Select the cheat engine process if it wasn't already opened.Ĭlick file->load memoryregions and select "all files (*.*)".Īnd load the kernel.m000x and ntdll.m000x files. (You'll notice it by looking at the memory at the location of openprocess in the kernel module, it'll have a jump to a completly different address, and in enumerate dll's you'll notice a new module called npggnt, or something) Now, when the game with nProtect has started it will have messed with your kernel32 and ntdll modules. Repeat the above for ntdll (so in my ststem I save 77f51000) Rightclick it and select save selected memory regions. The line after it will have a protect type called "Execute+Read" (on my system 77e61000) (Version 4.3, but only needed in the preparing phase so you can still use it with older versions like 4.2)įind the spot of kernel32.dll and ntdll.dll (in my case they are always at 77e60000 and 77f50000, XP SP1)Ĭlick view->memoryregions and find the address of kernel32 and ntdll One time initialization : (best do this after a reboot and your system is clean from anti cheats or other api hooks of viruses etc.)Ĭlick view->enumerate dll's and functions.
0 Comments
Leave a Reply. |