View previous topic :: View next topic |
Author |
Message |
xTopkek How do I cheat? Reputation: 0
Joined: 21 Jan 2017 Posts: 5
|
Posted: Sat Jan 21, 2017 9:54 am Post subject: Cheat Engine +Game crash, not attached |
|
|
So hi.
I do know that multiplayer game's are not beeing supported or whatever..
Im not asking for help for a cheat or w/e just a thing to discuss.
I've been cheating in an mmorpg since about 4 years, and since some weeks they patched the usage of those memory editors.
The game has no anticheat client or anticheat in any way.
So when you open the game login etc... and inject the cheat engine it crashes after 5-40 seconds.
So the weird thing is, even when I do NOT attache CE to the .bin of the game it crashes after 5-40 seconds even with other process name an so on.
Am i right with the thinking that the game is checking my WHOLE memory, because I dont like it when programs who shouldn't check it, check it.
Besides that, this would be illegal af too.
grz
|
|
Back to top |
|
|
STN I post too much Reputation: 42
Joined: 09 Nov 2005 Posts: 2672
|
Posted: Sat Jan 21, 2017 12:47 pm Post subject: |
|
|
Its not illegal, you modifying it however is illegal.
It is hard to tell what's the issue without knowing game's name.
_________________
|
|
Back to top |
|
|
xTopkek How do I cheat? Reputation: 0
Joined: 21 Jan 2017 Posts: 5
|
Posted: Sat Jan 21, 2017 1:10 pm Post subject: |
|
|
Fiesta, i don't think it's known.
Editing clientsided "settings" worked/ works bevor it closes.
But besides that, i was doing something else not even injected into the games client, so it has to be reading the whole memory which isnt legal in germany afaik. It's only allowed to look into its own dedicated memory segment aint it ?
|
|
Back to top |
|
|
atom0s Moderator Reputation: 198
Joined: 25 Jan 2006 Posts: 8516 Location: 127.0.0.1
|
Posted: Sat Jan 21, 2017 2:17 pm Post subject: |
|
|
Actually, a game scanning your process list or reading information from other processes is illegal unless it is stating in their EULA / ToS that you have to agree to allow it while using their software. And you editing another processes memory is not illegal.
If anything it sounds like they are doing some basic checks for Cheat Engine and other debuggers, be it by window title, process name, or even some older methods of looking for common layout details on each window that is currently open. It's not too hard to determine what's being done if you look into some API being used.
For seeing if they are detecting your process, you can check for:
- CreateToolhelp32Snapshot
- Proces32First/Process32Next
- Module32First/Module32Next
- (Using PSAPI) EnumProcesses
For seeing if they are detecting by windows:
- EnumWindows / EnumChildWindows
- FindWindow / FindWindowEx
Granted these are user-mode API that are easily avoided by using their Nt counterparts and/or a driver to kernel mode detection, all depending on how their game is implemented to detect things.
_________________
- Retired. |
|
Back to top |
|
|
xTopkek How do I cheat? Reputation: 0
Joined: 21 Jan 2017 Posts: 5
|
Posted: Sat Jan 21, 2017 4:25 pm Post subject: |
|
|
Since im pretty tired and im not that deep into it i just looked in its bin what it's calling even i didn't checked all i'll do that tomorrow.
What i got right now is this
Code: | $wpý
.idata:009730C8 ; Imports from KERNEL32.dll
.idata:009730C8 ;
.idata:009730C8 ; BOOL __stdcall Process32Next(HANDLE hSnapshot,LPPROCESSENTRY32 lppe)
.idata:009730C8 extrn Process32Next:dword ; DATA XREF: .text:loc_75C42Er
.idata:009730CC ; HANDLE __stdcall OpenProcess(DWORD dwDesiredAccess,BOOL bInheritHandle,DWORD dwProcessId)
.idata:009730CC extrn OpenProcess:dword ; DATA XREF: .text:0045B3B6r
.idata:009730D0 ; BOOL __stdcall GetExitCodeProcess(HANDLE hProcess,LPDWORD lpExitCode)
.idata:009730D0 extrn GetExitCodeProcess:dword ; DATA XREF: .text:0045B355r
.idata:009730D0 ; .text:007C1C17r ...
.idata:009730D4 ; BOOL __stdcall Process32First(HANDLE hSnapshot,LPPROCESSENTRY32 lppe)
.idata:009730D4 extrn Process32First:dword ; DATA XREF: .text:loc_75C434r
|
Am i on the right way ?
Thanks for your quick answers btw
grtz
|
|
Back to top |
|
|
ulysse31 Master Cheater Reputation: 2
Joined: 19 Mar 2015 Posts: 324 Location: Paris
|
Posted: Sun Jan 22, 2017 2:28 am Post subject: |
|
|
xTopkek wrote: | Since im pretty tired and im not that deep into it i just looked in its bin what it's calling even i didn't checked all i'll do that tomorrow.
