View Issue Details
540 [Cheat Engine] (No Category) major always 2017-08-09 00:08 2017-08-13 11:15
imagelesskink Cheat Engine 6.7  
Windows 10 Home x64  
high 1607  
new  
open  
none    
none  
   
Allow increase/decrease on 8-byte values only considers 4 bytes
Allowing increase on an 8-byte value treats 0x0000000100000000 as lower than 0x00000000ffffffff, and as such will not allow increasing over 4-byte barriers. Same goes for decreasing.
Allow increase on 8-byte value set to 4294967295 and attempt to increase in-game
 
Notes
(0001126)
imagelesskink   
2017-08-13 11:15   
A related issue happens with signed values, allowing increase/decrease treats it as unsigned.




View Issue Details
539 [Cheat Engine] (No Category) major always 2017-08-03 22:32 2017-08-03 22:32
set01q PC  
Windows  
normal Win 10 Ultimate  
new  
open  
none    
none  
   
неправильно читает указатель
Incorrectly reads the pointer
вместо смещение например 90 указать например 80 + 10 , и после нажатие Ok указатель будет указывать в другое место
все на скринах.
Безымянный2.png (253,763 bytes) 2017-08-03 22:32
http://cheatengine.org/mantis/file_download.php?file_id=224&type=bug
png
 
There are no notes attached to this issue.




View Issue Details
538 [Cheat Engine] (No Category) minor always 2017-07-02 08:28 2017-07-02 08:28
Wanted Pc  
windows  
normal 7 64bit  
new  
open  
none    
none  
   
Scan error:thread 1:Stream read error
hi guys
i have a one problem when i scan unknown value and select value changed
and repeat it again show this error:
Scan error:thread 1:stream read error
please help me
bug
Untitled.png (26,191 bytes) 2017-07-02 08:28
http://cheatengine.org/mantis/file_download.php?file_id=223&type=bug
png
 
There are no notes attached to this issue.




View Issue Details
537 [Cheat Engine] (No Category) minor always 2017-06-26 22:02 2017-06-26 22:02
Syndrome  
Windows  
low 8.1  
new  
open  
none    
none  
   
Not customizable font in cpu registers window
Look at my screenshot. Register viewer ignores my font settings.

http://imgur.com/a/LOj3t
cheat engine - register viewer - not customizable font.png (124,231 bytes) 2017-06-26 22:02
http://cheatengine.org/mantis/file_download.php?file_id=222&type=bug
png
 
There are no notes attached to this issue.




View Issue Details
536 [Cheat Engine] (No Category) minor always 2017-06-26 21:36 2017-06-26 21:36
Syndrome  
Windows  
normal 8.1  
new  
open  
none    
none  
   
CE 6.7 does not remember Memory Viewer layout
I have to adjust the column width on every startup
1. Open Memory Viewer
2. Adjust the column width (Address / Bytes / Opcode / Comment)
3. Adjust the vertical border between code and bytes
3. Close Cheat Engine
4. You'll have to do it all over again on the next application launch
 
There are no notes attached to this issue.




View Issue Details
535 [Cheat Engine] crash always 2017-06-24 16:36 2017-06-24 16:45
maggot99999 x86-64  
Windows 10 Pro  
normal 1703  
new  
open  
none    
none  
   
Minimized "Extra info" window crashes Cheat Engine
Every time I intuitively minimise the window "Extra info" it minimises in a very odd way by taking place above the task panel and after trying to open or maximise or close another minimised window appears on the right and Cheat Engine stops responding.
6.6 CheatEngine
RIGHT CLICK ON ADDRESS -> Find out what accesses/writes to this address -> *Change Value* -> DOUBLE CLICK any in the list -> "Extra info" window opens -> Minimize it -> Try to OPEN/MAXIMIZE/CLOSE -> NOT RESPONDING (CRASH)
Probably need to remove these buttons (MINIMIZE and MAXIMIZE) and leave just close button. They seem to be needless in that window anyway.
1.png (286,881 bytes) 2017-06-24 16:36
http://cheatengine.org/mantis/file_download.php?file_id=220&type=bug
2.png (282,412 bytes) 2017-06-24 16:45
http://cheatengine.org/mantis/file_download.php?file_id=221&type=bug
 
Notes
(0001125)
maggot99999   
2017-06-24 16:45   
Second screenshot




View Issue Details
534 [Cheat Engine] (No Category) tweak always 2017-05-03 15:05 2017-05-16 22:47
bobbyhopere  
 
normal  
new  
open  
none    
none  
   
"Pointerscanner scanoptions" window should have ranges rather than fixed values
That window has these values by default:

Maximum offset value: 2048
Max level 5

But what if those values yield no results? If I modify those values, say, to 4092 and 6, it would include the values that had previously yielded no results.

So why not use ranges? 2048-4092 and 5-6. This way it would not include the previous scan results and the scan would be faster and use less HDD space.

Example: Replace the default with something like these?
Offset values: 0-2048
Levels: 0-5
Enhancement
Pointer-scan-window.jpg (105,136 bytes) 2017-05-03 15:05
http://cheatengine.org/mantis/file_download.php?file_id=219&type=bug
jpg
 
Notes
(0001122)
Dark Byte   
2017-05-15 13:45   
not scanning range 0 to 2047 would result in loss of a lot of paths.
Take this path for example: 0-2c-880-3c-28
doing a scan with a structsize of 2048(800) would not find it, (880 is above that)
and doing a scan with region 2048-4092 would also not find it (0 is below 800)

Tip: Get a new version of CE and tick "max different offsets per node" and set it to 3, and give as offset a really huge value like 99999999. it'll scan faster and gives better pointers to begin with
(0001123)
bobbyhopere   
2017-05-16 21:19   
1.
OK, I was wrong about making "Maximum offset value" a range.

2.
Sorry, I am lost about: "max different offsets per node". No clue what it does.

3.
But "Max level" should be a range, right?

First scan:
Maximum offset value: 2048
Max level 5

Second scan:
Maximum offset value: 2048
Max level 6

If "First scan" provided zero useful results, in the "Second scan", Cheat Engine would re-scan levels 0-5 which would be a waste of time; it should only scan for level 6.
(0001124)
Dark Byte   
2017-05-16 22:47   
2: Max different offsets per node doesn't look so much at the offset size, but the number of offsets.

e.g you have the following pointers:
10-2a-0-4a
10-2a-40-0
10-2a-c000-4c
10-2a-c200-100

then with a max different offsets per node of 3, only the first 3 will be found, and after c000 it will go on with the rest. Greatly increases the scanspeed, and the results are pretty good (low value offsets)
There is a chance correct ones will be discarded, but it may give an idea of what the level size it

3:
I could add a min level, but it will not speed up the scans.
It first has to go through all the level 6 paths before it can go to a level 7 path and beyond.
At most it would reduce the amount of results written to disk, but with a proper pointermap setup that is a thing of the past anyhow




View Issue Details
519 [Cheat Engine] (No Category) minor always 2016-11-22 19:38 2017-04-10 00:38
Belix PC  
Windows  
normal Win 7 Ultimate  
new  
open  
none    
none  
   
CE 6.6 'change address' dialog size on long values
Attempting to Change Address on very long entries in the table creates super wide dialog boxes that cannot be resized. On multi-monitor systems this dialog box can be as wide as the available width across all combined displays. In some cases it may fail to draw the dialog at all (such as very long arrays of bytes, 720+ long).
Create a long string, say, 800 characters at address 600000, then fill it in with a bunch of text, and finally go to change the address from 600000 to something else, and you should now have a very wide dialog box. Also occurs with long arrays of bytes.
It seems to only slightly exceed the width of a single display, but the fact that it can't be resized and will span across several monitors suggests unintended behavior.
 
Notes
(0001121)
Dark Byte   
2017-04-10 00:38   
array of byte types wheren't intended for huge sizes. This type is for human readable AOB's. For complex memory blocks use (Lua hybrid)AA Scripts




View Issue Details
518 [Cheat Engine] (No Category) minor always 2016-11-22 19:36 2017-04-10 00:26
Belix PC  
Dark Byte Windows  
normal Win 7 Ultimate  
resolved  
fixed  
none    
none  
   
CE 6.6 array of bytes length overflow
Attempting to modify a record of array of bytes through the Type dialog with a length greater than 255 overflows and restarts at 0 (but modifying it through the Change Address dialog works correctly). Lengths greater than this can be achieved by pasting large amounts of data into the Value field, which causes CE to auto-expand the length of the specified entry to match the content entered.
Create a new array of bytes, and set the length to 257. Now double click its Type as if you wanted to change it, and click OK. The array of bytes should now have a length of 1 despite submitting 257 again as the length.
 
There are no notes attached to this issue.




