Documente Academic
Documente Profesional
Documente Cultură
part i: introduction
- chapter 1: how nprotect works
- chapter 2: how cheat engine works
2.
scan for suspicious program: thanks to dark byte, that he wrote a kernel that bypass the hi
jackation. again, the inca (nprotect company) got angry, and they decided to do revenge. so
what they did is search through the memory and if they found an array of bytes that is uniq
uely cheat engine, they'll make your computer reboot. so that is why we got to change detec
ted strings.
3.
misc: since nprotect have already done so many evil things, it does not hurt to do more. as t
here are too many, i won't elaborate too much on this. a few examples are: hiding maplestor
y.exe, change setting of processguard for us, disabling compatibility mode for use.....etc
i think after reading this chapter, you already have some knowledge on how nprot
ect works.
name description
delphi (version 7 or above, as you know, this software is not free, you got to buy it, or pirate it( at
borland developer studio your own risk, i am not responsible :p). but heres a link ;) -
also can) http://www.megaupload.com/?d=hk31x8l5 and for the serial and auth.
key go here http://www.mscracks.com
ddk (bundled in kdmf) go to m$ (microsoft) and download kdmf, it's bundled in there.( it will
give you instructions on how to install kdmf)
note: you will need a blank cd and some sort of burning software
cheat engine source there is two ways to download it, either download the rar version,
which might be outdated, or download from cvs. i strongly recommend
you to download it from cvs, the reason being there is a lot of bug fix in
the newer version in cvs. eg. the cvs version support multi-breakpoint
without the patch.
some ask me how to get cheat engine source from cvs, so i'll elaborate a bit:
1. go to http://www.wincvs.org/download.html and download wincvs ( binar
y installer )
2. install it
3. open command prompt
4. change to the directory you want the ce
5. type “cvs -d :pserver:cvsanon@heijnen1.demon.nl:/cecvs login“ and
press enter. note: password is “cvsanon”
6. type 'cvs -d :pserver:cvsanon@heijnen1.demon.nl:/cecvs checkout "cheat
engine delphi” ', press enter and wait for it to finish.
7. done
the nprotect detects the export function names in dbk32.dll, so we got to change i
t. but when ce load the dbk32.dll, it call the functions inside it by its function nam
e. so, there are three files to change:
1. dbk32/dbk32.dpr
2. dbk32/dbk32functions.pas
3. newkernelhandler.pas
the functions you have to change are the lines that starts with "export" in dbk32.d
pr. the modification to the three files must be consistent, that means if you change
op to oooopppp in dbk32.dpr, all op in dbk32functions.pas and newkernelhandler.
pas must be changed to nothing but oooopppp. this is because dbk32.dpr defines
what functions to export, dbk32functions.pas contains the implementation of the
functions and its definition that this function exist, newkernelhandler.pas find out
the address of the function in dll by its name.
3. misc
these are some string that nprotect detects in ce user interface. refer to appendix f
or a list of detected strings for user interface. all you have to do is use find in file
function to look for them in the source code and change them. but please take not
e that for this part, do not change any function name or variable names, change o
nly those in quotes.