What i got right now is this
Code: | $wpý
.idata:009730C8 ; Imports from KERNEL32.dll
.idata:009730C8 ;
.idata:009730C8 ; BOOL __stdcall Process32Next(HANDLE hSnapshot,LPPROCESSENTRY32 lppe)
.idata:009730C8 extrn Process32Next:dword ; DATA XREF: .text:loc_75C42Er
.idata:009730CC ; HANDLE __stdcall OpenProcess(DWORD dwDesiredAccess,BOOL bInheritHandle,DWORD dwProcessId)
.idata:009730CC extrn OpenProcess:dword ; DATA XREF: .text:0045B3B6r
.idata:009730D0 ; BOOL __stdcall GetExitCodeProcess(HANDLE hProcess,LPDWORD lpExitCode)
.idata:009730D0 extrn GetExitCodeProcess:dword ; DATA XREF: .text:0045B355r
.idata:009730D0 ; .text:007C1C17r ...
.idata:009730D4 ; BOOL __stdcall Process32First(HANDLE hSnapshot,LPPROCESSENTRY32 lppe)
.idata:009730D4 extrn Process32First:dword ; DATA XREF: .text:loc_75C434r
|
Am i on the right way ?
Thanks for your quick answers btw
grtz |
Yes you are, see atomos's post :
Quote: | - CreateToolhelp32Snapshot
- Proces32First/Process32Next |
Try renaming your cheatEngine.exe into some random name.
|
|
Back to top |
|
|
xTopkek How do I cheat? Reputation: 0
Joined: 21 Jan 2017 Posts: 5
|
Posted: Sun Jan 22, 2017 5:39 am Post subject: |
|
|
The renaming was the first I tried to which didn't worked.
Later I started the cheatengine in a sandbox and it worked, I didn't even thought it would find other processes lol.
Some weeks later the sandbox method got patched too.
grz
edit: even some hexeditors cause a shutdown of the game lol
|
|
Back to top |
|
|
ulysse31 Master Cheater Reputation: 2
Joined: 19 Mar 2015 Posts: 324 Location: Paris
|
Posted: Mon Jan 23, 2017 2:09 am Post subject: |
|
|
xTopkek wrote: | The renaming was the first I tried to which didn't worked.
Later I started the cheatengine in a sandbox and it worked, I didn't even thought it would find other processes lol.
Some weeks later the sandbox method got patched too.
grz
edit: even some hexeditors cause a shutdown of the game lol |
- CreateToolhelp32Snapshot
- Proces32First/Process32Next
Those APIs yield not only process name but also pID which is enough to perform memory scans / window title scans / ... of concerned processes.
You'd be better off compiling your CE from source while changing window title, process names and other descriptions, then see what happens.
|
|
Back to top |
|
|
atom0s Moderator Reputation: 198
Joined: 25 Jan 2006 Posts: 8516 Location: 127.0.0.1
|
Posted: Mon Jan 23, 2017 1:35 pm Post subject: |
|
|
There are a handful of ways things try and detect Cheat Engine, it is not just by its process name. There are detections for:
- The process name.
- The process path. (ie. C:\Program Files\Cheat Engine 6.6\asdfasdf.exe still shows its Cheat Engine via the path.)
- The window titles. (Not just the main window, all windows that CE makes.)
- Control layouts to detect the 'look' of the CE window.
- Control names to look for certain things like the buttons to open the memory editor.
- The driver by its name.
- The driver by its path. (See above.)
- File checksums for pre-packaged CE files.
- File names for modules that CE loads and/or injects. (ie the VEH debugger.)
If you want to bypass an anti-cheat with Cheat Engine, the easiest method is to compile your own Cheat Engine and rip out everything you never use. Make it as bare bones as possible.
Cheat Engine is open source, so download it here and start editing away:
https://github.com/cheat-engine/cheat-engine
_________________
- Retired. |
|
Back to top |
|
|
xTopkek How do I cheat? Reputation: 0
Joined: 21 Jan 2017 Posts: 5
|
Posted: Sun Mar 12, 2017 10:51 am Post subject: |
|
|
Okay i managed to get it nondetected now.
It still gets shut down wenn I edit any values...
|
|
Back to top |
|
|
++METHOS I post too much Reputation: 92
Joined: 29 Oct 2010 Posts: 4197
|
Posted: Sun Mar 12, 2017 11:11 am Post subject: |
|
|
You are discussing a mmorpg, which is prohibited per the forum rules. Since you have disclosed the name of the target, this thread should have been locked.
Reported.
|
|
Back to top |
|
|
pellik Advanced Cheater Reputation: 0
Joined: 14 Jun 2013 Posts: 93
|
Posted: Sun Mar 12, 2017 11:12 am Post subject: |
|
|
You're either going to need to do battle with the detection method or use a different method to change your game.
First see if attaching the debugger causes an exit. The game might be checking the validity of the values, it might be watching itself for hooks. Either way if you're really quick and lucky ultimap may catch the detection code if you're quick with it.
Better yet is that there are numerous examples of other ways to hack games on the websites out there that don't censor multiplayer hacking. You just have to know a little C.
|
|
Back to top |
|
|
|