1. Is there going to be a memory viewer much like CheatEngine? Well you already have one, but CheatEngine lets you edit the registry of the address. It's pretty nifty.
I am not sure what this should mean.
Registry of the address how?
If my guess is correct, it would be possible after I get kernel-mode features going again. If it has to do with the address look-up table.
2. Can you tell me how you made all hidden proccesses viewable by your program? I'm trying to see if I can edit WPE Pro and make a hidden process unhidden.
This process is actually quite simple even from user-mode code (which I currently must use until I get my kernel-mode functionality back).
Unfortunately it isn’t jus a flag change or somehing
that simple, so you probably won’t be able to add it to WPE Pro easily without the source code.
To find all processes, just run a loop from 0x0000 to 0x4000 and check OpenProcess() on every ID. If it succeeds, there is a process there.
But then you have to use the ID to get the process name, which I do by creating a module snapshot of that process ID and using Module32First() one time (the first module in the list is always the actual process that was loaded).
Starting with the next release, Memory Hacking Software will show processes even if it can not get their names.
I removed that feature previously simply because if it can not get their names it can not open the process.
But I will add it again because it may help if you can see the process ID for processes that are really trying to hide.
L. Spiro