|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
Predatortank Newbie cheater Reputation: 0
Joined: 22 Dec 2010 Posts: 12
|
Posted: Mon Jan 10, 2011 11:27 pm Post subject: |
|
|
I have given up on my AV software. I had a virus a few weeks back that disabled my AV and every time i tried to open or change anything on my AV, the virus would crash my computer. It's honestly less of a hassle to just back everything up once a week, and now I can actually use CE without my AV freaking out on me!
|
|
Back to top |
|
|
Dacnomania Expert Cheater Reputation: 1
Joined: 03 Sep 2010 Posts: 124
|
Posted: Tue Jan 11, 2011 3:43 am Post subject: |
|
|
I use avira. I just disable it every time I use a hacking program.
|
|
Back to top |
|
|
el_bartholomew How do I cheat? Reputation: 0
Joined: 13 Jan 2011 Posts: 1
|
Posted: Thu Jan 13, 2011 7:49 am Post subject: |
|
|
I have a problem when trying to download the new version
Microsoft gives me a warning that the content is not safe
is this a false positive?
Description: |
|
Filesize: |
31.43 KB |
Viewed: |
25283 Time(s) |
|
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25295 Location: The netherlands
|
Posted: Thu Jan 13, 2011 7:53 am Post subject: |
|
|
false positive yes
Just report that the download is safe
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
Geri Moderator Reputation: 111
Joined: 05 Feb 2010 Posts: 5636
|
Posted: Thu Jan 13, 2011 8:48 am Post subject: |
|
|
"The download website contains links to viruses"
WTF is that? How dare they say that it contains viruses? Do they have proofs? At least it should say "MAY contains links to viruses".
Because as I read this crap, every reported site is proven to be totally full of viruses.
If I would have a company or a large site and it would pop-up this shit to my site, I would fuckin sue them for accusing me without any evidence.
This just shows how retarded they are. If they are SURE of it, it should contain another link too where it is described what are these viruses doing EXACTLY. Without analyzis, they don't know anything and if they have analyzed it, why not publish the results?
_________________
|
|
Back to top |
|
|
Dacnomania Expert Cheater Reputation: 1
Joined: 03 Sep 2010 Posts: 124
|
Posted: Tue Feb 01, 2011 5:21 am Post subject: |
|
|
You go Geri . xP
|
|
Back to top |
|
|
scearezt Cheater Reputation: 0
Joined: 12 Feb 2011 Posts: 46
|
Posted: Thu Feb 17, 2011 7:06 am Post subject: |
|
|
'Couse it's a debugger... anti-virus programs detecting the changes of the executable files and other.... that's why your crappy scanner think it's a virus.
|
|
Back to top |
|
|
Geri Moderator Reputation: 111
Joined: 05 Feb 2010 Posts: 5636
|
Posted: Thu Feb 17, 2011 8:30 am Post subject: |
|
|
It also has many other features which may help to temper with the target process, not just debugging.
_________________
|
|
Back to top |
|
|
Burningmace Grandmaster Cheater Reputation: 5
Joined: 17 Feb 2008 Posts: 520 Location: Inside the Intel CET shadow stack
|
Posted: Sun Feb 20, 2011 8:44 am Post subject: |
|
|
This may have already been mentioned, but I would like to explain in detail why certain anti-virus programs do think CE is malware (a virus), and why they are wrong. Take heed to what I say, because not only do I have a lot of experience in malware analysis and programming in general, but also my final year project at university was writing a full AV program from start to finish. I will attempt to keep this simple at an overall level, but I will go into detail so you can really understand the issue. In case you think at any point that I am inferring that CE might have malware in it, I am absolutely not. Let me state it definitively: CE IS NOT MALWARE.
Your anti-virus program, along with any other program out there, is not sentient. It cannot think. It obeys a set of rules to classify incoming data into categories - safe, or one of the malware categories (e.g. trojan, worm, etc). To do this, it employs a few different techniques. I'm going to explain two of them, which apply most here.
Technique #1 - File hash
A hash is a checksum that sums up some data (e.g. a file) in some short way. Common hash algorithms are MD5 and SHA1, which take in some data and output a fixed-length value that is almost unique to that data. The same data in = the same hash out, no matter how many times you do it. AV programs have a huge database of the hashes of known malware files. Each scanned file will be hashed and compared against the database. If the hash matches an entry, the AV knows what malware it is and can look up the appropriate method to remove it. I would like to stress that CE is most likely NOT in this list for any AV. In fact I would be surprised if it is in any of these lists.
