 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
rog9001
Expert Cheater
 Reputation: 2
Joined: 22 Dec 2015
Posts: 214
Location: Jupiter
|
 Posted: Sat Sep 17, 2016 6:04 am Post subject: Debugger difference? |
 |
|
| Something I never bothered to ask, what is the difference between the 3 debuggers in CE? Don't they do the same thing? Could someone explain to me what is the difference between them?
|
|
| Back to top |
|
 |
mgostIH
Expert Cheater
 Reputation: 3
Joined: 01 Jan 2016
Posts: 159
|
| Posted: Sat Sep 17, 2016 6:18 am Post subject: Re: Debugger difference? |
 |
|
| rog9001 wrote: | | Something I never bothered to ask, what is the difference between the 3 debuggers in CE? Don't they do the same thing? Could someone explain to me what is the difference between them? |
Windows Debugger:
Classic method of functioning, uses winAPI for handling debugging events, it's very stable, but also easily identifiable by anti-debugging techniques. It doesn't work when HideThreadFromDebugger Flag is set on the program thread.
VEH Debugger:
Uses an injected DLL to work, handles debugging events using Vectored Exception Handling, it's rarely used by programs other than Cheat Engine, so it's not really considered by a lot of games that have a bad anticheat system, which makes this strong. It can debug with HideThreadFromDebugger flag set on any thread.
Kernel Debugger:
Handles debugging events directly from the kernel, which is not detectable by most anticheats. What is detectable however is the actual Kernel Driver CE uses, so it can be detected by good AC, like VAC.
It doesn't get stopped by HideThreadFromDebugger flag, and it's hardly detectable, but it requires higher priviledges in order to run.
_________________
|
|
| Back to top |
|
|
rog9001
Expert Cheater
Reputation: 2
Joined: 22 Dec 2015
Posts: 214
Location: Jupiter
|
| Posted: Sat Sep 17, 2016 8:07 am Post subject: Re: Debugger difference? |
|
|
| mgostIH wrote: | | rog9001 wrote: | | Something I never bothered to ask, what is the difference between the 3 debuggers in CE? Don't they do the same thing? Could someone explain to me what is the difference between them? |
Windows Debugger:
Classic method of functioning, uses winAPI for handling debugging events, it's very stable, but also easily identifiable by anti-debugging techniques. It doesn't work when HideThreadFromDebugger Flag is set on the program thread.
VEH Debugger:
Uses an injected DLL to work, handles debugging events using Vectored Exception Handling, it's rarely used by programs other than Cheat Engine, so it's not really considered by a lot of games that have a bad anticheat system, which makes this strong. It can debug with HideThreadFromDebugger flag set on any thread.
Kernel Debugger:
Handles debugging events directly from the kernel, which is not detectable by most anticheats. What is detectable however is the actual Kernel Driver CE uses, so it can be detected by good AC, like VAC.
It doesn't get stopped by HideThreadFromDebugger flag, and it's hardly detectable, but it requires higher priviledges in order to run. |
Thanks for the info 
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
