Is it safe to attach Cheat engine to Sc2?

This is a discussion on Is it safe to attach Cheat engine to Sc2? within the Starcraft 2 forum board part of the Hot Games category; 08.01.2018 If someone is interested. A im using cheatengine in Arcade, custom, singleplayer since months and never got banned. Mostly ...

Page 2 of 2 FirstFirst 12
Results 11 to 18 of 18
  1. #11
    SevenElements is offline Addict
    Array
    Join Date
    Apr 2018
    Posts
    57
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    1
    Reputation
    55
    08.01.2018

    If someone is interested.



    A im using cheatengine in Arcade, custom, singleplayer since months and never got banned.
    Mostly I have crashed the game because of the damn anti debugging system while I was deep into the stacks....

  2. #12
    dkrises2 is offline Mentor
    Array
    Join Date
    Sep 2012
    Posts
    123
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    7
    Reputation
    6

  3. #13
    SevenElements is offline Addict
    Array
    Join Date
    Apr 2018
    Posts
    57
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    1
    Reputation
    55

    Testing right now if this is working

  4. #14
    gtr428 is offline Addict
    Array
    Join Date
    Feb 2016
    Posts
    63
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    4
    Reputation
    6
    Quote Originally Posted by SevenElements View Post
    Testing right now if this is working
    Tell us, if it works

  5. #15
    dkrises2 is offline Mentor
    Array
    Join Date
    Sep 2012
    Posts
    123
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    7
    Reputation
    6
    thats not all i think but my long post got deleted
    before i post a lifestory i will post a next 1
    https://tuts4you.com/e107_plugins/do....php?view.1276
    but sc2 scans 9 times for some adresses if 1 triggers it close up and deletes a error message you just have to change a value to test for this problem

    there is also the classical olly launcher trick its harder for olly but not all debuggers to attack or startup the application and debug it

    they useally use the createprocess method and give a key as parameter its not hard to figure out
    sc2 also use virtualquery tricks to rather changes sometimes but that not always work and sometimes give false results
    cheat engine for example is made to not trigger this but it does
    their debugger trigger the most debug flags
    so i rather suggest you enter your debug code into a different debugger while you collect the addresses with cheat engine or something
    it has some detours on some functions i would have to look but they are present
    other options are dumps or offline debuggers like ida or win32dasm those cant trigger debug flags but are more vulnerable to tricks

  6. The Following User Says Thank You to dkrises2 For This Useful Post:


  7. #16
    SevenElements is offline Addict
    Array
    Join Date
    Apr 2018
    Posts
    57
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    1
    Reputation
    55
    Quote Originally Posted by dkrises2 View Post
    thats not all i think but my long post got deleted
    before i post a lifestory i will post a next 1
    https://tuts4you.com/e107_plugins/do....php?view.1276
    but sc2 scans 9 times for some adresses if 1 triggers it close up and deletes a error message you just have to change a value to test for this problem

    there is also the classical olly launcher trick its harder for olly but not all debuggers to attack or startup the application and debug it

    they useally use the createprocess method and give a key as parameter its not hard to figure out
    sc2 also use virtualquery tricks to rather changes sometimes but that not always work and sometimes give false results
    cheat engine for example is made to not trigger this but it does
    their debugger trigger the most debug flags
    so i rather suggest you enter your debug code into a different debugger while you collect the addresses with cheat engine or something
    it has some detours on some functions i would have to look but they are present
    other options are dumps or offline debuggers like ida or win32dasm those cant trigger debug flags but are more vulnerable to tricks

    1) Smart a rare file that contains a password

    2) outdated doesnt work anymore


    "it's not hard to figure out" ///reply


    since the new anti debugger by blizzard its the best protection i've seen yet.

  8. #17
    dkrises2 is offline Mentor
    Array
    Join Date
    Sep 2012
    Posts
    123
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    7
    Reputation
    6
    is there something certain you seeing ?
    they use what we use with our injected dll´s
    Simple Mutation (Polymorphic) / Erase PE Header / Unlink from PEB - Source Codes - rohitab.com - Forums

    i found something else from interests it search active for cheat engine and trigger a closure

    then
    there is a new attribute set it is in the vadroot table (virtual address descriptor tree VAD)
    windows check this VadRoot table up with MiCheckForConflictingNode
    this is called the "_MMVAD_FLAGS" structure what contains that flags useally it got 32 bit size its at bits 3-7 - (0-31 = 32 bit)
    for example windows maybe can react to these protection flag values depending on the situation or the vadtype/VadTypeEnum
    windows do that with a AND test for 0x00200000 (bit 9) (in VadType (2)),0x00080000 (bit 12) (12 = NoChange), 0x00400000 (bit 10) (8-10 = VadType (4))


    this makes virtualprotectex to make its change and return a C00000XX error code (others can be virtualprotect zwprotectvirtualmemory)
    one example can be c0000045 = STATUS_INVALID_PAGE_PROTECTION or windows error code 0x00000057
    also other chain calls are affected like writeprocessmemory


