Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


having a problem in locating an unknow function call

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
aeolus811tw
How do I cheat?
Reputation: 0

Joined: 16 Sep 2007
Posts: 3
PostPosted: Sat Feb 07, 2009 11:11 am    Post subject: having a problem in locating an unknow function call Reply with quote
currently im reversing a game called Holic 2
the game has implemented two type of anti-hacking system
APR (guess its a new type, no info about it anywhere online)
Hackshield

Hackshiled was a piece of cake to remove
but the APR is a tough cookie

i alrdy inspected the entire directory, there are no sign of extension dll library
which means APR possibly can be a build-in function into the game
and judging from two of the anti-hacking system being working together
its more likely that such system is just a small function of the game

according to the gaming official, they claim that APR checks packets
but i highly doubt that

i've been tryign to locate the code fragment that calls to the function
but having no luck at all

the APR system does not use actual message box or anythign to close program
when it detects possible hacking (dunno the exact method yet)
it will call on displaying a picture (possibly from a resource file or dll file)
and use the pic along with a customized image button
even with this displayed, the picture has no function of closing the game
more of like a warning system

then the server disconnect after couple seconds

i've tried to use PtInRect to look for the creation of the customized image button (probably a stpid idea)
also tried to use DrawImage
i have traced to WSASend command but didn't find any encryption checking routine

so i current am kinda stuck on how to find APR's function call
does anyone have any idea of how to trace its call function down with olly?

this anti-hacking system doesn't have an official site or any info among internet
i can't figure out how it actually work
-------------------------------------------
i have successfully remove the displaying pic from memory
and by doing so the system will invoke exception when it trys to read the pic to display

but the problem i have now is that i can't find the memory location of the pic which the system tried to read from

any one got any hint on how to pin point down the memory address or the opcode that invokes exception handler?

because its a user defined exception, so i don't know how to continue from ntdll.KiUserExceptionDispatch routine
----------------------------------------
got it all solved
by invoking run trace i successfully traced bak to the routine Smile
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites