Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


[Tutorial] Dealing with Xlive and similar protections
Goto page 1, 2, 3  Next
 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Tutorials
View previous topic :: View next topic  
Author Message
Geri
Moderator
Reputation: 111

Joined: 05 Feb 2010
Posts: 5636

PostPosted: Thu Feb 03, 2011 8:54 am    Post subject: [Tutorial] Dealing with Xlive and similar protections This post has 1 review(s) Reply with quote

Here is a very short tutorial to help You dealing with the security checks in some games that are protected against code injection. It will not help You cheat in online games so don't even start to read if that is Your intention. All it does is helping You to find the security checks to be able to use code injection in single player games which are protected by Xlive or other system.

It has 3 parts with 3 short videos, nothing fancy, it takes about 5 minutes to do it.

You can read it here:

http://szemelyesintegracio.hu/cheats/41-game-hacking-articles/243-xlive

_________________
My trainers can be found here: http://www.szemelyesintegracio.hu/cheats

If you are interested in any of my crappy articles/tutorials about CE and game hacking, you can find them here:
http://www.szemelyesintegracio.hu/cheats/41-game-hacking-articles

Don't request cheats or updates.
Back to top
View user's profile Send private message
d34dkn16h7
Cheater
Reputation: 0

Joined: 06 Jan 2011
Posts: 40

PostPosted: Thu Feb 03, 2011 9:32 am    Post subject: Reply with quote

thanks i love watching your tuts
Back to top
View user's profile Send private message Send e-mail
Freiza
Grandmaster Cheater
Reputation: 22

Joined: 28 Jun 2010
Posts: 662

PostPosted: Thu Feb 03, 2011 9:35 am    Post subject: Reply with quote

Nice tutorials..
Back to top
View user's profile Send private message Send e-mail
Geri
Moderator
Reputation: 111

Joined: 05 Feb 2010
Posts: 5636

PostPosted: Thu Feb 03, 2011 9:37 am    Post subject: Reply with quote

Some games are doing such things nowadays so it doesn't hurt to know what is going on and why is the game crashing without obviously visible reasons.
_________________
My trainers can be found here: http://www.szemelyesintegracio.hu/cheats

If you are interested in any of my crappy articles/tutorials about CE and game hacking, you can find them here:
http://www.szemelyesintegracio.hu/cheats/41-game-hacking-articles

Don't request cheats or updates.
Back to top
View user's profile Send private message
satanrules666
Advanced Cheater
Reputation: 0

Joined: 31 Oct 2010
Posts: 70
Location: New Zealand

PostPosted: Thu Mar 10, 2011 4:17 am    Post subject: Reply with quote

mmmm i dont really understand the tutorial fully

i found the address that gives me no reload/unlimited ammo
do i go to this in memory viewer
then set a breakpoint
go back to the game the game freezes pressing f9 does nothing i have to control alt delete out of the game select cheat engine down in the taskbar and then press f9 where it gives me one address which is a call
and according to the tutorial a call is not what i want or is it im confused and dont really know

heres my problem with cheat engine i can only use windows debuger

i am running windows 7 sp 1 64 bit
i have the options for the windows debuger and the veh debuger i can select the veh debuger and yea it find the value then when i slect what accesses or writes to that address it brings up nothing
my cheat engine does say i need to start windows with unsigned drivers so i shall try that
i also noticed since i installed cheat engine 6.0 now 5.6.1 wont scan at all it will say no readable memory

random

_________________
I know you're reading this, Jiehfeng. Smile


http://forum.cheatengine.org/viewtopic.php?t=533625
Back to top
View user's profile Send private message
Geri
Moderator
Reputation: 111

Joined: 05 Feb 2010
Posts: 5636

PostPosted: Thu Mar 10, 2011 8:15 am    Post subject: Reply with quote

If you have the address of the code that you wish to modify, go to the codes address in the hex view (not in the disassembler view) and set a data breakpoint on it. If you see that the process has stopped (the game will not stop but CE will display that the process is debugged, you can see it in the window header of the memory view), then you can press F9. You should see the return addresses where you can see them on the video and start backtracing.
F9 will not work when you are not in the memory view. However you can set a hotkey for Debug -> Run in the CE settings. It would be better if you would run the game in window so you can see what is going on in the background.

