Cheat Engine

[maxi]

I really havent gone thru the source for now so i am just makeing sugestions, and probably many of the thing may sound and actualy be very dumb ideas that can not or will be hard to implement but...

1. It would be very cool if one can put a break point on let's say hmemcpy for example , is it possible to make the debuger take addvantage of the Loading/unloading of dll files from the parent process so we can trace where exactly a dll is loaded/unloaded /actualy not so important but would be nice/. But I do not know at what level the debuger of CE operates and if that can be possible.

2. To implemet something like "formula search" functions, i guess for that a set of ex-search results must be kept and this should take some space for saving the dumps but...

3. Probably some optimizations in the pointer search / i really can not get it to work on my pc, keep on freezing , still it managed to make it like 2 times and i saw what it's about, but it have not find even 1 actual pointer, the least pointer in the game tested is lvl.5 so i give it lvl.6 and after a pretty long time like 2 hours or maby more on P4@3Ghz/2Gb-RAM it found some pointers but neither of them real ?!?/, I actualy search for pointers by useing the value of the register / like you have mentioned in the tutor - the "more info" stuff /sometimes it shows a bad register value, but in very very little cases and when it's like ebx+ecx*X+something[maby other reg] // then searching for that value , useing the adress and offset found and ataching a bp to the pointer itself so i can find the instruction that accesses that pointer and than search again and so on and on until i find a base one... For lvl.1 pointers there are meny methods i wil write some tuts maby if i have some time, cuz it seems that not finding pointers make people do code caveing and instruction noping more than needed.

4. It would be nice if you can add some more components in the pallete for the trainer creation , but i really do not have an idea how you are doing the whole trainer maker part so i can not come with any idea about it, maby you can integrate an exe packer so the size of the trainer will become less and even some anti-debuging/reversing routines or we can just pack/protect the trainers our selfs..

5. Searching in a file/s would be nice for save games and dumps. I guess it's already implemented in some way, or at least can be easy done.

6. I guess you are about to make an module file for the strings so it would be much easier to make CE multi-lingual, and also to make it more easy to hide from simple string checks in memory, a sort of polymorphic engine can be used that will make CE less detectable.
* in that mather anyone tryed to compress the dll-s and executables of CE with some meta/polymorph cyrpt/packer and see if some of the stupidest anti-crack protections will fail to find it ?!? just a thought ... I guess mainly they will rely on string based/pattern based search to find if CE is loaded so such steps would at least for a while make CE undetectable. I actualy will try to do sucj experiment with "morphine" based modification and see if it works, just have to find a game that detects CE, i guess this MapleStory game / i have not even seen it/ do this. Some ideas may come from here : http://vx.netlux.org/vx.php?id=eidx&page=1

more to come i guess if you do not laught to hard at me

[Dark Byte]

1: well, you can add a breakpoint there. Also the debugger internally gets messages when dll's get loaded. so it shouldn't be too hard to figure out where it happens (assuming you like to do stacktraces since that call will be done from a internal windows api) You could write a plugin for that (there is a plugin option to get inside the debugger before ce handles it)

but i'll look into it if I have time

2: no idea, I don't really understand the usefulness of formula searches, besides slowing it down

3: put in a bigger structsize if a offset in the actual pointer path is bigger than the default 512 bytes, and about the crashes, use the not injected pointer scanner . (let me guess, ATI graphics card?)

4: give some suggestions for components

5: that's possible. in the process list click on open file and then you can scan, you can even swap a file and continue scanning (assuming they start at the same base address)

6: the multi-lingual engine works by a language dll that accompanies ce (see the german language pack). Nprotect scans for data like a routine to recalculate addresses and the ce icon, and not strings alone, so that's not really useful to make it undetected. (and it scans ce's memory while ce is running, so when it is decrypted)

[maxi]

Thanks for taking the time and reading my shit, i know that most of the thigs are cosmetic changes and CE is a very powerfull toll as is it now.

Yes i have an ATI vc .. You probably know something that i do not know, i would appreciate if you can tell me why this is happening and is there a way that you know how that could be fixed.

About the polymorphism - yes i am as dumb as shit it would check in memory for patterns as well, and mostly there as you said. There is a way to change every time simple instructions like xor/or/and but i do not have an idea if that would help, neither how it can be done in Delphi. If we create the process and hook the memory management that this shield is useing can we feed it whit some shit data on call ?!? Or set a guard page or something to tell us that something is reading at our memory, if set to NOACCESS will will kill our own application i guess if something reads our memory - i really have not tryed it just giving more stupid ideas ...

About the components - I do not get the "execute commands" in the button - what kind of commands , i have not seen nothing in the help about that - are those like poke commands or os commands... Maby the scripting functions from AA with some modifying can be applied in there as well, like to give the user an ability to check for filesize and version so a different set of addresses/code can be used for that - i mean you know your trainer will work only for ver.1.0 of the game but if updated to 1.1 it wont because the addreses and offsets are diffrent - it would come in handy to be able to check for filever or crc check or whatever to see is that the correct file and if it is then use the right table , we can always check for a pattern in memory to see the version of the file nided as well, but ... in simple something like IF (FileSize=xxxx) THEN USE_TABLE1 ELSE IF (FileSize=yyyy) USE_TABLE2 ESLE WARNING('Unknown version');
Same for the Patch creator - we must be able to check is that the right file ?!? Also in some later time if DLL's can be included in the patch engine there can be unprotection done by them or the most common unprotectors can be incorporated in CE - sources are available for most of them... It would be nice the iser to be able to have more control over the freeze function, or the address - like value++ or value + 100 or value - 100 ... A great function would be an textbox that shows the value in address or pointed by pointer/s , so you can show in the trainer the actual value and give oportunity for change, or check it with simple script like IF TextBOX1.VALUE<100 THEN VALUE+1 or something ... making the trainer to work only on condition... Sometimes there is a problem with the single Cheat-component - when compiled the trainer does not show the editbox-es, and adding a transparency would be nice to the image- but i guess that for that the bitmap component must be changed with something else, probably ON_PRESS method can be added to the image so it can be used as button itself.. but all this is just not important and it's a waste of time. The best woould be to somehow integrate conditional scripting of some kind so the trainer can be used for diffrent versions. Because if is going to be just for the cosmetic side you can add mod/xm player - imported and stuff like that, but it's stupid.

I hope soon to get thru the code and i hope that then i would be of some real assistance at least for some more stupid tasks, if you give me your promission i would make a new help file for CE with pictures and all that would be a bit more accessible for the absolute beginers, and i would try to not make many spelling errors but someone that is fluent in english must check it after that, cuz my writeing english sux sux sux

[Dark Byte]

i'll look into it.
about ATI crashing your whole comp thats because or their drivers suck, or their hardware, but it's a common problem when memory is being accessed directly shared between the graphics card and the process that your whole comp then crashes.

One way to fix it is to use the normal pointer scanner (not the injected one so it doesn't directly access the memory) and in settings->extra disable the option for kernelmode read/write processmemory.