| View previous topic :: View next topic |
| Should i update this gay example ? |
| Yes it helps newbies |
|
25% |
[ 2 ] |
| No, it sucks |
|
75% |
[ 6 ] |
|
| Total Votes : 8 |
|
| Author |
Message |
DeletedUser14087
I post too much
![]() Reputation: 2
Joined: 21 Jun 2006
Posts: 3069
|
 Posted: Sun Nov 11, 2007 2:37 pm Post subject: A Gay example of how to undetect CheatEngine for newbies |
 |
|
| Quote: | The bright brown fox has jumped over the fence
fox is detected, change fox to w.e |
Well this one is better, this is a very basic example of how to undetect CheatEngine from GG
Download CE 5.3 (Original) source, compile everything and open it, then open the game i included...
figure out what's detected (1 string only), if you bypassed this gay game GG, then i'm suprised ! 
Note: for those who doesn't know what this game is, click WTF ?
| Description: |
|
| Filesize: |
12.62 KB |
| Viewed: |
8181 Time(s) |
|
Last edited by DeletedUser14087 on Mon Nov 12, 2007 3:08 am; edited 1 time in total |
|
| Back to top |
|
 |
ZenX
Grandmaster Cheater Supreme
 Reputation: 1
Joined: 26 May 2007
Posts: 1021
Location: ">>Pointer<<" : Address 00400560 Offset :1FE
|
|
| Back to top |
|
|
Never Again
I post too much
 Reputation: 0
Joined: 13 Jan 2007
Posts: 2000
Location: New Mexico
|
| Posted: Sun Nov 11, 2007 3:25 pm Post subject: |
|
|
I win.
| Description: |
|
| Filesize: |
5.82 KB |
| Viewed: |
8136 Time(s) |
|
|
|
| Back to top |
|
|
DeletedUser14087
I post too much
![]() Reputation: 2
Joined: 21 Jun 2006
Posts: 3069
|
| Posted: Sun Nov 11, 2007 3:27 pm Post subject: |
|
|
| Never Again wrote: | | I win. |
Dam autoclickers
Show me a Pic with CE 5.3 Bypassed 
|
|
| Back to top |
|
|
ZenX
Grandmaster Cheater Supreme
Reputation: 1
Joined: 26 May 2007
Posts: 1021
Location: ">>Pointer<<" : Address 00400560 Offset :1FE
|
|
| Back to top |
|
|
Reak
I post too much
 Reputation: 0
Joined: 15 May 2007
Posts: 3496
|
| Posted: Sun Nov 11, 2007 4:34 pm Post subject: |
|
|
oh lol, you added so much shit...I don't really know what your "GameGuard" is doing but it's not detecting CE 5.3.
And you used strings.
adress1:00CD4188
adress2:00CD41A4
adress3:00CD41B4
weird as hell
And btw, we can't start the program if we rename/remove the "GameMon.exe" but we can easily kill it.
|
|
| Back to top |
|
|
ZenX
Grandmaster Cheater Supreme
Reputation: 1
Joined: 26 May 2007
Posts: 1021
Location: ">>Pointer<<" : Address 00400560 Offset :1FE
|
| Posted: Sun Nov 11, 2007 4:40 pm Post subject: |
|
|
| rEakW0n wrote: |
And btw, we can't start the program if we rename/remove the "GameMon.exe" but we can easily kill it. |
Omg, I thoguht that was how every game was??
Like No way orly O_O?
-.-', that is common sense, sorry.
_________________
CEF Moderator since 2007 ^_^
ZenX-Engine |
|
| Back to top |
|
|
Reak
I post too much
Reputation: 0
Joined: 15 May 2007
Posts: 3496
|
| Posted: Sun Nov 11, 2007 4:45 pm Post subject: |
|
|
| ZenX wrote: | | rEakW0n wrote: |
And btw, we can't start the program if we rename/remove the "GameMon.exe" but we can easily kill it. |
Omg, I thoguht that was how every game was??
Like No way orly O_O?
-.-', that is common sense, sorry. |
I could just add a timer which checks if GameMon.exe is running or no, if not..baybay
|
|
| Back to top |
|
|
ZenX
Grandmaster Cheater Supreme
Reputation: 1
Joined: 26 May 2007
Posts: 1021
Location: ">>Pointer<<" : Address 00400560 Offset :1FE
|
| Posted: Sun Nov 11, 2007 5:09 pm Post subject: |
|
|
| rEakW0n wrote: | | ZenX wrote: | | rEakW0n wrote: |
And btw, we can't start the program if we rename/remove the "GameMon.exe" but we can easily kill it. |
Omg, I thoguht that was how every game was??
