|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
Megamandos How do I cheat? Reputation: 0
Joined: 04 Aug 2009 Posts: 1
|
Posted: Tue Aug 11, 2009 7:33 pm Post subject: |
|
|
ROFLMAO... you used CE on WoW!
Its online, EVERYTHING is serverside you tard.
There are no real "hacks" for WoW, the you-tube videos are just showing the "display values" on the client (localy). So when you see those videos for people hitting for like 1 million, thats because they are just hacking their client so it says shit like that. When in actuality they are hitting for like 5, cause they are noobs. And when people sell "1337 w0w h4x" for like $29.99, its a scam using a trainer that took some douche like 2 minutes to make.
If you want WoW to be easier (which in itself is difficult to fathom) then get some addons. If you are trying to make a BOT, then you are in the wrong place and you need to pick up a book on C++/VB.NET/C#/etc. and TCP, and go download Ethereal and start reverse engineering or send mouse-clicks to the client (which I have seen, but its very unreliable.)
|
|
Back to top |
|
|
ghostnghost How do I cheat? Reputation: 0
Joined: 11 Aug 2009 Posts: 2
|
Posted: Thu Aug 13, 2009 10:54 am Post subject: |
|
|
Do there exists a version without virus warns?
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Thu Aug 13, 2009 11:24 am Post subject: |
|
|
yes, but it only works on computers without crappy av software
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
ghostnghost How do I cheat? Reputation: 0
Joined: 11 Aug 2009 Posts: 2
|
Posted: Fri Aug 14, 2009 8:15 am Post subject: |
|
|
ESET nod32 3.0 isnt crappy>.> but when will come version without virus alarms?I can't disable it because i have other viruses that come at every moment.
|
|
Back to top |
|
|
Haswell Grandmaster Cheater Reputation: 10
Joined: 24 Nov 2007 Posts: 703
|
Posted: Fri Aug 14, 2009 8:36 am Post subject: |
|
|
You're not getting DB's meaning.
If you're so paranoid, don't use CE at all. Otherwise, go read some tutorials on "how to add CE into your AV's exception list". In case you're too dumb to use the search function, I'll tell you here:
1. After downloading CE, disconnect from the internet.
2. Disable your AV
3. Install CE
4. Add CE to your AV's exception list (don't ask how, go search)
CE contains no virus. End of discussion.
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Fri Aug 14, 2009 5:22 pm Post subject: |
|
|
Quote: | I can't disable it because i have other viruses that come at every moment. |
Then get a firewall.
Really, if you GET viruses just like that it's already way too late for any anti virus, because that means they are already executing. Perhaps they've already gained kernel access and disabled your AV...
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
EG How do I cheat? Reputation: 0
Joined: 17 Aug 2009 Posts: 2
|
Posted: Mon Aug 17, 2009 7:01 pm Post subject: lol |
|
|
Quote: | This program is freeware, you can copy it as much as you like.
If this program accidentaly screws up and destroys data on your PC, electrocutes you,makes your monitor explode in your face, set's your house on fire, kills you, changes all the text you say in online games to oink, causes everyone on the planet(and beyond) to try to kill you, hacks into a nearby nuclear misile and targets your house, changes your bank balance to $0, gets you banned from online games, adds your name to a hitman's list, sucks you into the computer and plays pong with you(with you as ball), causes secret agencies to come after you, makes you believe you got maggots crawling under your skin, turns your room into a gate to hell, becomes sentient and starts killing everyone on this planet, gets you sent to jail with a guy named big bubba or does anything else you don't want it to do, don't blame the author of this program!!
Do you agree to this? |
Now that you ask that I m pretty sure noone can sue you lol
|
|
Back to top |
|
|
lolskillz How do I cheat? Reputation: 0
Joined: 18 Aug 2009 Posts: 4
|
Posted: Tue Aug 18, 2009 2:01 pm Post subject: Re: OMG VIRUS!!! |
|
|
Dark Byte wrote: | And if you're wondering why the driver is detected that is because it uses some of the Zwxxxx functions exported by windows meant to be used by drivers. And it also uses the exported variable KeServiceDescriptorTable. (Also provided by windows to be used by drivers)
Now since anti virus programmers have no idea how to detect a rootkit, they just look at suspicious behaviour. And any driver that uses those functions that are exported by windows is classified as a trojan rootkit.
Thats kinda like saying that everyone carrying a gun is a psychopathic murderer. (while only 85% of them actually is) |
Well it is retarded to call through the KeServiceDescriptorTable so I don't blame them. Whats even more retarded is to write a driver to scan userland memory, when there is no reason what so ever to do so.
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Tue Aug 18, 2009 3:36 pm Post subject: |
|
|
KeServiceDescriptorTable is only used when the user picks the stealth routines, no functions are called through it from the sriver
As for accessing userland memory from a driver, it has it's uses when ReadVirtualMemory is hooked kernelside
Anyhow, none of these things are used by default. Only when the user explicitly wants to use them
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
HonestGamer Cheater Reputation: 1
Joined: 13 Aug 2009 Posts: 27 Location: India
|
Posted: Wed Aug 19, 2009 12:57 am Post subject: |
|
|
Dark Byte wrote: | shaon120 wrote: | i have norten antivirus and its updated frequently I even saw on google that it has a trojan horse |
Then download |
Cheat Engine and Retarded? One thing I just cannot understand..LOL
|
|
Back to top |
|
|
lolskillz How do I cheat? Reputation: 0
Joined: 18 Aug 2009 Posts: 4
|
Posted: Wed Aug 19, 2009 4:28 am Post subject: |
|
|
Dark Byte wrote: | KeServiceDescriptorTable is only used when the user picks the stealth routines, no functions are called through it from the sriver
As for accessing userland memory from a driver, it has it's uses when ReadVirtualMemory is hooked kernelside
Anyhow, none of these things are used by default. Only when the user explicitly wants to use them |
Ah, yea. I guess if you were to tamper with some lame game protection, like gameguard, it would be cool to at least have the option.
If the driver is used, do you read the pde from cr3 and manually walk the paging system to scan (with pae/x64?)? or do you restore the hooks from ZwReadVirtualMemory? or simply KeStackAttachProcess?
I doubt any decent vendors would detect you for calling ZwReadMem/StackAttach. And reading Cr3 shouldn't be detected either.
KeServiceDescriptorTable I guess could be detected by a few (both importing it and resolving it dynamically).
You don't clear the WP flag from cr0 do you? That would probably cause a few detections if you do.
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Wed Aug 19, 2009 5:03 am Post subject: |
|
|
For memory access there are 2 options.
The default is using KeStackAttachProcess, or when the user uses the pagedir plugin it uses CR3
Downside of using raw memory access like this is paged out memory, but it's still useful enough as the code and data that is of interest is usually accessed a lot
as for restoring the hooks, that is implemented but not called in the released version of ce . It doesn't so much restore the hooks as it makes a copy of the kernel (or at least the whole path KeAttachProcess takes) and adjusts the relocation addresses related to code but leaves data addresses intact
( as restoring it in the original will be detected by those anti-cheats and then they put it back or simply reboot, and no real way to make sure another thread on another cpu is currently checking if it's changed or not)
This method is used in a couple of UCE's (undetected ce's)
As for clearing the WP flag on CR0, I have to admit, I do. (when the user enables stealth) But only in such a way that it shouldn't cause problems. (disable interrupts, clear WP, quick edit on memory I know is paged in, restore WP bit, restore interrupts)
I could probably try making the memory writable instead
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
lolskillz How do I cheat? Reputation: 0
Joined: 18 Aug 2009 Posts: 4
|
Posted: Wed Aug 19, 2009 5:45 am Post subject: |
|
|
Dark Byte wrote: | For memory access there are 2 options.
