Page 1 of 1

Problem naming the trainer (Cheat Engine)

Posted: Wed Apr 15, 2015 1:48 am
by Masterjango
Hi Guys,

I currently have a very basic problem and don't know how to solve it with the knowledge I have. I always used Cheat Engine 5.6.1 for my trainers (never change a running system) and created my trainers with it. They showed up as a single process and were undetected by programs searching for the name Cheat engine etc. in the processlist. This is good :).

However I recently made a trainer for a newer game an was not able to find pointers so I went for AOB's, so far so good. However I needed some new Features in my AA Scripts so I had to switch to Cheat Engine 6.4.
Here are the scripts I use:

I need to find 4 adresses, with the same AOB. As I use Auto assembler it is not the most perfomant way, I know that, but for my needs its ok.

Scan AOB1:

[ENABLE]
//
//
aobscan(_grip1, ?? ?? ?? ?? ?? ?? ?? 3F ?? ?0 0? 00 ?? ?? ?? ?? 00 00 01 00 02 00 03 00 04 00 05 00 06 00 07 00 08 00 09 00)
_grip1+7:
db 11 ff
registersymbol(_grip1)

[DISABLE]

Scan AOB2:

[ENABLE]
//
//
aobscan(_grip2, ?? ?? ?? ?? ?? ?? ?? 3F ?? ?0 0? 00 ?? ?? ?? ?? 00 00 01 00 02 00 03 00 04 00 05 00 06 00 07 00 08 00 09 00)
_grip2+7:
db 11 ff
registersymbol(_grip2)

[DISABLE]

This I do until I have the 4 adresses registered in grip1, grip2 and so on. Afterwards I restore the original AOB:

[ENABLE]
//
//
_grip1+7:
db 3F 00


[DISABLE]


Ok so after doing that I have my base adresses. From those base adresses I add over 30 adresses with offsets. So its a quite huge table. Then I simply set my hotkeys and generate the trainer (as .exe). However it is no longer on process but three processes. All named mychosenname.exe *32. However one has as description Cheat Engine and the path AppData/Temp/cetrainer/...... So basically this trainer is very easy detectable. So no good :(.

My question now is whether there is a easy way to rename those things with lua? I thought also about C++ but I have no knowledge in it and have now idea how to search AOB's. Furthermore the table is really big so it would take very long to get it working for me in C++. Hope anyone can help with this :).

Re: Problem naming the trainer (Cheat Engine)

Posted: Sat Apr 18, 2015 8:54 am
by Sethioz
i don't remember about old CE, but i think old CE used single process and new uses 3 processes.
I renamed the entire "cheat engine" and "cheatengine" using HEX editor and works great. i don't know about the "cetrainer" tho, i think this is name of your .lua script / trainer. If not, maybe you can hex edit that too.
for example search for "cetrainer" and rename it to like "blablabla".

However you must use same lenght or it won't work. replace "cheat" with 5 letter word only.
you must use both, unicode and non-unicode when replacing.

and finally, once trainer is created, it won't work unless you HEX edit it and replace cheatengine with whatever you renamed it to.

and don't forget to rename the "cheat engine.exe" itself, there are 2-3 in the folder, rename them and then hex edit. there's like x64 or something like that, rename all of those 3 exe files.

keep in mind that anti-cheat systems such as VAC will still detect it, VAC scans for signatures and they have cheat engine signature included, so renaming and hiding CE won't help, it finds the signature of process and ban.