View previous topic :: View next topic |
Author |
Message |
Xeni How do I cheat? Reputation: 0
Joined: 26 Nov 2017 Posts: 4
|
Posted: Mon Nov 27, 2017 3:13 am Post subject: Tips to prevent detection? |
|
|
Hi! I'm trying to bypass a games anticheat which seems to pick up Cheat Engine before I attach.
What I've done:
Hooking NtOpenProcess (tries to open my Cheat Engine several times)
Hooking CreateFileW (block all file opens to my exe)
Hooking NtCreateFile (block all file opens)
Hooking NtOpenFile (block all file opens)
Window title changed
Window caption changed
Window class changed
Compiled cheat engine myself
VMProtected executable
Just having it open gets the program detected after a minute. Note: CreateFileW, NtCreateFile, NtOpenFile are all called, but they never seem to target my EXE.
With the NtOpenProcess hook, I was able to bypass the games third party anti-cheat, however, the developers have added their own checks in the game executable itself. No, there is no kernel drivers involved (they don't use one).
|
|
Back to top |
|
|
OldCheatEngineUser Whateven rank Reputation: 20
Joined: 01 Feb 2016 Posts: 1587
|
Posted: Mon Nov 27, 2017 3:21 am Post subject: |
|
|
i dont think discussion about bypassing anti-hacks/cheats are allowed here anymore.
but for your info it doesnt have to be an external data/code security check, it can also be the instruction bytes if it changed then it will drop you an error.
so internally a thread is performing Read-Only on couple functions and if condition satisfied then baaam.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote: | i am a sweetheart. |
|
|
Back to top |
|
|
Xeni How do I cheat? Reputation: 0
Joined: 26 Nov 2017 Posts: 4
|
Posted: Mon Nov 27, 2017 12:31 pm Post subject: |
|
|
OldCheatEngineUser wrote: | i dont think discussion about bypassing anti-hacks/cheats are allowed here anymore.
but for your info it doesnt have to be an external data/code security check, it can also be the instruction bytes if it changed then it will drop you an error.
so internally a thread is performing Read-Only on couple functions and if condition satisfied then baaam. |
Why?
Also, as I said in my first sentence this is before I attach or do anything.
|
|
Back to top |
|
|
OldCheatEngineUser Whateven rank Reputation: 20
Joined: 01 Feb 2016 Posts: 1587
|
Posted: Mon Nov 27, 2017 4:18 pm Post subject: |
|
|
yeah i know you said before doing anything, but anyways what type of errors it drop.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote: | i am a sweetheart. |
|
|
Back to top |
|
|
|