Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Bypassing Hackshield, UCE.

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Source
View previous topic :: View next topic  
Author Message
pkedpker
Master Cheater
Reputation: 1

Joined: 11 Oct 2006
Posts: 412

PostPosted: Sat Feb 06, 2010 11:28 pm    Post subject: Bypassing Hackshield, UCE. Reply with quote

I've read probably most of the tutorials on making a UCE.. most of them say the same thing.

I've already completely renamed dbk32.dll to my own name as well as changed all the exports & functions to my own names and linked them to NewKernelHandler. I kept the typecasts the old names

compiled it.

I've compiled the driver as well not much changing here? I did the configuration file change TARGETNAME= to my name.. but isn't that the same as changing filenames? honestly I don't know..

I also removed all strings related to Cheat Engine in main project. Before this I was using a public UCE which worked for a while.. now it's detected so I'm giving it a shot to make my own private UCE.

I changed the CEDRIVER55, DBKPROCLIST55, DBKTHREADLIST55 strings

I open my cheatengine executable in hex editor cannot find any 'cheat engine' related string.. seems perfect..

I found one string in dbk32.dll relating to DBK32functions which I thought hackshield would add that string to detection list.. so I renamed that as well..

Now I cannot find anything else to rename..

Other then the GUI.. which I haven't edited at all.. because the UCE i was using used the same GUI as cheat engine without any problems.. yes i know it's detected now.. but I don't really think it could be the GUI..


Anyways I am just asking if anyone knows what strings Hackshield detects. anyone know?

Sorry if this is in wrong section couldn't find a better section.

Also I'd like to say if anyone can tell me why I get this blue screen of death error.

IRQL_NOT_LESS_OR_EQUAL

with the UCE I made I haven't did any heavy editing just replaces and a few pchar(a+b's)'s to join the common API names.

_________________
Hacks I made for kongregate.
Kongregate Universal Badge Hack: http://forum.cheatengine.org/viewtopic.php?p=4129411
Kongreate Auto Rating/Voter hack: http://forum.cheatengine.org/viewtopic.php?t=263576
Took a test lol
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 470

Joined: 09 May 2003
Posts: 25788
Location: The netherlands

PostPosted: Sun Feb 07, 2010 7:16 am    Post subject: Reply with quote

It can also be code, e.g the nmemoryscan routine could be detected, or the result a window returns could be detected.

also, the position of the buttons could be detected

as for IRQL_NOT_LESS_OR_EQUAL, check the driver. Best way is load memory.dmp into windbg and if your searchpath is set properly so it can find the .gdb of the driver, then you might see the exact line that caused the crash

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Anden100
Grandmaster Cheater
Reputation: 0

Joined: 20 Apr 2007
Posts: 668

PostPosted: Sun Feb 07, 2010 12:31 pm    Post subject: Reply with quote

Its quite a lot easier and simpler to just code a "Hackshield killer", by simply hooking all of the api's used by HackShield
Back to top
View user's profile Send private message
cziter15
Newbie cheater
Reputation: 0

Joined: 24 May 2009
Posts: 10

PostPosted: Tue Feb 09, 2010 7:27 pm    Post subject: Reply with quote

You don't need to hook. Just simply patch the code that is for memory scan and nano scan object. Just google for it Smile
Back to top
View user's profile Send private message
pkedpker
Master Cheater
Reputation: 1

Joined: 11 Oct 2006
Posts: 412

PostPosted: Tue Feb 09, 2010 10:08 pm    Post subject: Reply with quote

I dont understand you cziter..

btw thanks Dark Byte

thing is no memory.dmp is yet generated I haven't attached to any process I did test it.. it attaches and works like normal Cheat Engine.

But this UCE.. when I start it up.. then run the game which loads the HackShield instantly a blue screen. With same error everytime.

Wrote it down this time.

IRQL_NOT_LESS_OR_EQUAL
Stop: 0x0000000A ( 0x00000004, 0x0000001C, 0x00000001, 0x804EDAD7 )



I'm guessing it's registery related or maybe because I haven't ran the SystemcallRetriver

when I compiled the SystemcallRetriver and put it in folder with UCE run it it just blasts with this message.

Systemcaller couldn't be executed.

Stuck in 1/4 Phase while processbar still going.. then goes to Phase 2/4 with another same messagebox about couldn't be executed.. yah..

Initializing data structures
Opening the windows kernel
Get Processlist
Reading the PEProcess structures
Finding the offset for the name
name of the process was found at offset 174
Confirming the offset
The offset is correct(1)
The offset is correct(2)

Finding out the activeprocess offset
The activeprocess linked list is propably at 088
According to process2 the previous peprocess in the list is 8AA7D490
PEProcess of process1 is at 8AA7D490
This seems to be alright

Going to figure out the debugport
Failed to spawn the idle process
Going to retrieve some callnumbers used inside windows.
This will take a while and you may see the progressbar at the bottom go completly full 4 times
Phase 1/4 (please wait....)
Phase 2/4 (please wait....)
Phase 3/4 (please wait....)
Phase 4/4 (please wait....)
Followed by a inputbox with a 0 in it as default


Something about that 8AA7D490 seems familiar to blue screen number.. just a bit less

_________________
Hacks I made for kongregate.
Kongregate Universal Badge Hack: http://forum.cheatengine.org/viewtopic.php?p=4129411
Kongreate Auto Rating/Voter hack: http://forum.cheatengine.org/viewtopic.php?t=263576
Took a test lol
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Source All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites