Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


question Stealthedit plugin

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Discussions
View previous topic :: View next topic  
Author Message
Anaxor
Newbie cheater
Reputation: 0

Joined: 11 Aug 2007
Posts: 17
PostPosted: Tue May 27, 2014 12:00 am    Post subject: question Stealthedit plugin Reply with quote
hello, i was wondering what can i do with the stealthedit plugin feature that says find integrity scan routines...

i know they are the addresses that do the CRC, but how can i point them to read from the copy addresses, so i can edit the original without crashing the game?
Back to top
View user's profile Send private message
Geri
Moderator
Reputation: 112

Joined: 05 Feb 2010
Posts: 5627
PostPosted: Tue May 27, 2014 4:30 am    Post subject: Reply with quote
It's working the other way. You are changing the copy and the original code will not be touched and the game will use the copy instead of the original.
_________________
My trainers can be found here: http://www.szemelyesintegracio.hu/cheats

If you are interested in any of my crappy articles/tutorials about CE and game hacking, you can find them here:
http://www.szemelyesintegracio.hu/cheats/41-game-hacking-articles

Don't request cheats or updates.
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 474

Joined: 09 May 2003
Posts: 25953
Location: The netherlands
PostPosted: Tue May 27, 2014 4:38 am    Post subject: Reply with quote
that's what stealthedit does.
The find integrity scan routine is if you intend to do it the other way around without stealthedit

when you have found the integrity check routines (there can be multiple so check the routines themselves as well) do a code injection that changes the read pointer to the copy in the proper relative location.
so if the game is at 00400000 to 00500000 and the copy ranges from 10200000 to 10300000 then every time the pointer falls in the range of the game, change it to the relative address in the copy. E.g if it wishes to read 004abcdef then change it to (10200000+(004abcdef-00400000)=)102abcdef
_________________
Tools give you results. Knowledge gives you control.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Anaxor
Newbie cheater
Reputation: 0

Joined: 11 Aug 2007
Posts: 17
PostPosted: Tue May 27, 2014 11:19 am    Post subject: Reply with quote
Dark Byte wrote:
that's what stealthedit does.
The find integrity scan routine is if you intend to do it the other way around without stealthedit

when you have found the integrity check routines (there can be multiple so check the routines themselves as well) do a code injection that changes the read pointer to the copy in the proper relative location.
so if the game is at 00400000 to 00500000 and the copy ranges from 10200000 to 10300000 then every time the pointer falls in the range of the game, change it to the relative address in the copy. E.g if it wishes to read 004abcdef then change it to (10200000+(004abcdef-00400000)=)102abcdef


and how do I do a code injection that changes the read pointer to the copy in the proper relative location.
Back to top
View user's profile Send private message
Geri
Moderator
Reputation: 112

Joined: 05 Feb 2010
Posts: 5627
PostPosted: Tue May 27, 2014 11:41 am    Post subject: Reply with quote
If you are using code injection to change it, you could as might as well feed false data to the code instead of using a copy.

(For that, you just have to make a code injection on the reading instruction and when it's reading those few bytes that you have changed on the address, replace the obtained values with the original, so the reading instruction will be pretty much useless.

Eg you want to replace 4 bytes on 00045560 to 00000000, then you just replace it with something like this

mov eax,[ecx]

to

cmp ecx,00045560
jne originalcode
mov eax,00000000

and this way you don't even need a copy, you just input fake data.)

But you have to deal with all of the integrity checks that may detect your code injection and some games have a lot of those checks. Not to mention that they can be triggered in different time intervals or by specific events (eg when you kill an enemy, open a door, reach a checkpoint, any event).
So if you try to bypass those checks with code injection, good luck for finding them all. Maybe they will be running only once in every 30 minutes, maybe some of them will run only at the end of the game before a bossfight, all sorts of evil tricks can be added by the developers and they can cause seemingly random crashes.

Of course this doesn't mean that all games will do that, but if they want, they can do it and it happens sometimes.
_________________
My trainers can be found here: http://www.szemelyesintegracio.hu/cheats

If you are interested in any of my crappy articles/tutorials about CE and game hacking, you can find them here:
http://www.szemelyesintegracio.hu/cheats/41-game-hacking-articles

Don't request cheats or updates.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Discussions All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites