Cheat Engine

Xblade Of Heaven · Posted: Mon Apr 06, 2009 2:35 am Post subject: isdebuggerpresent

hi all any plugin or mothod for this protection, for CE?, thanks to all

Dark Byte · Posted: Mon Apr 06, 2009 4:33 am Post subject:

enabling the the option "Try to hide the debugger" will hook this api so it returns false.

Of course, there are other methods for debugger detection.

Best bet is to use the kernelmode debugging routines and stick with "change reg on bp" and Find what accesses/writes" this debugger. (and don't attacn the debugger)

Xblade Of Heaven · Posted: Mon Apr 06, 2009 6:51 am Post subject:

thanks Dark Byte now try this Smile

, a specific question, you know what kind of protection used gta 4 pc?

Dark Byte · Posted: Mon Apr 06, 2009 12:00 pm Post subject:

no idea. It could be windows live.
But I think with gta4 you could just use kernelmode debugging

Recifense · Posted: Mon Apr 06, 2009 12:32 pm Post subject:

Hi DB,

I had a hard time for analysing WH4k - DoW 2 because I could not avoid the debugging detection. Some tips would be welcome.

Cheers!

Dark Byte · Posted: Mon Apr 06, 2009 12:43 pm Post subject:

When you enable kernelmode debugging in settings extra the following options work without attaching the debugger:
Find out what accesses this address
Find out what writes to this address
Change register at breakpoint

This way, there won't be a debugger detected. (downside is that it currently doesn't work in64-bit windows)

You can then use "Find out what accesses this address" on a code address to find out where the integrity check is done and disable it there.
Or alternatively, you can use up to 4 "Change register at breakpoint" bp's that change eip to your own code(allocating memory should be no problem)

Recifense · Posted: Mon Apr 06, 2009 1:59 pm Post subject:

Thanks for the explanation. I´m gonna save your post for further reference.

Cheers.

Xblade Of Heaven · Posted: Mon Apr 06, 2009 3:35 pm Post subject: