Cheat Engine

[redeyes1]

umm, can you tell me how to comment out these DBKFunc.c rootkit.c processlist.c memscan.c threads.c jumper.c in sources.ce, without errors, ive read your log many times on how to do it, but im not quite sure on the sys file, thats the last thing i need to do, then im releasing engine.
thx
Venom Engine1.0 is name

[Dark Byte]

follow from the path from dbkdrvr.c
If you uncomment a function call, you have to add a new sourcefile.
So add the sourcefile and uncomment the function that was supposed to call and perhaps some others as well if you like

then check for detection
uncomment a bit and check again, etc...
till you get to the point that you need a new source file to be added and repeat the steps

[redeyes1]

hello again, ive attempted at the sys file, i finally understand how to comment it out and stuff, but i cannot find detected strings, cause i dont think it loads the sys file, but when i comment out stuf i think it dosent load, because it aint detected anywhere inbetween tests, and i uncommented the last one and it had no errors and loaded and detected. In the engine is there only like one setting i enable or sompthing to test for detected strings in sys file.
thanks again for your help, credits goes to everyone who helps
btw, its the last darn file lol, now i think im gunna gave to pospone release date cause of sys file:(

[Dark Byte]

To test is the sys is loaded load up dbgview and add a DbgPrint("I am loaded"); line at driverentry
that will then show up in dbgview if it's running at the same time it's loaded.

Then start uncommenting simple stuff that don't require you to add new files, then when you can't get further uncomment something that does and add that file and continue.

till detected and then check the last uncommented piece of code. (not I say code as it is NOT a string)
And then recode that section sligtly different.
E.g perhaops I use a static value 0xc0000000 which may be detected and perhaps if you replace it with a variable that hold that value it isn't detected

[redeyes1]

[quote="Dark Byte"]To test is the sys is loaded load up dbgview and add a DbgPrint("I am loaded"); line at driverentry
that will then show up in dbgview if it's running at the same time it's loaded.

what is dbgview
thanks

[appalsap]

http://www.microsoft.com/technet/sysinternals/utilities/debugview.mspx

It is a program that lets you view debugprints without having to debug the process.

[redeyes1]

thank u so much, i coulnt do this without yall.

00000000 0.00000000 KeServiceDescriptorTableShadow[0]=80559650
00000001 0.00000950 KeServiceDescriptorTableShadow[1]=80559660
00000002 0.00001397 KeServiceDescriptorTableShadow[2]=80559670
00000003 0.00001816 KeServiceDescriptorTableShadow[3]=80559680
00000004 0.00004414 Calling ObOpenObjectByPointer
00000005 0.00005699 ntStatus=0
00000006 0.02175304 [3664] Protectme called
00000007 0.02914728 KeServiceDescriptorTableShadow[0]=80559650
00000008 0.02915678 KeServiceDescriptorTableShadow[1]=80559660
00000009 0.02916125 KeServiceDescriptorTableShadow[2]=80559670
00000010 0.02916544 KeServiceDescriptorTableShadow[3]=80559680
00000011 0.02920008 Calling ObOpenObjectByPointer
00000012 0.02921461 ntStatus=0

im guessing this means its loaded right?
once again, im sorry, im a noob at the sys file, so im learning slowly

[appalsap]

Yes