Cheat Engine

[KuSuKo]

Is there a problem with steam games using CE?
I have Stronghold on DVD and on Steam if i play it from DVD i can use old trainers,but if i use it on steam noone of the trainers work.
I also can change the value in Steam games (Stronghold 3) but after some mins the game always crash.any idea why? thank you!

I found this but have no clue what it means:

Steam's anti-debugging code

I bought a few more steam games on friday (F.E.A.R. 3, DeusEx, Brinck, Fall out series, Duke Nukem) and ran into the annoying crash-at-breakpoint again. This time, however, I decided to put some time into it to try and find why this is happening.

While it does not specifically mention Steam, it does explain why WinDBG (and other debuggers like OllyDBG and C.E.) crash the game when a break point is triggered. Windows simply does not tell WinDBG about the break point and as such it crashes the game (as the game can't handle it either).

So I spend several hours figuring out ways to circumvent the "ThreadHideFromDebugger" flag.

At first I tried to undo the "ThreadHideFromDebugger" flag, but apparently once you've set this flag, it stays on (there's no way to turn it off on a thread). I then tried to access the ETHREAD structure which gets modified by "NtSetInformationThread" but apparently you can't get access to the ETHREAD structure from User Space (at least not in any way that I could find).

So the only way to get rid of the "ThreadHideFromDebugger" flag is by not letting the application set the flag. There's two ways to do this, stop it in user mode or in kernel mode. Kernel mode is nice, but it really isn't funny to BSOD your system a lot while developing the driver. Also the whole 'need it to be signed' part for x64 sucks. But this is still a valid option which I might look into.

But I decided to write a user mode DLL which you can inject into Steam. Once it's injected, you simply have to start the game you want to debug from within steam and the DLL does all the work for you. It hooks 3 functions, CreateProcessA/W and NtSetInformationThread, the NtSetInformationThread hook is responsible for actually disabling the "ThreadHideFromDebugger" flag. The CreateProcess hooks are used to hook any game launched by Steam.

There's 1 big *read this*, do *not* start VAdelphi-games (and probably also PunkBuster games) with this DLL loaded into Steam! It will most likely get you banned. Also a small disclaimer, only use this to cheat in single player games. Cheating in online-games is wrong mkay!

[Dark Byte]

try he veh debugger from beta 5 or later, it fixes a bug with handling breakpoints it didn't set itself (you can set the debuggerinterface in settings->debugger settings. If you're on 32-bit, you can also use the kernelmode debugger)
These debugger interfaces do not care about ThreadHideFromDebugger at all


Also, some games (like F.E.A.R. 3) come with an integrity check (e.g when pushing open a door it is triggered.
You can use the stealthedit plugin to bypass that

And one other reason why some games crash when being debugged:
All 4 hardware breakpoints are used up and point to a piece of code or data.
When the game executes that code, it raise an single step exception that an exception handler can handle and then change EIP to go to a different function.
Now when you override such a breakpoint the code will execute without triggering that exception, and that code can be anything (usually crashes the game when executed)

[KuSuKo]

Im kinda new to CE do you mean debugger in windows?

"msconfig" and check the boxes? sorry im not a pro like you are.
Or do you mean in CE?

[Dark Byte]

the settings in ce (under the celogo)

[KuSuKo]

ok so just check "use VEH Debugger" and the rest should work..sorry i have win7 x64

[Dark Byte]

depends on the game and ce version. the default ce 6.1 has a bug that makes it not work on steam (crash after a minute or two)

[KuSuKo]

damn i have 6.1 with older version it works?