Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Speedhack issue.

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Source
View previous topic :: View next topic  
Author Message
Moon
How do I cheat?
Reputation: 0

Joined: 15 Feb 2011
Posts: 9
PostPosted: Wed Apr 20, 2011 12:04 am    Post subject: Speedhack issue. Reply with quote
I found a problem in using speedhack function in CE 6.0.

In some applications, DLL's are hided. (By antihacking solution?)
When I click "Enumerate Dll's and Symbols" menu in memory viewer, nothing could be seen in the list.

Since we should know addresses of some functions and variables of injected DLL in order to activate speedhack, it doesn't work.

I found that the GetProcAddress function fails to find symbol.

I have two questions.

1. How do they hide symbols?
2. Is there any way to bypass?
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 470

Joined: 09 May 2003
Posts: 25791
Location: The netherlands
PostPosted: Wed Apr 20, 2011 4:50 am    Post subject: Reply with quote
Try the 32-bit of ce so it can fall back on getprocaddress

and try kernelmode openprocess (and try rewriting ntopenprocess so it uses the kernelmode equivalent)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Moon
How do I cheat?
Reputation: 0

Joined: 15 Feb 2011
Posts: 9
PostPosted: Thu Apr 28, 2011 7:53 pm    Post subject: Reply with quote
I found the problem. I was a little bit confused.

The reason why speedhack module doesn't work is because "SymFromName" function in "dbghelp.dll" doesn't work so that the it cannot locate symbols such as "realGetTickCount" and etc.

I guess it's because "SymFromName" is hooked by some anti-hacking solutions.

Is there any other way to locate symbols without "SymFromName" function?
Otherwise, how about write a new "SymFromName" function in the next version of CE?

--
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 470

Joined: 09 May 2003
Posts: 25791
Location: The netherlands
PostPosted: Fri Apr 29, 2011 7:13 am    Post subject: Reply with quote
Sure, you can just check the pe data using the peinfo_ functions to find the exports in a dll

alternatively you could try to hook the ntopenprocess call that syminitialize makes use of and make it return the kernelmode processhandle by dbk32functions
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Source All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites