Cheat Engine

`unknown

Okay, so basically I am trying to learn some C++ to achieve some memory edits, to make a trainer. I was wondering if someone could link me to some good tutorials or post some snippets that would assist me in recreating this in C++

I know the variables can be defined as int's, but how would they be referenced?

If you need anymore information, let me know.

BanMe · Posted: Thu Feb 19, 2009 6:27 pm Post subject:

you cannot depend on the same location in memory always being there..

int shouldn't be used unsigned long or DWORD's should..

will your trainer be a plugin to CE?

i definitly need more info to understand what your doing..

Regards BanMe

`unknown · Posted: Thu Feb 19, 2009 6:30 pm Post subject:

BanMe · Posted: Thu Feb 19, 2009 6:39 pm Post subject:

the address maybe static but the allocated memory that you use to store the data will not always be in the same place, because it may be used by the game or another dll or w/e

also if your injecting a Dll
this is how you could hook that static address..

`unknown · Posted: Thu Feb 19, 2009 6:43 pm Post subject:

Oh yeah, I know the allocated memory won't be static. But thanks for the info. Only thing is that won't work because the game has a CRC. I need to make a breakpoint I believe.

dnsi0 · Posted: Thu Feb 19, 2009 6:51 pm Post subject:

Hes trying to make a debugger to get hardware breakpoints to work.

1. Research SetThreadContext and GetThreadCOntext. (You will need this)
2. Make your self a driver to copy the kernel and rehook the NtSetContextTHread and NtGetContextThread so they work while gameguard is running.
3. Look at CE's source. Dark byte has a working Debugger. You could learn from that.

BanMe · Posted: Thu Feb 19, 2009 6:55 pm Post subject:

if it has a CRC your dll injection will be detected..i doubt it has a runtime CRC.. and if it does i would load it in Olly and break on TLS..

dnsi0 · Posted: Thu Feb 19, 2009 7:24 pm Post subject:

Im sorry. I looked at it again. And maplestory private servers do not have crc checks. SO! all you have to do is rewrite your jump over the address instead of setting the eip. No GameGuard=No CRC Detection.

wassssup34579 · How do I cheat? Reputation: 0 Joined: 13 Jul 2008 Posts: 3

i suggest you learn more about SEH (Structured Exception Handling). use the SetUnhandledExceptionFilter and SetThreadContext API's to create a memory breakpoint so you will be able to set any of the debug registers. (Including EIP!)

also, you wont need to allocate any memory... but if you ever need to, use the VirtualAlloc API.

BanMe · Posted: Thu Feb 19, 2009 8:43 pm Post subject:

fs:[0] = Exception dispatch chain..

EIP != Debug register..

if(size(HeapAlloc())>PageGranularity)
use VirtualAlloc

i suggest looking into y0da's SEHCall it should Still be on the NET somewhere..

you are restricted from modifying EIP with SetThreadContext..

and if no CRC or no GG then.. my method will work no problem.. Smile

regards BanMe

`unknown · Posted: Thu Feb 19, 2009 9:03 pm Post subject:

I'm making it for GMS, not a private server. The CRC doesn't detect DLL injection, there are already several working DLLs. So I do need to bypass a CRC. Will wassup's method work for doing so?

dnsi0 · Posted: Thu Feb 19, 2009 9:06 pm Post subject:

If your trying to program a gms crc bypass then give up.

You can look at CE's source...

`unknown · Posted: Thu Feb 19, 2009 9:10 pm Post subject:

No I'm not trying to make a CRC Bypass Razz

I'm trying to read HP/MP values from a call stack by hooking the function and making a code cave to copy the values.

Zerith · Posted: Fri Feb 20, 2009 1:48 am Post subject:

I did this a while ago, but in a diffrent way, I got the values after they've been decrypted because I found the decryption function easily. Smile

sponge · Posted: Fri Feb 20, 2009 4:05 am Post subject:

"IAT" hooks will work. (Secondary IAT for MS. You'll see it become populated as MS loads.)