Official site anti-cheat Ultra Core Protector

Home Download F.A.Q. Addons Monitor Forum Support Advertise English version site UCP Anti-Cheat  Russian version site UCP Anti-Cheat
Ultra Core Protector - is the client-server anti-cheat freeware, for server protection from unscrupulous players.

Abilities Supported games  
Half-Life
Condition Zero
Counter-Strike 1.6
Day of Defeat
Adrenaline Gamer
Team Fortress Classic
Counter-Strike Source
MU Online
Ragnarok Online
Half-Life 2 Deathmatch
Adrenaline Gamer 2
Team Fortress 2
Cheat Engine detection

I guess this is the best place to ask sorry if it’s the wrong section. In short many games recently have started blocking CE, most of the time it’s just silly methods that usually include process names, window title strings or sig checks.

Somehow WW2 is now detecting CE and just instantly closes when you have the program open, I’ve tried various methods myself with no success.

First of all I tried recompiling changing all strings involving “cheat, engine, ce or hack”, then proceeded by changing the directories it uses including the names and locations of temporary files CE makes (ADDRESSES.FIRST) etc.

Following that I replace many, many more strings relating to memory, address, debug and used programs such as vmProtect or enigma to run CE in a virtual environment with the extra options for files and registry.

Just to include I packed the lua64 file after changing strings and replacing certain parts, all other files were removed as they aren’t essential for running CE. I’ve checked various resources the game/ce accesses upon crashing plus network activity and found nothing slightly relating to a match.

If anyone has any ideas, suggestions or feedback I’d heavily appreciate it. While I know it’s possible to use many other memory editing programs for me it’s just the principle, I don’t future AAA games blocking it.

PS CE only needs to be running for WW2 to crash, no scanning or attaching is needed. I’ve also tested it in Sandboxie which still ended with the game crashing.

Why don’t you just use DKOM and remove the process from the EProcess list?

bool PhysicalMemoryWrapper::HideEProcess(int pid)
{
_LIST_ENTRY ActiveProcessLinks;
ReadVirtual(GetKernelDirBase(), SFGetEProcess(4) + EPLinkOffset, (uint8_t*)&ActiveProcessLinks, sizeof(ActiveProcessLinks));
while (true)
{
uint64_t next_pid = 0;
uint64_t next_link = (uint64_t)(ActiveProcessLinks.Flink);
uint64_t next = next_link - EPLinkOffset;
ReadVirtual(GetKernelDirBase(), next + EPPidOffset, (uint8_t*)&next_pid, sizeof(next_pid));
ReadVirtual(GetKernelDirBase(), next + EPLinkOffset, (uint8_t*)&ActiveProcessLinks, sizeof(ActiveProcessLinks));
if (next_pid == pid) {

_LIST_ENTRY prev, next, current;
ReadVirtual(GetKernelDirBase(), next_link, (uint8_t*)¤t, sizeof(current));
ReadVirtual(GetKernelDirBase(), (uint64_t)current.Blink, (uint8_t*)&prev, sizeof(current));
ReadVirtual(GetKernelDirBase(), (uint64_t)current.Flink, (uint8_t*)&next, sizeof(current));
prev.Flink = current.Flink;
next.Blink = current.Blink;
WriteVirtual(GetKernelDirBase(), (uint64_t)current.Blink, (uint8_t*)&prev, sizeof(current));
WriteVirtual(GetKernelDirBase(), (uint64_t)current.Flink, (uint8_t*)&next, sizeof(current));
current.Blink = (_LIST_ENTRY*)next_link;
current.Flink = (_LIST_ENTRY*)next_link;
WriteVirtual(GetKernelDirBase(), (uint64_t)next_link, (uint8_t*)¤t, sizeof(current));

//next_pid = 4340; //1337;
//WriteVirtual(GetKernelDirBase(), next_link + EPPidOffset, (uint8_t*)&next_pid, sizeof(next_pid));
return true;
}
if (next_pid == 4)
return false;
}
return false;
}