Cheat Engine

[Davethewave]

When I try to attatch the debugger to the game from http://www.taleworlds.com/ called Mount&Blade it starts to attatch, then mount&blade closes itself, I've tried various stealth and debugger options, as well as all off-all on... and a mix of on and offs.. Also the "Enable Kernel mode debugger options when available" causes a BSOD when I start CE and start Mount&blade second.. or if I start CE.. close CE then start M&B I get BSOD when the kernel mode debugger options when available is on... so I turned that off and I don't get BSOD but I still can't attatch to the proccess. I'm using 5.2.126. Oh yeah, the site is currently very laggy.. is it being DoSd?

[Dark Byte]

yes, mount&blade uses a protection like starforce.
There is a way arround it, but it is verrrry slow (setting the IDT whenever possible, like every time a task switch happens)

about the slow site, I know. But I don't see anything in my logs that indicates it's a DoS , so it's either the host thats doing maintenance, or another domain hosted by my host is being DoS'd

[Nicholas]

I was thinking that I had replied to this post before, and it turns out that I have. It was posted twice.

http://forum.cheatengine.org/viewtopic.php?t=14552

Isn't there some kind of time limit to posting new topics? I assume a few seconds would prevent people from accidentally doing this. On some forum software the submit button gets grayed out and becomes unclickable once you click submit the first time.

[Davethewave]

Oops you're right, I did double post.. I must have been impatient with the slowness and clicked submit more than once. Sorry about that... also what confuses me the most about mount&blade is that I have already successfully attatched to it to find the code which related to money: code :004a6c52 - 01 01 - add [ecx],eax - and the code which writes to xp *to disable my ability to reach level 6 in demo*: code :004325fe - 89 87 88 00 00 00 - mov [edi+00000088],eax - and other things.. same version and everything.. nothing has changed to my knowledge but now it detects CE when it didn't used to. I'd try your fix.. with the IDT but I really have no idea how, or even what an IDT is. Guess I was lucky for a while and my luck ran out

[Dark Byte]

weirdm, that never worked for me without some special modifications to my driver for this game specifically.

anyhow, I havn't downloaded the game, but some common game crashes are usermode stealth, and hyperscan.

go to settings and disable "hypersan when possible"

[Davethewave]

It seems that the reason I was able to use the debugger before is becuase I installed the game and didn't reset the system, so "Themida" wasn't loaded at the time, until my reboot.. I guess there's a file oreans32.sys which is related to themida... probably take some serious skills to get around it.

:::Also wouldn't it be theoretically possible to use CE to scan the entire physical memory for the existance of Themida or Oreans32.sys and somehow nop that code within the memory from the start?

::: Nevermind, I found out how to bypass Themida and I didn't even have to be a serious hacker haha. good stuff.