- Moderatör
- #1
Słyszę, słyszę letni powiew.
Kurucu
How to bypass cheat engine detection ?
Use x64dbg and breakpoint on kernel32 "getprocaddress". Now u will figure it out which thread it causes their detection. Kill the thread, and u will be able to open cheat engine.
Video tutorial:
Kod:
<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
<CheatEntries>
<CheatEntry>
<ID>6</ID>
<Description>"Un_Ammo"</Description>
<LastState/>
<VariableType>Auto Assembler Script</VariableType>
<AssemblerScript>{ Game : SniperElite4_DX12.exe
Version:
Date : 2019-06-30
Author : Nader
This script does blah blah blah
}
define(address,"SniperElite4_DX12.exe"+1617845)
define(bytes,83 7B 20 00 75 2B)
[ENABLE]
assert(address,bytes)
alloc(newmem,$1000,"SniperElite4_DX12.exe"+1617845)
label(code)
label(return)
newmem:
code:
mov [rbx+20],(int)60
cmp dword ptr [rbx+20],00
jne SniperElite4_DX12.exe+1617876
jmp return
address:
jmp newmem
nop
return:
[DISABLE]
address:
db bytes
// cmp dword ptr [rbx+20],00
// jne SniperElite4_DX12.exe+1617876
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "SniperElite4_DX12.exe"+1617845
"SniperElite4_DX12.exe"+1617827: A9 CC CC CC CC - test eax,CCCCCCCC
"SniperElite4_DX12.exe"+161782C: CC - int 3
"SniperElite4_DX12.exe"+161782D: 0F 1F 00 - nop [rax]
"SniperElite4_DX12.exe"+1617830: 53 - push rbx
"SniperElite4_DX12.exe"+1617831: 48 83 EC 20 - sub rsp,20
"SniperElite4_DX12.exe"+1617835: 48 8B 01 - mov rax,[rcx]
"SniperElite4_DX12.exe"+1617838: 48 89 CB - mov rbx,rcx
"SniperElite4_DX12.exe"+161783B: 48 8B 48 08 - mov rcx,[rax+08]
"SniperElite4_DX12.exe"+161783F: F6 41 60 04 - test byte ptr [rcx+60],04
"SniperElite4_DX12.exe"+1617843: 74 31 - je SniperElite4_DX12.exe+1617876
// ---------- INJECTING HERE ----------
"SniperElite4_DX12.exe"+1617845: 83 7B 20 00 - cmp dword ptr [rbx+20],00
"SniperElite4_DX12.exe"+1617849: 75 2B - jne SniperElite4_DX12.exe+1617876
// ---------- DONE INJECTING ----------
"SniperElite4_DX12.exe"+161784B: 8B 53 18 - mov edx,[rbx+18]
"SniperElite4_DX12.exe"+161784E: E8 BD A0 FE FF - call SniperElite4_DX12.exe+1601910
"SniperElite4_DX12.exe"+1617853: 85 C0 - test eax,eax
"SniperElite4_DX12.exe"+1617855: 74 1F - je SniperElite4_DX12.exe+1617876
"SniperElite4_DX12.exe"+1617857: 80 3D B2 C0 58 FF 00 - cmp byte ptr [SniperElite4_DX12.exe+BA3910],00
"SniperElite4_DX12.exe"+161785E: 74 16 - je SniperElite4_DX12.exe+1617876
"SniperElite4_DX12.exe"+1617860: 48 8B 0B - mov rcx,[rbx]
"SniperElite4_DX12.exe"+1617863: 0F 57 D2 - xorps xmm2,xmm2
"SniperElite4_DX12.exe"+1617866: BA 0F A2 47 C3 - mov edx,C347A20F
"SniperElite4_DX12.exe"+161786B: 8D 92 FA 5D B8 3C - lea edx,[rdx+3CB85DFA]
}
</AssemblerScript>
</CheatEntry>
<CheatEntry>
<ID>16</ID>
<Description>"No_Recoil"</Description>
<LastState/>
<VariableType>Auto Assembler Script</VariableType>
<AssemblerScript>{ Game : SniperElite4_DX12.exe
Version:
Date : 2019-06-30
Author : Nader
This script does blah blah blah
}
define(address,"SniperElite4_DX12.exe"+1619D28)
define(bytes,89 4A 68 41 8B 80 C8 00 00 00)
[ENABLE]
assert(address,bytes)
alloc(newmem,$1000,"SniperElite4_DX12.exe"+1619D28)
label(code)
label(return)
newmem:
code:
mov [rdx+68],(float)0
mov eax,[r8+000000C8]
jmp return
address:
