Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


How Anti-Cheat Program Detect CE Currently?

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
lylcheater
How do I cheat?
Reputation: 0

Joined: 04 Jun 2010
Posts: 3
PostPosted: Fri Jun 04, 2010 12:39 pm    Post subject: How Anti-Cheat Program Detect CE Currently? Reply with quote
I am just wondering exactly how the anti-cheats detect CE currently. I've no intention in making an UCE myself but rather interested in knowing the techniques behind it.

Is it simply by looking at some specific signature of the process? Just like anti-virus detecting known virus. In that case, if I just insert junk into the code would that means I can bypass the detection? In addition to junk code, should I also worry about API hooking - like recovering the hooked ReadProcessMemory()? I assume all anti-cheats would no doubt hook it, right?
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 470

Joined: 09 May 2003
Posts: 25805
Location: The netherlands
PostPosted: Fri Jun 04, 2010 1:21 pm    Post subject: Reply with quote
window titles and classnames(including those of invisible windows)
processname
memory signatures

kernelmode readprocessmemory bypasses the usermode hooked ReadProcessMemory, and virtualpagedir plugin bypasses the kernelmode hook
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
lylcheater
How do I cheat?
Reputation: 0

Joined: 04 Jun 2010
Posts: 3
PostPosted: Sat Jun 05, 2010 2:10 am    Post subject: Reply with quote
Dark Byte wrote:
window titles and classnames(including those of invisible windows)
processname
memory signatures

So in addition to inserting junk code, we should shuffle the names of various items.

Quote:

kernelmode readprocessmemory bypasses the usermode hooked ReadProcessMemory, and virtualpagedir plugin bypasses the kernelmode hook


Do you mean CE already has a kernel model component bypassing the usermode hooked ReadProcessMemory? That is, for one to have an UCE, all his has to do is to make sure the process is not detected by inserting junk code and renaming window titles, class names, etc , while safely assuming the user mode hook implemented by anti-cheats is dealt with by CE.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites