Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Very Popular problem :/

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
DrVirus
Cheater
Reputation: 0

Joined: 05 Oct 2013
Posts: 32
Location: Planet Mercury :P

PostPosted: Tue Dec 09, 2014 9:30 am    Post subject: Very Popular problem :/ Reply with quote

ok , so i've found that recent games are doing some SSDT Hooks [to prevent cheat engine from reading the memory]

so i've found which drivers are doing that [they are kernel modules ]

i removed them using a software , and cheat engine was reading the memory normally , but once the game has closed , i got "BLUE SCREEN OF DEATH" on my pc ...

so the problem is , i want to suspend the drivers instead of unloading them so that i won't get that stupid pc crash anymore...

The Game Hooks are NTOpenprocess & WriteProcessMemory [at least that's what i've found]

so , my question is : Is There any way to suspend the drivers without affecting on my pc ? and yes i am 64 bit already ...
Back to top
View user's profile Send private message
Gniarf
Grandmaster Cheater Supreme
Reputation: 43

Joined: 12 Mar 2012
Posts: 1285

PostPosted: Tue Dec 09, 2014 10:27 am    Post subject: Re: Very Popular problem :/ Reply with quote

DrVirus wrote:
once the game has closed , i got "BLUE SCREEN OF DEATH" on my pc
I assume you quit the game using the normal quit button from inside the game, which may cause it to try to do kernel stuff that result in a bsod. What happens if you forcefully quit it with this script?
Code:
[ENABLE]
createthread(ExitProcess)

[DISABLE]
It should immediately terminate the process without letting it do the "cleanup"...
_________________
DO NOT PM me if you want help on making/fixing/using a hack.
Back to top
View user's profile Send private message
zm0d
Master Cheater
Reputation: 7

Joined: 06 Nov 2013
Posts: 423

PostPosted: Tue Dec 09, 2014 10:48 am    Post subject: Reply with quote

Try out to remove the hooks with GMER (http://www.gmer.net/) and see if this works. Also, you can't hook WriteProcessMemory over the SSDT because it's not a kernel mmode function. NtWriteVirtualMemory is the actual function, to use in kernel mode.
Back to top
View user's profile Send private message
DrVirus
Cheater
Reputation: 0

Joined: 05 Oct 2013
Posts: 32
Location: Planet Mercury :P

PostPosted: Tue Dec 09, 2014 3:18 pm    Post subject: Reply with quote

I already tried GMER , it restores the hooks but the bad news is that the kernel drivers [wolfk.sys] keeps hooking them back , like a looping is occurred ....

and no , i am exiting the game using Force Exit , still shows Blue screen ...

btw , is there any possible way to use Cheat engine in dll mode ?

so that when i inject that dll , cheat engine will be appeared [like a childwindow of the main game ] , because cheat engine will then have full access on the game .
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Tue Dec 09, 2014 3:24 pm    Post subject: Reply with quote

Have you tried the kernelmode memory access routines? (Query memory region ,read/write memory, etc...)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
DrVirus
Cheater
Reputation: 0

Joined: 05 Oct 2013
Posts: 32
Location: Planet Mercury :P

PostPosted: Tue Dec 09, 2014 3:52 pm    Post subject: Reply with quote

Dark Byte wrote:
Have you tried the kernelmode memory access routines? (Query memory region ,read/write memory, etc...)


yeah , i've tried this one , The addresses are visible , however they are Black colored , and i can't find what accesses the address , or even do a pointer scan ...


Note : That i can do the find what access & pointer scans when i unload the drivers that keeps hooking the game ..

so , i got 2 ideas , but i don't know which one is possible :

Loading a fake named driver so that the game checks for it and processes without problems [however i don't know exactly how to do that ]

the second idea , is the cheat engine in dll Mode [which i think is possible] because i've seen a scanner before called {IPromise Memory scanner} or something like that ..
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Tue Dec 09, 2014 3:59 pm    Post subject: Reply with quote

Are you using 6.4? It has a fix for the lack of symbols (unless it changes the usermode code of ce as well, in which case you may want to inject some scripts into ce itself to bypass those hooks)

a dll could work, but you'll be spending a lot of time to make it work (needs big parts to be rewritten)

a fake sys might work.

Anyhow, the main issue is that your system BSOD's when the game closes, and for the rest it functions well. In my opinion that is a full success

Also, if you can use the pointerscanner and debugger, use that to find what you need. Then instead of using static addresses, use AOBscan's to find what you need (e.g aobscan the moduleheader of the module you're interested in and handle that as the base module)

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping


Last edited by Dark Byte on Tue Dec 09, 2014 4:15 pm; edited 1 time in total
Back to top
View user's profile Send private message MSN Messenger
DrVirus
Cheater
Reputation: 0

Joined: 05 Oct 2013
Posts: 32
Location: Planet Mercury :P

PostPosted: Tue Dec 09, 2014 4:11 pm    Post subject: Reply with quote

Dark Byte wrote:
Are you using 6.4? It has a fix for the lack of symbols (unless it changes the usermode code of ce as well, in which case you may want to inject some scripts into ce itself to bypass those hooks)

a dll could work, but you'll be spending a lot of time to make it work (needs big parts to be rewritten)

a fake dll might work.

Anyhow, the main issue is that your system BSOD's when the game closes, and for the rest it functions well. In my opinion that is a full success

Also, if you can use the pointerscanner and debugger, use that to find what you need. Then instead of using static addresses, use AOBscan's to find what you need (e.g aobscan the moduleheader of the module you're interested in and handle that as the base module)



Thanks for replying , Is there any C++ Source Code that allows me to load Drivers [into 64 bit system] ? Really appreciated if you wrote me some..
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Tue Dec 09, 2014 4:33 pm    Post subject: Reply with quote

Not really, only in pascal (check ce source, basically register the service and then start it)

But the main issue is everything else
First you must understand that a driver is quite different from a standard dll.
Then figure out how the software communicates with the driver and emulate that
Also, to load a driver in 64 bit you must sign it with your own business class code signing certificate which is not cheap.(If you have a modded windows version where that isn't needed that may also explain why the ssdt hook is allowed)

Perhaps you have more luck denying the driver from getting loaded in the first place (e.g. block file access to it, or a global hook on the api that loads/starts it)

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites