View previous topic :: View next topic |
Author |
Message |
++METHOS I post too much Reputation: 92
Joined: 29 Oct 2010 Posts: 4197
|
Posted: Tue Jun 25, 2013 4:58 pm Post subject: |
|
|
Update:
I have reduced my allocation footprint across the board, with very little noticeable changes, unfortunately. I have changed injection points, where I could, to see if stealth'ing a different page would make a difference, with very little noticeable changes. In fact, the 'choppy' graphics aren't overly bad until I hit start to bring up the pause menu and return to the game. After doing this, the problem is 2x (at least) as noticeable, it seems.
At this point, I don't know what else I can do other than to live with this infuriating anti-cheat system that has been implemented in to this game. I would only be guessing, trying to remove the checks myself.
Nonetheless, thank you all for your help. I appreciate all of these tools and those of you that continue to develop them further. Thank you.
+REP given to all of you that helped me.
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Tue Jun 25, 2013 5:22 pm Post subject: |
|
|
Allocations mean nothing, stealthedit is mainly slow if the page you're marking for stealthedit is accessed a lot. So try to limit the pages you mark as stealthedited, and preferably, pick a completely different page if possible
e.g a stealthedit of 00404008 affects 00404000 to 00404fff so if 00404800 is executed almost constantly, it's a bad spot for a stealthedit
also, removing the checks isn't that difficult. stealtheditv2 has a option to find out the integrity check routine (it captures reads of the given page)
(tip: check what reads the integrity check routine as well, it's sometimes something else)
then modify the code reading parts to point to a relative location in a copy
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
++METHOS I post too much Reputation: 92
Joined: 29 Oct 2010 Posts: 4197
|
Posted: Tue Jun 25, 2013 6:08 pm Post subject: |
|
|
Thanks, Dark Byte. I am stealth'ing several pages. The only way around this is to not write so many cheats. I have combined some cheats in order to reduce this, however. Some of the instructions are being accessed many times per second, and there is no away around it, other than scrapping the cheat. I have moved to other pages for some of my cheats, but the change isn't that noticeable.
Yeah, I read that stealthedit2 can do this, although, I have not looked in to it. I will at least try, to see what I can find. I do not understand what you mean by pointing the code reading parts to a point to a relative location in a copy. Are you suggesting that I redirect the check routine to look in to my copied section? If so, what is the benefit of doing this?
Thanks, again.
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Tue Jun 25, 2013 6:23 pm Post subject: |
|
|
Look at this table for example:
http://forum.cheatengine.org/download.php?id=101650
It copies the module memory to a different location, and hooks the routines that read the code, so they read the unmodified copy
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
++METHOS I post too much Reputation: 92
Joined: 29 Oct 2010 Posts: 4197
|
Posted: Tue Jun 25, 2013 6:39 pm Post subject: |
|
|
It will take some time to wrap my head around this. I will try. Thank you for your response. I will report back, either way.
EDIT:
I do not understand what is being done with these scripts. Are we redirecting the integrity check to read from a copied version of the unaltered, real code, while altering the real code to do what we want? I'm afraid this is currently above my understanding. So far, I have found two different addresses that the integrity check uses for one stealth page...but I do not know what to do with them. There are still a lot of features in Cheat Engine that I have yet to understand.
EDIT:
If I could reduce the stealthedit page size, would this solve my problem? If so, would it be possible to do? Thanks.
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Wed Jun 26, 2013 4:10 am Post subject: |
|
|
The instruction that read the code get modified so the read the copy
So if the original code range was at 00400000 to 00500000 and the copy is at 40400000 then if the integrity check routine wants to read 00458000 you change the read pointer to 40458000
Pagesize can't be changed, it's a hardware thing
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
++METHOS I post too much Reputation: 92
Joined: 29 Oct 2010 Posts: 4197
|
Posted: Wed Jun 26, 2013 5:03 am Post subject: |
|
|
I'm sorry, Dark Byte, I'm just not understanding. Perhaps it is too soon and too difficult of a task for me, currently. I will keep trying to make sense of it.
Thanks, again, for your help. I appreciate it.
|
|
Back to top |
|
|
TsTg Master Cheater Reputation: 5
Joined: 12 Dec 2012 Posts: 334 Location: Somewhere....
|
Posted: Thu Jun 27, 2013 2:16 am Post subject: |
|
|
What is the difference if i just redirected the target code's EXECUTION to a copy, instead of redirecting 'the instruction that reads it' to READ from the copy ??, any variations in the speed ??(I use the first method mostly with DEP exceptions and a VEH handler)
-The 'target code' is the one i want to hack as a cheat.
-The 'instruction that reads' is the integrity check routine.
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Thu Jun 27, 2013 3:50 am Post subject: |
|
|
Execution change requires dep and veh and slows down the execution of the page being redirected (including functions you didn't intend to change)
Instruction read change only affects the integrity check routines. Downside is that you must find ALL integrity check routines before it will work, and sometimes that can mean an external process as well
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
knightblizs Advanced Cheater Reputation: 0
Joined: 18 Jun 2013 Posts: 56
|
Posted: Mon Jul 08, 2013 7:56 pm Post subject: |
|
|
i have problem
when click Steatlhedit this pages
Description: |
|
Filesize: |
19.54 KB |
Viewed: |
32925 Time(s) |
|
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Mon Jul 08, 2013 8:14 pm Post subject: |
|
|
You'll need to setup a manual stealthedit (single page)
But why do you need stealthedit on JIT'ed code? Does adobe air do an integrity check on the code ? Or is it so insecure that it allows the emulated program to read native code ?
tip: Find out what accesses the code, and then mess with those results
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
knightblizs Advanced Cheater Reputation: 0
Joined: 18 Jun 2013 Posts: 56
|
Posted: Mon Jul 08, 2013 8:37 pm Post subject: |
|
|
how to setup manually stealthedit?
when the code change the game disconnect, so I want to try to use this way
Using find out what accesses there are no results so complicated to find a static address
|
|
Back to top |
|
|
Geri Moderator Reputation: 111
Joined: 05 Feb 2010 Posts: 5636
|
Posted: Tue Jul 09, 2013 12:21 am Post subject: |
|
|
I really doubt that the program is crashing due to anti-cheat. Probably it's crashing because you edit the wrong code. Code injection in flash (or whatever you are trying to edit here, but most likely flash) is messy in most cases.
_________________
|
|
Back to top |
|
|
knightblizs Advanced Cheater Reputation: 0
Joined: 18 Jun 2013 Posts: 56
|
Posted: Tue Jul 09, 2013 3:01 am Post subject: |
|
|
before I edit the code and successfully work, but after the game in an update. hack does not work because it disconnects, so I want to try this method might work
|
|
Back to top |
|
|
Geri Moderator Reputation: 111
Joined: 05 Feb 2010 Posts: 5636
|
Posted: Tue Jul 09, 2013 5:29 am Post subject: |
|
|
Simple, just make a code injection that does nothing. Then you will see that the error is due to the code injection or it's your code.
Or use the debugger to find out if anything is reading the address of the code or not.
_________________
|
|
Back to top |
|
|
|