Cheat Engine

[Moon]

1. Why does the CE use the "deviceiocontrol" function? instead of those functions in "kernel32.dll"?

2. I cannot find "drivers.dat" file in CE source 6.0. Is it deprecated in version 6.0?

3. It is said that dbk32.dll file is not used any more. But the file name "dbk32.dll" is still found in the source code (ex. const dbkdll='DBK32.dll'; in NewKernalHandler) Is it used still or just a mistake?

4. I want to use CE core routines in my own application. I think it is possible by using interfaces in NewKernelHandler and DBK32functions. Is is right?

5. Unfortunatelly, I usually write programs in C++ or C#, not in Pascal. Is there any DLLs or codes of interfaces which is written in C++ or C#? or Is there any other way to use interface functions in other languages?

6. When I tried to open a process, which is protected by some anti-hacking solution, It shows a message "Error while opening this process". Is it because some strings of CE being detected?

7. Is there any other way to identify strings which are being detected? I mean, better than the comment/uncomment method.

[atom0s]

5. CE has a plugin interface, look in the plugins folder after you have installed CE for some examples.

6. Detection can be based on any number of things, not just detected strings. That's up to you to find out.

7. If it even is strings that are being detected, debugging will be your only other method.

[Dark Byte]

1: It only uses deviceiocontrol for the self designed kernelmode apis that skip all security checks (and only used when the kernelmode options are used in settings->extra)

2: In the absence of that file it will use the default names, so it's not required to come with ce. It's just an added feature you might want to use

3: It's just a contant define but not used anymore. the loadlibrary command has been commented out

4: yes

5: freepascal generates .o files during compile time , you should be able to just link to the dbk32functions.o file (and some other needed object files for some fcl code)
Alternatively you can easily rewrite it to a dll but remember that freepascal dll's suck in 64-bit. They do not handle exceptions (which is what dbvm relies on)

Newkernelhandler is just a unit that overrides the default window api calls with pointer which points to the function you actually want.
You can do something similar with header files after including windows so they override the known apis (use desfines)
Or instead of using this excessive method just call the functions in dbk32functions yourself.
I just use newkernelhandler so I don't have to rewrite the code that uses those apis but just have to write the stub when I add a new api

6: No, the process just blocked the usermode openprocess call. Try enabling kernelmode openprocess before attaching. That will NEVER fail. It has no fail code implemented

7: find out at least one string that is detected. Then while the game is running do a memory dump of the whole system and scan that for that string. With luck the other strings are nearby. (Also remember that strings also includes pure code)

[Moon]

Thank you. DB and Wiccaan.