Cheat Engine :: View topic - Remove address of memoryviewer

Cheat Engine Forum Index

Cheat Engine
The Official Site of Cheat Engine

FAQ

Usergroups

Register

Log in to check your private messages

Remove address of memoryviewer

Cheat Engine Forum Index -> General Discussions

View previous topic :: View next topic

Author

Message

tptdynamic
Newbie cheater

Reputation: 0

Joined: 06 Feb 2016
Posts: 13

Posted: Tue Feb 09, 2016 10:24 pm Post subject: Remove address of memoryviewer

In CE i want to remove ntdll.RtlReleaseActivationContext+6. How can i do that

Send private message

hhhuut
Grandmaster Cheater

Reputation: 6

Joined: 08 Feb 2015
Posts: 607

Posted: Wed Feb 10, 2016 2:42 am Post subject:

Replace it with nops

Send private message

tptdynamic
Newbie cheater

Reputation: 0

Joined: 06 Feb 2016
Posts: 13

Posted: Wed Feb 10, 2016 4:49 am Post subject:

oh it have Auto Assemble code???

Send private message

hhhuut
Grandmaster Cheater

Reputation: 6

Joined: 08 Feb 2015
Posts: 607

Posted: Wed Feb 10, 2016 4:51 am Post subject:

Could you provide a small snippet of the code you want to delete (or alternatively a screenshot)? That way it's easier to understand.

Send private message

tptdynamic
Newbie cheater

Reputation: 0

Joined: 06 Feb 2016
Posts: 13

Posted: Wed Feb 10, 2016 5:01 am Post subject:

Reply with quote

There all of it.I want to remove multiple ntdll...

asdsa.jpg

Description:

Filesize:

250.54 KB

Viewed:

4796 Time(s)

Send private message

hhhuut
Grandmaster Cheater

Reputation: 6

Joined: 08 Feb 2015
Posts: 607

Posted: Wed Feb 10, 2016 5:07 am Post subject:

Reply with quote

Code:

[ENABLE]
"ntdll.RtlReleaseActivationContext"+6:
db 90 90 90

[DISABLE]
"ntdll.RtlReleaseActivationContext"+6:
//cmp eax,-01
db 83 F8 FF

But I'd also recommend you to uncheck "View"->"Show symbols".
That way, you have a clean DLL address without all that extra stuff like "ActivationContext" ...

Send private message

tptdynamic
Newbie cheater

Reputation: 0

Joined: 06 Feb 2016
Posts: 13

Posted: Wed Feb 10, 2016 5:09 am Post subject:

you see here i try to remove process threads for bypass apexprotect.

Send private message

Dark Byte
Site Admin

Reputation: 473

Joined: 09 May 2003
Posts: 25913
Location: The netherlands

Posted: Wed Feb 10, 2016 5:18 am Post subject:

Reply with quote

hhhuut wrote:

But I'd also recommend you to uncheck "View"->"Show symbols".
That way, you have a clean DLL address without all that extra stuff like "ActivationContext" ...

"ntdll.RtlReleaseActivationContext"+6 is actually recommended over a module+offset notation as this will stay valid for future patches

Also, if you wish to affect every single process including future ones

execute this lua script first and then open any process and start editing:

Code:

dbk_initialize()
dbk_useKernelmodeOpenProcess()
dbk_useKernelmodeProcessMemoryAccess()
dbk_writesIgnoreWriteProtection(true)

_________________

Tools give you results. Knowledge gives you control.

Like my help? Join me on Patreon so i can keep helping

Send private message

MSN Messenger

Display posts from previous:

	Cheat Engine Forum Index -> General Discussions	All times are GMT - 6 Hours
Page 1 of 1

Jump to:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum

Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki IRC (#CEF) Twitter
Third party websites