View previous topic :: View next topic |
Author |
Message |
DrVirus Cheater Reputation: 0
Joined: 05 Oct 2013 Posts: 32 Location: Planet Mercury :P
|
Posted: Tue Dec 09, 2014 9:30 am Post subject: Very Popular problem :/ |
|
|
ok , so i've found that recent games are doing some SSDT Hooks [to prevent cheat engine from reading the memory]
so i've found which drivers are doing that [they are kernel modules ]
i removed them using a software , and cheat engine was reading the memory normally , but once the game has closed , i got "BLUE SCREEN OF DEATH" on my pc ...
so the problem is , i want to suspend the drivers instead of unloading them so that i won't get that stupid pc crash anymore...
The Game Hooks are NTOpenprocess & WriteProcessMemory [at least that's what i've found]
so , my question is : Is There any way to suspend the drivers without affecting on my pc ? and yes i am 64 bit already ...
|
|
Back to top |
|
|
Gniarf Grandmaster Cheater Supreme Reputation: 43
Joined: 12 Mar 2012 Posts: 1285
|
Posted: Tue Dec 09, 2014 10:27 am Post subject: Re: Very Popular problem :/ |
|
|
DrVirus wrote: | once the game has closed , i got "BLUE SCREEN OF DEATH" on my pc | I assume you quit the game using the normal quit button from inside the game, which may cause it to try to do kernel stuff that result in a bsod. What happens if you forcefully quit it with this script? Code: | [ENABLE]
createthread(ExitProcess)
[DISABLE]
| It should immediately terminate the process without letting it do the "cleanup"...
_________________
DO NOT PM me if you want help on making/fixing/using a hack. |
|
Back to top |
|
|
zm0d Master Cheater Reputation: 7
Joined: 06 Nov 2013 Posts: 423
|
Posted: Tue Dec 09, 2014 10:48 am Post subject: |
|
|
Try out to remove the hooks with GMER (http://www.gmer.net/) and see if this works. Also, you can't hook WriteProcessMemory over the SSDT because it's not a kernel mmode function. NtWriteVirtualMemory is the actual function, to use in kernel mode.
|
|
Back to top |
|
|
DrVirus Cheater Reputation: 0
Joined: 05 Oct 2013 Posts: 32 Location: Planet Mercury :P
|
Posted: Tue Dec 09, 2014 3:18 pm Post subject: |
|
|
I already tried GMER , it restores the hooks but the bad news is that the kernel drivers [wolfk.sys] keeps hooking them back , like a looping is occurred ....
and no , i am exiting the game using Force Exit , still shows Blue screen ...
btw , is there any possible way to use Cheat engine in dll mode ?
so that when i inject that dll , cheat engine will be appeared [like a childwindow of the main game ] , because cheat engine will then have full access on the game .
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Tue Dec 09, 2014 3:24 pm Post subject: |
|
|
Have you tried the kernelmode memory access routines? (Query memory region ,read/write memory, etc...)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
DrVirus Cheater Reputation: 0
Joined: 05 Oct 2013 Posts: 32 Location: Planet Mercury :P
|
Posted: Tue Dec 09, 2014 3:52 pm Post subject: |
|
|
Dark Byte wrote: | Have you tried the kernelmode memory access routines? (Query memory region ,read/write memory, etc...) |
yeah , i've tried this one , The addresses are visible , however they are Black colored , and i can't find what accesses the address , or even do a pointer scan ...
Note : That i can do the find what access & pointer scans when i unload the drivers that keeps hooking the game ..
so , i got 2 ideas , but i don't know which one is possible :
Loading a fake named driver so that the game checks for it and processes without problems [however i don't know exactly how to do that ]
the second idea , is the cheat engine in dll Mode [which i think is possible] because i've seen a scanner before called {IPromise Memory scanner} or something like that ..
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Tue Dec 09, 2014 3:59 pm Post subject: |
|
|
Are you using 6.4? It has a fix for the lack of symbols (unless it changes the usermode code of ce as well, in which case you may want to inject some scripts into ce itself to bypass those hooks)
a dll could work, but you'll be spending a lot of time to make it work (needs big parts to be rewritten)
a fake sys might work.
Anyhow, the main issue is that your system BSOD's when the game closes, and for the rest it functions well. In my opinion that is a full success
Also, if you can use the pointerscanner and debugger, use that to find what you need. Then instead of using static addresses, use AOBscan's to find what you need (e.g aobscan the moduleheader of the module you're interested in and handle that as the base module)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping
Last edited by Dark Byte on Tue Dec 09, 2014 4:15 pm; edited 1 time in total |
|
Back to top |
|
|
DrVirus Cheater Reputation: 0
Joined: 05 Oct 2013 Posts: 32 Location: Planet Mercury :P
|
Posted: Tue Dec 09, 2014 4:11 pm Post subject: |
|
|
Dark Byte wrote: | Are you using 6.4? It has a fix for the lack of symbols (unless it changes the usermode code of ce as well, in which case you may want to inject some scripts into ce itself to bypass those hooks)
a dll could work, but you'll be spending a lot of time to make it work (needs big parts to be rewritten)
a fake dll might work.
Anyhow, the main issue is that your system BSOD's when the game closes, and for the rest it functions well. In my opinion that is a full success
Also, if you can use the pointerscanner and debugger, use that to find what you need. Then instead of using static addresses, use AOBscan's to find what you need (e.g aobscan the moduleheader of the module you're interested in and handle that as the base module) |
Thanks for replying , Is there any C++ Source Code that allows me to load Drivers [into 64 bit system] ? Really appreciated if you wrote me some..
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Tue Dec 09, 2014 4:33 pm Post subject: |
|
|
Not really, only in pascal (check ce source, basically register the service and then start it)
But the main issue is everything else
First you must understand that a driver is quite different from a standard dll.
Then figure out how the software communicates with the driver and emulate that
Also, to load a driver in 64 bit you must sign it with your own business class code signing certificate which is not cheap.(If you have a modded windows version where that isn't needed that may also explain why the ssdt hook is allowed)
Perhaps you have more luck denying the driver from getting loaded in the first place (e.g. block file access to it, or a global hook on the api that loads/starts it)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
|