Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Stealthedit plugin to deal with memory checks (crcbypass)
Goto page Previous  1, 2, 3, 4, 5, 6  Next
 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Tutorials
View previous topic :: View next topic  
Author Message
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Tue Jun 25, 2013 4:58 pm    Post subject: Reply with quote

Update:

I have reduced my allocation footprint across the board, with very little noticeable changes, unfortunately. I have changed injection points, where I could, to see if stealth'ing a different page would make a difference, with very little noticeable changes. In fact, the 'choppy' graphics aren't overly bad until I hit start to bring up the pause menu and return to the game. After doing this, the problem is 2x (at least) as noticeable, it seems.

At this point, I don't know what else I can do other than to live with this infuriating anti-cheat system that has been implemented in to this game. I would only be guessing, trying to remove the checks myself.

Nonetheless, thank you all for your help. I appreciate all of these tools and those of you that continue to develop them further. Thank you.

+REP given to all of you that helped me. Very Happy
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Tue Jun 25, 2013 5:22 pm    Post subject: Reply with quote

Allocations mean nothing, stealthedit is mainly slow if the page you're marking for stealthedit is accessed a lot. So try to limit the pages you mark as stealthedited, and preferably, pick a completely different page if possible

e.g a stealthedit of 00404008 affects 00404000 to 00404fff so if 00404800 is executed almost constantly, it's a bad spot for a stealthedit


also, removing the checks isn't that difficult. stealtheditv2 has a option to find out the integrity check routine (it captures reads of the given page)
(tip: check what reads the integrity check routine as well, it's sometimes something else)

then modify the code reading parts to point to a relative location in a copy

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Tue Jun 25, 2013 6:08 pm    Post subject: Reply with quote

Thanks, Dark Byte. I am stealth'ing several pages. The only way around this is to not write so many cheats. Very Happy I have combined some cheats in order to reduce this, however. Some of the instructions are being accessed many times per second, and there is no away around it, other than scrapping the cheat. I have moved to other pages for some of my cheats, but the change isn't that noticeable.

Yeah, I read that stealthedit2 can do this, although, I have not looked in to it. I will at least try, to see what I can find. I do not understand what you mean by pointing the code reading parts to a point to a relative location in a copy. Are you suggesting that I redirect the check routine to look in to my copied section? If so, what is the benefit of doing this?

Thanks, again.
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Tue Jun 25, 2013 6:23 pm    Post subject: Reply with quote

Look at this table for example:
http://forum.cheatengine.org/download.php?id=101650

It copies the module memory to a different location, and hooks the routines that read the code, so they read the unmodified copy

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Tue Jun 25, 2013 6:39 pm    Post subject: Reply with quote

It will take some time to wrap my head around this. I will try. Thank you for your response. I will report back, either way.

EDIT:
I do not understand what is being done with these scripts. Are we redirecting the integrity check to read from a copied version of the unaltered, real code, while altering the real code to do what we want? I'm afraid this is currently above my understanding. So far, I have found two different addresses that the integrity check uses for one stealth page...but I do not know what to do with them. There are still a lot of features in Cheat Engine that I have yet to understand.

EDIT:
If I could reduce the stealthedit page size, would this solve my problem? If so, would it be possible to do? Thanks.
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Wed Jun 26, 2013 4:10 am    Post subject: Reply with quote

The instruction that read the code get modified so the read the copy
So if the original code range was at 00400000 to 00500000 and the copy is at 40400000 then if the integrity check routine wants to read 00458000 you change the read pointer to 40458000

Pagesize can't be changed, it's a hardware thing

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Wed Jun 26, 2013 5:03 am    Post subject: Reply with quote

I'm sorry, Dark Byte, I'm just not understanding. Perhaps it is too soon and too difficult of a task for me, currently. I will keep trying to make sense of it.

Thanks, again, for your help. I appreciate it.
Back to top
View user's profile Send private message
TsTg
Master Cheater
Reputation: 5

Joined: 12 Dec 2012
Posts: 334
Location: Somewhere....

PostPosted: Thu Jun 27, 2013 2:16 am    Post subject: Reply with quote

What is the difference if i just redirected the target code's EXECUTION to a copy, instead of redirecting 'the instruction that reads it' to READ from the copy ??, any variations in the speed ??(I use the first method mostly with DEP exceptions and a VEH handler)


-The 'target code' is the one i want to hack as a cheat.
-The 'instruction that reads' is the integrity check routine.
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Thu Jun 27, 2013 3:50 am    Post subject: Reply with quote

Execution change requires dep and veh and slows down the execution of the page being redirected (including functions you didn't intend to change)

Instruction read change only affects the integrity check routines. Downside is that you must find ALL integrity check routines before it will work, and sometimes that can mean an external process as well

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
knightblizs
Advanced Cheater
Reputation: 0

Joined: 18 Jun 2013
Posts: 56

PostPosted: Mon Jul 08, 2013 7:56 pm    Post subject: Reply with quote

i have problem
when click Steatlhedit this pages



Screenshot (146).png
 Description:
 Filesize:  19.54 KB
 Viewed:  32922 Time(s)

Screenshot (146).png


Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Mon Jul 08, 2013 8:14 pm    Post subject: Reply with quote

You'll need to setup a manual stealthedit (single page)

But why do you need stealthedit on JIT'ed code? Does adobe air do an integrity check on the code ? Or is it so insecure that it allows the emulated program to read native code ?
tip: Find out what accesses the code, and then mess with those results

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
knightblizs
Advanced Cheater
Reputation: 0

Joined: 18 Jun 2013
Posts: 56

PostPosted: Mon Jul 08, 2013 8:37 pm    Post subject: Reply with quote

how to setup manually stealthedit?
when the code change the game disconnect, so I want to try to use this way

Using find out what accesses there are no results so complicated to find a static address
Back to top
View user's profile Send private message
Geri
Moderator
Reputation: 111

Joined: 05 Feb 2010
Posts: 5636

PostPosted: Tue Jul 09, 2013 12:21 am    Post subject: Reply with quote

I really doubt that the program is crashing due to anti-cheat. Probably it's crashing because you edit the wrong code. Code injection in flash (or whatever you are trying to edit here, but most likely flash) is messy in most cases.
_________________
My trainers can be found here: http://www.szemelyesintegracio.hu/cheats

If you are interested in any of my crappy articles/tutorials about CE and game hacking, you can find them here:
http://www.szemelyesintegracio.hu/cheats/41-game-hacking-articles

Don't request cheats or updates.
Back to top
View user's profile Send private message
knightblizs
Advanced Cheater
Reputation: 0

Joined: 18 Jun 2013
Posts: 56

PostPosted: Tue Jul 09, 2013 3:01 am    Post subject: Reply with quote

before I edit the code and successfully work, but after the game in an update. hack does not work because it disconnects, so I want to try this method might work
Back to top
View user's profile Send private message
Geri
Moderator
Reputation: 111

Joined: 05 Feb 2010
Posts: 5636

PostPosted: Tue Jul 09, 2013 5:29 am    Post subject: Reply with quote

Simple, just make a code injection that does nothing. Then you will see that the error is due to the code injection or it's your code.

Or use the debugger to find out if anything is reading the address of the code or not.

_________________
My trainers can be found here: http://www.szemelyesintegracio.hu/cheats

If you are interested in any of my crappy articles/tutorials about CE and game hacking, you can find them here:
http://www.szemelyesintegracio.hu/cheats/41-game-hacking-articles

Don't request cheats or updates.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Tutorials All times are GMT - 6 Hours
Goto page Previous  1, 2, 3, 4, 5, 6  Next
Page 5 of 6

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites