| View previous topic :: View next topic |
| Author |
Message |
justdream
How do I cheat?
![]() Reputation: 0
Joined: 04 Apr 2012
Posts: 7
|
 Posted: Fri Jun 15, 2012 7:42 pm Post subject: How cheat engine generated trainers works? |
 |
|
Hi guys,
I've searched in some places but not found ...
I would like to know how the trainers created with "CheatEngine Trainer Generator" write in the processes memory..
I've created a simple trainer and debugged it in OllyDbg, but I see no call of "WriteProcessMemory" API...
Can anyone explain me?
Thanks.
|
|
| Back to top |
|
 |
661089799107
Expert Cheater
![]() Reputation: 3
Joined: 25 Jan 2009
Posts: 186
|
| Posted: Mon Jun 18, 2012 1:27 pm Post subject: Re: How cheat engine generated trainers works? |
|
|
| justdream wrote: | Hi guys,
I've searched in some places but not found ...
I would like to know how the trainers created with "CheatEngine Trainer Generator" write in the processes memory..
I've created a simple trainer and debugged it in OllyDbg, but I see no call of "WriteProcessMemory" API...
Can anyone explain me?
Thanks. |
The CE trainers do use WriteProcessMemory. However it is done in another process that the trainer creates.
|
|
| Back to top |
|
|
justdream
How do I cheat?
![]() Reputation: 0
Joined: 04 Apr 2012
Posts: 7
|
| Posted: Mon Jun 18, 2012 7:28 pm Post subject: |
|
|
Interesting...
However, some anti-hack systems block the WriteProcessMemory API, but the WPM of CE trainers works perfectly..
Can you explain me how it's done?
|
|
| Back to top |
|
|
Dark Byte
Site Admin
 Reputation: 458
Joined: 09 May 2003
Posts: 25295
Location: The netherlands
|
| Posted: Mon Jun 18, 2012 8:28 pm Post subject: |
|
|
perhaps they make use of the kernelmode wpm/rpm api (just call dbk_useKernelmodeProcessMemoryAccess() )
Or they add a extra plugin like the virtualpagedir plugin that bypasses all hooks including kernelmode
Or they disable the anti hack before writing
Or WPM is only blocked from editing certain regions and they use a certain plugin to redirect execution to a copy outside of the protected region
Or WPM isn't really blocked and you're just doing something wrong yourself when using wpm (e.g not obtaining se_Debugprivilege, not making the page writable, etc...)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