Like No way orly O_O?
-.-', that is common sense, sorry. |
I could just add a timer which checks if GameMon.exe is running or no, if not..baybay |
Yea, but, i could make an executable that doesnt do shit that is named Gamemon.exe or w/e the GameGuards name and process is.
rProtect == FAIL!
_________________
CEF Moderator since 2007 ^_^
ZenX-Engine |
|
| Back to top |
|
|
Reak
I post too much
Reputation: 0
Joined: 15 May 2007
Posts: 3496
|
| Posted: Sun Nov 11, 2007 5:15 pm Post subject: |
|
|
| ZenX wrote: | | rEakW0n wrote: | | ZenX wrote: | | rEakW0n wrote: |
And btw, we can't start the program if we rename/remove the "GameMon.exe" but we can easily kill it. |
Omg, I thoguht that was how every game was??
Like No way orly O_O?
-.-', that is common sense, sorry. |
I could just add a timer which checks if GameMon.exe is running or no, if not..baybay |
Yea, but, i could make an executable that doesnt do shit that is named Gamemon.exe or w/e the GameGuards name and process is.
rProtect == FAIL! |
true.
And it's already rev 1337 and does nothing..nice kasper .
Are you planning a update?
|
|
| Back to top |
|
|
DeletedUser14087
I post too much
![]() Reputation: 2
Joined: 21 Jun 2006
Posts: 3069
|
| Posted: Sun Nov 11, 2007 5:46 pm Post subject: |
|
|
| rEakW0n wrote: | | ZenX wrote: | | rEakW0n wrote: | | ZenX wrote: | | rEakW0n wrote: |
And btw, we can't start the program if we rename/remove the "GameMon.exe" but we can easily kill it. |
Omg, I thoguht that was how every game was??
Like No way orly O_O?
-.-', that is common sense, sorry. |
I could just add a timer which checks if GameMon.exe is running or no, if not..baybay |
Yea, but, i could make an executable that doesnt do shit that is named Gamemon.exe or w/e the GameGuards name and process is.
rProtect == FAIL! |
true.
And it's already rev 1337 and does nothing..nice kasper .
Are you planning a update? |
lol i deleted the src right after i finished this example, no need to update
|
|
| Back to top |
|
|
Acim
Grandmaster Cheater Supreme
 Reputation: 0
Joined: 04 Jun 2007
Posts: 1948
Location: If anyone has a GMS DK and they don't need it I'll have it!!
|
|
| Back to top |
|
|
atom0s
Moderator
 Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
|
| Back to top |
|
|
rapion124
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 25 Mar 2007
Posts: 1095
|
| Posted: Sun Nov 11, 2007 7:27 pm Post subject: |
|
|
| Lolz @ Kaspersky's retarded GameGuard. I wouldn't be surprised if all it did was put itself onto the taskbar... Nice for noobies though.
|
|
| Back to top |
|
|
SunBeam
I post too much
 Reputation: 65
Joined: 25 Feb 2005
Posts: 4023
Location: Romania
|
| Posted: Sun Nov 11, 2007 11:03 pm Post subject: |
|
|
a) Unpack both, see what he's detecting.
b) PUSH 4 on CreateProcessA (from Hackthisgame.exe) will send GameMon.exe in suspended mode
Fun, but not a proof of concept after all. We should have Moose make one such GameGuard. Kasper always posts retarded crap.
How come I open regular CE 5.3 and I don't get detected? I'm not running in kernel mode. My CE is named "Cheat Engine.exe". Just one space fucks your whole GameGuard, you funny little man..
Here:
0045233A |. BA C8234500 MOV EDX,Hackthis.004523C8 ; ASCII "60004000"
0045233F |. E8 141FFBFF CALL Hackthis.00404258
00452344 |. 75 1B JNZ SHORT Hackthis.00452361
00452346 |. 6A 00 PUSH 0
00452348 |. 68 D4234500 PUSH Hackthis.004523D4 ; ASCII "Winner !"
0045234D |. 68 E0234500 PUSH Hackthis.004523E0 ; ASCII "You Won !"
00452352 |. 8BC3 MOV EAX,EBX
00452354 |. E8 A759FEFF CALL Hackthis.00437D00
00452359 |. 50 PUSH EAX ; |hOwner
0045235A |. E8 8942FBFF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
Want to catch the buffer? Simple. Hook 43296A 
0043296A |> \8B7E 64 MOV EDI,DWORD PTR DS:[ESI+64] ; Case E of switch 00432935
You can swap the info in that buffer 
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
I got it.