| View previous topic :: View next topic |
| Author |
Message |
OldCheatEngineUser
Whateven rank
 Reputation: 20
Joined: 01 Feb 2016
Posts: 1587
|
 Posted: Sun Jul 15, 2018 3:23 am Post subject: |
 |
|
why you just dont try to pause the process main thread?
OpenProcess
at least this one supported in win98.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
|
|
| Back to top |
|
 |
danrevella
Master Cheater
 Reputation: 2
Joined: 11 Jun 2008
Posts: 290
|
| Posted: Sun Jul 15, 2018 8:14 am Post subject: |
|
|
| Dark Byte wrote: | you will have to go with debugactiveprocess and then enter the waitfordebugevent loop and NEVER quit until the target closes
that way you have access to the thread handles |
ok, i start with debugactiveprocess, if i was under (f.e)winxp i may simple use
debugactiveprocesstop, but under win 9x debugactiveprocesstop does not exist.
So I have to go for a waitfordebugevent loop (how?? ehm..) but how may unpause the game?
Under Win98 I'm actually running CE 5.6.1, ant it is able in pause/resume the program, and even if I exit from CE the game still run withot exiting...
Maybe a little more explicative code ? please.... 
|
|
| Back to top |
|
|
Dark Byte
Site Admin
 Reputation: 458
Joined: 09 May 2003
Posts: 25288
Location: The netherlands
|
| Posted: Sun Jul 15, 2018 10:05 am Post subject: |
|
|
after waitfordebugevent call continuedebugevent and repeat until the end (tip: use a thread)
but have you tried the function NtSuspendProcess ?
6.5.1 pause button: https://github.com/cheat-engine/cheat-engine/blob/Cheat_Engine_Old/AdvancedOptionsUnit.pas#L580
it tries ntSuspendProcess and falls back on debug if that failed
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
danrevella
Master Cheater
Reputation: 2
Joined: 11 Jun 2008
Posts: 290
|
| Posted: Sun Jul 15, 2018 11:56 am Post subject: |
|
|
I have to release my prog in Windows 98... so no NtSuspendProcess available..
BTW, the source version for CE 5.6.1 (who is able in pause/resume under Win98) is still available?
Many thanks
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 458
Joined: 09 May 2003
Posts: 25288
Location: The netherlands
|
| Posted: Sun Jul 15, 2018 12:06 pm Post subject: |
|
|
and you're really sure it's not in windows 98 ? (it's part of ntdll.dll, not kernel32)
could be 98 se
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
danrevella
Master Cheater
Reputation: 2
Joined: 11 Jun 2008
Posts: 290
|
| Posted: Sun Jul 15, 2018 2:21 pm Post subject: |
|
|
| Dark Byte wrote: | and you're really sure it's not in windows 98 ? (it's part of ntdll.dll, not kernel32)
could be 98 se |
Just verified....98se with all patch 
What can i do now?
BTW CE 5.6.1 is able in performing the job even in Windows 95....
|
|
| Back to top |
|
|
OldCheatEngineUser
Whateven rank
Reputation: 20
Joined: 01 Feb 2016
Posts: 1587
|
| Posted: Sun Jul 15, 2018 5:54 pm Post subject: |
|
|
| Code: | | NtOpenThread (OUT PHANDLE ThreadHandle, IN ACCESS_MASK AccessMask, IN POBJECT_ATTRIBUTES ObjectAttributes, IN PCLIENT_ID ClientId) |
IN POBJECT_ATTRIBUTES ObjectAttributes can be NULL
IN ACCESS_MASK AccessMask
| Quote: | typedef struct _CLIENT_ID
{
PVOID UniqueProcess;
PVOID UniqueThread;
} CLIENT_ID, *PCLIENT_ID; |
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
|
|
| Back to top |
|
|
danrevella
Master Cheater
Reputation: 2
Joined: 11 Jun 2008
Posts: 290
|
| Posted: Mon Jul 16, 2018 12:09 am Post subject: |
|
|
| OldCheatEngineUser wrote: | | Code: | | NtOpenThread (OUT PHANDLE ThreadHandle, IN ACCESS_MASK AccessMask, IN POBJECT_ATTRIBUTES ObjectAttributes, IN PCLIENT_ID ClientId) |
|
Thanks,
BTW the ntdll.dll of Win98 does not have NtOpenThread
|
|
| Back to top |
|
|
OldCheatEngineUser
Whateven rank
Reputation: 20
Joined: 01 Feb 2016
Posts: 1587
|
| Posted: Mon Jul 16, 2018 12:48 am Post subject: |
|
|
it do have, it requires nt kernel 3.5+ and win98 is higher than 3.5
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 458
Joined: 09 May 2003
Posts: 25288
Location: The netherlands
|
| Posted: Mon Jul 16, 2018 3:43 am Post subject: |
|
|
use getprocaddress to get the functions you need. do not static link then as the .lib files you're using probably don't have them
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
danrevella
Master Cheater
Reputation: 2
Joined: 11 Jun 2008
Posts: 290
|
| Posted: Mon Jul 16, 2018 5:24 am Post subject: |
|
|
may you gently give me an utility able to examine the export function of a dll?
I have try with an hex editor on all .lib and dll (both Visual C++ 6.0 my win98 compiler and both entire windows dir).... no luck...
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 458
Joined: 09 May 2003
Posts: 25288
Location: The netherlands
|
| Posted: Mon Jul 16, 2018 5:46 am Post subject: |
|
|
CE you can go to memory view->tools->dissect pe headers
then click the open file icon and pick the dll you're interested in and then check the exports tab.
If the exports tab is empty ( happens sometimes when it's not as CE expects) then go to the ALL tab. Expand PE Header->Number of RVA and sizes->(Export Table)->Address of names
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
OldCheatEngineUser
Whateven rank
Reputation: 20
Joined: 01 Feb 2016
Posts: 1587
|
| Posted: Mon Jul 16, 2018 6:19 am Post subject: |
|
|
you can also download cff explorer, btw to get ntopenthread address use loadlibrary and pass library name (ie ntdll.dll) loadlibrary will return a handle pass it to getprocaddress with either ordinal number of the function or function name.
but keep in mind that ordinal number in win98 is different than other windows os versions.
you still can bring ntdll from win98 to ur os and browse it til you find the function number you want.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
|
|
| Back to top |
|
|
danrevella
Master Cheater
Reputation: 2
Joined: 11 Jun 2008
Posts: 290
|
| Posted: Tue Jul 17, 2018 12:21 am Post subject: |
|
|
| OldCheatEngineUser wrote: | you can also download cff explorer, btw to get ntopenthread address use loadlibrary and pass library name (ie ntdll.dll) loadlibrary will return a handle pass it to getprocaddress with either ordinal number of the function or function name.
|
I have try cff explorer, and after examining both kernel32.dll and ntdll.dll, taken from my installed win98 SE I may guaranted that NO ntopenthread exist....
here is my version of these files
https://we.tl/upLoAjkzTr
BTW, under my win98 and also win95 osr2 version CE 5.6.1 is able in pause and resume a process but I don't know how..
|
|
| Back to top |
|
|
OldCheatEngineUser
Whateven rank
Reputation: 20
Joined: 01 Feb 2016
Posts: 1587
|
| Posted: Tue Jul 17, 2018 12:38 am Post subject: |
|
|
either the process have one thread which is the main thread, and ce pause that thread.
or in win98 pausing the main thread result pausing the whole process.
at least try to pause the process main thread, and see what happens.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
