StarCraft 1.18.1.1396

Memory scanning, code injection, debugger internals and other gamemodding related discussion
SneakyOne
What is cheating?
What is cheating?
Posts: 3
Joined: Thu Aug 17, 2017 4:56 pm
Reputation: 0

Re: StarCraft 1.18.1.1396

Post by SneakyOne » Thu Aug 17, 2017 5:01 pm

Has anyone figured any tools or a way to use Cheatengine in this game? It seems to block writing to it. The debuggers in Cheatengine either cannot inject or the game closes when attached to.

It appears it can be worked on due to the screenshot above but there is no posting how to get the game to allow you to write to it and debug it?

I was hoping to relive those old days with mega skirmishes against AI with unlimited resources!

SneakyOne
What is cheating?
What is cheating?
Posts: 3
Joined: Thu Aug 17, 2017 4:56 pm
Reputation: 0

Re: StarCraft 1.18.1.1396

Post by SneakyOne » Thu Aug 17, 2017 5:34 pm

SunBeam wrote:
Tue May 02, 2017 5:44 am
The culprit is ClientSdk.dll, that's where the "goodies" are. And they use same Battle.net.dll techniques to shield process (anti: INT3, HWBP, all kinds of other interrupts, RDTSC, OpenProcess, etc.). Will see if my tricks still do the job up to a certain point :)

Hmm..

I renamed

ClientSdk.dll

to:

ClientSdk.dll2

while the game was at main menu. Windows allowed that, without problems. So the .dll isn't even loaded at the main menu. Also, at main menu, you can attach to game without debugger, but any writes (for instance to NOP an instruction) are blocked.

So I don't know exactly what ClientSdk.dll is doing that you discovered, but it appears to be that the shielding of the process, or detecting stuff, or preventing injection, are all occurring without clientsdk.dll being loaded (before it's loaded). It's like a page guard is in place but there's no way to write over it or something. I also used cheatengine to enumerate the .dll's but ClientSdk.dll isn't one of the .dll's that is loaded while at main menu.

Maybe I missed something?

User avatar
Marcus101RR
Cheater
Cheater
Posts: 35
Joined: Fri Mar 03, 2017 6:04 pm
Reputation: 2

Re: StarCraft 1.18.1.1396

Post by Marcus101RR » Sat Aug 19, 2017 3:34 am

They did a good job to prevent cheating for single player.

User avatar
SunBeam
Trouble Makers
Trouble Makers
Posts: 352
Joined: Thu Mar 02, 2017 10:15 pm
Reputation: 95

Re: StarCraft 1.18.1.1396

Post by SunBeam » Sat Aug 19, 2017 9:22 pm

It's the same protection EAC uses, stripping handles access from the shielded process (that's why you can't debug via VEH, as injection fails) as well as several executable code integrity checks :) There's a reason I wrote a big-ass PDF explaining the cheat system in SC2. Same applies here, just use it as a starting point. What you should know is Blizzard focuses on the few possible injection points related to various cheats. They didn't think to protect other things though ;)

SneakyOne
What is cheating?
What is cheating?
Posts: 3
Joined: Thu Aug 17, 2017 4:56 pm
Reputation: 0

Re: StarCraft 1.18.1.1396

Post by SneakyOne » Mon Aug 21, 2017 2:44 pm

SunBeam wrote:
Sat Aug 19, 2017 9:22 pm
It's the same protection EAC uses, stripping handles access from the shielded process (that's why you can't debug via VEH, as injection fails) as well as several executable code integrity checks :) There's a reason I wrote a big-ass PDF explaining the cheat system in SC2. Same applies here, just use it as a starting point. What you should know is Blizzard focuses on the few possible injection points related to various cheats. They didn't think to protect other things though ;)

So blizzard is using kernel level, malware like, driver like EAC is doing? And battle.net.dll is what is blocking the writes? What driver is doing this?
Where is the pdf you mentioned? Thanks for the replies.

User avatar
Marcus101RR
Cheater
Cheater
Posts: 35
Joined: Fri Mar 03, 2017 6:04 pm
Reputation: 2

Re: StarCraft 1.18.1.1396

Post by Marcus101RR » Mon Aug 21, 2017 7:07 pm

I'd love to learn how to get past it and read the pdf file...

User avatar
SunBeam
Trouble Makers
Trouble Makers
Posts: 352
Joined: Thu Mar 02, 2017 10:15 pm
Reputation: 95

Re: StarCraft 1.18.1.1396

Post by SunBeam » Mon Aug 21, 2017 11:56 pm

I may have not expressed myself clearly: the PDF I wrote doesn't explain how to skip the anti-cheat system, but how the actual in-game cheat system works. Starting from that you can devise at least 3 ways to achieve several of them (e.g.: God Mode can be done in several ways, without touching their integrity checks; the straight forward way of hooking unit health routine -- which is what most people go for -- is checked).

PDF's linked hereby: link.

BR,
Sun

User avatar
Marcus101RR
Cheater
Cheater
Posts: 35
Joined: Fri Mar 03, 2017 6:04 pm
Reputation: 2

Re: StarCraft 1.18.1.1396

Post by Marcus101RR » Tue Aug 22, 2017 1:01 am

SunBeam wrote:
Mon Aug 21, 2017 11:56 pm
I may have not expressed myself clearly: the PDF I wrote doesn't explain how to skip the anti-cheat system, but how the actual in-game cheat system works. Starting from that you can devise at least 3 ways to achieve several of them (e.g.: God Mode can be done in several ways, without touching their integrity checks; the straight forward way of hooking unit health routine -- which is what most people go for -- is checked).

PDF's linked hereby: link.

BR,
Sun
Oh I know how to do that stuff, I was thinking, it would explain how to deal with the more difficult anti-cheating/memory block systems how to bypass/debug them properly.

Post Reply

Who is online

Users browsing this forum: No registered users