    -----
    you can virtualqueryex this information


    the page tested had:
    attribute
    PAGE_EXECUTE_WRITECOPY
    0x80


    state
    MEM_COMMIT
    0x1000


    Type:
    MEM_IMAGE
    0x1000000
    -----


    information about the values


    3-7 protect bits:
    // Protection bits:
    #define MM_ZERO_ACCESS 0 // this value is not used.
    #define MM_READONLY 1
    #define MM_EXECUTE 2
    #define MM_EXECUTE_READ 3
    #define MM_READWRITE 4 // bit 2 is set if this is writable.
    #define MM_WRITECOPY 5
    #define MM_EXECUTE_READWRITE 6
    #define MM_EXECUTE_WRITECOPY 7


    for example if bits 3-7 contain the value 3 it is = MM_EXECUTE_READ 3


    8-10 = VadType
    typedef enum _MI_VAD_TYPE
    {
    VadNone = 0,
    VadDevicePhysicalMemory = 1,
    VadImageMap = 2,
    VadAwe = 3,
    VadWriteWatch = 4,
    VadLargePages = 5,
    VadRotatePhysical = 6,
    VadLargePageSection = 7
    } MI_VAD_TYPE;


    for next example if the VadType bits 8-10 contain the value 2 it is = #define MM_EXECUTE 2
    -----
    now back to windows windows reacts to 0x00200000 what is 2 = VVadImageMap = 2
    to value 0x00400000 what is in VadType and check for VadWriteWatch = 4 (blizzard related)
    to value 0x0008000 this flag is "NoChange" yes (1) or no (0) either contains 0 or 1
    also checked by windows are some flags in in structure "ControlArea" at structure "_MMSECTION_FLAGS"
    bit 5 is checked "Image" for 1 and bit 7 "File" for 0 or not set


    not windows related was the value MM_READONLY 1 but that is a other part of the story
    -----
    (vad_root):
    typedef struct MMVAD {
    /*0x000*/ ULONG32 StartingVpn;
    /*0x004*/ ULONG32 EndingVpn;
    /*0x008*/ struct _MMVAD* Parent;
    /*0x00C*/ struct _MMVAD* LeftChild;
    /*0x010*/ struct _MMVAD* RightChild;
    union
    {
    /*0x014*/ ULONG32 LongFlags;
    /*0x014*/ struct _MMVAD_FLAGS VadFlags;
    }u;
    /*0x018*/ struct _CONTROL_AREA* ControlArea;
    /*0x01C*/ struct _MMPTE* FirstPrototypePte;
    /*0x020*/ struct _MMPTE* LastContiguousPte;
    union
    {
    /*0x024*/ ULONG32 LongFlags2;
    /*0x024*/ struct _MMVAD_FLAGS2 VadFlags2;
    }u2;
    }MMVAD, *PMMVAD;


    i found this problem on some other forums with scammers what provide false information if you know how it works you can take it over
    also it has a weakness blizz read out values to check for changes so its not protected against reads so externals hacks or read based hacks are not affected
    it opens new doors in other ways




    to get more information you can google struct MMVAD ,struct CONTROL_AREA,_MMSECTION_FLAGS and _MMVAD_FLAGS its all there


    by the way you know the secret of hacking ? i think if you once readed the scrool of kung fu panda you know about
    its nothing new
    Last edited by dkrises2; 01-20-2019 at 09:49 AM.

  9. The Following User Says Thank You to dkrises2 For This Useful Post:


  10. #18
    SevenElements is offline Addict
    Array
    Join Date
    Apr 2018
    Posts
    57
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    1
    Reputation
    55
    Quote Originally Posted by dkrises2 View Post
    is there something certain you seeing ?
    they use what we use with our injected dll´s
    Simple Mutation (Polymorphic) / Erase PE Header / Unlink from PEB - Source Codes - rohitab.com - Forums

    i found something else from interests it search active for cheat engine and trigger a closure

    then
    there is a new attribute set it is in the vadroot table (virtual address descriptor tree)
    windows check this vadroot table up with MiCheckForConflictingNode
    this is called the "_MMVAD_FLAGS" structure what contains that flags useally it got 32 bit size its at bits 3-7 - (0-31 = 32 bit)
    for example windows maybe can react to these protection flag values depending on the situation or the vadtype/VadTypeEnum
    windows do that with a AND test for 0x00200000 (bit 9) ,0x00080000 (bit 12) ,0x00400000 (bit 10)


    this makes virtualprotectex to make its change and return a C00000XX error code (others can be virtualprotect zwprotectvirtualmemory)
    one example can be c0000045 = STATUS_INVALID_PAGE_PROTECTION or windows error code 0x00000057
    also other chain calls are affected like writeprocessmemory




    you can virtualqueryex this information


    the page tested had:
    attribute
    PAGE_EXECUTE_WRITECOPY
    0x80


    state
    MEM_COMMIT
    0x1000


    Type:
    MEM_IMAGE
    0x1000000


    but all of this is old stuff and known

    If you can handle it I'm gonna pay you.
    Skins in several games, or simple cash, bitcoins.

    My skills arent high enough.

    I've tried everything I got... but I can't disable this process so it still crash while I have open Starcraft II + Cheatengine.


    I do understand it, but currently reading books and watching tutorials for basics is the only way to go since SC II is for advanced "hackers"

Page 2 of 2 FirstFirst 12

Similar Threads

  1. sc2 Cheat Engine Debugger safe?
    By SnowPickle in forum Starcraft 2 Coding
    Replies: 3
    Last Post: 11-14-2014, 07:16 PM
  2. some cheat engine help
    By ibettyhumpder in forum Starcraft 2 Hacks, bots and tools
    Replies: 3
    Last Post: 02-13-2014, 11:16 PM
  3. cheat engine
    By childsy_1985 in forum WoW forum
    Replies: 1
    Last Post: 01-19-2009, 04:41 PM
  4. Cheat engine highest version and hundreads of cheats if u have cheat engine
    By kabarastar in forum WoW Private Server Hacks
    Replies: 22
    Last Post: 12-31-2008, 03:44 AM
  5. Replies: 3
    Last Post: 06-27-2007, 07:47 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •