Hello..For the past couple of days, I've been attempting to dump the CShell ("unencrypted" as people say it is) when the game is running, however with the system I'm running, I'm fairly stuck and can't do crap.
As the title says, I'm running Windows 7 x64 bit on my machine. That means I can't run Kernel Detective, which sucks.
I have tried the following..
-Use VirtualBox to install Windows XP, I successfully installed CA and had Kernel Detective running, however using VirtualBox, I can't start CA because it detects that I'm using it ("Application cannot be run in virtual machine" error).
-PE Tools, it starts up fine and allows CA to stay open, however I am unable to actually find the "Engine.exe" in the process list. I've heard injecting a simple dialog box into Engine.exe works, but no luck there.
-Immunity Debugger, same thing as PE Tools
-I've also tried suspending Engine.exe using Process hacker then opening it up in OLLY, however that crashes within a matter of seconds (heard it works somewhere as well, at least tried)
I just can't find anything that works outside of those, any help from someone else that's been in this position?
Originally Posted by master131
