Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


[C++]Plz,Helpme..Eip CHange..by debugging

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
okjy000
How do I cheat?
Reputation: 0

Joined: 12 Jun 2010
Posts: 2
PostPosted: Fri Jul 02, 2010 2:12 pm    Post subject: [C++]Plz,Helpme..Eip CHange..by debugging Reply with quote
Hi...Now, I ab making Dll file for injection.
but, i can't bypass game guard.

Code:

[ENABLE]
01005840:
sub [01005194],eax
jmp 01003474
[DISABLE]



this code well play in Minesweeper

But.
when this dll file meet game guard, Online game shut down....
i think that casuse is usermode debugging.
how can i use kermode debugging.

Sorry. my English skill is Low ...T.T

Last edited by okjy000 on Sun Jul 11, 2010 11:37 pm; edited 1 time in total
Back to top
View user's profile Send private message
Evil_Intentions
Expert Cheater
Reputation: 65

Joined: 07 Jan 2010
Posts: 214
PostPosted: Fri Jul 02, 2010 4:17 pm    Post subject: Reply with quote
I know your main problem without even looking at any of the code.

"Game Guard"

Its made to stop things like this from working. I personally don't know how to bypass it, maybe a more senior member knows how...but i doubt it.
Back to top
View user's profile Send private message
iPromise
Grandmaster Cheater
Reputation: -1

Joined: 27 Jun 2009
Posts: 529
Location: Canada
PostPosted: Sat Jul 03, 2010 12:59 am    Post subject: Reply with quote
Well, if this works fine for Mine Sweeper, then the problem is not with the code, its with GameGuard. Having said so, try taking looking a look at this quote:

Quote:

Ring3
advapi32.dll
CreateProcessWithLogonW
gdi32.dll
GetPixel
kernel32.dll
CreateProcessInternalW
DebugActiveProcess
DeviceIoControl
GetProcAddress
LoadLibraryExW
MapViewOfFile
MapViewOfFileEx
MoveFileW
OpenProcess
ReadProcessMemory
VirtualProtect
VirtualProtectEx
WriteProcessMemory
ntdll.dll
NtLoadDriver
NtOpenProcess
NtProtectVirtualMemory
NtQuerySystemInformatio
NtReadVirtualMemory
NtSuspendProcess
NtSuspendThread
NtTerminateProcess
NtTerminateThread
NtWriteVirtualMemory
RtlGetNativeSystemInfor
ZwLoadDriver
ZwOpenProcess
ZwProtectVirtualMemory
ZwQuerySystemInformatio
ZwReadVirtualMemory
ZwSuspendProcess
ZwSuspendThread
ZwTerminateProcess
ZwTerminateThread
ZwWriteVirtualMemory
user32.dll
GetWindowThreadProcessI
PostMessageA
PostMessageW
SendInput
SendMessageA
SendMessageW
SetCursorPos
SetWindowsHookExA
SetWindowsHookExW
keybd_event
mouse_event
Ring0
NtConnectPort
ZwConnectPort
NtOpenProcess
ZwOpenProcess
NtProtectVirtualMemory
ZwProtectVirtualMemory
NtReadVirtualMemory
ZwReadVirtualMemory
NtWriteVirtualMemory
ZwWriteVirtualMemory
SendInput


These are functions that GameGuard hooks, Ring3 is usermode hooks while Ring0 is global hooks. Do you see any functions that you use which are listed in that quote? I have no time to look for myself and tell you but if you do see any functions that are hooked try finding an alternative to the function, sometimes your function can have a reference call to another function and that function is hooked. Functions arn't the only thing that matter, it depends on how you inject your dll into your online game. Make sure that when you inject your dll its when GameGuard is loading, that works great for me so it should work for you as well. String detection is also another problem, based on my current knowledge on GameGuard, GameGuard scans for strings such as "hack" and if it finds matches then it presumes that your using a online cheat and closes the game.

Try using the tlhelp32.h header with Process32First() and Process32Next() as your alternatives to obtaining your targets process id, FindWindow() may not be as reliable. Or since your already inside the process there is no need to find the PID because all you need to do is GetCurrentProcessId() and it gives you the correct PID of the target your injected in Smile
Back to top
View user's profile Send private message MSN Messenger
okjy000
How do I cheat?
Reputation: 0

Joined: 12 Jun 2010
Posts: 2
PostPosted: Sun Jul 04, 2010 2:09 am    Post subject: Reply with quote
Um... I can't understand. I want use kernelmode debugging
Because, Gameguard hook this function 'debugactiveprocess()'
Then, I want know altenative fonction for debugacticveprocess
or creat like CE debug..
Back to top
View user's profile Send private message
iPromise
Grandmaster Cheater
Reputation: -1

Joined: 27 Jun 2009
Posts: 529
Location: Canada
PostPosted: Sun Jul 04, 2010 4:10 pm    Post subject: Reply with quote
Well you can still use usermode debugging, since DebugActiveProcess() is only under a ring 3 hook or a local hook, you can easily bypass that with a 5 byte trampoline better known as a hookhop.
Back to top
View user's profile Send private message MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites