Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


let me find "hidden process's KPEB", please!!!

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
alloveme1
Newbie cheater
Reputation: 0

Joined: 13 Oct 2005
Posts: 12
PostPosted: Sun Jun 11, 2006 8:01 pm    Post subject: let me find "hidden process's KPEB", please!!! Reply with quote
how can i find KPEB(Kernel Process Environment Block) of hidden process?
i'd like to modify activeprocesslink to unhide a hidden process~
btw a hidden process is shown in the windows list

and what peprocess stands for?

thanks in advance~
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 458

Joined: 09 May 2003
Posts: 25296
Location: The netherlands
PostPosted: Mon Jun 12, 2006 1:47 am    Post subject: Reply with quote
PEprocess stand for: The pointer to the EProcess structure of the process.

the first part of the EProcess is a block called the KProcess block
That contains the activeprocesslink (the systemcallretriever figures out the offset of activeprocesslist, and peprocess+thatoffset=th eactiveprocesslink

(In short, you are already looking at it without even knowing it)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
alloveme1
Newbie cheater
Reputation: 0

Joined: 13 Oct 2005
Posts: 12
PostPosted: Fri Jun 16, 2006 6:39 pm    Post subject: Reply with quote
thank you for the reply...

btw, i see all the process's KPEB on softice.

but i *can't * see the KPEB of hidden process.

fortunately, i see the program in the windows list.

what should i do find the KPEB of hidden process?

thx in advance~ Laughing
Back to top
View user's profile Send private message
linden
Master Cheater
Reputation: 0

Joined: 10 Mar 2006
Posts: 319
PostPosted: Mon Jun 19, 2006 2:58 am    Post subject: Reply with quote
Call PsLookupProcessByProcessId on every possible PID (0 through 0x41DC), enumerate all the successful PID's and compare it with the list you get from NtQuerySystemInformation. Anything missing from the list means it's hidden.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites