View previous topic :: View next topic |
Author |
Message |
justdream How do I cheat? Reputation: 0
Joined: 04 Apr 2012 Posts: 7
|
Posted: Fri Jun 15, 2012 7:42 pm Post subject: How cheat engine generated trainers works? |
|
|
Hi guys,
I've searched in some places but not found ...
I would like to know how the trainers created with "CheatEngine Trainer Generator" write in the processes memory..
I've created a simple trainer and debugged it in OllyDbg, but I see no call of "WriteProcessMemory" API...
Can anyone explain me?
Thanks.
|
|
Back to top |
|
|
661089799107 Expert Cheater Reputation: 3
Joined: 25 Jan 2009 Posts: 186
|
Posted: Mon Jun 18, 2012 1:27 pm Post subject: Re: How cheat engine generated trainers works? |
|
|
justdream wrote: | Hi guys,
I've searched in some places but not found ...
I would like to know how the trainers created with "CheatEngine Trainer Generator" write in the processes memory..
I've created a simple trainer and debugged it in OllyDbg, but I see no call of "WriteProcessMemory" API...
Can anyone explain me?
Thanks. |
The CE trainers do use WriteProcessMemory. However it is done in another process that the trainer creates.
|
|
Back to top |
|
|
justdream How do I cheat? Reputation: 0
Joined: 04 Apr 2012 Posts: 7
|
Posted: Mon Jun 18, 2012 7:28 pm Post subject: |
|
|
Interesting...
However, some anti-hack systems block the WriteProcessMemory API, but the WPM of CE trainers works perfectly..
Can you explain me how it's done?
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25295 Location: The netherlands
|
Posted: Mon Jun 18, 2012 8:28 pm Post subject: |
|
|
perhaps they make use of the kernelmode wpm/rpm api (just call dbk_useKernelmodeProcessMemoryAccess() )
Or they add a extra plugin like the virtualpagedir plugin that bypasses all hooks including kernelmode
Or they disable the anti hack before writing
Or WPM is only blocked from editing certain regions and they use a certain plugin to redirect execution to a copy outside of the protected region
Or WPM isn't really blocked and you're just doing something wrong yourself when using wpm (e.g not obtaining se_Debugprivilege, not making the page writable, etc...)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
|