View Issue Details
525 [Cheat Engine] (No Category) minor always 2017-01-05 18:37 2017-04-10 00:07
idk31 PC  
Dark Byte Win 7  
low SP 1  
resolved  
fixed  
none    
none  
   
"Count" column too skinny
"Count" column from "Find out what accesses this address" (F5) is always too skinny. I can't read the number or the access count (number in parentheses) when "Check if found opcodes also access other addresses" is selected.
count_skinny.png (12,685 bytes) 2017-01-05 18:37
http://cheatengine.org/mantis/file_download.php?file_id=211&type=bug
png
 
Notes
(0001114)
idk31   
2017-01-05 18:56   
I know I can resize the column, but it goes back to skinny next time the window is opened. This request is mostly about being able to read the other addresses accessed count.




View Issue Details
533 [Cheat Engine] (No Category) minor always 2017-04-09 06:17 2017-04-10 00:03
Neurion Windows 7 x64  
Dark Byte  
normal  
resolved  
fixed  
none    
none  
   
Duplicated headers and comments in Memory View
Using Cheat Engine v6.6, clean install.

Upon saving and loading a table that contains comments in the disassembler, the following occurs:

After a line has had a header and a comment in it, any lines that follow that contain only a regular comment will also have the previous header appear on them, duplicated. The cheat table file's XML is correct, but if it's saved after this bug occurs, the duplications will appear in the table file as well.

The result looks much like this: https://i.imgur.com/yt7Beye.png
6.6 CheatEngine, bug, Save
1. Open any program with Cheat Engine
2. Place a Header and a Comment on a line of code
3. Place a comment but no header on the next line, save table.
4. Close, reopen Cheat Engine, open the program and load the table.
5. Open Memory View and there it is.
Comment Issue.CT (1,506 bytes) 2017-04-09 06:17
http://cheatengine.org/mantis/file_download.php?file_id=218&type=bug
 
There are no notes attached to this issue.




View Issue Details
521 [Cheat Engine] (No Category) trivial always 2016-12-13 11:54 2017-04-06 23:20
Csimbi x64  
Dark Byte Windows  
low 7  
resolved  
fixed  
none    
none  
   
FPU dialogue size
CE does not size the FPU dialogue correctly.
It does not save its size, either.
I have to adjust the size every time.
6.6 CheatEngine
Run a trace on any x64 binary where XMM registers are also used.
Wait for the trace to be completed, then select any instruction in the trace output and click the FPU button to show the FPU registers.
Observe that you can't see all XMM registers.
Select the next instruction in the trace output.
Observe that the XMM registers has scrolled to the bottom.

Try resizing the FPU window and see that the next time you open it, it will be small again.
It's okay if CE does not size the dialog correctly - everyone has different font sizes and such, but then it should store the size of the dialog and restore it.
Core 2 Duo system
 
There are no notes attached to this issue.




View Issue Details
513 [Cheat Engine] (No Category) tweak always 2016-10-23 00:58 2017-04-06 21:50
Syndrome x64  
Dark Byte windows  
normal 8.1  
resolved  
fixed  
none    
none  
   
modal windows are broken since version 6.6
Opening of some modal windows raises the main application window.
1. Open debugger.
2. Maximize debugger window.
2. Add comment to any line of code.
3. Main windows rises and obscures the debugger window.
This problem also applies to structure analyzer (Dissect data/structures)
 
Notes
(0001111)
Syndrome   
2016-10-23 01:19   
How do I fix a typo in the title?




View Issue Details
514 [Cheat Engine] (No Category) tweak always 2016-10-23 01:16 2017-04-06 17:50
Syndrome x64  
Dark Byte windows  
normal 8.1  
resolved  
fixed  
none    
none  
   
Default monoscape font is unreadable on some monitors
Structure analyzer and "cpu registers window" are using not customizable monoscape font that has ultra-thin lines. This font is almost invisible on small hi-dpi monitors. Increasing the font size doesn't solve the problem. Add an option to adjust the default monoscape font.
1. Open structure analyzer (Dissect data/structure).
2. Create any structure.
3. Try to change the font.
 
There are no notes attached to this issue.




View Issue Details
526 [Cheat Engine] (No Category) feature N/A 2017-01-05 19:07 2017-02-14 07:29
idk31  
 
none  
new  
open  
none    
none  
   
Able to always see opcode address access count if selected once
Requesting that when you "Find out what accesses this address" (F5) and select "Check if found opcodes also access other addresses" that it stays on for the next address. I would like to make finding opcodes that access only one address easier by skipping the step to right-click and turn on the counter if I have already selected it once.
 
There are no notes attached to this issue.




View Issue Details
527 [Cheat Engine] (No Category) minor always 2017-01-19 09:25 2017-01-28 19:23
ender Windows  
Dark Byte 10  
normal 14393  
confirmed  
open  
none    
none  
   
High DPI issues
There are a few remaining issues when running Cheat Engine in High DPI mode:

- all tooltips are huge
- the checkbox and arrows in address list are too thin; the area next to the checkbox (for setting freeze type) is also very narrow
- some buttons in Settings are too small, also some labels are covered by other controls
Run Cheat Engine at high DPI with DPI Aware enabled
I'm attaching two screenshots of the issues; if you're on normal-DPI monitor, look at them at 50% zoom.
Image1.png (75,219 bytes) 2017-01-19 09:25
http://cheatengine.org/mantis/file_download.php?file_id=212&type=bug
png

Image2.png (28,166 bytes) 2017-01-19 09:26
http://cheatengine.org/mantis/file_download.php?file_id=213&type=bug
png

Image3.png (78,198 bytes) 2017-01-28 19:23
http://cheatengine.org/mantis/file_download.php?file_id=215&type=bug
png
 
Notes
(0001118)
ender   
2017-01-28 19:23   
Found another problem: when you have multiple scan tabs open, the controls on the right become misaligned - see attachemnt.




View Issue Details
528 [Cheat Engine] (No Category) minor always 2017-01-19 09:31 2017-01-26 20:08
ender Windows  
Dark Byte 10  
normal 14393  
assigned  
open  
none    
none  
   
High Contrast problems
I'm running Windows in High Contrast mode, which causes some text to be hard to read in Cheat Engine, because it uses hardcoded colours - the Found Address List uses black text, which is nearly invisible on the dark background I'm using. It would be better if it either used the OS default text colour, or if the colours were customisable like in Memory view (being able to change the font would be nice, too).
Select High Contrast black theme, then run Cheat Engine.
 
Notes
(0001115)
Dark Byte   
2017-01-26 19:35   
You mean the address list on the left side the "found address list" ?

as far as I know it only uses the default text color for that with the exception of the address if it's static (green) or the value if it's changed (red)
So it should be changable by the OS text color

run this lua code to give you a white color: (also works as an autorun script)
getMainForm().Foundlist3.Font.Color=0xffffff
(0001117)
ender   
2017-01-26 20:08   
Yup, the Found list; and it doesn't use the OS text colour, otherwise I wouldn't be complaining (you can see how it looks in bug 527, attachment Image1.png: http://cheatengine.org/mantis/file_download.php?file_id=212&type=bug )

I'll use the script for now, it does make the text visible.




View Issue Details
529 [Cheat Engine] (No Category) minor always 2017-01-26 15:39 2017-01-26 19:43
manyack3000 PC  
Dark Byte Windows  
normal 7  
resolved  
fixed  
none    
none  
   
Improper saving of the table, using the Russian language program
Eng:
Not saved settings hotkeys after preservation, using the Russian language in the program.

Rus:
Не сохраняются настройки горячих клавиш после сохранения, используя русский язык в программе.
6.6 CheatEngine, ru_RU
1. Install Cheat Engine 6.6
2. Install Russian translation files (ru_RU)
3. Creating and editing tables, setting up hot keys in the table
4. Saving Table
5. Loading the same table
6. All values in the table hot keys were changed to freeze / unfreeze

Rus:
1. Установить Cheat Engine 6.6
2. Установить Russian translation files (ru_RU)
3. Создание и редактирование таблицы, настройка горячих клавиш в таблице
4. Сохранение таблицы
5. Загрузка этой же таблицы
6. Все значения горячих клавиш в таблице были изменены на заморозить / разморозить
Improper saving hotkeys is shown only in the Russian version of the program
In the English version of the program, all saved and loaded correctly
All values in the table have changed to freeze / unfreeze

Cheat Engine 6.6 + Russian translation files (ru_RU)

Attached archives.
Archival screenshot and saved two versions of the table
X64 sp1
Archive with two versions of stored tables.zip (33,477 bytes) 2017-01-26 15:39
http://cheatengine.org/mantis/file_download.php?file_id=214&type=bug
 
Notes
(0001116)
Dark Byte   
2017-01-26 19:43   
fixed on github




View Issue Details
524 [Cheat Engine] (No Category) feature have not tried 2016-12-20 22:06 2016-12-20 22:06
seven Cheat Engine 6.5  
Windows 7 x64  
low 6.1.7601  
new  
open  
none    
none  
   
Allow Custom Type to display string Value
Could you allow Custom Types to return an ASCII string in their bytestovaluefunction and display it as such in the Value column of a table?

