Cheat Engine

Apokliptico · How do I cheat? Reputation: 0 Joined: 19 Dec 2009 Posts: 6

Hi! I'm trying to make a program that allows me to crash any process. I can do this by injecting random code into the process by using the createremoteprocess API, but the problem is that with some unkillable processes like zlclient.exe (zone alarm process) or many other AV/FW processes, i can't seem to inject the random code...
I tried to do so with cheatengine and i could crash the zlclient.exe I was wondering how can I archieve this?. I'm making this program on VB, but I know C++ as well.
Thanks a lot
APOKLIPTICO

PD: I know this may seem like malware programming, but I'm just learning how to handle the memory...

Slugsnack · Posted: Mon Dec 21, 2009 10:18 am Post subject:

TerminateProcess() ? That is as good as crashing it

Dark Byte · Posted: Mon Dec 21, 2009 11:35 am Post subject:

run your application as administrator and let it acquire the SeDebugPrivilege

Apokliptico · How do I cheat? Reputation: 0 Joined: 19 Dec 2009 Posts: 6

That's not the method that's used in cheatengine, I know it becouse zonealarm cannot be terminated or crashed, becouse it can't be opened with openprocess, i'm guessing a kernel hook, but i'm not sure, that's why i asked you guys, becouse i could crash it with cheat engine, what's the method that cheatengine uses?

PD: I've tried with the sedebugprivilege too...

Apokliptico · How do I cheat? Reputation: 0 Joined: 19 Dec 2009 Posts: 6

Hey where's cheat engine's creator? he must know how he did that part...

kot1990 · Posted: Sat Dec 26, 2009 9:31 am Post subject:

Now you remind me an unkilable process I saw in the past at school. The system is in administrator mode, however the running process is a system service and is somehow write protected, I couldn't crash that one, even with cheat engine. It's faronics antiexecutable, they install that program at school so you can't execute any external executables but the ones defined by the system administrator. Also it has a password protection to access and modify its settings.

Apokliptico · How do I cheat? Reputation: 0 Joined: 19 Dec 2009 Posts: 6

That's weird... I mean, CE uses drivers at kernel level, so it should be able to inject random memory no matter what the protections are, unless of course the program patches the kernel some how... That's hardcore coding..

Apokliptico · How do I cheat? Reputation: 0 Joined: 19 Dec 2009 Posts: 6

So anyways, any answers from the original coder?? is he alive or he was abducted by aliens becouse he made a program too good to be human?

Dark Byte · Posted: Tue Dec 29, 2009 3:27 pm Post subject:

there are multiple ways ce can crash something
What are your default ce settings? Is anything enabled in settings extra?
If so, that's the cause it's able to crash the process. It's writing to the process in kernelmode

If not, then it's just because it's running as administrator and has given itself SeDebugPrivilege rights

Apokliptico · How do I cheat? Reputation: 0 Joined: 19 Dec 2009 Posts: 6

Yeap, the program is hooking the call to the openprocess() API becouse when I disable the option for using the openprocess() in kernel mode, CE can't open the process...
Well, thanks a lot guys!