Technique #2 - Heuristics
Malware writers got wise to hash checks, so made malware that makes tiny modifications to itself that, whilst not changing how the program works in any way, alters its data and therefore changes its hash. In order to get round this and to detect new potential malware samples that it might not have seen before, it employs something called heuristics. What it essentially does is dissect the target program into its individual sections and header information, then examine each to discover what it might be doing.
In any program you have a set of calls to external functions (APIs) that tell the operating system what needs to be done. For example, you would want to close the program at some point - this is done with an ExitProcess call. When it is compiled, the program has information about these APIs embedded in them. This information doesn't say what the program is using them for (some APIs have multiple uses), so the AV must guess based on the other calls it has entries for. Certain API calls are often used for certain types of malware. For example, one might call SetWindowsHookEx to perform a keyboard hook to make a keylogger. However, this API is also used to provide global hotkeys in trainers and other programs. Depending on your AV software, the level of paranoia placed on certain types of calls is different.
CE uses a whole bunch of APIs that are also often used in a range of malware. This is why the CE program gets flagged as malware. CE also includes a driver to perform certain debugging and memory access operations, which is not signed by a trusted party. Driver signing is Microsoft's way of saying "this driver is safe and trusted", which is why major device manufacturers sign their drivers. However, driver signing is very expensive, hence CE doesn't have it. This means the AV program sees some application that uses some suspicious APIs and tries to install an unsigned driver. If this were malware and the AV didn't block it, your system is pwned with a rootkit and you'd lose confidence in your AV, and therefore wouldn't buy their products any more. It's a business decision. There's no such thing of giving potential malware the benefit of the doubt.
The sane thing for any AV vendor to do is to put CE on the "not malware" whitelist or allow users to manually whitelist the CE program, but, as we all know, people aren't sane.
Hopefully this clears things up a bit.
_________________
It's not fun unless every exploit mitigation is enabled. |
|
Back to top |
|
|
Geri Moderator Reputation: 111
Joined: 05 Feb 2010 Posts: 5636
|
Posted: Sun Feb 20, 2011 2:51 pm Post subject: |
|
|
I agree with most of this but I think You are not completely right in the first part where You assume that CE is not listed as a malware for AV companies. They indeed attack CE not because it is a malware, but because it is a "hacking" software. Probably they do this for money. As for why do I think that, here are 2 of my "tests" about CE and AV detections.
1. I have uploaded a CE made trainer months ago to virustotal and only a few of the AV's has detected "virus" in it. Then a few weeks later, I have tested the same untouched file, with the same MD5 hash (even virustotal has detected that this file with this same hash has been tested before) and now at least 3 times more AV scanner has detected virus in it. What has been changed in the file? Obviously nothing, the hash was the same etc. So what other things are changed? Some Av companies "figured" that CE trainers that were harmless before are now malwares. Ridiculous. It is clear that they manipulate the users and give fake results regarding CE for whatever business reason. They do what they are paid for, to scare people away from CE.
2. If You change the Cheat Engine strings in the exe file, only one AV will think it is still a virus and all others will just leave it alone. Reason? The content is the same, only the Cheat Engine string is missing and the hash of course is different. This seems to prove that they are targeting CE specificly, not because of it's functions.
And as for a bonus,
3. CE 6 has even more features, yet it is not detected as a virus because they did not have time to gang up on it like they did with previous versions.
In summary, my opinion is that AV companies are unethically trying to control people. They know it is not a virus as not the features are causing the problem but their blacklists. And we all know that it is easy to put someone on that list for the right price. As You have said, it is just business and CE is a free software so "big and professional" gaming companies are not just trying to detect CE with their anti-cheat stuff but they also use other methods to scare away people from ever installing CE.
All of these proves one thing for sure:
CE is not just not a malware, but also one of the most advanced reverse-engineering tools ever made and it is so cool, that others are "afraid" from its power. If it would be a crap, no one would care about it but we all know that many games are directly searching for CE and I don't think those companies are so poor that they cannot afford to buy some "support" in their anti-cheat engine project from AV companies.
It is this simple, they are afraid from CE users because CE rocks.
At least that's my opinion.
Btw. Your article/post is very good, I totally agree with the rest of it.
Peace!
_________________
|
|
Back to top |
|
|
Geri Moderator Reputation: 111
Joined: 05 Feb 2010 Posts: 5636
|
Posted: Wed Apr 13, 2011 11:50 am Post subject: |
|
|
It isn't a problem. If you don't want it, just don't install the recommended program. If you want to support Dark Byte, then install it. That's all.
