Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


CE footprint from open process and/or readmem?

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
sullx
Cheater
Reputation: 0

Joined: 03 Jan 2013
Posts: 37

PostPosted: Sat Aug 23, 2014 6:37 pm    Post subject: CE footprint from open process and/or readmem? Reply with quote

Something interesting I am running in to. I am hacking a game protected by an anticheat (HS). I have abandoned doing anything in kernel mode (no dbvm or dbk64) because of some complications (see my other thread: http://forum.cheatengine.org/viewtopic.php?t=575636).

If I attach CE to the game after HS has boot up, when I try to scan memory I receive an error indicating that there is no memory to scan. This is because HS is hiding the process and probably hooking openprocess, or readprocmem or another relevant windows function.

I have figured out a way to attach cheat engine to the game process before HS boots up which prevents the memory from becoming "unreadable" and I can continue to scan after the game has started. I attach CE in the normal way, but interestingly, after a while in game HS closes the client. So then I close CE and then reboot the game. A few minutes later the game closes again without CE even open.

Any idea's on this?
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Sat Aug 23, 2014 8:09 pm    Post subject: Reply with quote

Try opening the process with kernelmode openprocess (they are not related to dbvm at all) and see if it still does that

And try having cheat engine just open once and not targeting anything. Perhaps it's just a normal cheat engine detection. (E.g a physical memory scan for part of ce)

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
sullx
Cheater
Reputation: 0

Joined: 03 Jan 2013
Posts: 37

PostPosted: Sat Aug 23, 2014 10:27 pm    Post subject: Reply with quote

The anticheat does not detect cheatengine (6.4) if it is open but not attached or attached to something else in standard user mode. However, dbk64.sys is detected, so anytime I try to use kernel mode--even without attaching--the anticheat closes the game. If I use the kernelmodeunloader executable to remove the driver, then the game can be played fine without being closed, but if the driver is still loaded then the game will be closed by HS.

This is why I am choosing to work in user mode and not kernel mode. It's surprising to me, though, that if I simply attach with cheat engine and do a scan then close (all in user mode), that the anticheat can pick up on that.

What kind of "footprint" could this be?
Back to top
View user's profile Send private message
sullx
Cheater
Reputation: 0

Joined: 03 Jan 2013
Posts: 37

PostPosted: Sun Aug 24, 2014 12:12 pm    Post subject: Reply with quote

So I have tried using openprocess in my own app, and had the same results. So I guess it's not a CE issue. Still just having a hard time understanding how the anticheat can detect that openprocess has been called on the machine, even before the anticheat was launched.

I boot the machine, open a test_application to attach to, then I open my hack_application which openproc's the test_application. Then I close both completely, and then I boot the game. 15 minutes later HS closes the game. Nothing about that makes sense to me. As a last resort I am going to attempt a new install of windows 7 (this time x32) and see if a fresh machine has the same results, to rule out any cross talk that could be happening between background apps and HS.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites