Cheat Engine

[mdockz]

i was just curious if someone could help explain what this plugin actually does to the memory?

Mainly im curious if I can do this manually without the use of cheatengine, but mostly just understand how its done, and what is going on behind the scenes to make this happen..

It copies the module and reroutes the process.

I can't post links yet but if you google cheat engine stealthedit plugin and find the "szemelyesintegracio" link theres more info there about what it is.

[TsTg]

it is used to evade integrity checks by leaving the original game code untouched, setting it to be non-executable, but executing a 'copy' of it with any modified code you want, the idea is based on an VEH (Vectored exception handler) that redirects execution when occured an access violation on executing a non-executable memory area.

[mdockz]

okay, so basically..

lets say programatically...

you would would make a copy of the original game code and store it in maybe an allocated or empty space in the program.

Set the original game code to non-executable. and using a VEH, any time an access violation occurs on execution, execute what is at the allocated memory.

How would i set up a VEH that I can call in the process.

[TsTg]

Use the AddVectoredExceptionHandler function (kernel32.dll)
http://msdn.microsoft.com/en-us/library/windows/desktop/ms679274

[ghost2002910]

"Set the original game code to non-executable" how to do that? I changed the memory page protection to PAGE_READWRITE but nothing happend. I'm sure DEP is enabled for that process.

[Dark Byte]

Your cpu must also support DEP and it must not be disabled in your bios. (I often see it disabled in the default settings of my systems)

If the page protection is PAGE_READWRITE and it gets executed an exception will trigger. If it doesn't get handled, the process will crash