jmp newmem
nop
nop
nop
nop
nop
return:
[DISABLE]
address:
db bytes
// mov [rdx+68],ecx
// mov eax,[r8+000000C8]
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "SniperElite4_DX12.exe"+1619D28
"SniperElite4_DX12.exe"+1619CF1: F7 40 28 00 00 00 04 - test [rax+28],4000000
"SniperElite4_DX12.exe"+1619CF8: 76 24 - jna SniperElite4_DX12.exe+1619D1E
"SniperElite4_DX12.exe"+1619CFA: 41 83 BA B8 00 00 00 03 - cmp dword ptr [r10+000000B8],03
"SniperElite4_DX12.exe"+1619D02: 75 1A - jne SniperElite4_DX12.exe+1619D1E
"SniperElite4_DX12.exe"+1619D04: F3 41 0F 10 80 FC 00 00 00 - movss xmm0,[r8+000000FC]
"SniperElite4_DX12.exe"+1619D0D: F3 0F 58 82 94 00 00 00 - addss xmm0,dword ptr [rdx+00000094]
"SniperElite4_DX12.exe"+1619D15: F3 0F 11 82 94 00 00 00 - movss [rdx+00000094],xmm0
"SniperElite4_DX12.exe"+1619D1D: C3 - ret
"SniperElite4_DX12.exe"+1619D1E: 41 8B 88 AC 00 00 00 - mov ecx,[r8+000000AC]
"SniperElite4_DX12.exe"+1619D25: 0F 57 D2 - xorps xmm2,xmm2
// ---------- INJECTING HERE ----------
"SniperElite4_DX12.exe"+1619D28: 89 4A 68 - mov [rdx+68],ecx
"SniperElite4_DX12.exe"+1619D2B: 41 8B 80 C8 00 00 00 - mov eax,[r8+000000C8]
// ---------- DONE INJECTING ----------
"SniperElite4_DX12.exe"+1619D32: 89 42 78 - mov [rdx+78],eax
"SniperElite4_DX12.exe"+1619D35: 89 4A 6C - mov [rdx+6C],ecx
"SniperElite4_DX12.exe"+1619D38: C6 42 7C 00 - mov byte ptr [rdx+7C],00
"SniperElite4_DX12.exe"+1619D3C: F3 41 0F 10 A8 9C 00 00 00 - movss xmm5,[r8+0000009C]
"SniperElite4_DX12.exe"+1619D45: F3 41 0F 10 A0 A4 00 00 00 - movss xmm4,[r8+000000A4]
"SniperElite4_DX12.exe"+1619D4E: 0F 2E EC - ucomiss xmm5,xmm4
"SniperElite4_DX12.exe"+1619D51: F3 41 0F 10 98 A0 00 00 00 - movss xmm3,[r8+000000A0]
"SniperElite4_DX12.exe"+1619D5A: F3 41 0F 10 88 A8 00 00 00 - movss xmm1,[r8+000000A8]
"SniperElite4_DX12.exe"+1619D63: 75 07 - jne SniperElite4_DX12.exe+1619D6C
"SniperElite4_DX12.exe"+1619D65: F3 0F 11 6A 60 - movss [rdx+60],xmm5
}
</AssemblerScript>
</CheatEntry>
<CheatEntry>
<ID>20</ID>
<Description>"No Spread"</Description>
<LastState/>
<VariableType>Auto Assembler Script</VariableType>
<AssemblerScript>{ Game : SniperElite4_DX12.exe
Version:
Date : 2019-06-30
Author : Nader
This script does blah blah blah
}
define(address,"SniperElite4_DX12.exe"+16195EB)
define(bytes,F3 0F 10 71 28)
[ENABLE]
assert(address,bytes)
alloc(newmem,$1000,"SniperElite4_DX12.exe"+16195EB)
label(code)
label(return)
newmem:
code:
mov [rcx+28],(int)10
movss xmm6,[rcx+28]
jmp return
address:
jmp newmem
return:
[DISABLE]
address:
db bytes
// movss xmm6,[rcx+28]
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "SniperElite4_DX12.exe"+16195EB
"SniperElite4_DX12.exe"+16195C4: 74 09 - je SniperElite4_DX12.exe+16195CF
"SniperElite4_DX12.exe"+16195C6: 49 8B 91 20 01 00 00 - mov rdx,[r9+00000120]
"SniperElite4_DX12.exe"+16195CD: EB 03 - jmp SniperElite4_DX12.exe+16195D2
"SniperElite4_DX12.exe"+16195CF: 4C 89 D2 - mov rdx,r10
"SniperElite4_DX12.exe"+16195D2: 48 85 D2 - test rdx,rdx
"SniperElite4_DX12.exe"+16195D5: 0F 84 76 01 00 00 - je SniperElite4_DX12.exe+1619751
"SniperElite4_DX12.exe"+16195DB: 49 8B 43 28 - mov rax,[r11+28]
"SniperElite4_DX12.exe"+16195DF: 41 C0 E8 02 - shr r8l,02
"SniperElite4_DX12.exe"+16195E3: 41 80 E0 01 - and r8l,01
