How to prevent MemHack Software like Cheat Engine

Post here messages if you have any problems with working of Enigma Protector
Enigma
Site Admin
Posts: 2589
Joined: Wed Aug 20, 2008 2:24 pm

Re: How to prevent MemHack Software like Cheat Engine

Post by Enigma » Sat Sep 21, 2013 6:41 am

xenoglyph wrote:Sorry, Enigma, this is sort of a double post. I see you recommending VM for this issue, but VM shouldn't work if it's a piece of data (not code) that can be reliably located, correct?
Personally, I have tried few times to make a hack for data too. It's difficult, but it is possible to do (please do not ask me to do that for you, it wastes too much time!).

So, the logic of my hack is following. You have some data, at offset X. Then you need to disassemble the file you protect, find the code that refers to offset X (there could be many places). Then, using HEX editor, you should replace the data to offset Y, then change the offsets in the code (in the places you've found for offset X). Then, to hide our changes, and hide the new Y offset of our data, we should add the code that use our data to code virtualization.

To add function to virtualization, you should do the following.
1. Find the function start. So you've found the code that use our data, then scroll disassembler top to find the start of the function that this code belongs too. Imagine, the address of this offset is: 0x00401234 (that's hex number!)
2. You need to create a map file, it's just a test file with the same name as name of exe you protect but with .map extension. So if you protect the file main.exe, the name of map should be main.map.
3. The content of the map file should be the following:

Code: Select all

  Address         Publics by Value

 0001:00000234       MyFunction1
 0001:00000958       MyFunction2
There:
- 00000234 is an address of the function, minus 0x00401000, so 0x00401234 - 0x00401000 = 00000234
- MyFunction1 just some name of the function,
- all functions should be listed line by line
4. Next, open Enigma Protector, select the file to protect - main.exe and go to Virtual Machine - Functions Selecting. There, you need to select the functions from the map file.
Then protect the file. That's good protection in this case.

Post Reply