Joined: 04 May 2007
Location: Why do you care?
|Posted: Mon Feb 25, 2008 4:44 pm Post subject: Checking the Imports of a program
|Ok, since I've seen all kinds of people complaining about crap that they've been keylogged or whatever from opening some trainer or something, I've decided to write a quick tutorial on how to check the imports of a program to see if it's safe.
Step 1: Run Cheat Engine
Nothing to explain, I'm not sure how far this tool goes back, but it's definitely in CE 5.3, and you should at least be there.
Step 2: Navigate to the window
For this, browse to Memory View. Then, press the hotkey [CTRL] [ALT] [P]. That should bring up a window like this:
Edit: Ignore the notepad crap and whatever in the top, I hadn't done this in a little while, and I had to get back used to it. Then I just kinda didn't feel like taking the picture. =P
Step 3: Open file
Select "File" on the left of the window. Click the folder, and browse to wherever the file is located. I'll be using Cheat Engine for this example (yes, checking the imports of Cheat Engine with Cheat Engine...)
Step 4: View Imports
Select the imports tab.
Once you've done that, just kinda scroll through it and look for something suspicious, or out of the ordinary, like something that sounds like it connects to the internet, or paypal or something. (When looking for internet stuff, look for something like "winsock" or "wsock", as that has to do with internet).
So next time you download a trainer or something from someone that isn't well respected (and maybe even then too), just pop open Cheat Engine for a minute, and check out the imports. It doesn't take but a few minutes, and "wasting" those few minutes is much better than risking your precious PC, right?