Cheat Engine

cloudche26 · How do I cheat? Reputation: 0 Joined: 22 Mar 2024 Posts: 5

I greet everyone.

I am trying to understand this;
On the cheat engine, we select a target program from the process list and perform operations on it. As far as I know, when we select and press Open, the processes are returned via OpenHandle, but I am not sure about this. I am trying to understand, when we select a process and press open, which functions are triggered on the target process? In other words, for example, how can we control this open event on a sample process we wrote?

Dark Byte · Posted: Sat Jun 29, 2024 8:41 am Post subject:

https://learn.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-openprocess

cloudche26 · How do I cheat? Reputation: 0 Joined: 22 Mar 2024 Posts: 5

I may have come across and read this page dozens of times, but I have not found a way to perceive it.

cloudche26 · How do I cheat? Reputation: 0 Joined: 22 Mar 2024 Posts: 5

Is there really no one who has information on this subject?

AylinCE · Posted: Sun Jun 30, 2024 3:58 pm Post subject:

If you do not want to delve into very complex issues, you can see it with some codes via CE>>Table>>Lua script.

LamontCardenas · Newbie cheater Reputation: 1 Joined: 03 Jun 2024 Posts: 15

When you select a target program in Cheat Engine and press "Open," Cheat Engine typically uses the OpenProcess function to get a handle to the process. This handle allows Cheat Engine to perform various operations like reading and writing memory. The OpenProcess function uses the process ID of the target program to obtain this handle. To control or understand this "open" event in a sample process you wrote, you could implement some logging in your process to track when handles are being opened. This would involve using APIs like OpenProcess and monitoring for handle access requests.

LamontCardenas · Newbie cheater Reputation: 1 Joined: 03 Jun 2024 Posts: 15

When you select a process and press "Open", Cheat Engine uses the Windows API function OpenProcess to get a handle to the process. This handle allows Cheat Engine to perform various operations like reading and writing memory. If you're writing a sample process and want to control or observe this, you can look into how your process responds to handle requests. Tools like Process Monitor can see these interactions in reme. You might also want to check out the NtOpenProcess function, as it’s a lower-level call used by OpenProcess. Good luck with your exploration!

luigimud · Newbie cheater Reputation: 0 Joined: 04 Jul 2024 Posts: 10

You can set up Sysmon with a configuration file that includes rules for logging OpenProcess events, and If you have the necessary privileges, you can use the SeDebugPrivilege to monitor process access. This privilege allows you to bypass certain security checks and gain access to processes that would otherwise be restricted

I have a follow-up question regarding monitoring handle access requests. Is there a specific API or tool that can help me log and track these requests efficiently? For example, how can I detect when Cheat Engine or any other application tries to open a handle to my process?

Are there any sample codes or resources you would recommend for setting up such monitoring?

Dark Byte · Posted: Sat Jul 06, 2024 1:46 am Post subject:

you can use NtQuerySystemInformation and get the system handle table

this works unless something has patched that (which is what a certain CE script does)