Cheat Engine

Soul_man · How do I cheat? Reputation: 0 Joined: 19 Sep 2012 Posts: 4

Just some background here. My friends and I have been playing halo during lunch for years on years now. This year, our school upgraded to windows 7 (bad diea, but we won't go there). In the past, we had a bat file that stopped Synchron eyes, enablung us to launch exes (and not have our screens be seen). However, now we can do nothing. I've been playing around with things for a couple of weeks now and have determined that they have a whitelist verifying exes everytime they are run. There is no blacklist as I changed the exe's MV5 (signature) and it still does not run. I am pretty sure there are ways to bypass this, but I dont know how. Is there a way to have an exe almost imitate another exe's signature (one that is one the whitelist such as windows paint)? Any help would be much appreciated, all we want to do is play a freaking game during lunch.

atom0s · Posted: Wed Sep 19, 2012 9:21 am Post subject:

All depends on how the files are being checked for the whitelist.

Do you know what protection system the schools using now to block the files from running?

Soul_man · How do I cheat? Reputation: 0 Joined: 19 Sep 2012 Posts: 4

Well, I can't really tell to be honest. I made a jar file that starts the exe, and I launch it through a bat file, and it works on my computer just fine. When I tested it out at school (I changed the ports and everything so they were correct), it said "Create process error=1260." Does this help? Besides this, I'm pretty sure we still use synchron eyes.

atom0s · Posted: Wed Sep 19, 2012 6:22 pm Post subject:

It means:

SteveAndrew · Posted: Wed Sep 19, 2012 9:36 pm Post subject:

Can you modify an whitelisted application and it will still run? Like modifying paint and it will still execute?

If so you could probably make a whitelisted executable so it will load the executable you want (like halo lol) and be able to run it!

However it probably wont work just to create the process you want normally even if you can get your modified paint/ whatever to run.

You might have to parse the PE header yourself, and load it like windows does and create the thread at the entry point itself! It might work Very Happy

Soul_man · How do I cheat? Reputation: 0 Joined: 19 Sep 2012 Posts: 4

All righ When I get home I'll try editing paint and see if it'll work. How do you mean getting paint to launch my exe though? Don't quite understand.

n0 m3rcY · Cheater Reputation: 0 Joined: 18 Jun 2012 Posts: 42

Soul_man · How do I cheat? Reputation: 0 Joined: 19 Sep 2012 Posts: 4

All I was going to do was open paint simply using something like resource hacker and just change one of the version digits. Done it before, the program still runs, but when you check the MD5 it is different than the original.

atom0s · Posted: Sun Sep 23, 2012 1:46 am Post subject:

If you can edit a white-listed application, perhaps the list is based on location + name?

Try running your own app by replacing something like mspaint.exe or calc.exe with your own app.

If that doesn't work, you can look into IAT rebuilding and force mspaint to load your own DLL when it starts, allowing you to do whatever you want through MSPaint.