_________________
|
|
Back to top |
|
|
Gothantic How do I cheat? Reputation: 0
Joined: 18 Apr 2011 Posts: 5
|
Posted: Mon Apr 18, 2011 6:06 pm Post subject: |
|
|
I love kids who say they have norton antivirus and that it said cheat engine is a virus.
Try to remove your norton antivirus some day.... its worse than dealing with an actual virus.
|
|
Back to top |
|
|
Saric Advanced Cheater Reputation: 20
Joined: 20 Jul 2008 Posts: 61 Location: Somewhere. Over teh rainbow.
|
Posted: Mon Apr 18, 2011 7:01 pm Post subject: |
|
|
Gothantic wrote: | I love kids who say they have norton antivirus and that it said cheat engine is a virus.
Try to remove your norton antivirus some day.... its worse than dealing with an actual virus. |
I used norton before, and it never had a problem with me having cheat engine.
|
|
Back to top |
|
|
Lukong Newbie cheater Reputation: 0
Joined: 21 Feb 2011 Posts: 17
|
Posted: Wed Apr 20, 2011 9:24 pm Post subject: |
|
|
chewbacca_teh_haxz0r wrote: | 'retarded idiot'
Rofl.. Nice one, What dip doesn't understand that it's not a virus...?
Anyways, thx for the solution, I used to just drag the neverending warning pop-ups to the side of the screen, that fixes that.
Ty.
|
The type of dip that thinks your going to get arrested for Hacking a game.
Saric wrote: | Gothantic wrote: | I love kids who say they have norton antivirus and that it said cheat engine is a virus.
Try to remove your norton antivirus some day.... its worse than dealing with an actual virus. |
I used norton before, and it never had a problem with me having cheat engine. |
Yeah tell that to my Norton which I had to shutdown all its functions also for the People who try to remove Norton or anything for that matter, make sure that the Program itself is shutdown before uninstalling it.
Norton goes by the name of ccsvchst.exe in the Processes also use CE 5.6.1 to find the icon that matches the program your trying to shutdown then use Task Manager to shut it down.
Geri wrote: | I agree with most of this but I think You are not completely right in the first part where You assume that CE is not listed as a malware for AV companies. They indeed attack CE not because it is a malware, but because it is a "hacking" software. Probably they do this for money. As for why do I think that, here are 2 of my "tests" about CE and AV detections.
1. I have uploaded a CE made trainer months ago to virustotal and only a few of the AV's has detected "virus" in it. Then a few weeks later, I have tested the same untouched file, with the same MD5 hash (even virustotal has detected that this file with this same hash has been tested before) and now at least 3 times more AV scanner has detected virus in it. What has been changed in the file? Obviously nothing, the hash was the same etc. So what other things are changed? Some Av companies "figured" that CE trainers that were harmless before are now malwares. Ridiculous. It is clear that they manipulate the users and give fake results regarding CE for whatever business reason. They do what they are paid for, to scare people away from CE. |
One problem Anti-Virus Software itself can be cracked and some like Adware which don't have some needed features like Norton could let you choose whom to keep and whom to let go.
The worst part about the rest of what your saying is How Gaming Companies have anti-cheat methods, in the sense of worst I mean true.
The other day I was hacking [Finding a value] in a Sequel to a game [Runefactory 3] for some reason it was very difficult to find any values unlike before.
In Runefactory 2 I was able to find values for Items, Money, HP, RP and even the items in the Hand so I could drop any item in the inventory, but in this one its way more difficult to find a single value.
When you think about it SWF/Browser games are also tricky. There values are multiplied by 8.
I was play a game called Phantasy Star 0 on the a DS emulator, I later realize that all the values were multiplied by 64, so even though I knew the limit for an item was 99 and scanning Value type 1 Byte, I was way off.
Some game companies are ahead or using different Value types because games like Pokemon or MegaMan on the GBA can not have the Money simply changed and that is the easiest value to find.
|
|
Back to top |
|
|
maikkano How do I cheat? Reputation: 0
Joined: 13 May 2011 Posts: 1
|
Posted: Fri May 13, 2011 1:46 pm Post subject: |
|
|
Burningmace wrote: | This may have already been mentioned, but I would like to explain in detail why certain anti-virus programs do think CE is malware (a virus), and why they are wrong.
[...]
The sane thing for any AV vendor to do is to put CE on the "not malware" whitelist or allow users to manually whitelist the CE program, but, as we all know, people aren't sane.
Hopefully this clears things up a bit. |
hi.
I came to download a script to mount&blade and came to this post when d/loading CE6.0.
I've registered in this forum only to show my thumbs up to the user who wrote this. it was f-ing amazing.
probably I'll not be around here again but I felt it needed to be said.
best regards
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|