View previous topic :: View next topic |
Author |
Message |
mahe4 Newbie cheater Reputation: 0
Joined: 06 Mar 2015 Posts: 23
|
Posted: Sat May 16, 2015 6:52 pm Post subject: cheat engine without admin rights. |
|
|
hi,
i was discussing with a friend, how every program that reads ram outside it's own program needs admin rights to do so.
then he showed me cheat engine 6.1 portable...
and it works without ever asking me for admin rights...
i can scan and change any value i want.
can someone tell me how this is working?
is there some kind of windows security hole or something?
i want to know how i can prevent this from happening on my pc.
|
|
Back to top |
|
|
STN I post too much Reputation: 42
Joined: 09 Nov 2005 Posts: 2672
|
Posted: Sat May 16, 2015 7:19 pm Post subject: |
|
|
You need admin privileges for debugging but not for simply memory modification i guess.
I have seen some trainers work despite not being run in admin mode so OpenProcess probably works without admin. Some access permissions probably.
You want to prevent what ? Stop CE from being run without admin ? I don't think that is possible, you would have to change windows architecture/kernel or mess with CE through a separate program to stop its functionality. Why would you even want to do that, i have no idea
_________________
|
|
Back to top |
|
|
mahe4 Newbie cheater Reputation: 0
Joined: 06 Mar 2015 Posts: 23
|
Posted: Sat May 16, 2015 8:16 pm Post subject: |
|
|
STN wrote: | You need admin privileges for debugging but not for simply memory modification i guess.
I have seen some trainers work despite not being run in admin mode so OpenProcess probably works without admin. Some access permissions probably.
You want to prevent what ? Stop CE from being run without admin ? I don't think that is possible, you would have to change windows architecture/kernel or mess with CE through a separate program to stop its functionality. Why would you even want to do that, i have no idea |
i don't want to stop CE specifically, i want to stop any program to do that without my permission...
and since people in this forum have quite a bit knowledge about CE and processes, and i was already registered here, i thought, i try to ask around here first.
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25295 Location: The netherlands
|
Posted: Sat May 16, 2015 8:23 pm Post subject: |
|
|
processes running under the same user account can access eachother (if they have the same privilege level)
try running processes you want safe from another user account (run as... feature of windows)
perhaps you can change the local security policy and change the policies regarding memory access to admin only
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
mahe4 Newbie cheater Reputation: 0
Joined: 06 Mar 2015 Posts: 23
|
Posted: Sat May 16, 2015 8:53 pm Post subject: |
|
|
Dark Byte wrote: | processes running under the same user account can access eachother (if they have the same privilege level)
try running processes you want safe from another user account (run as... feature of windows)
perhaps you can change the local security policy and change the policies regarding memory access to admin only |
thank you that already helped a little.
the problem i have now is this:
i'm searching under local policies in user rights assignments through all the policies, but i can't find a policy, that would fit this specific right i want to change.
you don't accidently know which policy is responsible for opening and changing process data, do you?
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25295 Location: The netherlands
|
Posted: Sat May 16, 2015 10:46 pm Post subject: |
|
|
nope, perhaps it's something hidden well, requires you to add a whole new policy tree, or it's just not available (You could write a kernelmode driver that register an ObCallback and deny it there, but that'd be a bit extreme)
An alternate solution is just run everything you don't trust inside a virtual machine
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
mahe4 Newbie cheater Reputation: 0
Joined: 06 Mar 2015 Posts: 23
|
Posted: Sun May 17, 2015 4:38 am Post subject: |
|
|
Dark Byte wrote: | nope, perhaps it's something hidden well, requires you to add a whole new policy tree, or it's just not available (You could write a kernelmode driver that register an ObCallback and deny it there, but that'd be a bit extreme)
An alternate solution is just run everything you don't trust inside a virtual machine |
thanks for the response.
or i just start it as another user, as already suggested.
but still thanks to you two for responsing to my request, i really appretiate it!
|
|
Back to top |
|
|
Rydian Grandmaster Cheater Supreme Reputation: 31
Joined: 17 Sep 2012 Posts: 1358
|
Posted: Tue May 19, 2015 9:01 pm Post subject: |
|
|
IIRC Sandboxie (and perhaps other sandbox software) can be used for this if you don't want the performance hit of a VM, if all you need is separation.
_________________
|
|
Back to top |
|
|
|