VEHdebugger is not so good for Xlive as kernelmode debugging, but this will work with VEHdebugger too. Only problem is, sometimes the game will crash if it is detecting the debugger. No problem, you just need to restart the game and try it again. There are tons of ways to get around the debugger problem but I will not mention it here.

If VEHdebugger is not working for you for some reason, you can still try to use the DBVM to use the kernelmode debugger.

_________________
My trainers can be found here: http://www.szemelyesintegracio.hu/cheats

If you are interested in any of my crappy articles/tutorials about CE and game hacking, you can find them here:
http://www.szemelyesintegracio.hu/cheats/41-game-hacking-articles

Don't request cheats or updates.
Back to top
View user's profile Send private message
satanrules666
Advanced Cheater
Reputation: 0

Joined: 31 Oct 2010
Posts: 70
Location: New Zealand

PostPosted: Thu Mar 10, 2011 8:48 pm    Post subject: Reply with quote

thanks for the reply Geri

sadly as i have a amd phenom x4 965 BE i cannot use the DBVM as i heard for that you need an intel cpu

so i can find the address by placing a data breakpoint to find out what address the function accesses

this is the very sad thing it finds it then instantly after it finds it the game crashes

really wish i got an intel at this moment

Veh debugger is good but still i think there needs to be something better for amd cpus

would you know of any other way to tackle this beast of a thing the game is resident evil 5

theres a je jump right above the address i need to change but if you jump that the game last longer but still crashes so i must have to find the evil eye thats watching everything



what do i do 2.png
 Description:
you will have to zoom in to see
 Filesize:  906.64 KB
 Viewed:  61276 Time(s)

what do i do 2.png



what do i do 1.png
 Description:
you will have to zoom in to see
 Filesize:  1.06 MB
 Viewed:  61276 Time(s)

what do i do 1.png



_________________
I know you're reading this, Jiehfeng. Smile


http://forum.cheatengine.org/viewtopic.php?t=533625
Back to top
View user's profile Send private message
prince gmy
Cheater
Reputation: 0

Joined: 24 Feb 2011
Posts: 38
Location: alex,eg

PostPosted: Fri Mar 11, 2011 6:22 am    Post subject: well...vry well Reply with quote

thank geri for ur helpful tuts
Very Happy u are pretty smart
Back to top
View user's profile Send private message Send e-mail Yahoo Messenger MSN Messenger
Geri
Moderator
Reputation: 111

Joined: 05 Feb 2010
Posts: 5636

PostPosted: Fri Mar 11, 2011 7:02 am    Post subject: Reply with quote

Quote:
theres a je jump right above the address i need to change but if you jump that the game last longer but still crashes so i must have to find the evil eye thats watching everything


Nope, it will not be enough to change that instruction. You need to disable the whole function. As you see, this is a sub-function in a sub-function etc etc. Probably it is working the same way as on my video so it should be near the 3rd return address.

Btw. if you look at the 3rd video, you can see that if you know how is Xlive looks like already, you do not even need a debugger. Cheat Engine's "dissect code" option will show where was the function called from, there are not too much possibilities. Just check out those functions and you will probably find the one which is very similar to the one on my video.

You can also see the code in the disassembler so you can try to search for it with an "Array of bytes" scan.

_________________
My trainers can be found here: http://www.szemelyesintegracio.hu/cheats

If you are interested in any of my crappy articles/tutorials about CE and game hacking, you can find them here:
http://www.szemelyesintegracio.hu/cheats/41-game-hacking-articles

Don't request cheats or updates.
Back to top
View user's profile Send private message
satanrules666
Advanced Cheater
Reputation: 0

Joined: 31 Oct 2010
Posts: 70
Location: New Zealand

PostPosted: Sat Mar 12, 2011 12:28 am    Post subject: Reply with quote

thanks for the help again

but i cant even get one address to show up in the return window when i set a data break point to see what is accessing the code i want to change

when i set the data breakpoint every single time the game crashes before it even finds one rturn address

if only veh debugger was as good as kernel mode debugger

_________________
I know you're reading this, Jiehfeng. Smile


http://forum.cheatengine.org/viewtopic.php?t=533625
Back to top
View user's profile Send private message
Geri
Moderator
Reputation: 111

Joined: 05 Feb 2010
Posts: 5636

PostPosted: Sat Mar 12, 2011 12:37 am    Post subject: Reply with quote

It is working for me with VEHdebugger too, but if you cannot solve it, check your PMs.

Off topic:

Quote:
What is up with people and my name its just a username and yes jesus does love me

Please like stop flaming me


Lol, it's because you mispelled SANTA. Hohoho.
He won't give you presents if you don't spell his name correctly. Laughing

_________________
My trainers can be found here: http://www.szemelyesintegracio.hu/cheats

If you are interested in any of my crappy articles/tutorials about CE and game hacking, you can find them here:
http://www.szemelyesintegracio.hu/cheats/41-game-hacking-articles

Don't request cheats or updates.
Back to top
View user's profile Send private message
satanrules666
Advanced Cheater
Reputation: 0

Joined: 31 Oct 2010
Posts: 70
Location: New Zealand

PostPosted: Sat Mar 12, 2011 2:21 am    Post subject: Reply with quote

Actually managed to find the address this time but i dont get a conditional jump above it like you did in your video so mmmm interesting

Off topic

yea think ill get rid of that quote now it was only there because ages back someone got me banned from here and dont know why random rages of hate i guess

and now dont really care am back on here so all good



what do i do 3.png
 Description:
 Filesize:  1.13 MB
 Viewed:  61194 Time(s)

what do i do 3.png



_________________
I know you're reading this, Jiehfeng. Smile


http://forum.cheatengine.org/viewtopic.php?t=533625
Back to top
View user's profile Send private message
Geri
Moderator
Reputation: 111

Joined: 05 Feb 2010
Posts: 5636

PostPosted: Sat Mar 12, 2011 2:38 am    Post subject: Reply with quote

You are looking at the wrong place. It is not above the code exactly.

It looks like this:

conditional jump
call function
call sub-function
call sub-function
your code
...

Or something like that. You can see it on the video that I have gone backwards, checking where it is started.
You start from "your code" and you need to trace backwards until you find "function" and above it, you see the conditional jump.

This is why you need the return addresses, to see the addresses where the calls originated. If you don't get what I mean, probably you don't know how the "call" instruction is working but then check the previous tutorial here:
http://www.szemelyesintegracio.hu/cheats/41-game-hacking-articles/225-basic-encryptions-debugging-backtracing-and-some-info-on-the-stack

In that tutorial, I have used the trace feature which is drawing a tree in CE 6 so you can see how is the structure of the code look like.

_________________
My trainers can be found here: http://www.szemelyesintegracio.hu/cheats

If you are interested in any of my crappy articles/tutorials about CE and game hacking, you can find them here:
http://www.szemelyesintegracio.hu/cheats/41-game-hacking-articles

Don't request cheats or updates.
Back to top
View user's profile Send private message
satanrules666
Advanced Cheater
Reputation: 0

Joined: 31 Oct 2010
Posts: 70
Location: New Zealand

PostPosted: Sat Mar 12, 2011 7:32 am    Post subject: Reply with quote

well i found an address i hope im in the right place now or near it

i hope i can one day get this lol as its something ild really like to know/understand



is this more like it.png
 Description:
 Filesize:  1.26 MB
 Viewed:  61167 Time(s)

is this more like it.png



_________________
I know you're reading this, Jiehfeng. Smile


http://forum.cheatengine.org/viewtopic.php?t=533625
Back to top
View user's profile Send private message
Geri
Moderator
Reputation: 111

Joined: 05 Feb 2010
Posts: 5636

PostPosted: Sat Mar 12, 2011 11:59 am    Post subject: Reply with quote

It still doesn't seem right but on the tree, you can see that your function is returning to another function, Check that, and then if you need (you will probably need to), go back even more until you find something similar that you can see on my video. Trace more instructions, like 10000 or more if it helps, maybe you will see the picture a bit better. The point is to find the source where the whole reading process will start.

Check a few functions (in any program), see how are they working, how are the return points working and if you are familiar with backtracing, you will pick this up in no time easily.

_________________
My trainers can be found here: http://www.szemelyesintegracio.hu/cheats

If you are interested in any of my crappy articles/tutorials about CE and game hacking, you can find them here:
http://www.szemelyesintegracio.hu/cheats/41-game-hacking-articles

Don't request cheats or updates.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Tutorials All times are GMT - 6 Hours
Goto page 1, 2, 3  Next
Page 1 of 3

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites