- Status
- Offline
- Joined
- Mar 3, 2026
- Messages
- 247
- Reaction score
- 7
Boys, I have been messing around with Crossfire West lately and hit a wall trying to get CE running. Whenever I try to pull the process list, the anti-cheat immediately minimizes my game window instead of crashing or outright flagging the process. Tech-wise: It looks like the AC is monitoring specifically for when I try to hit the process list via CreateToolhelp32Snapshot or similar API calls.
I have already stripped out the standard plugins and the unlicensed driver bits, but it is still catching me. I know I should probably be hooking/redefining OpenProcess, WriteProcessMemory, and ReadProcessMemory to hide the access, but every time I try to patch those, the game just kills the session.
Setup:
Has anyone here successfully hooked the memory access functions for CF or managed to spoof the handle request? I am trying to avoid a full kernel driver route if I can just mask the user-mode calls. If anyone has pointers on how they handled the window minimization or bypassed the handle validation, drop your thoughts below. Much appreciated.
I have already stripped out the standard plugins and the unlicensed driver bits, but it is still catching me. I know I should probably be hooking/redefining OpenProcess, WriteProcessMemory, and ReadProcessMemory to hide the access, but every time I try to patch those, the game just kills the session.
Setup:
- Cheat Engine 7.5
- Lazarus 2.2.2
Has anyone here successfully hooked the memory access functions for CF or managed to spoof the handle request? I am trying to avoid a full kernel driver route if I can just mask the user-mode calls. If anyone has pointers on how they handled the window minimization or bypassed the handle validation, drop your thoughts below. Much appreciated.