Possible solutions:
 - Flag CustomType CheatEntry with <ShowAsString>1</ShowAsString>
 - registerCustomTypeLua function new optional flag after isFloat: isString and for ASM alloc(UsesString,1); UsesString: db 1
 
There are no notes attached to this issue.




View Issue Details
520 [Cheat Engine] (No Category) crash always 2016-12-13 11:47 2016-12-13 11:47
Csimbi PC  
Windows XP  
low SP2  
new  
open  
none    
none  
   
PC Windows 7 x64
CE does not deal with labels and colons correctly - it simply ignores the instruction when there's a colon in it.
It should either give an error that such label was not declared, or ignore the colon and try compiling the instruction.
6.6 CheatEngine
Create a correct AA script and make sure there is at least one jump in it.
Then, add a colon after the jump.
Something like this:
jmp short MyLabel:

CE will skip over this instruction - I guess it's thinking it's a label.
Found out the hard way, lol
Core 2 Duo system
 
There are no notes attached to this issue.




View Issue Details
503 [Cheat Engine] (No Category) major always 2016-08-27 13:05 2016-12-10 23:01
ThePlug 32bit Unity Game  
Dark Byte Windows 7 SP1 64 bit  
high Ultimate  
resolved  
fixed  
none    
none  
   
Mono Dissector Static Field Offsets Incorrect When Adding To Address List
In mono dissector, clicking 'Add static field addresses' adds all the addresses from the class in 'static fields' to the CE address list. But the offset is incorrect for anything above 0x8. 0x10 changes to 0xC in the address list, 0x20 changes to 0x14, 0x30 changes to 0x1E. Any address with hex in it like 0xC changes to 0, 0x1C changes to 0, 0x2D changes to 0, etc.

It's very time consuming having to manually change each offset according to what shows in the mono dissector with big classes.
bug, Mono
Attach CE to any Unity game

Mono > Dissect Mono > Left Click On Class > Fields > Add Static Field Addresses

Check address list and the offsets above 0x8 will all be different from what shows in the mono dissector.
 
Notes
(0001099)
ThePlug   
2016-08-27 13:17   
It seems the already hex offsets are being converted to hex again, since the hex of 10 is C and hex of 20 is 14.
(0001100)
Dark Byte   
2016-09-06 08:04   
should be fixed with this script:
https://raw.githubusercontent.com/cheat-engine/cheat-engine/master/Cheat%20Engine/bin/autorun/monoscript.lua




View Issue Details
517 [Cheat Engine] (No Category) minor always 2016-11-22 10:11 2016-11-22 11:15
Belix PC  
Windows  
normal Win 7 Ultimate  
new  
open  
none    
none  
   
CE 6.6 return carriages still sometimes incorrectly inserted into strings
In CheatEngine 6.5, pasting long strings into the string edit box caused the string to be interpreted incorrectly and inserted return carriages into the content of the actual string being pasted wherever a line break was caused by the text window width. This is fixed in 6.6, HOWEVER, submitting long strings appears to still generate return carriages in the actual string content at the location of current line breaks due to the text box size.
please see notes below - some information is incorrect
Type or paste any string message longer than the width of CheatEngine's "Change Value" prompt when editing a string causing it to move to the next line, then submit it. Note the extra 2 bytes generated (0D 0A) at the position of any line breaks present when clicking OK to confirm string change.
Before submitting the string, resizing the window shows the overflowing text shifting upwards to the previous line as space is available. This proves the problem does not happen until OK is clicked; modify the string again, and now if you attempt to resize the window the text remains fixed due to the line breaks CheatEngine inserted.

p.s. Great program, been using it for years to patch bugs in old games. :)
 
Notes
(0001112)
Belix   
2016-11-22 10:47   
DISREGARD INFORMATION ABOVE, my apologies! I was running an old shortcut still pointing at CE 6.5 after I installed CE 6.6, BUT there is still a bug with the text box in 6.6:

Strings are no longer 'closed' when submitting the change, that is, if you edit a non-unicode string with length of 20 characters, and only type in 10 characters and leave the rest blank, a stop byte (00) is no longer inserted at the end like 6.5 did, which leaves the rest of the string after that position intact.

So if I edit the string "Hello there" to read "Hi" it becomes "Hillo there"...

Sorry for the version mix up. That's what I get for reporting bugs at 1am. :)
(0001113)
Belix   
2016-11-22 11:15   
Correction: This issue does still exist in 6.6, but you have to paste incredibly long strings (greater than about 1024 characters). Eventually the row of text becomes so long that CE forces a line break, and if the string is submitted this way it does actually insert the break into the string itself.




View Issue Details
515 [Cheat Engine] (No Category) tweak have not tried 2016-10-23 01:27 2016-10-23 01:27
Syndrome x64  
windows  
low 8.1  
new  
open  
none    
none  
   
"Show all windows in the taskbar" option is broken
Main window cannot be focused via the taskbar when at least 2 windows are opened.
1. Run cheat engine.
2. Enable the "Show all windows in the taskbar" feature.
3. Open the debugger.
4. Try to focus main window via the taskbar.
5. Debugger is focused instead.
 
There are no notes attached to this issue.




View Issue Details
512 [Cheat Engine] (No Category) minor always 2016-10-08 20:48 2016-10-10 15:07
chase0  
Dark Byte  
normal Windows 7 x64  
resolved  
fixed  
none    
none  
   
Using `align` directive in a table AA script prevents it from getting "Active" checkbox [v6.6]
Using `align` directive in a table AA script prevents it from getting "Active" checkbox when the table script entry is activated. The [ENABLE] section executes as it's supposed to, the alignment applies properly, only the checkbox is missing, which means the entry can't be deactivated.
[ENABLE]
alloc(M,1024)
label(L)

M:
align 0000016
L:

[DISABLE]
dealloc(M)
 
Notes
(0001109)
chase0   
2016-10-08 21:14   
Further testing shows the issue is actually different: align can't directly follow a label for an allocated memory block:

---
globalalloc(_kzwmmavneyduhhws,1024)
label(_kzwmmavneyduhhws_L)

_kzwmmavneyduhhws:
  //db 1

  align 0000016
_kzwmmavneyduhhws_L:
  db 2
---

This generates "Not all instructions could be injected" error. Since the memory allocations seem to be 4K-aligned, this use of the directive should do nothing instead of generating an error. Also, in spite of displaying the error the script currently gets assembled in its entirety regardless.
(0001110)
Dark Byte   
2016-10-10 15:07   
should be fixed in the release




View Issue Details
511 [Cheat Engine] (No Category) minor always 2016-10-05 12:52 2016-10-06 14:29
chase0  
Dark Byte  
normal Windows 7 x64  
resolved  
fixed  
none    
none  
   
Cheat Engine silently fails to activate AA script [v6.5.1]
Cheat Engine silently fails to activate the following AA script.


[ENABLE]
alloc(M,1024)
label(L1)
label(L2)

M:
L1:
L2:
  mov dword ptr [L1],L2

[DISABLE]
dealloc(M)
This is obviously a minimal example and not supposed to be functional.
 
Notes
(0001107)
mgr_inz_Player   
2016-10-05 21:48   
If you try to execute your script (not assigned to cheat table) you will get:
"Invalid register"

From what I see, you can not activate that script in CE6.1 up to CE6.6RC2.


Maybe just use this:

####
alloc(M,1024)
alloc(L1,8)
alloc(L2,8)

M:
  mov [L1],L2
####
(0001108)
Dark Byte   
2016-10-06 14:29   
fixed




View Issue Details
510 [Cheat Engine] (No Category) tweak always 2016-09-29 19:14 2016-09-29 23:54
chase0  
Dark Byte  
low Windows 7 x64  
resolved  
fixed  
none    
none  
   
Cheat Engine doesn't remember "Enumerate DLL's" window position [v6.5.1]
Cheat Engine doesn't remember "Enumerate DLL's and Symbols" window position and size, resetting them every time the window is opened anew.
* It also doesn't remember position of "Find" window for "Enumerate DLL's and Symbols" window.
* It also resets position of "Find" window every time `Ctrl-F` is pressed in "Enumerate DLL's and Symbols" window when "Find" window is already open.
* "[X] Save window positions" option is _set_.
 
Notes
(0001106)
Dark Byte   
2016-09-29 23:54   
Enumerate DLL's and the Find window now save their position




View Issue Details
508 [Cheat Engine] (No Category) minor always 2016-09-28 22:46 2016-09-29 23:00
chase0  
Dark Byte  
normal Windows 7 x64  
resolved  
fixed  
none    
none  
   
Multiple Auto Assembler errors when encoding CMPXCHG [v6.5.1]
There are several issues related to assembling CMPXCHG instruction operand size (32-bit mode), as well as disassembling its opcode when used with LOCK prefix (32-bit mode):

1. Auto assembler can't assemble `CMPXCHG r8,r8`: error message "Error in line 5 (cmpxchg bl,cl) :This instruction can't be compiled".

2. Auto assembler incorrectly assembles `CMPXCHG r16,r16`: `cmpxchg bx,cx` is assembled to 66.0F.CB `bswap bx`.
2.1. Machine code should be 66.0F.B1.CB.
2.2. Disassembler decodes resulting machine code 66.0F.CB properly as `bswap bx`.

3. Auto assembler incorrectly assembles `CMPXCHG r32,r32`.
3.1. `cmpxchg ebx,ecx` is assembled to 0F.B0.CB `cmpxchg bl,cl`.
3.1.1. Machine code should be 0F.B1.CB.
3.1.2. Disassembler decodes resulting machine code 0F.B0.CB properly as `cmpxchg bl,cl`.

4. Auto assembler can't assemble `CMPXCHG m8,r8`: error message "Error in line 14 (cmpxchg [eax],al) :This instruction can't be compiled".

5. Auto assembler incorrectly assembles `CMPXCHG m16,r16`.
5.1. `cmpxchg [eax],ax` is assembled to 66.0F.00 (incomplete opcode)
5.1.1. Machine code should be 66.0F.B1.00.

6. Auto assembler incorrectly assembles `CMPXCHG m32,r32`.
6.1. `cmpxchg [eax],eax` is assembled to 0F.B0.00 `cmpxchg [eax],al`.
6.1.1. Machine code should be 0F.B1.00.
6.1.2. Disassembler decodes resulting machine code 0F.B0.00 properly as `cmpxchg [eax],al`.
6.2. `cmpxchg [eax],esi` is assembled to 0F.B0.30 `cmpxchg [eax],dh`.
6.2.1. Machine code should be 0F.B1.30.
6.2.2. Disassembler decodes resulting machine code 0F.B0.30 properly as `cmpxchg [eax],dh`.

7. Disassembler disassembles machine code F0.0F.B1.0B as `cmpxchg [ebx],ecx`, which doesn't show the use of LOCK prefix.
globalalloc(_sxcdmcfbqwareowd,1024)

_sxcdmcfbqwareowd:

  //cmpxchg bl,cl
  nop

  cmpxchg bx,cx
  nop

  cmpxchg ebx,ecx
  nop

  //cmpxchg [eax],al
  //cmpxchg [eax],bl
  //cmpxchg [eax],cl
  //cmpxchg [eax],dl
  nop

  //cmpxchg [eax],ax
  nop

  cmpxchg [eax],eax
  cmpxchg [eax],ebx
  cmpxchg [eax],ecx
  cmpxchg [eax],edx
  cmpxchg [eax],esi
  cmpxchg [eax],edi
  nop

  lock cmpxchg [ebx],ecx
  nop
 
Notes
(0001105)
Dark Byte   
2016-09-29 23:00   
should be fixed now




View Issue Details
506 [Cheat Engine] minor always 2016-09-20 23:33 2016-09-29 22:38
happensign  
Dark Byte  
low  
resolved  
fixed  
none    
none  
   
List of datatypes for "Scan for addresses with value" becomes empty
When attempting to perform a new pointerscan using the "Scan for addresses with value" option after having done so once before in the same session, where normally would be listed "4 Byte, Float, Double", there is instead a blank space, and the drop-down menu is also empty.
From the window titled "Pointer scan",
Open the "Pointer scanner" menu,
Select "Scan for pointer",
Check the radial labelled "Scan for addresses with value",
Enter any value into the text field,
Click "OK",
Try to do another pointerscan with the same radial checked
I have verified that this bug was not present in 6.5.
Illustration.png (460,814 bytes) 2016-09-20 23:33
http://cheatengine.org/mantis/file_download.php?file_id=208&type=bug
 
Notes
(0001104)
Dark Byte   
2016-09-29 22:38   
should be fixed




View Issue Details
507 [Cheat Engine] (No Category) minor always 2016-09-25 01:15 2016-09-29 22:18
erG0  
Dark Byte  
normal  
resolved  
fixed  
none    
none  
   
Some bugs in "Structure dissect"
Testing structure attached.

Main purpose is to walk through a data tree - first three elements must be used as links to the same structure.
It works fine until I needed to import the structure from file. After loading all links pointed to Undefined.
When it is loaded from cheattable, all seems OK.

Second bug - option "Expanding this node will change the address" not saving its value to xml.
Also, I think there should be some fix or feature like "Do not change the address if node points to 0 or FFFFFFFF".
Or at least make an option "move back to previous".
slist.csx (1,613 bytes) 2016-09-25 01:15
http://cheatengine.org/mantis/file_download.php?file_id=209&type=bug
 
Notes
(0001103)
Dark Byte   
2016-09-29 22:18   
fixed and implemented these suggestions




View Issue Details
509 [Cheat Engine] (No Category) tweak always 2016-09-28 22:53 2016-09-28 22:53
chase0  
 
low Windows 7 x64  
new  
open  
none    
none  
   
Structure dissect doesn't recalculate pointer-based addresses after Open Process [v6.5.1]
When the address of the structure in Structure dissect window is specified as a pointer (e.g.: [[[Game.GAME::gGameEngine]+0C58]+9C]) the effective address being used by the window is not recalculated when a new process gets opened.
 
There are no notes attached to this issue.




View Issue Details
505 [Cheat Engine] (No Category) crash random 2016-09-08 15:34 2016-09-18 23:44
partoftheworlD  
Windows  
normal 10.0.14393  
new  
open  
none    
none  
   
Сrash when you filter the exact value
Cheat engine 6.6 beta 1 crashes when you filter the exact value, more often it occurs in x64 games and when addresses more than 900 million. Tested on Dying Light.
 
Notes
(0001101)
Dark Byte   
2016-09-18 23:08   
define the crash. What is the error message, or how does it crash?
If it's freezing and windows says it's unresponsive, that is normal with 900 million results.
The scanner shows the results before all data has been saved. Saving the data will take a while, and if you do a next scan while it's still saving, the gui will wait till that is done
(0001102)
partoftheworlD   
2016-09-18 23:44   
sometimes there is freezes a few minutes and after the crash happens without error, simply closes CE




View Issue Details
504 [Cheat Engine] (No Category) minor always 2016-09-02 23:59 2016-09-02 23:59
Zephiles  
 
low  
new  
open  
none    
none  
   
Flashing Process Border with Automatically Opened Program
When Cheat Engine starts up, a flashing border is around the process button until you click on it to open a process. If Cheat Engine is set to automatically open a process, this border will still be there until you click on the button.
 
There are no notes attached to this issue.




View Issue Details
502 [Cheat Engine] (No Category) feature N/A 2016-08-21 03:19 2016-08-21 03:19
Zephiles  
 
normal  
new  
open  
none    
none  
   
[Feature Request] Optional Alternate GUI Display
The basic idea behind this is to have the option to use a different GUI display, mainly for the purpose of showing more addresses in a table. Some possible solutions for this could be to either have the option to hide the scan options when not in use, have an option to use the scan options/table in a different window, or some other solution that that would free up space that the table can take.
 
There are no notes attached to this issue.




View Issue Details
501 [Cheat Engine] (No Category) feature have not tried 2016-08-17 01:00 2016-08-17 01:00
whosdatdev  
 
normal  
new  
open  
none    
none  
   
Searching for common pointer path
Often I have 2 addresses, for example the positions of 2 enemies - however I want to get the positions of all existing enemies, no matter how many there are. Because all enemies will most likely be in the same array, they will share the most part of some pointer path (the different part being the array index offset). Finding the pointer path that all enemies share is a pain in the ass, as you literally have to scroll down a huge list of results and compare them.

Please let us input multiple addresses in the pointer scan, and only show pointer paths they share (except for 1-X offsets)
 
There are no notes attached to this issue.




View Issue Details
500 [Cheat Engine] (No Category) tweak always 2016-08-17 00:53 2016-08-17 00:53
whosdatdev  
 
normal  
new  
open  
none    
none  
   
Pointer scan SQLite export offsets in wrong order (last offset = first offset)
The Pointer scan result shows the offsets as Offset 0 - Offset 1 - Offset 2

If you export this to SQLite, the offsets are:
* in the wrong order (Offset 3 = Offset 0, Offset 2 = Offset 1, Offset 1 = Offset 2)
* not starting with 0, which is confusing
Export pointer scan result with SQLite
 
There are no notes attached to this issue.




View Issue Details
499 [Cheat Engine] (No Category) minor always 2016-08-13 16:05 2016-08-13 16:05
flame1234  
 
normal  
new  
open  
none    
none  
   
Scan match list "change value of selected addresses" - only changes one value
As per description.
1) Generate several matches in the match pane
2) Select at least two of the matches
3) Right click and choose "change value of selected addresses"
4) Enter a value in the box
Tested with game: PPSSPP and game: Cheat Engine Tutorial
 
There are no notes attached to this issue.




View Issue Details
498 [Cheat Engine] (No Category) feature N/A 2016-08-10 19:16 2016-08-10 22:50
Zephiles  
 
normal  
new  
open  
none    
none  
   
[Feature Request] Big Endian Support For Pointers
As of now, pointers in Cheat Engine only support the Little Endian format. In some cases, such as using Cheat Engine with Dolphin, the pointers need to be in Big Endian format. Can this support be added?
 
Notes
(0001098)
Zephiles   
2016-08-10 22:50   
To be more precise on this, when I enter an address into the pointer fields, the value of the address is always displayed in Little Endian. What I need is for the value to be displayed in Big Endian, since that is what the memory is formatted as.




View Issue Details
497 [Cheat Engine] (No Category) major have not tried 2016-08-08 20:06 2016-08-08 20:34
thanh125643  
 
urgent  
new  
open  
none    
none  
   
error with scan array
i want to scan array but it dont show any thing
 
Notes
(0001097)
thanh125643   
2016-08-08 20:34   
it just scan like this
0E 8D
and dont scan more than that
0E 8D 69
it just dont show anything




View Issue Details
495 [Cheat Engine] (No Category) minor always 2016-07-12 15:10 2016-08-08 19:26
erG0  
Dark Byte  
normal  
resolved  
fixed  
none    
none  
   
"Fing out what read/write address" displayed wrong instruction with string operation
for example, I need to watch what accessed address 401200
here is some code
00402000 BE 00104000 mov esi, test+1000
00402005 BF 00124000 mov edi, test+1200
0040200A B9 80000000 mov ecx, 80
0040200F F3:A5 rep movsd

in such cases, will be displayed not the actual string command (rep movsd), but previous (mov ecx, 80)

and also disassembler makes some mess there
should be
00402000 - BE 00104000 - mov esi, test.exe+1000
instead of
00401FFF - 00 BE 00104000 - add [esi+test.exe+1000],bh


test subject and screenshot attached
test.zip (8,616 bytes) 2016-07-12 15:10
http://cheatengine.org/mantis/file_download.php?file_id=207&type=bug
 
Notes
(0001096)
Dark Byte   
2016-08-08 19:26   
ce now won't try to get the previous opcxode if it's a rep




View Issue Details
496 [Cheat Engine] (No Category) feature N/A 2016-07-30 11:38 2016-08-08 14:34
ricilen  
Dark Byte Windows  
normal 10  
resolved  
fixed  
none    
none  
   
"Pause the game while scanning" to Edit-Settings
*FEATURE REQUEST*

Please add a setting in Edit/Settings so that "Pause the game while scanning" will already be ticked when starting Cheat Engine.

I don't understand why it is not ticked by default because if the game is a modern resource intensive game, scanning will take longer if the game is not paused, right?

Besides the speed issue, why would you want the game not paused when scanning for something? I would assume that the best methodology would be to scan when all values are frozen, not when many of them are constantly changing.
N/A
 
Notes
(0001095)
Dark Byte   
2016-08-08 14:34   
Most modern games will just pause themselves when they lose focus.

And those that don't sometimes error out if the game has been frozen too long

And then there's those that use hotkeys and do an unchanged value scan, which they hold down constantly as long as nothing is about to change the value they're looking for. Pausing would make the game stutter

But I've added the option in settings




View Issue Details
427 [Cheat Engine] (No Category) feature N/A 2016-01-04 13:58 2016-07-27 16:51
Csimbi PC  
Dark Byte Windows XP  
normal SP2  
resolved  
fixed  
none    
none  
   
Feature request: New scan type
I'd like to request a new scan type: 'not'

The thing is, that sometimes in the list there are a whole lot of values that are identical, but surely not the one I am looking for.

For example, to filter out all zeroes for a very long list, I shan't enter a range ('value between...') in case of unknown value scans because I don't know what value it is - however I do know for a fact that it's not zero.

Addition of a second type called 'not between' might also make sense in some specific cases.

Thank you for considering!
Core 2 Duo system
 
Notes
(0000927)
wlix32   
2016-01-05 16:46   
These two are good resources, I think
(0001032)
Csimbi   
2016-05-22 22:20   
mgr.inz.Player's workaround stopped working in 6.5.1
http://forum.cheatengine.org/viewtopic.php?p=5672577
It'd be great if this functionality could be integrated into CE itself.
Thank you!
(0001094)
Dark Byte   
2016-07-27 16:51   
the "not" scan has been added




View Issue Details
494 [Cheat Engine] (No Category) minor always 2016-07-10 12:36 2016-07-21 13:50
erG0 x86  
Dark Byte  
normal  
resolved  
fixed  
none    
none  
   
wrong assembly of IMUL
"IMUL reg, imm" - command assembled incorrectly
I was trying to assemble command "imul edx, 124"
Without any error messages it was assembled to "6B C2 24", which is disassembled as "imul eax, edx, 24".

First error - destination register != source register,
second - imm32 factor was truncated for some reason
 
Notes
(0001093)
Dark Byte   
2016-07-21 13:50   
fixed in the svn




View Issue Details
493 [Cheat Engine] (No Category) feature always 2016-07-09 05:24 2016-07-09 05:24
leftspace  
 
high  
new  
open  
none    
none  
   
[Feature request] Save option "Ultimap Datas"
I am using Ultimap Features Need Save Data - Adresses vbvb.
 
There are no notes attached to this issue.




View Issue Details
492 [Cheat Engine] (No Category) block have not tried 2016-07-07 05:00 2016-07-07 05:00
rwexler Windows  
Windows  
normal Windows 10  
new  
open  
none    
none  
   
scan error when trying to scan.
No matter what scan I do it gives me the message, Scan error:controller:Cleanup:ResultsPrepare:Error when while loading result.
Type in number and press first scan.
 
There are no notes attached to this issue.




View Issue Details
491 [Cheat Engine] (No Category) feature N/A 2016-06-28 05:07 2016-06-28 05:07
Zephiles  
Windows  
low 7  
new  
open  
none    
none  
   
Feature Request - Save Memory Scan Ranges
The Start range is always 0000000000000000 and the Stop range is always 7fffffffffffffff upon startup. Would it be possible have custom range(s) saved?
 
There are no notes attached to this issue.




View Issue Details
490 [Cheat Engine] (No Category) feature always 2016-06-25 15:08 2016-06-27 16:23
M-Z doesn't matter  
Dark Byte  
low  
resolved  
fixed  
none    
none  
   
[Feature request] Save option "Lock current row size"
First thing I find myself doing after starting CE is to go to memory editor and squeeze window to achieve 10h row width and then enlarge it again to make it good for disassembler. I see it as essential to count (by hand) some "deltas" (e.g. ecx+26h = 2 down, 6 to the right).
Would it be possible to keep that option (Lock current row size AND the size of such locked row) saved between CE "sessions"?
 
Notes
(0001092)
Dark Byte   
2016-06-27 16:23   
implemented it




View Issue Details
466 [Cheat Engine] (No Category) major always 2016-05-24 16:47 2016-05-24 16:47
9 Cheat Engine 6.5  
Windows 7 x64  
normal 6.1.7601  
new  
open  
none    
none  
   
Custom Type bytecount "Value" display limited to 4
*When Show as Hexadecimal is enabled*

Setting a custom type to a value other than 4 will not change how many bytes are displayed in the Value column (except 0, which displays nothing)

Value accepts input up to 8 bytes
(ffffffffffffffff (f*16) is valid input,
fffffffffffffffff (f*17) could not be parsed)

Value only parses last 4 bytes, i.e. FFFFFFFF7FFFFFFF is the same input as 000000007FFFFFFF
{LUA}
function vtb(i)
showMessage(i)
end

function btv(i)
return 2^(4*7)
end

registerCustomTypeLua("zero", 0, btv, vtb, false)

oneplus=1+tonumber(inputQuery("Number, please.","[-]{0,1}\d+",0))

registerCustomTypeLua("other", oneplus, btv, vtb, false)

{TABLE}
Two entries with any address, types "zero" and "other", Show as Hexadecimal enabled.
The zero type entry shows nothing.
The other type entry shows 10000000 regardless of the value of oneplus (unless it is zero)
Entering 000000007FFFFFFF or FFFFFFFF7FFFFFFF will show a message "2147483647"
I would like a custom type to be able to display either like Array of Bytes if size != 4 or left-padded to the nearest multiple of 4 with zeroes.
 