"SniperElite4_DX12.exe"+16195E7: 0F 29 34 24 - movaps [rsp],xmm6
// ---------- INJECTING HERE ----------
"SniperElite4_DX12.exe"+16195EB: F3 0F 10 71 28 - movss xmm6,[rcx+28]
// ---------- DONE INJECTING ----------
"SniperElite4_DX12.exe"+16195F0: 44 39 90 B8 00 00 00 - cmp [rax+000000B8],r10d
"SniperElite4_DX12.exe"+16195F7: 0F 84 0A 01 00 00 - je SniperElite4_DX12.exe+1619707
"SniperElite4_DX12.exe"+16195FD: 0F 57 E4 - xorps xmm4,xmm4
"SniperElite4_DX12.exe"+1619600: 0F 2F 61 48 - comiss xmm4,[rcx+48]
"SniperElite4_DX12.exe"+1619604: 0F 82 FD 00 00 00 - jb SniperElite4_DX12.exe+1619707
"SniperElite4_DX12.exe"+161960A: F3 0F 58 B2 54 01 00 00 - addss xmm6,dword ptr [rdx+00000154]
"SniperElite4_DX12.exe"+1619612: 45 84 C0 - test r8l,r8l
"SniperElite4_DX12.exe"+1619615: 74 1E - je SniperElite4_DX12.exe+1619635
"SniperElite4_DX12.exe"+1619617: F3 0F 10 82 38 01 00 00 - movss xmm0,[rdx+00000138]
"SniperElite4_DX12.exe"+161961F: F3 0F 10 8A 3C 01 00 00 - movss xmm1,[rdx+0000013C]
}
</AssemblerScript>
</CheatEntry>
<CheatEntry>
<ID>19</ID>
<Description>"Kind of RapidFire"</Description>
<LastState/>
<VariableType>Auto Assembler Script</VariableType>
<AssemblerScript>{ Game : SniperElite4_DX12.exe
Version:
Date : 2019-06-30
Author : Nader
This script does blah blah blah
}
define(address,"SniperElite4_DX12.exe"+161AB34)
define(bytes,FF 81 D4 00 00 00)
[ENABLE]
assert(address,bytes)
alloc(newmem,$1000,"SniperElite4_DX12.exe"+161AB34)
label(code)
label(return)
newmem:
code:
nop
jmp return
address:
jmp newmem
nop
return:
[DISABLE]
address:
db bytes
// inc [rcx+000000D4]
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "SniperElite4_DX12.exe"+161AB34
"SniperElite4_DX12.exe"+161AB14: EB 05 - jmp SniperElite4_DX12.exe+161AB1B
"SniperElite4_DX12.exe"+161AB16: FF C8 - dec eax
"SniperElite4_DX12.exe"+161AB18: 89 41 20 - mov [rcx+20],eax
"SniperElite4_DX12.exe"+161AB1B: 39 79 20 - cmp [rcx+20],edi
"SniperElite4_DX12.exe"+161AB1E: 75 14 - jne SniperElite4_DX12.exe+161AB34
"SniperElite4_DX12.exe"+161AB20: 41 8B 80 64 02 00 00 - mov eax,[r8+00000264]
"SniperElite4_DX12.exe"+161AB27: C1 E8 14 - shr eax,14
"SniperElite4_DX12.exe"+161AB2A: 41 84 C2 - test r10l,al
"SniperElite4_DX12.exe"+161AB2D: 0F B6 D2 - movzx edx,dl
"SniperElite4_DX12.exe"+161AB30: 41 0F 45 D2 - cmovne edx,r10d
// ---------- INJECTING HERE ----------
"SniperElite4_DX12.exe"+161AB34: FF 81 D4 00 00 00 - inc [rcx+000000D4]
// ---------- DONE INJECTING ----------
"SniperElite4_DX12.exe"+161AB3A: 39 79 20 - cmp [rcx+20],edi
"SniperElite4_DX12.exe"+161AB3D: 75 17 - jne SniperElite4_DX12.exe+161AB56
"SniperElite4_DX12.exe"+161AB3F: 49 8B 41 38 - mov rax,[r9+38]
"SniperElite4_DX12.exe"+161AB43: 0F B6 D2 - movzx edx,dl
"SniperElite4_DX12.exe"+161AB46: 8B 88 30 02 00 00 - mov ecx,[rax+00000230]
"SniperElite4_DX12.exe"+161AB4C: C1 E9 05 - shr ecx,05
"SniperElite4_DX12.exe"+161AB4F: 41 84 CA - test r10l,cl
"SniperElite4_DX12.exe"+161AB52: 41 0F 45 D2 - cmovne edx,r10d
"SniperElite4_DX12.exe"+161AB56: 49 8B 59 08 - mov rbx,[r9+08]
"SniperElite4_DX12.exe"+161AB5A: 48 85 DB - test rbx,rbx
}
</AssemblerScript>
</CheatEntry>
</CheatEntries>
</CheatTable>
denebilecek en kolay oyun: AssaultCube'dir.
