Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Bypassing Anti-Hacking system

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
iPromise
Grandmaster Cheater
Reputation: -1

Joined: 27 Jun 2009
Posts: 529
Location: Canada
PostPosted: Sat Jan 12, 2013 1:40 pm    Post subject: Bypassing Anti-Hacking system Reply with quote
Hey,

So apparantly each time you change specific bytes in the game you get detected, hence there is a CRC check. After that you get a message saying "Hack detected" and it closes the game down for you.

What I did is that I knew, although it was still game it was also a window and it therefore had to call PostQuitMessage before it closed, so I traced the call to the entry-point of that function. I then compared the address that called PostQuitMessage with the address that called PostQuitMessage when you simply press the "Quit" button. If they matched then I haven't found the address that makes it close when you get a detection.

So I repeated the process 3 times until I finally ended up with an address which calls a function that calls a function that calls a function which calls PostQuitMessage when you get detected and it automatically closes it down for you. After that, I nopped the call to the function and the game didn't close when I got detected however, the game wasn't able to continue.

That was probably due to the fact that although you nopped the call to the PostQuitMessage and you weren't able to close you still technically got detected so the anti-hacking system must've returned something which made the game not able to continue.

So as I disassembled the address which calls a function that calls a function that calls a function which calls PostQuitMessage I noticed myself to be inside a big callback. So to prove this theory, I found out what called the entry-point of the callback and nopped it to see if any button was still functional after, and they weren't which meant that the entry-point was indeed the entry-point to the callback.

But now i'm at a deadend and I don't know which way to go. I tried to trace what calls PostMessage and SendMessage right when I got the error detection message to see if it is calling anything (specifically the address that eventually ends up calling PostQuitMessage) but I got no results which made me wonder if it is indeed a callback, how come there were no calls to PostMessage or SendMessage.

I don't know which way to go so I thought that if I asked one of you guys who have much experience with bypassing anti-hacking systems if you were able to guide me into the right direction.
Back to top
View user's profile Send private message MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites