| View previous topic :: View next topic |
| Author |
Message |
booingthetroll
Expert Cheater
![]() Reputation: 0
Joined: 30 Aug 2011
Posts: 114
Location: ::1
|
 Posted: Wed Dec 31, 2014 7:26 pm Post subject: annoying CE detection |
 |
|
| hey, I'm trying to mess around with a game but it detects CE both when it starts and periodically during run time. I got around most of the checks by replacing a bunch of easy strings like cheat with xxxxx but now it detects when CE attaches to it. any tips? like microsoft functions I could look into that it could be using? the debugger checks are completely different & I just need a few seconds without detection in order to debug a thread that will let me disable everything
|
|
| Back to top |
|
 |
booingthetroll
Expert Cheater
![]() Reputation: 0
Joined: 30 Aug 2011
Posts: 114
Location: ::1
|
| Posted: Thu Jan 01, 2015 7:40 pm Post subject: |
|
|
| sorry for the double post but just realized it's when CE attaches to any process, not just the game itself. any ideas at all?
|
|
| Back to top |
|
|
aikoncwd
Grandmaster Cheater
 Reputation: 23
Joined: 21 Dec 2012
Posts: 591
Location: Spain (Barcelona)
|
| Posted: Thu Jan 01, 2015 7:49 pm Post subject: |
|
|
If it's not an onlinegame... can you share the name of the game? Also config CE to use VEH debugger or DBVM Kernel debugger.
_________________
Hey Hitler
Test here your skill with CheatEngine, I coded a challenge for you. Try to beat it!
HERE |
|
| Back to top |
|
|
booingthetroll
Expert Cheater
![]() Reputation: 0
Joined: 30 Aug 2011
Posts: 114
Location: ::1
|
| Posted: Fri Jan 02, 2015 12:34 am Post subject: |
|
|
| figured it out but nah it's the attaching & opening a process, debugger doesn't matter
|
|
| Back to top |
|
|
Dark Byte
Site Admin
 Reputation: 471
Joined: 09 May 2003
Posts: 25820
Location: The netherlands
|
| Posted: Fri Jan 02, 2015 3:05 am Post subject: |
|
|
you're using kernelmode openProcess?
perhaps it's checking the process label on the ce gui (window with title of the processid)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
booingthetroll
Expert Cheater
![]() Reputation: 0
Joined: 30 Aug 2011
Posts: 114
Location: ::1
|
| Posted: Fri Jan 02, 2015 7:50 pm Post subject: |
|
|
| thanks, I can debug and stuff now, but while I post here, are there any generic functions they might be using to scan windows? It's not using GetActiveWindow, already checked that
|
|
| Back to top |
|
|
aikoncwd
Grandmaster Cheater
Reputation: 23
Joined: 21 Dec 2012
Posts: 591
Location: Spain (Barcelona)
|
| Posted: Fri Jan 02, 2015 8:18 pm Post subject: |
|
|
| booingthetroll wrote: | | thanks, I can debug and stuff now, but while I post here, are there any generic functions they might be using to scan windows? It's not using GetActiveWindow, already checked that |
There are a lot of method to detect "things". GetWindowText, ListActiveProcess, ScanForDeterminatingRegistryKeys, ListLoadedModules, ListDrivers for DBVM, GetTickCount and similars, etc...
This is a personal example/tool, lot of method to detect CE:
_________________
Hey Hitler
Test here your skill with CheatEngine, I coded a challenge for you. Try to beat it!
HERE |
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 471
Joined: 09 May 2003
Posts: 25820
Location: The netherlands
|
| Posted: Fri Jan 02, 2015 8:36 pm Post subject: |
|
|
for driver detection place a driver.dat (or driver64.dat) file in your ce folder
the exact layout:
| Code: |
servicename
processeventname
threadeventname
sysfilename
dbvm_password1
dbvm_password2
|
then reboot
the driver will take the name of the strings used in that file
e.g on 64-bit systems create a driver64.dat file and fill it like:
| Code: |
bla64
pbla64
ebla64
wtf.sys
12345678
abcdef0
|
and rename (copy) dbk64.sys to wtf.sys
---
for other detections there are millions of ways, e.g getwindowtext and all window enumeration api's
you could for example search for a gui with a progressbar and a logo at the top right.
and if above that progressbar comes a subwindow with a caption starting with the hexadecimal representation of your current processid, it's safe to say it's cheat engine
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping
Last edited by Dark Byte on Fri Jan 02, 2015 8:45 pm; edited 2 times in total |
|
| Back to top |
|
|
booingthetroll
Expert Cheater
![]() Reputation: 0
Joined: 30 Aug 2011
Posts: 114
Location: ::1
|
| Posted: Fri Jan 02, 2015 8:40 pm Post subject: |
|
|
| hahahaha thanks so much it was one of them and I'll message you everything I find it you care
|
|
| Back to top |
|
|
aikoncwd
Grandmaster Cheater
Reputation: 23
Joined: 21 Dec 2012
Posts: 591
Location: Spain (Barcelona)
|
| Posted: Fri Jan 02, 2015 8:47 pm Post subject: |
 |
|
| booingthetroll wrote: | | hahahaha thanks so much it was one of them and I'll message you everything I find it you care |
If you want to practice more:
http://forum.cheatengine.org/viewtopic.php?p=5564029
Its a "game" I made with some detection tricks. at0mos have passed this test, give a try 
Don't read the solution 
_________________
Hey Hitler
Test here your skill with CheatEngine, I coded a challenge for you. Try to beat it!
HERE |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
