Cheat Engine:Internals

From Cheat Engine
Revision as of 00:55, 22 January 2016 by Raijinili (talk | contribs) (Revert http://wiki.cheatengine.org/index.php?title=Cheat_Engine:Internals&diff=prev&oldid=795)
Jump to navigation Jump to search

Speedhack

CE has 2 different types of speedhack. The old one and the new one.

The old one is located in speedhack.pas of the cehook project (cehook.dll) When it gets activated it uses a simple hook on those functions (just place with a hook and never even bother calling the original function) It then starts a very high priority thread in the game which will increase time counters for itself using timed sleeping. The speed the time increments with is determined by the speed variable

When the game then calls those functions, it just fetches the emulated timer functions and passes it to the caller.



The new one is a bit more complex, but less prone to bugs because of a too low sleeptime, or too high, and no thread that counts time for you.

The source for this is located in speedhack2.pas in the main program, and the separate speedhack project The speedhack.dll gets injected into the target process and the dll itself has some exports, like speed, addresses of original functions, and an initialize speedhack routine

Here the hooking and controlling takes place from CE's side and it's auto assembler functions. What it does is it first uses the API hook template script on the to hook functions. This results in a script that can be used to hook the functions and fills in some predetermined addresses with the location to call if you want to call the original function (thats what the exports for the original functions are for)

After it's hooked the export "speed" of the dll is modified to the wanted speed and CreateRemoteThread is called with the address of the Initialize function to start start the speedhack and set a base of reference (the current time)

Then when a timer function is called it will calculate the new time based on the initial time the speedhack got started , the current time, and the speed. returned time = basetime+((currenttime-basetime)*speed)

When speed is modified the basetime itself is modified as well to make sure the time doesn't go backwards

Memory Scanning

...