn't suggesting anything really though, MadDog i guess has extrapolated a possible programming solution from what i asked for, which is merely.. allow for SoftTH... how you allow this, i leave to you.. although i doubt it would be clever to go spilling about how exactly its done.. or writing in pseudo-code  'Allow for softTH.dll'  because then.. like you say, the cheat-devs would name their cheats SoftTH.dll and BE would be useless.

To be honest, the only cheats you are preventing against are the ones who don't know programming and go and download their 'free hacks' or know a cheat developer... Because as long as you make the games, people will make cheats for them...

..and whilst im not trying to scorn your efforts, as i only really play public myself and see people get kicked (that is, before i got kicked from battleeye servers myself) it was reassuring to know that the 'newby cheats'  were getting kicked.

But you can be assured that there will be others, privately developing their own cheats.. and i can't really see them (the ones who keep their methods secret anyway) being stopped. sort of like, swimming against the tide..

I mean come on.. there are entire communities orientated towards cheating?  people can still connect to servers using dodgy arma.exe files...

Or even better.. Look at Counterstrike source...  with its Valve-Anti cheat support.. and banning of your entire account if your caught cheating..

How many years ago was that released? ..And that game is still swarming with cheats...

but yeh, good luck with that

**(on which note, it would be nice if there was a filter in the server browser to un-include BE servers. Because at the moment when you say 'BE no' it still includes BE servers )

[Dwarden 1124]

RavenDK, can you post the violation please?

Dwarden, I have learnt over time that you are a fan of PunkBuster. That is ok, but before accusing other software and praising PunkBuster you should possibly do some more research. I'll give you a snap of info here: PB does kick/silently log for quite some overlay programs as well. And not to mention the tons of other programs with high/low-level functionality that PB refuses to work with. Check their website, some are listed there.

I know quite well how "good" PB is at heuristically detecting hacks (in terms of innovations), but actually I am not here to discuss PB.

I sense I probably won't convince you ever, but I can assure you that I have quite some years of experience and I really know what I am doing. And arguing with manpower is not appropriate. Yes, the situation is not the best, but I can tell you that I am currently working on an innovative and more effective detection method for such hacks. And yes, some sort of whitelisting will have to be used, because there really is no way to tell when a program draws legitimate (e.g. Xfire) or non-legitimate (e.g. ESP hack) stuff to screen.

first of You learned wrong about me being PB fanboy VS just bit realistic ...

main reason i pushed for PB before BE adoption was that it is except the VAC2 (which one is hardly problem or noticeable to users) only 'state of art' solution

yet PB contrary to VAC it is fully documented, pro user and admin and fully crossplatform compliant ...

in short, show me better stabler solution except 'none' and i vouch for it ...

if it's BE then it turns good for everyone competetion speeds up innovation in the 'area'

also if You read carefully You notice my hint HOW long took EBI to 'fix' most of the 'wrong' coding in PB and it's still FAR from perfect ...

in some cases it's still 'quite bad' and i got quite lot of exp with that matters.

btw. theirs site is in terms of incompatible sw quite dated and in fact many of them works relatively fine (typical example PowerStrip)

but to save Your and mine nerves i'm not interested in going deeply into AC coding and problems overall anymore ...

sadly key solution lies in correct game-engine client-server layout/coding and maybe sort of 'help' on kernel level but i doubt i ever see that till "7"/DX11 if at all ...

for sure i wish You success (wish i can play Mission Impossible music lol)

definitely agree with the way to 'avoid' anything what 'restricts' customers ...

in the end i'm glad You pay attention to what others and i posted ...

e.g. give admins control over what and if kick (logs are usually enough)

i must stop writing ... must stop ...

[$able 2]

Dwarden, I am sorry if I interpreted your attitude in a wrong way, but that is just what it seemed to me after reading your posts from time to time.

Regarding optional detection: I won't make core detection routines optional. If you could just disable everything, BE would be quite useless. And most of all, I always have the ambition to make BE work in an effective and acceptable way. If it is hardly acceptable for players then I am not satisfied either.

Btw, I will reduce the d3d hook detection to only a few important d3d functions in an update today. This is a temporary solution until the improved detection method is released.

[$able 2]

Btw, I will reduce the d3d hook detection to only a few important d3d functions in an update today.

Released now, please test it.

[cross 1]

I must say I'm pretty impressed with your attitude $able.

You fit in the BI culture and community well and have the drive.

Developers listening to players (to some degree ofc) and players providing feedback (and whining is a feedback as well  :P) for the good of the software and gameplay.

I'm sure you'll be able to bring it to a widely usable state.

Personally I think couple of disconnects/reconnects to a public play or public server is not a bad trade-off for cheatless environment.

Good luck!

[cross 1]

deleted...

[Bob.Dob 0]

Loads of the guys over at Operation Reality have been having similar disconnect/kick problems with BattleEye as others have expressed in this thread. These go way back and across multiple BE versions it would seem. When you added FRAPS and such apps to the block list you convinced us to just disable BattleEye on our servers once and for all. We've been having no more random disconnect or faulty detection issues since and the servers actually seem to run smoother. People join and leave without causing as much lag etc. Seems like this BattleEye is a W.I.P. We'll probably re-activate at a future point if these random problems are fixed. Good luck with your development.