Cheat Engine

mdockz · Cheater Reputation: 0 Joined: 24 Feb 2013 Posts: 41

I am not really sure how to word this, but here it goes...

So some people may be aware that any memory hack can be found.

IE someone makes a trainer, you can easily find which memory address is being changed and what it is changed to.

I want to write my script so that it is nearly impossible to simply search for it in memory.

Is there anyway to obfuscate my code at all? Or any ways to keep it as best hidden as possible?

Thanks, sorry for the confusing question Smile

atom0s · Posted: Wed Jun 14, 2017 1:29 am Post subject:

If your trainer is just writing to the targets memory, no, there is pretty much nothing you can do. The trainer is vulnerable to several methods of being 'attacked' by rippers.

- The trainer can be hooked onto and monitor memory edits. (WriteProcessMemory or Nt/Zw versions etc can be hooked.)
- The trainer can be decompiled/unpacked/deobfuscated etc. depending on how it's coded to get needed info.
- If you use Cheat Engines trainer maker, your entire cheat table can be decompiled and pulled from the trainer.
- If you use managed languages or interpreted languages like C#/Java/etc. they can be easily decompiled.

For any type of protection, you are going to want to move to DLL injection and do everything within your DLL. If you do code caves in your trainer, jump into your DLLs memory space, do the cave inside the DLL instead, and jump back like normal. With that, you can pack/obfuscate/etc. the DLL to prevent the cave code from being easily visible or ripped. This also means the only changes to the memory of the target you make are jumps into your own DLL. While this still gives away where people should look to make similar cheats, you are now protecting your cave code from being easily understood.

Just keep in mind you are fighting a losing battle and that you can only deter the newbies from things and not more invested people that understand how to unpack/deobfuscate/etc. things. Your work also becomes a more interesting target if you are charging money for it so expect people to attempt to undo anything you make to try and protect it.

mdockz · Cheater Reputation: 0 Joined: 24 Feb 2013 Posts: 41

Many thanks for your response.

This information has helped me alot, I was originally planning a C++ win application, but i think i will go with a dll injection as you suggested.

Smile

mdockz · Cheater Reputation: 0 Joined: 24 Feb 2013 Posts: 41

so i made a dll and injected into my process, it seems that i can still see the jumps allocated in memory, even though its writtin in my dll..

how can i make it jump into the memory space of the dll instead of the process?

STN · Posted: Thu Jun 15, 2017 10:59 pm Post subject:

Your dll is in game's memory space so dll or process both have same memory.

mdockz · Cheater Reputation: 0 Joined: 24 Feb 2013 Posts: 41

well i was hoping it would be possible to write the cheat so that it will not be visible in the memory of the game.

Dark Byte · Posted: Fri Jun 16, 2017 8:20 am Post subject:

instead of jmp use breakpoints or make the memory unexecutable and capture the exception. then change eip

there are other methods as well

mdockz · Cheater Reputation: 0 Joined: 24 Feb 2013 Posts: 41

thanks thats really interesting Dark Byte, is this somewhat similar to the stealthedit plugin?

hmmm but i wouldnt be able to edit the EIP register without a debugger right?

I think i am leaning more towards obfuscation of the code, random jumps and meaningless code and loops. to throw people off.

The way i see it, even if it is a losing battle, for what i need it is okay because if they are knowledgeable enough to decipher the obfuscated code, then kudos to them. I just dont want it to be right there in front of them ready and gift wrapped lol if u know what i mean.

could you possibly share some of these other methods as well? I am not too savvy with this stuff, but I can learn fast, so it would be nice to have more than one thing to look into to see what best fits my needs and capabilities Very Happy

Thanks.

atom0s · Posted: Fri Jun 16, 2017 12:19 pm Post subject:

mdockz · Cheater Reputation: 0 Joined: 24 Feb 2013 Posts: 41

hey sorry what do you mean "protect" the code in the dll?

i wrote my code in the dll but i guess its not protected as i can still see it within the process memory..

so how do i go about making the cave in the dll so it is not visible?

atom0s · Posted: Fri Jun 16, 2017 1:28 pm Post subject:

It is going to be visible regardless of what you do, but you can use protections to obfuscate the code flow so it's not easily readable / ripped by newbies. Things like how VMProtect/Themida and similar do to protect code via virtual machines and so on would be your best bet to deter most from even bothering.