Deal with Xlive anti-debug as silly as you can

Section's for general approaches on hacking various options in games. No online-related discussions/posts OR warez!
Post Reply
STN
Founder
Founder
Posts: 2739
Joined: Thu Mar 02, 2017 7:48 pm
Reputation: 155

Deal with Xlive anti-debug as silly as you can

Post by STN » Tue Apr 18, 2017 12:46 am

Recreating Geri's tutorials and articles before his site got wiped out. Wealth of information in it!
-----

Ok, this will be just a short thing about dealing with Xlive's anti-debug protection in a VERY UNPROFESSIONAL way. I didn't want to bother with this too much because I don't need it at all, as I use 32-bit OS and CE's kernelmode debugger mode is solving this problem for me automatically. For those who are using 64-bit and are not able to use DBVM etc to hide their debugger, here is a method to deal with Xlive's anti-debug buy killing Xlive itself, basically trapping it's code in an infinite loop, so Xlive will not do anything at all. This may cause bugs like you cannot save games etc but who cares, you need to do it only until you use the debugger. This kind of approach to solve the issue is strictly going into the "don't like it, don't use it" category. If I will ever want to sacrafice more than 10 minutes to solve this issue, I will post a normal method.

So here is my previous article about Xlive and bypassing it's memory check protection.

viewtopic.php?t=1845

What I do to trap Xlive is that I will simply force the code into a loop and Xlive will do nothing else than running in circles. This means that all Xlive features, including saving games, anti-debug protection, memory check protection etc will be disabled.

Here is the code for it, which is nothing else than a slightly modified version of the memory check protection code:

//A script to trap Xlive in a loop
//Made by Geri with Cheat Engine 6.0
//21th May, 2011
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
label(xlivekiller)
registersymbol(xlivekiller)
aobscan(aobxlive,74 14 FF 75 14 8B CE FF 75 10 53 E8 * * * * 8B F8 85 FF)
globalalloc(xlivetrapcounter,4)

xlivetrapcounter:
dd 0

aobxlive:
xlivekiller:
inc [xlivetrapcounter]
jmp aobxlive-3
nop
nop

[DISABLE]
//code from here till the end of the code will be used to disable the cheat
xlivekiller:
db 74 14 FF 75 14 8B CE FF 75 10 53
unregistersymbol(xlivekiller)



As you can see, when Xlive would perform a memory check, it will start running in an infinite loop so we can as might as well forget about it's existence and we can use the debugger. Important to mention that most games are having their own debugger protections that are independent from Xlive so I highly suggest to use the VEHdebugger instead of the standard windows debugger, as the VEHdebugger is not detected by most anti-debug protection. To make it even more user-friendly, I have added a counter which is increasing by one every time when the loop is executed. So when the counter is not 0, it means that Xlive has entered into the loop and you can start debugging. For this you need to add xlivetrapcounter to your table as an address, or just use my prepared cheat table from here:
xlive_scripts.zip
(760 Bytes) Downloaded 44 times
Download Cheat Engine table with Xlive scripts

For those who didn't get anything from the above said things, here is the story in short.
1. You start the game and CE and you enable the Trap Xlive script.
2. You keep playing until you see that xlivetrapcounter is not 0 anymore (this will take 1-2 minutes usually).
3. If you see that Xlive is trapped, you can start debugging, preferably with the VEHdebugger.

As you can see it on the video, this way you can use the debugger for automatic or manual debugging without crashes, even when you use the VEHdebugger. The video is a bit choppy but that is just because I have an older computer.





Peace!
Geri

Post Reply

Who is online

Users browsing this forum: No registered users