The default is using KeStackAttachProcess, or when the user uses the pagedir plugin it uses CR3 and physical memory (in this plugin the physical memory is access directly without api calls)
Downside of CR3 memory is paged out memory, but it's still useful enough as the code and data that is of interest is usually accessed a lot
as for restoring the hooks, that is implemented but not called in the released version of ce . It doesn't so much restore the hooks as it makes a copy of the kernel (or at least the whole path KeAttachProcess takes) and adjusts the relocation addresses related to code but leaves data addresses intact
( as restoring it in the original will be detected by those anti-cheats and then they put it back or simply reboot, and no real way to make sure another thread on another cpu is currently checking if it's changed or not)
This method is used in a couple of UCE's (undetected ce's)
As for clearing the WP flag on CR0, I have to admit, I do. (when the user enables stealth) But only in such a way that it shouldn't cause problems. (disable interrupts, clear WP, quick edit on memory I know is paged in, restore WP bit, restore interrupts)
I could probably try making the memory writable instead |
Regardless of you how you clear WP from CR0, it will most likely cause issues with vendors that emulate the suspicious files.
"...a copy of the kernel (or at least the whole path KeAttachProcess takes) and adjusts the relocation addresses related to code but leaves data addresses intact"
Ah yea, that is probably preferable, I can imagine lots of anti-hack drivers would have a busy-thread checking for changes to the in-memory instance of the kernel. I dont undestand the relocation part tho.
I would relocate everything in my copied instance according to the relocation directory (against the true ntoskrnl image base, not against the copied instance). If you don't relocate data access, it would crash badly when accessing static data since ntoskrnl always is relocated when loaded. Relocating code so that all calls call into the actual instance would most unlikely ever cause an issue since inline hooks would only be found in the top level of the function (unless some properly stupid person wrote the code ). Also all data will be properly initialized.
Feels like this sub-thread is getting somewhat unrelated to the topic now tho
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Wed Aug 19, 2009 6:04 am Post subject: |
|
|
Gameguard hooks KeAttachProcess (and even the unexported KiAttachProcess), and KeAttachProcess is called by ZwReadVirtualMemory
And you got to love their method of rebooting the system using the keyboard port when they detect a hack in kernel
anyhow, with not relocating the data pointers I mean leave them to what they currently are as in the loaded kernel (so the copied kernel makes use of the same already initialized data structures, mutexes, events, memory allocation arrays, etc... as the original kernel, but makes sure it doesn't jump back to the original kernelcode, of course, since most are relative jumps, there's not much to change at this point)
Quote: |
Feels like this sub-thread is getting somewhat unrelated to the topic now tho
|
Mwah, a few topic with useful content in a thread mostly filled with emotion and fear based posts is a nice change
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
lolskillz How do I cheat? Reputation: 0
Joined: 18 Aug 2009 Posts: 4
|
Posted: Wed Aug 19, 2009 9:29 am Post subject: |
|
|
Dark Byte wrote: | Gameguard hooks KeAttachProcess (and even the unexported KiAttachProcess), and KeAttachProcess is called by ZwReadVirtualMemory
And you got to love their method of rebooting the system using the keyboard port when they detect a hack in kernel
anyhow, with not relocating the data pointers I mean leave them to what they currently are as in the loaded kernel (so the copied kernel makes use of the same already initialized data structures, mutexes, events, memory allocation arrays, etc... as the original kernel, but makes sure it doesn't jump back to the original kernelcode, of course, since most are relative jumps, there's not much to change at this point)
Quote: |
Feels like this sub-thread is getting somewhat unrelated to the topic now tho
|
Mwah, a few topic with useful content in a thread mostly filled with emotion and fear based posts is a nice change |
Ah, now I see what you mean. I figured you read the kernel from disk, expanded it and relocated. If you copy the existing one and restore it, everything should work "out of the box". As you said, all branches would be relative (a part from IAT). So just make sure it is intact according to on-disk image.
And yes, GG is stunningly retarded. Got to love how it doesn't uninstall the driver even when you uninstall the games truely brilliant concept.
Remeber last time I fucked around with. Got so seriously fed up with their broken driver that I ended up disabling the staticly linked loader portion of GG in the game (Top of the function that starts the GameGuard.xxx updater: mov eax, 0x755; retn 0x10 if im not misstaken, 5 sec fix ), then re-implemented the client<->server protocol and encryption in a proxy.
Lemme know if you need some development help on this project, sounds like a kinda fun sparetime project.
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|