Cheat Engine

Kunn · How do I cheat? Reputation: 0 Joined: 05 Dec 2006 Posts: 9

Hi!
Interested to find if there's some program out there that lets me see if a anti cheat or a program is scanning for other processes? Process names for example

zm0d · Posted: Mon May 12, 2014 9:15 am Post subject:

No, such a tool isn't available AFAIK.

You've to be good in Assembler and also have very good reverse engineering skills to understand such procedures within the anti-cheat code.

Kunn · How do I cheat? Reputation: 0 Joined: 05 Dec 2006 Posts: 9

well thats a bummer

atom0s · Posted: Mon May 12, 2014 1:24 pm Post subject:

You could hook onto common API in the process with the anticheat and see if those specific API are being called. Granted this may get you detected and banned by doing so. Some of those API would be:
- CreateToolhelp32Snapshot
- Process32First
- Process32Next
- EnumProcesses
- EnumProcessModules
- EnumProcessModulesEx
- GetModuleInformation

To name a few, there are other API that can be used to locate processes too such as EnumChildWindows etc. to locate a parent process and so on.

Geri · Moderator Reputation: 111 Joined: 05 Feb 2010 Posts: 5636

If an anti-cheat is scanning for other processes, it should be written in the agreements that you accept when you install the game. Sometimes it's as easy as reading what you agree to. Of course some companies may "forget" to mention it, but if it's already written in the agreement that they will do it, then they are probably doing it.

Rydian · Posted: Tue May 13, 2014 1:32 pm Post subject:

I saw one game with totally hacks-upon-crude-hacks anticheat that scanned the titles of other open windows for certain key phrases.
Browsing the cheat engine forums while I had the game open would kill both the game and my browser window.
I was, of course, not happy with this and proceeded to hack the hell out of the game just to give the software the metaphorical finger. Even though it was just software I wanted revenge!

Then I found that the protection was so crude that I could run it as admin in soime sandbox software and it was unable to read any other window info because the anti-cheat wasn't running as a system service or whatever...

But anyways to partially answer the question since then I've used these two things as an easy way to tell if a game has invasive anti-cheat or not.

A - Does the game /need/ (not just request) admin rights to run even if you install it into a folder that's not protected, such as a folder on your desktop and then edit the executable to not ask for admin rights?

B - Can the game be run in sandboxie?

If either of these are false then the game likely either launches and communicates with high-permission background services for protecting it's own process (B), or the game does a lot of scanning/checking of other processes on the system and needs admin rights to do the level of probing it does (A).

Anything that's not that strong is likely just anti-debugger stuff (VEH+hardware breakpoints is generally enough) or CRC stuff, which I've actually got no experience with bypassing/tricking as it doesn't show up in most single-player games.

(I know there's CRC stuff in a few big-name single-player games, I just haven't gotten around to playing or messing with them.)

Dark Byte · Posted: Tue May 13, 2014 1:47 pm Post subject:

the "startrek" game has an integrity check. On multiple locations. (using steam's CEG protection)

Added bonus is that last time I checked it comes with a 120MB pdb database that describes all the code, including the integrity check codes