Log analysis

Here are some information about the log file content Logfile.log ( italic text is the logfile )

Moss session start

SHAS mode started at 2018-03-03 14:42:45 for Generic Game on x64
=> session start

ping:30ms
=> latency to http://nohope.eu , this check is done on a regular basis to check connnection staut s, Moss QOS , and eventual misbehaviour on Inet Connection

update 6
=> Moss is up to date, if it’s not it will download the new version and stop. if Moss cant do the check , it will stops.

DirectX version is 12.0( )
=> Directx supported version , it doesnt predict the way Moss will do the screenshots 

OS is 10.0 64 bit
=> Operating system presented to Moss

Real OS Microsoft Windows 10 Professionnel N
=> the real operating system, if 2 values are different, it means the player tried to applied some reverse compatibility to Moss, this will prevent Moss to choose the correct way to shoot screens and should be forbidden.

memory: 16255 MB
version: MOSS 4,5,7,0
Physical: ASUSAll SeriesZ87-A131118691806892
Sign ID1: 675423894 ID2: 802255
User: oplocal@OPHOME
drives: HGST HTS721010A9E630 ATA Device serial: JR10006PHE9ZDE
TOSHIBA MK2555GSX ATA Device serial: 16291348A5EC
Generic USB SD Reader USB Device serial: 058F312D810
Generic USB CF Reader USB Device serial: 058F312D811
Generic USB SM Reader USB Device serial: 058F312D812
Generic USB MS Reader USB Device serial: 058F312D813
serial:
=> technical information about computer , this is intended to help admins to detect banned players trying to circumvent bans by using different computers parts

Net: BCEE7B8C6829 /192.168.0.60 Public:
109.11.133.xxx
=> private MAC ADDRESS , private and public IP (last digit intentionally removed to avoid DOS) , will help to check if the player is the one supposed to play 

Video: Intel(R) HD Graphics 4600 driver: 20.19.15.4835
NVIDIA GeForce GTX 1060 6GB driver: 23.21.13.9101
=> video detail , check the player uses a decent GPU , and recent drivers , helps to fix the laptop discrete gpu bug (oops behavior by design) where you have to attach Moss to Intel and not NVIDIA/AMD 

(Types d’écrans standard) PKB Maestro225DXL serial: D2EEE001240031101468
(Types d’écrans standard) SAM S27B350 serial: 0164
=> cheaters have to buy a new monitor too , you can expect to have more than 1 screenshot per cycle if the player has 2 monitors

processor BIOS details 3501 MHz by 35.01*100. Intel(R) Core(TM) i7-4770K CPU @ 3.50GHz
=> CPU type , overclocking level and mode

Directx11
=> screenshot mode selected by Moss for this session, check the FAQ page to understand the black screens issues

Monitor Started at 2018-03-03 14:42:51
=> Time of start and game selected , it has to be compared to :
Monitor stoppped at 2018-03-03 14:47:40
=> it will help to predict the screenshot quantity you should find in log , a 5 minutes session should produces ~5 screenshot per active monitor if the rate is “Each 60” aka a screenshot each 60 seconds. Screenshot exact timing cant be predicted it may screen twice in 5 seconds and nothing for 2 minutes , but the final count will respect the preset frequency.

Moss screenshot

(Mon 1) DX11(154) : Each 60 at 2018-03-03 14:42:53 file: 001.JPG- Zip CRC: 5a09ea6f14fe4ca190d9c0ab716693ab07a35e8d71b386859a7cd5d5835a129c
=> monitor shot, API used, Time ms spent in API , screen exact timing , file name , sha2 signature ( the signature can be controlled from Help menu / Check a log integrity

Moss Process control

SHA2: 4338d6e3313b7fbc6094d6ae1b958939a4423bf323fddbdfa3cad0f5022c4d28 process: D:\Program Files (x86)\Origin\QtWebEngineProcess.exe
=> any process : sha2 signature, process 

(14144) F:\origin\Battlefield 4\bf4.exe SHA2: 9d9d1a3fca6ffd4c34a543b3fd7b049336ddbd43c0e6c5eee742e51431a6c2aa
=> game process : Windows Process ID , process , sha2 signature

in GAME SHA2: f5fe851a614d0c4c8b271706b02fa6189363ce514d84ea2ddecef8e0f81b1e2a process: C:\WINDOWS\SYSTEM32\ntdll.dll
=> game injected process : sha2 signature, process
a lot of dll inject the game process , either because the game load them or because the dll is attached to a loaded one and thus gain access to the game ,

Moss macro control
all along the session , Moss check keys and mouse events , and their relative timing. at the end it analyse the whole and presents graphs with some sequences which need to be clarified.

4143 keystroke, 15 Patterns found
=> the player hit 4143 keys during the session , and there are 15 combinations encountered.
of course only some will be displayed

below some macro or look like macros :

https://pastebin.com/raw/DSyJ2BHP
=> the player used 324 times C C , the quantity is large, the delay beetween keys is always more or less 8 ms , it’s a macro

more samples to come …