Click to view comment #852

Cheat Tool Set

Cheat Tool Set Pro is a professional reverse engineering tool like CE written in #C .NET and C++.
It is more user friendly than CE with unique features. You can download the latest free version: v1.21 X

Changelog for v121: https://overlayhack.com/cheat-tool-set#860
Current version in development: 1.22 PRO

The tool is coded and designed from the beginning for dynamic analysis and reverse engineering in general.
If you're a student or hobbyists that requires the right tool for your reverse engineering jobs. This is exactly what you've been waiting for.

The professional X version is available for a one-time payment of $279,00 USD https://overlayhack.com/order
You must be PayPal verified user to purchase. Instant activation after payment. The PRO version price is reasonable considering the current
and the upcoming future features.

This is the official site of the software. The tool is a work in progress. Cheat Tool Set PRO is the same as the X version.

FEATURES

Memory scanner (Currently uses up to 12 threads depending on your CPU)
Memory viewer / editor
Memory pointer scanner (X)
Debug viewer (X)
IAT (Import Address Table) scanning tool - If nothing else works. Try this.
Windows debugger: Read (Find out what accesses this address), Write (Find out what writes to this address) and Instruction execute (Find out what addresses this instruction accesses).
Disassembler - Includes a built-in assembly signature maker that attempts to generate unique signatures
Dump strings tool
Dump a process and it's modules
A basic DLL injector

MAIN VIEW

The screenshots represents the version 1.20

1264:759


WHAT IS THE DIFFERENCE COMPARED TO THE COMPETITION?

Unique features that the competition does not offer. Some features are simply better and more user friendly.
To mention a few. The float value scan returns exactly what you was after (a reasonable values).
To cut a long story short: Previously unfound values can be found with the tool. The tool's memory viewer itself makes a difference to the competition. Check
below screenshot of the memory viewer. Imagine you would be doing all that manually with CE ...

You will save a lot of time and money when you learn to use the tools unique features such as the "Debug viewer" and custom pointer path scan
(allowing you to connect things from an entry point) speeding your work up to 10 times vs any competition.

MEMORY VIEWER/EDITOR

When the process restarts. The view automatically updates according to the process.

1417:875


DISASSEMBLER

1680:1008


POINTER SCANNER

711:923


NOTES

The tool supports only 64-bit (x86_64) processes.

Supported operating systems: Windows 7/8.x/10
Requires .NET Framework 4.7.2 or newer

All the settings can be edited directly to the INI. Offsets are mainly entered as hex values.

When you use the "Include the result if the value has changed ...", you can no longer press the next scan button because the number of times the value has changed
is not saved in the result files.

By default the disassembler disassembles the current and the next function.

The code and IDA style signatures does not require a mask to be entered.

"Array of bytes" scan supports the following formats:
1.
2.
3.
4.
5.

01 02 03
x01 x02 x03
0x1 0x2 0x3
8B 81 ? ? ? ? 48 8B D9 85 C0 7F 0E



When scanning for sequence of bytes (pattern scan), also known as an array of bytes scan. You will have to press the "Reset scan" button if you wish to scan for a new
signature.

"Exact value" float scan: "Value to find" is automatically truncated to four decimal places double value. No rounding is done to that value.

MEMORY VIEWER

Left click on the first address to select it and then click the node text again to edit the address of the root node.
Right click on the offset to select the action. The default alignment is 8 Bytes.

Pointer scanner

"Generate a pointer map" feature is almost mandatory for scans larger than a level 3 and 0x0400. You do not have generate a pointer map for a custom path scan.
"The first element of pointer must point to virtual function table" enables the "Class pointer rule check".

DEBUGGER

Currently only one HWBP (hardware breakpoint) is supported.

DISASSEMBLER

You can jump to an address (goto address) with the 'g' key. Editing the root node address does the same without opening a new instance or tab.

Tutorials

-

Data types

Byte: 0 - 255
2 Bytes: -32768 - 32767
4 Bytes: -2147483648 - 2147483647

Byte MinValue: 0 Byte MaxValue: 255
Int16 MinValue: -32768 Int16 MaxValue: 32767
UInt16 MinValue: 0 UInt16 MaxValue: 65535
Int32 MinValue: -2147483648 Int32 MaxValue: 2147483647
UInt32 MinValue: 0 UInt32 MaxValue: 4294967295
Int64 MinValue: -9223372036854775808 Int64 MaxValue: 9223372036854775807

The source code

The source code is not currently available to maintain the uniqueness of the software. Therefore the executable is heavily obfuscated. This may result in false positives in AV's.

If you find a bug or a logic issue. Always mention which CTS version and briefly describe the issue.

DOWNLOAD

The free version: https://overlayhack.com/CTS_v121.rar

https://twitter.com/byte_white
#852
Title:
nchawk wrote:
01/17/2020 23:06 - 172 days 16 hours 37 minutes
#852
Requested subscription, dunno how often you approve them, but would really like to test!

Post a comment

Registered users do not have to enter captcha. A line in the code tag is currently limited to maxium of 160 characters.
Posting guidelines: You may not post any personal information. When you report an issue: Always mention which version and operating system and briefly describe the issue. Any support request post that does not include this information will be removed as spam without a reply.
Title
Tags You may use the following tags: [QUOTE] [/QUOTE] [B] [/B] [URL] [/URL] [CODE] [/CODE]
Captcha Please enter the text you see (case insensitive). The listed characters must be entered clockwise starting from twelve o'clock.
Comments are moderated Y