Help File:Remote desktop instead of network version

From Cheat Engine

Jump to: navigation, search

Originally posted by Zhoul

  • Pre-Req!!! Windows XP Professional - (Not Home) - Upgraded to SP2. Worry not, hacked TCPIP DLL's are talked about below.*

When I first started using cheat engine, I thought it was fantastic! I hated to have to alt+tab, and am usually using 2 PC's anyhow, so I loved the fact that it came with a network client.

The problem(s)? The network client didn't do as good a job, because when I tried to do things like 'See what writes to this value', It would usually end up crashing my game, mostly the very first time I tried doing it. The network client also had more bugs and lacked the newer features.

I fiddled with the settings *a lot*, trying to see if it was something I was doing wrong, or a config option that wasn't set properly. To no avail.

I then launched a massive search for another software/debugger that had a network client, but stumbled upon something I think is a lot better.

Basically, Microsoft messed around with giving us concurrent remote desktop + console sessions. Meaning: The ability to be logged into the console, and still connect remotely, without logging the console session out. They scrapped the idea later, because of licensing. They had released termserv.dll in a beta version of SP2, and of course, it was preserved by techies everywhere.

I quickly installed the new termserv.dll, grinning from ear to ear, rebooted my PC, then tried to login remotely.

Ack! Console session was logged out! Ahh!!! I get it... the same user cannot login twice. So I created a 2nd admin account, and that solved *that* problem.

I then loaded up a game on my main PC and remote desktop'd to it, and loaded up cheat engine on the other.

ACK!! User wasn't allowed to debug?!

I quickly loaded up gpedit.msc and navigated its non-logical tree structure and finally found an option that lets you specify who has rights to debug programs (Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Access > Debug programs). Gave my new user rights to debug then tried again.

ACK! I still wasn't allowed to 'connect' to my game, as microsoft does not allow us to 'peek' into a process that was run by another user.

Yet another hurdle I soon passed over, by using a command known as "RunAs". I had to run Cheat Engine.exe AS the console user. I figured this out quite quickly, because I already use it to run internet explorer as a 'guest' account (I'll tell ya, doing that beats out any spyware/virus scanner I've ever used.)

 To sum up what is needed:
 - Windows XP PROFESSIONAL with SP2 installed (this is a must. I didn't want to go to SP2, but had to. 
   This termserv.dll will *NOT* work with XPSP1). 
 - Install the termserv.dll which is linked at the bottom of this post, or find an installer version of it via google. 
 - Make sure the service "Fast User Switching" is enabled. Usually is by default, but some of us like to slim down XP to 
     essential processes, and this is notoriously disabled by folks like us (and notoriously the reason people can't get 
     concurrent terminal services working). 
 - Create a 2nd administrator account and MAKE SURE to login as that user locally, before you try to do it via remote 
     desktop. New users aren't entirely 'created' until their first login. 
 - Load gpedit.msc (from start>run), and give your new user access to debug programs. (Computer Configuration > Windows 
     Settings > Security Settings > Local Policies > User Rights Access > Debug programs). 
 - Login via remote desktop, as your new user. 
 - Create an icon for cheat engine, that does something like this... 
 runas.exe /savecred /profile /user:"MyConsoleSession" "J:EngineEngine.exe" 

Of course, replace "MyConsoleSession" with the username that you use to login to the console with. In my case, Zoultan was the console/original username, Zoultan2 was the remote desktop session, so I would put Zoultan where MyConsoleSession is.

Also, change the path to cheat engine.exe

The good thing about runas, is the /savecred switch. The first time you run it, you will be prompted for the password. This will be saved and not asked for again.

I run things as other users a lot, so I created a batch file to do so, then placed it in C:. You don't need this to use cheat engine, but I'll pass it out for those who are interested in it.

 ------------ START - Cut below this line but not the line itself ------------ 
 @echo off 
 set Uname=Zoultan 
 set Arg=%1 
 if "%1" == "" goto RunAz 
 set Arg=%Arg% %1 
 goto parseArgs 
 echo No program or paramaters were specified. 
 goto End 

rem The following 2 lines were placed here, to handle .msc's as if they were EXE's. I was tired of having to run mmc.exe <whatever.msc>.

 set ArgPart=%Arg:"=% 
 set ArgPart=%ArgPart:~-3% 
 if "%ArgPart%" == "msc" set Arg=%windir%.exe %Arg% 
 echo Running [ %Arg% ] As [ %Uname% ] 
 echo Command: runas.exe /savecred /profile /user:"%Uname%" "%Arg%" 
 runas.exe /savecred /profile /user:"%Uname%" "%Arg%"|rem 
 if NOT "%errorlevel%" == "0" echo There has been an error while trying to run %Arg% as %UName% 
 goto End 
 set Arg= 
 set ArgPart= 
 set Uname= 
 ping -n 5|rem 
 ------------ END - Cut above this line but not the line itself ------------ 

Of course, you would change the set Uname=Zoultan line to match the user you want to runas. It could even be changed to accept the username via command line, but this was written specifically to launch as 1 user (and I created 2 other batch files for my other users).

 All my CE icons are setup like so... 
 Z.bat "J:Engine 1engine.exe" 
 Z.bat "J:Engine 2engine.exe" 
 etc... etc... etc... 

Another reason I setup this .bat is so I could run things like task manager from my remote desktop session. Even though a remote admin can kill another admins processes, they can't do things like "Set Affinity", etc. So when I'm disallowed the ability to do something, I just use z <command> to launch the program, and voila'

You can also run things like regedit.exe , from console, as your remote desktop user, if you're g33ky enough to want to change other users settings without having to login as that user.

Lastly: If you're curious why the .bat file pings (local host)... XP didn't come with a wait or sleep command. Therefore, in my batch files, I use ping and re-direct its output to rem (null essentially). What this does, is leaves the dos window up for 5 seconds, so I can catch the success/error messages, without having to use pause.

Remote Desktop Terminal Services Hack:

If this link doesn't work in the future, then use google, and search for... xp sp2 terminal services hack There is hella-documentation on this ... undocumented feature =)

- Zhoul

[edit] Links

Personal tools