Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Theory of bypassing anti-cheat

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
Polynomial
Grandmaster Cheater
Reputation: 5

Joined: 17 Feb 2008
Posts: 524
Location: Inside the Intel CET shadow stack

PostPosted: Fri Aug 14, 2009 9:23 am    Post subject: Theory of bypassing anti-cheat Reply with quote

I'm interested in how bypassing anti-cheat systems work. I've seen people hooking CreateProcess to stop the execution of the anti-cheat, and hooking functions that the anti-cheat uses in order to fake results, but that's about all.

I noticed Dark Byte mentioned that GG might look at the file that a module was loaded from - would it be possible to copy that module to a random place, inject it into the application, remove the file handle, then delete the file? The module would be loaded into memory, so it shouldn't cause a problem, right?

Also, would it not be possible to create something that runs in the kernel that masks the loaded modules in a process?

I suppose my question is what are the most commonly used methods to break anti-cheat?

_________________
It's not fun unless every exploit mitigation is enabled.
Please do not reply to my posts with LLM-generated slop; I consider it to be an insult to my time.
Back to top
View user's profile Send private message
R.I.P
How do I cheat?
Reputation: 0

Joined: 01 Jun 2009
Posts: 4
Location: Kangaroo land

PostPosted: Fri Aug 14, 2009 6:39 pm    Post subject: Reply with quote

Probably DLL Injection on the top level, and masking
_________________
Cheat engine was great but now it is dead, well at least there is no spam any more!

NoperNation All your coding / Hardware / Games / Hack Needs
Back to top
View user's profile Send private message
Flyte
Peanuts!!!!
Reputation: 6

Joined: 19 Apr 2006
Posts: 1887
Location: Canada

PostPosted: Fri Aug 14, 2009 9:04 pm    Post subject: Reply with quote

In my mind, there are three ways to bypass an anti-cheat system. Pick one, and stick to one. Mixing and matching just ends badly.

  1. Be Passive: Don't do anything noticable or extreme. Manually loading a module into a processes memory (after rebasing it and such in your own process) is a good example of this. Another passive method is copying the kernel beforehand to bypass their hooks.

  2. Be Aggressive (B-E-AGGRESSIVE): Hooks, hooks, and more hooks. Do everything you can to stop the anti-cheat from working properly. The main difference between this and above, is that with this method you are targeting the anti-cheat, whereas above you are just trying to run under the radar. Did I mention you use a lot of hooks?

  3. Emulate It: Completely reverse the anti-cheat and build the heartbeat generator from the ground up. Best one of the three, but the hardest to pull off.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites