Cheat Engine

spyware293 · Newbie cheater Reputation: 0 Joined: 28 Jun 2012 Posts: 13

i've recreate UCE from the source and now it's undetected only if it didn't attached.
I even create similar program like CE from java using JNA, but still detected when im using OpenProcess().

is it possible to hide the hooks?

Dark Byte · Posted: Mon Sep 23, 2013 11:41 am Post subject:

It's not a CE hook, it's detecting. The game itself has installed hooks that notify it when other programs call OpenProcess

So, use an alternate method for OpenProcess.
E.g a self written kernelmode openProcess, or using a low level syscall. (make sure you're in 64-bit, since that makes openprocess hooks in kernelmode more difficult)

spyware293 · Newbie cheater Reputation: 0 Joined: 28 Jun 2012 Posts: 13

can i use plugin to write alternate method Openprocess instead of modifying it from source?

Dark Byte · Posted: Mon Sep 23, 2013 6:51 pm Post subject:

Yes, you can use a plugin to redirect calls to the main api's to your own implementation. (just adjust the pointers)

Also, try the kernelmode openprocess that comes with cheat engine

you may need to disable the syminitialize call in the symbolhandler though to make sure that one doesn't call the original openprocess

And alternatively, if you're on 64-bit windows, try to undo the hooks in ce's memory by the game