UCP Anti-Cheat | Cheat Engine detection

Official site anti-cheat Ultra Core Protector

Ultra Core Protector - is the client-server anti-cheat freeware, for server protection from unscrupulous players.

Abilities	Supported games
Protection from change and substitution game files Protection from injection and modification game process Protection from use of scripting cheats Ban system based on the PCs unique identifier Semi-automatic installation of anti-cheats client part Steam and non-steam support Ability to take screenshots from players Debug mode for quick identification of problems Ability to play on a server without anticheat	Half-Life Condition Zero Counter-Strike 1.6 Day of Defeat Adrenaline Gamer Team Fortress Classic Counter-Strike Source MU Online Ragnarok Online	Half-Life 2 Deathmatch Adrenaline Gamer 2 Team Fortress 2

Cheat Engine detection

I guess this is the best place to ask sorry if it’s the wrong section. In short many games recently have started blocking CE, most of the time it’s just silly methods that usually include process names, window title strings or sig checks.

Somehow WW2 is now detecting CE and just instantly closes when you have the program open, I’ve tried various methods myself with no success.

First of all I tried recompiling changing all strings involving “cheat, engine, ce or hack”, then proceeded by changing the directories it uses including the names and locations of temporary files CE makes (ADDRESSES.FIRST) etc.

Following that I replace many, many more strings relating to memory, address, debug and used programs such as vmProtect or enigma to run CE in a virtual environment with the extra options for files and registry.

Just to include I packed the lua64 file after changing strings and replacing certain parts, all other files were removed as they aren’t essential for running CE. I’ve checked various resources the game/ce accesses upon crashing plus network activity and found nothing slightly relating to a match.

If anyone has any ideas, suggestions or feedback I’d heavily appreciate it. While I know it’s possible to use many other memory editing programs for me it’s just the principle, I don’t future AAA games blocking it.

PS CE only needs to be running for WW2 to crash, no scanning or attaching is needed. I’ve also tested it in Sandboxie which still ended with the game crashing.

Why don’t you just use DKOM and remove the process from the EProcess list?

bool PhysicalMemoryWrapper::HideEProcess(int pid) { _LIST_ENTRY ActiveProcessLinks; ReadVirtual(GetKernelDirBase(), SFGetEProcess(4) + EPLinkOffset, (uint8_t*)&ActiveProcessLinks, sizeof(ActiveProcessLinks)); while (true) { uint64_t next_pid = 0; uint64_t next_link = (uint64_t)(ActiveProcessLinks.Flink); uint64_t next = next_link - EPLinkOffset; ReadVirtual(GetKernelDirBase(), next + EPPidOffset, (uint8_t*)&next_pid, sizeof(next_pid)); ReadVirtual(GetKernelDirBase(), next + EPLinkOffset, (uint8_t*)&ActiveProcessLinks, sizeof(ActiveProcessLinks)); if (next_pid == pid) {


 _LIST_ENTRY prev, next, current;

ReadVirtual(GetKernelDirBase(), next_link, (uint8_t*)¤t, sizeof(current));

ReadVirtual(GetKernelDirBase(), (uint64_t)current.Blink, (uint8_t*)&prev, sizeof(current));

ReadVirtual(GetKernelDirBase(), (uint64_t)current.Flink, (uint8_t*)&next, sizeof(current));

prev.Flink = current.Flink;

next.Blink = current.Blink;

WriteVirtual(GetKernelDirBase(), (uint64_t)current.Blink, (uint8_t*)&prev, sizeof(current));

WriteVirtual(GetKernelDirBase(), (uint64_t)current.Flink, (uint8_t*)&next, sizeof(current));

current.Blink = (_LIST_ENTRY*)next_link;

current.Flink = (_LIST_ENTRY*)next_link;

WriteVirtual(GetKernelDirBase(), (uint64_t)next_link, (uint8_t*)¤t, sizeof(current));

//next_pid = 4340; //1337; //WriteVirtual(GetKernelDirBase(), next_link + EPPidOffset, (uint8_t*)&next_pid, sizeof(next_pid)); return true; } if (next_pid == 4) return false; } return false; }

Anticheat for MU Online
Anticheat for Gunz Online
Anticheat for Ragnarok Online