Cheat Engine

anssik · How do I cheat? Reputation: 0 Joined: 26 Mar 2014 Posts: 4

Hello !

I am debugging a program without source code, and trying to fix a crash. The program has anti-debugger capabilities , and shuts down when using Ollydbg , but I found the CE's VEH debugger the solve this problem and being able to attach to it.

So my question is, how do I follow the programs execution in the debugger and locate the point in memory where the crash occurs?

Gniarf · Posted: Wed Mar 26, 2014 2:15 pm Post subject:

Simplest way to find where a program crashed it to ask windows. You remember the popup that tell you the program crashed and asks you if you want to submit an error report to MS? Click on "View problem details", the crash occurred at Fault Module Name+Exception Offset.

Also you could try attaching ollydbg AFTER the program has crashed (set olly as JIT debugger), the protection might let you enough time to at least see the function that crashed.

You could also use CE to view debug events (memory viewer->view->debug events) once a debugger has been attached.

anssik · How do I cheat? Reputation: 0 Joined: 26 Mar 2014 Posts: 4

Thank you for replying.

Such popup does not happen? It just crashes to desktop without any error messages.

I figured the program calls KernelBase.RaiseException though on the crashing point (I used Debug Events), but I can't figure out how to go a step back to see which part of the code calls the function.

If I place a breakpoint using F5 to the RaiseException function, my whole desktop freezes (I think it breakpoints the function for all other programs too then).

Gniarf · Posted: Wed Mar 26, 2014 2:54 pm Post subject:

Crap I guess the have something like (in c++)

anssik · How do I cheat? Reputation: 0 Joined: 26 Mar 2014 Posts: 4

I think I have located the function that crashes to one of the DLLs. The problems are , that the crash is random, so it does not always occur, and also that it's in a middle of a join procedure in a multiplayer game, so I really cant just break on every step or the other end timeouts the procedure. Is it possible to record two traces and compare them somehow, like one where the join succeeds and one where it crashes in the middle of the joining process?

Gniarf · Posted: Wed Mar 26, 2014 5:54 pm Post subject:

CE has something called the ultimap, which should be a bit like olly's run trace but requires the kernel mode debugger (aka DBVM). I've never used it so I can give more help in that regard (I kinda have an allergy to DBVM).

The other option would be to put breakpoints at key points, and then use a lua script that would log some stuff and near instantly resume execution. If you want to go that way, consult main.lua in your cheat engine dir and look up debugger_onBreakpoint(). BTW you can write text files with lua.

...And just in case, are you sure the protection will let you fix the bug once you locate it? 'Coz if you fix the bug but the protection thinks your code modification is a cracking/cheat attempt and CTD or bans you, then you're probably going to rage hard. If it does have integrity checks, stealthedit (plugin for CE) might help. Might.

anssik · How do I cheat? Reputation: 0 Joined: 26 Mar 2014 Posts: 4

Ultimap says it works only on Intel processors. I have AMD. Sad

Yeah the game's protection crashes the game if any of the game's memory space is modified, but the DLL can be hex edited and it does not crash.

I'm going to check the LUA stuff out. Thanks.