Cheat Engine

[Llam4]

I've been asking all over the net, and nobody's known. This question is to the programmer(s) of CE.

How did you give your program access to the memory of every program? Take Rakion for instance. I can read the memory, but I can't write to it. I have set the program to give itself FULL debug access.

This is a private memory editor, it won't be spread around or competing or anything. Just something I can use that won't be detected.

From what everybody else has been trying to tell me, it isn't possible to edit this memory if it's being run by another account/user/whatever. Of course I know this isn't true, I load your program and it does. Could I please get some insight? Once I'm done with this detail the program will be complete.

Also, I'm compiling in C++. I know you guys use Delphi, but I'm hoping you use a driver or something I can code the equivalent of in C. If it's a Delphi-only thing, I could probably look into Delphi and rewrite my program.

Thank you very much in advance.

[Dark Byte]

call virtualprotectex to make it writable before writing to it

[Llam4]

heh The problem with that is I need PROCESS_VM_OPERATION access to use it.

I only have access to PROCESS_VM_READ, which is the reason I can't write to programs ;P

[Dark Byte]

then why don't you call openprocess with PROCESS_ALL_ACCESS ?

or if you are using the code injection method, just call virtualprotect

or if you're talking about that virtualprotect and openprocess are hooked, ce can unhook those modifications, or not use those functions at all, and just use the dbk32 driver

[Llam4]

Because PROCESS_ALL_ACCESS isn't PROCESS_VM_READ, so I don't have access to it. =P

Only parameter I can get access to is PROCESS_VM_READ. Even with full debug rights given to my program by Windows, it denies my access to everything beside PROCESS_VM_READ.

I kinda feel like I'm spamming your forum, mind if we talk in PM or is it fine here?

[Dark Byte]

PROCESS_ALL_ACCESS is PROCESS_VM_READ, and more

see PROCESS_VM_READ as 1 bit specifying the read access, and PROCESS_ALL_ACCESS as a row of bit specifying what access

e.g: (PROCESS_VM_READ | PROCESS_VM_WRITE | PROCESS_VM_OPERATION) results in read, write and operate access

but your problem is because openprocess is hooked you can't use it. so you have 2 options
1: undo the hook
2: use the kernelmode driver of ce (dbk32.sys)

[Llam4]

Thanks. I was thinking it was something to do with hooks or drivers.

I don't know how to UNhook, though. So I'll dig through your code and see if I can find how to use the kernelmode driver. =]

You don't know how much you've helped me. Thanks alot =]


By the way - The C++ version of the source I downloaded from your CVS is missing vcl.h
Edit: It might be because Borland comes with vcl.h. Would make sense, I'm using MSVC++.

Edit#2: I actually can't find a reference to dbk32.sys in your source.

[Dark Byte]

dbk32.sys 's sourcecode is located in the dbkkernel subdirectory