There are no notes attached to this issue.




View Issue Details
465 [Cheat Engine] (No Category) text have not tried 2016-05-04 21:38 2016-05-11 10:49
Hans Henrik  
 
normal  
new  
open  
none    
none  
   
"DLL injection failed", but why?
was working on something, i needed to inject a dll, and i got the error "dll injection failed"... that sure was informative! i would definitely prefer to be told EXACTLY what failed. did VirtualAllocEx fail? did WriteProcessMemory fail? did CreateRemoteThread fail? (i know there's more ways to inject dll's, but this 1 is by far the most common method, and the 1 i guess cheat engine is using. regardless, my point should be clear :p )
 
Notes
(0001031)
Dark Byte   
2016-05-11 10:48   
(Last edited: 2016-05-11 10:49)
Inject using the menu memoryview inject dll menu option. That one will show more details ('Failed injecting the DLL' means that LoadLibrary returned null, allocs and other issues have different messages)





View Issue Details
464 [Cheat Engine] (No Category) feature have not tried 2016-03-28 20:23 2016-04-21 23:19
OnkelM PC  
Windows  
normal 10  
new  
open  
none    
none  
   
Access Violation when saving Table
Out of the blue, CE wont let me save the table. No overwrite and no new file. Before it worked.
Pro x64
ch65_access_violation.JPG (68,852 bytes) 2016-03-28 20:23
http://cheatengine.org/mantis/file_download.php?file_id=198&type=bug
jpg
 
Notes
(0001030)
OnkelM   
2016-04-17 15:21   
It seems it is related to other instances opened of CE.
It happend again when i opened another CE Table with a second CE instance.
After messing up with the second instance and closing it, the first instance wont let me save with the error message "Access violation".
Even weird, the windows preview window of the taskbar is showing other child windows open like the process selection window, but the is no window shown even after click.




View Issue Details
462 [Cheat Engine] (No Category) minor have not tried 2016-03-19 11:30 2016-03-24 21:23
Csimbi PC  
Windows 7  
normal x64 SP1  
new  
open  
none    
none  
   
Break and trace in ntdll.dll does not trace correctly
I am working on a script for the Original Sin Enhanced Edition (Steam).
For some reason, the trace gets screwed up upon entering ntdll.dll.

When we break into ntdll.dll, the 'instruction tree' breaks because the instructions of the call do not go under a new section, they get added to the same level as the call. I guess this causes all the 'ret' instructions to close the wrong tree elements.

Not sure how to explain better.
The trace window should show "test eax,eax" after "call qword ptr [EoCApp.exe+FDB6B0]".
travian.ro
1. I set a break and trace at this location:
EoCApp.exe+BA4070 - 48 89 5C 24 10 - mov [rsp+10],rbx
2. I trigger the code in-name.
3. I looked at the trace.
Attached a zip file with:
 - The saved trace
 - trace_shot_01.png; A screenshot showing the call into ntdll.dll (debug window)
 - trace_shot_02.png; A screenshot showing the call into ntdll.dll (trace window)
 - trace_shot_03.png; A screenshot showing called code in ntdll.dll
Core 2 Duo system
trace_files.zip (78,760 bytes) 2016-03-19 11:30
http://cheatengine.org/mantis/file_download.php?file_id=192&type=bug
trace.png (34,101 bytes) 2016-03-19 12:04
http://cheatengine.org/mantis/file_download.php?file_id=193&type=bug
png

debugger_crash.png (3,631 bytes) 2016-03-19 12:13
http://cheatengine.org/mantis/file_download.php?file_id=194&type=bug
png
 
Notes
(0001028)
Csimbi   
2016-03-19 11:36   
(Last edited: 2016-03-19 12:15)
Forgot. 'Step over instead of a single step' was checked.

Edit 1
Also, it seems that the previous call is broken already:
EoCApp.exe+BA411D - E8 FEF8B6FF - call EoCApp.exe+713A20

Edit 2
It seems that there's some CE integrity issue.
This is how is should look like.
Restarted both game and CE so it's a fresh start and 'Step over instead of a single step' was not checked in this case.
See newly attached trace.png.

Interestingly, this 'fresh start' one did not trace the 5000 instructions I asked it to. It did maybe a 1000 or so. It stopped here:

EoCApp.exe+495FBA - FF 25 005FB400 - jmp qword ptr [EoCApp.exe+FDBEC0] { ->MSVCR120.dll+3C940 }

I have MSVCR120.dll in the donottrace.txt file, so CE should have skipped over it instead of stopping the trace there...

Edit 3
I set a new break and trace again at the same place as earlier and this time I had 'Step over instead of a single step' checked again.
When it fires, debugger crashes (and game hangs), see newly attached debugger_crash.png.





View Issue Details
461 [Cheat Engine] (No Category) minor have not tried 2016-03-16 05:18 2016-03-16 05:18
pausebreak7  
 
normal  
new  
open  
none    
none  
   
darkbyte driver object information add view suggestion
win64ast driver object view add possible?

add.png (58,130 bytes) 2016-03-16 05:18
http://cheatengine.org/mantis/file_download.php?file_id=191&type=bug
png
 
There are no notes attached to this issue.




View Issue Details
460 [Cheat Engine] (No Category) minor have not tried 2016-03-12 14:51 2016-03-12 14:51
M-Z Gigabyte GA-Z170X + i7-6700  
Win7 64 Pro EN  
normal  
new  
open  
none    
none  
   
Access Violation - multi monitor config
Every time multi-monitor configuration changes one gets Access violation error when double-clicking on any entry in Cheat Table.
1. Run a game
2. Run cheatengine + select process + load table
3. Change multi-monitor config via MS+P key combination or by disconnecting one display
4. Try to change an entry with double+click (Enter works fine; changing of address/name of an entry too)

You get Access violation popup. Then only solution is to restart cheatengine.
 
There are no notes attached to this issue.




View Issue Details
459 [Cheat Engine] (No Category) minor have not tried 2016-03-12 01:45 2016-03-12 01:53
pausebreak7  
 
normal  
new  
open  
none    
none  
   
darkbyte autoassembler drivername symbol add suggestion & kernel Memory Search
autoassembler

drivername symbol to add suggestion

and kernel Memory Search assembly scan -> not bsod

Memory Scan Option Kernel Memory Search -> bsod

You can add the above functions?

thank you db
add.png (34,798 bytes) 2016-03-12 01:45
http://cheatengine.org/mantis/file_download.php?file_id=189&type=bug
png

error.png (25,721 bytes) 2016-03-12 01:48
http://cheatengine.org/mantis/file_download.php?file_id=190&type=bug
png
 
Notes
(0001027)
pausebreak7   
2016-03-12 01:52   
(Last edited: 2016-03-12 01:53)
Autoassembler Driver List Name Symbol Add Possible?

EX) cheatengine.exe+232323:
    ret //possible

EX) Ntoskrnl.exe+1000:
    ret //impossible -> Not all instruction could be injected
    dbk64.sys+1000:
    ret //impossible -> Not all instruction could be injected





View Issue Details
458 [Cheat Engine] (No Category) minor N/A 2016-03-04 14:13 2016-03-04 15:20
pausebreak7 windows  
64bit  
high  
new  
open  
none    
none  
   
hi db obregistercallbacks xenos injection code add possible?
https://github.com/DarthTon/Xenos

https://github.com/DarthTon/Xenos/blob/55756c10d4aa270e71e5ccf4c4e3f90519a6db3a/src/InjectionCore.cpp#L117

Xenos injection Obregistercallback openprocess block bypass code

PROCESS_QUERY_LIMITED_INFORMATION?

// Escalate handle access rights through driver

Esclate handle access -> Obregistercallbacks Block Bypass -> injection Success




Xenos injection Code Cheat Engine Add Possible?

Obregistercallbacks Handle Block Bypass

Cheat Engine Option

---Obregistercallbacks bypass--
1.Enumerate Dll's

2.Add Address Code test.exe+1000 -> View Possible?

Thank you DB


bypass...png (37,646 bytes) 2016-03-04 14:18
http://cheatengine.org/mantis/file_download.php?file_id=188&type=bug
png
 
Notes
(0001025)
pausebreak7   
2016-03-04 14:21   
Case IOCTL_CE_ENUMACCESSEDMEMORY:
            {
                struct input
                {
                    UINT64 ProcessID;
                } *inp;
                PEPROCESS selectedprocess;

                PVOID BaseAddress;
                SIZE_T RegionSize;

                inp = Irp->AssociatedIrp.SystemBuffer;
                //dbgprint("IOCTL_CE_ENUMACCESSEDMEMORY(%d)\n", inp->ProcessID);


                ntStatus = STATUS_UNSUCCESSFUL;

                if (PsLookupProcessByProcessId((PVOID)(UINT64)(inp->ProcessID), &selectedprocess) == STATUS_SUCCESS)
                    *(int *)Irp->AssociatedIrp.SystemBuffer=enumAllAccessedPages(selectedprocess);

                ntStatus = STATUS_SUCCESS;
                break;

Driver IOCTL_CE_ENUMACCESSEDMEMORY

Module Information View?
(0001026)
pausebreak7   
2016-03-04 15:20   
https://github.com/DarthTon/Blackbone

Xenos Driver BlackNone Github Source




View Issue Details
434 [Cheat Engine] (No Category) block always 2016-02-21 13:13 2016-02-23 02:20
Csimbi x64  
Dark Byte Windows 7 x64  
normal SP1  
resolved  
fixed  
none    
none  
   
TTreeNodes.GetNodeFromIndex: Consistency error - count too big
I had a reversed structure open in the structure dissect window, with a lot of child structures open (these were a mix of reversed and auto-created structures).
Then, I figured CE would close all of them up so I selected the same structure from the Structure menu.
That's when the error popped.

Please note that I have both cleanup boxed checked (see attached screenshot).

Thanks for fixing!
Start CE and attach to process.
Make sure your structure cleanup settings are the same as mine (see attached screenshot).

Open up the Structure dissect window, put in and address and select a reversed structure.

Open up about 20 pointers (make sure some a reversed, some are auto-generated - just to be sure) and leave them all open.

Select the currently selected structure from the 'Structure' menu again (yes, even if it's selected).

The error should pop immediately.

Note: Expect CE to go zombie (you will need to end task via task manager).
http://forum.cheatengine.org/viewtopic.php?p=5649774#5649774
Core 2 Duo system
screenshots.zip (22,590 bytes) 2016-02-21 13:13
http://cheatengine.org/mantis/file_download.php?file_id=167&type=bug
 
Notes
(0000937)
Csimbi   
2016-02-21 13:14   
Forgot: CE 6.5.0.3
(0000939)
Dark Byte   
2016-02-23 02:20   
should be fixed now (github)




View Issue Details
317 [Cheat Engine] trivial always 2014-02-07 21:58 2016-02-22 23:17
Dirrrty  
Dark Byte  
normal  
resolved  
fixed  
none    
none  
   
window spawns out of screen
When I either use dual monitors, or a monitor in 1080(and place the CE window in the right monitor, or somewhere beyond 768 approximate pixels), then switch to a smaller monitor(768), The cheat engine window spawns outside of the screen entirely. I can't move the window back in regardless what I do, unless I connect a larger monitor and move the window to the top left area, then I can switch back again.
 
Notes
(0000779)
mryt   
2015-02-25 21:00   
Almost same issue:

Setup: Dual monitors. Right one is main screen.

Steps: Open CE and move it to the left (secondary) screen. Close CE. Reopen CE.

Expected: CE opens where is was closed.

Actual: CE opens on main monitor again.
(0000781)
mgr_inz_Player   
2015-02-28 02:30   
I'm using this script for CE6.4 (CE from SVN can have different offsets, see first line).


################################################################
local offset = cheatEngineIs64Bit() and 0xe98 or 0x808
local screenWidthAddress = userDataToInteger(getMainForm())+offset
local screenHeightAddress = screenWidthAddress+4
local screenWidth = readIntegerLocal(screenWidthAddress)
local screenHeight = readIntegerLocal(screenHeightAddress)


if getMainForm().Left+10>screenWidth then getMainForm().Left=screenWidth/2-getMainForm().Width/2 end
if getMainForm().Top+40>screenHeight then getMainForm().Top=screenHeight/2-getMainForm().Height/2 end
################################################################




This will center CE window if it is outside main screen.
(0000782)
mgr_inz_Player   
2015-02-28 02:48   
Maybe getScreen() Lua function in future CE6.5

Access to those:
property MonitorCount: Integer; [r] The number of available Monitors.
property Monitors: TMonitor; [r] The indexed list of available monitors. ( table in Lua)

property Width: Integer; [r] The width of the primary monitor.
property Height: Integer; [r] The height of the primary monitor.


property PrimaryMonitor: TMonitor; [r] The primary monitor typically shows the taskbar.

property WorkAreaRect: TRect; [r] The usable display area on the primary monitor, excluding e.g. the taskbar.
property WorkAreaHeight: Integer; [r] The usable height of the primary monitor.
property WorkAreaLeft: Integer; [r] The usable left coordinate on the primary monitor.
property WorkAreaTop: Integer; [r] The usable top coordinate on the primary monitor.
property WorkAreaWidth: Integer; [r] The usable width of the primary monitor.














And for TMonitor class object:

property MonitorNum: Integer; [r] Index of the monitor in the TScreen.Monitors list. (index of monitor in Monitors lua table)
property Left: Integer; [r] The leftmost screen coordinate of the display.
property Height: Integer; [r] The height of the display.
property Top: Integer; [r] The topmost screen coordinate of the display.
property Width: Integer; [r] The width of the display.
property BoundsRect: TRect; [r] The logical dimensions of the monitor, within the desktop.
property WorkareaRect: TRect; [r] The usable display area, excluding a taskbar etc.
property Primary: Boolean; [r] True if this is the primary monitor of the system.
(0000930)
dopleganger398   
2016-01-13 16:04   
(Last edited: 2016-01-13 16:06)
I fixed this problem with my dual monitors when I thought, if its appearing on a third non-existent monitor why not set the monitor chain back one, I use a laptop and my second monitor is just a TV on the right I had my TV set as my main display, when i had changed my main display back to my laptop screen, cheat engine showed up on my TV screen, move it over to your main and then adjust your settings as you had them before.

hope I could be of assistance.

I also hope you could follow all that, my English is bad.

(0000931)
Beanobrad   
2016-01-13 19:36   
Click cheatengine on the taskbar and then press ALT+SPACE then hit maximize.
Hope this helps.
(0000932)
mgr_inz_Player   
2016-01-14 15:11   
(Last edited: 2016-01-14 15:11)
Download CE6.5 installer from main CE site (installer version 6.5.0.3 or newer).
Install it, then test multimonitor window position saving.

(0000938)
Dark Byte   
2016-02-22 23:17   
should be fixed




View Issue Details
433 [Cheat Engine] (No Category) minor have not tried 2016-02-16 11:57 2016-02-16 14:26
pausebreak7 windows  
7  
normal  
new  
open  
none    
none  
   
hi darkbyte network process target open debug & search possible?
no mobile phone
no virtual pc
-------------------------
only pc(personal computer)

pc1 -> pc2 network connected process open & target

search &debug possible?




easy way to bypass possible idea





 
Notes
(0000935)
Dark Byte   
2016-02-16 14:04   
using ceserver yes. But right now there are only linux ports out. You need to port it to windows first
(0000936)
pausebreak7   
2016-02-16 14:26   
google search ceserver no windows version

Does Windows is impossible?

Are you going to implement that afterwards?

thank you




View Issue Details
432 [Cheat Engine] (No Category) minor have not tried 2016-02-11 18:39 2016-02-11 18:46
Cat73  
Windows 7 64bit  
normal  
new  
open  
none    
none  
   
forcedinjection plugin can not be used in CE6.5
[Content]
The plugin dll could not be loaded:126
 
Notes
(0000934)
Cat73   
2016-02-11 18:44   
(Last edited: 2016-02-11 18:46)
http://forum.cheatengine.org/viewtopic.php?t=587386
https://github.com/cheat-engine/cheat-engine/issues/56





View Issue Details
431 [Cheat Engine] (No Category) trivial have not tried 2016-02-07 17:51 2016-02-09 11:00
haizan x86-64  
Dark Byte Windows 7  
low  
resolved  
fixed  
none    
none  
   
Wrong disassembly of mov r14l, 01
The disassembler incorrectly decodes "41 B6 ??" to "mov sil, ??". It should be "mov r14l, ??". Assembly seems to work correctly.
Have not tested if other instructions are affected.
 
Notes
(0000933)
Dark Byte   
2016-02-09 11:00   
fixed




View Issue Details
430 [Cheat Engine] (No Category) minor always 2016-01-29 19:20 2016-01-29 19:20
pausebreak7  
windows7  
none x64  
new  
open  
none    
none  
   
darkbyte kernel debugging call function f8 trace bug?
hi dark byte dbvm kernel debugging

call function f8 step over f8 trace bug ?

video

1.no error 4034c4 call f8 trace success

2.error debug resume dead

3.f5 toggle breakpoint freeze not dead

call 00403B80 f5 resume trace dead bug?

but push edi f5 trace not dead





video link:
https://www.dropbox.com/s/sototud6r9vno04/bandicam%202016-01-30%2002-36-21-358.avi?dl=0
cheat engine 6.5 version test
 
There are no notes attached to this issue.




View Issue Details
428 [Cheat Engine] (No Category) minor N/A 2016-01-05 16:49 2016-01-07 11:14
wlix32  
 
normal  
new  
open  
none    
none  
   
What is the CE contributing process?
If a want to contribute with CE, What I have to do? How a get a feature to develop, how work the communication, etc.

tks
 
Notes
(0000929)
Dark Byte   
2016-01-07 11:14   
You can post in the forum in the ce source section so we can discuss things and perhaps also have feedback from other users at the same time

Or you could clone the git repository, do it yourself and then send a pull request. Which I will then either accept or decline, or make some fixes/adjustments first




View Issue Details
426 [Cheat Engine] (No Category) minor always 2016-01-04 00:05 2016-01-06 21:57
M-Z  
Dark Byte Win7Pro EN  
normal  
resolved  
fixed  
none    
none  
   
Multi-monitor environment regression
Sorry to be such a party pooper, but 6.5 version have a regression in comparison with 6.4. It doesn't work well in multi-monitor environment - windows positions are not remembered on a proper monitor.
Example:
1. Open any table with Auto Assembly in it
2. Double click on any Auto Assembly entry - it opens on main monitor.
3. Move it to the second monitor. ( http://i.imgur.com/kaHSeLl.jpg )
4. Close it. Now Auto Assembly shoud now be remembered to open on second monitor.
5. But if you double-click it again it shows on the first monitor.
http://i.imgur.com/ahsElLv.jpg
It goes also for Main Window (position is somewhat remembered but not on a proper monitor) and some other windows.
 
Notes
(0000928)
Dark Byte   
2016-01-06 21:57   
fixed(redownload)




View Issue Details
429 [Cheat Engine] (No Category) feature always 2016-01-05 16:54 2016-01-05 19:35
wlix32  
 
normal  
new  
open  
none    
none  
   
Create a way to the value as hexadecimal
Today if I want to see the value on address list as hexadecimal I need to find with hexadecimal box checked, is there some way to after added the value on address list I change it to hexadecimal way? If not, please, can you do that?

Thank you so much
 
There are no notes attached to this issue.




View Issue Details
425 [Cheat Engine] (No Category) minor always 2016-01-02 00:35 2016-01-03 02:32
M-Z  
Dark Byte  
normal  
resolved  
fixed  
none    
none  
   
Access violation on Fast Scan with Tabs
I noticed that we get Access Violation popup when we go back and forth between tabs which has different Fast Scan statuses (enabled/disabled).

I hope it was not reported before (I searched for it and haven't found it ;) ).
1. Search for something with Fast Scan enabled.
2. CTRL+T for new tab
3. Search something with Fast Scan DISABLED
4. Go to the first tab

You get access violation.
It seems possible to go back and forth, but one has to disable Fast Scan.
 
Notes
(0000926)
Dark Byte   
2016-01-03 02:32   
fixed on github




View Issue Details
424 [Cheat Engine] (No Category) minor always 2015-12-29 18:38 2015-12-29 18:57
M-Z Core i7-2820QM, 24 GB  
Dark Byte Windows  
normal 7Pro x86_64 EN  
resolved  
fixed  
none    
none  
   
Add to address list is not considered a change
Changes to "Code list" under "Advanced Options" are not considered a change to the table file.
I don't know if it is a bug or a feature.
Load some table.
Change some address to do nothing (or add address to the "Code list" manually).
Close Cheat Engine.

CE does not ask whether to save changes to the table, only closes without giving chance to save CE table.
 
Notes
(0000925)
Dark Byte   
2015-12-29 18:57   
thank you. fixed




View Issue Details
423 [Cheat Engine] (No Category) text always 2015-12-25 08:25 2015-12-26 22:06
ourogo Windows  
Dark Byte 10  
normal  
resolved  
fixed  
none    
none  
   
Font does not scale properly for 4k retina display
Windows 10 high DPI scaling does not work correctly with cheat engine 6.4. Except for the menu bar and the title bar, everything else remain extremely tiny when using a 4k retina display.
cheatengine.png (34,120 bytes) 2015-12-25 08:25
http://cheatengine.org/mantis/file_download.php?file_id=166&type=bug
png
 
Notes
(0000923)
Dark Byte   
2015-12-25 10:39   
try this build and see if it looks 'better' (may be more fuzzy)
http://cheatengine.org/temp/CheatEngine65RC1.exe
(0000924)
ourogo   
2015-12-25 10:59   
Yes it now looks 'normal' now (despite the fuzziness). Thanks a lot!




View Issue Details
420 [Cheat Engine] (No Category) minor always 2015-12-05 01:30 2015-12-21 10:47
brainiac147  
Dark Byte  
normal  
resolved  
fixed  
none    
none  
   
Hex dump only copies 1 byte
1) Open Memory Viewer and go to address
2) Right click in hex dump and do...
3) Display Type >> 8 Byte Hex
4) Select one of the 8 byte numbers, do Ctrl+C
5) Paste it somewhere, it will only copy the last byte of the 8 byte word.
CeBugClipboard.PNG (24,620 bytes) 2015-12-05 01:31
http://cheatengine.org/mantis/file_download.php?file_id=163&type=bug
png
 
Notes
(0000908)
Dark Byte   
2015-12-06 22:22   
What is the behaviour you expect? An hexadecimal array of byte that makes up the selection, or just the text you have selected ? (So a decimal shows a decimal)
(0000910)
brainiac147   
2015-12-06 23:01   
I expected it to copy the entire selection which would be 00007FFF9466EB50
but when I pasted it it only copied 50.




View Issue Details
419 [Cheat Engine] (No Category) minor always 2015-12-04 05:49 2015-12-21 10:47
brainiac147  
Dark Byte  
normal  
resolved  
fixed  
none    
none  
   
Pointer size increments by 4 on 64 bit
When using the "Pointer" address type the size will increase by 4 each time even though pointer size on 64 bit is 8 bytes.
http://i.imgur.com/7rQLjp6.png
 
Notes
(0000899)
mgr_inz_Player   
2015-12-04 16:39   
Not a bug. 64bit pointer can be at offset 0x0 or at offset 0x4 in the structure.
(0000900)
brainiac147   
2015-12-05 01:15   
Well in any function table on x64 the pointers would always be 8 bytes.

By your logic the offset could be at 2 byte or 1 byte assuming that padding was off. Or 6 or even 12 bytes. Maybe we should make the button not do anything.
(0000901)
mgr_inz_Player   
2015-12-05 11:27   
I don't have time to argue.

Pointers in 64bit targets not always have all offsets dividable by 8.

Example:
http://i.imgur.com/mfZsSQO.png

offset 4 is not dividable by 8
offset 2c is not dividable by 8
(0000902)
brainiac147   
2015-12-05 21:09   
Well your example is implementation specific. A compiler with padding enabled would pad each element to 8 bytes no matter what its size.

So I'm standing by we should just make the button not do anything.
(0000903)
brainiac147   
2015-12-05 21:12   
And they dont always have offsets dividable by 4, neither by what you're saying nor what the button currently does.
(0000904)
mgr_inz_Player   
2015-12-06 01:49   
(Last edited: 2015-12-06 01:51)
Those buttons increase/decrease offset by "4".
And, in most cases, it is the better option than "1" or "2" or "8".

If you press CTRL key and click those buttons, it will increase/decrease offset by "1". Useful when you find "specific" structure where pointers start at weird offset, like 2 or 6.





I think DB could merge my modification, maybe SHIFT key, which will increase/decrease offset by pointersize of target process.

I will send pull request on a GitHub.

Edit:
https://github.com/cheat-engine/cheat-engine/pull/38/files

(0000905)
brainiac147   
2015-12-06 09:44   
No. It should by default increase/decrease by the pointer size.
 * Function Tables
 * Properly padded structures
 * Arrays of pointers
 * Multidimensional arrays

^^ All will be located at 8 byte offsets. Guaranteed.

What you have given was an example of an improperly padded struct and said "hey it still works in this odd case". And in doing so you've glazed over any other use. Maybe that's your only use for it, or maybe your understanding of how compilers work is not so great. In either case, what you're proposing is ridiculous. Hidden features that only work if you know the hotkey reminds me of something you'd code in High School, and it doesn't belong in a production product.

And for the record making it increment by 1 is a terrible idea.
(0000906)
mgr_inz_Player   
2015-12-06 11:10   
(Last edited: 2015-12-06 11:21)
Inc/dec by 1, you say it is a terrible idea? What you're saying is ridiculous.

We are using Inc/Dec buttons in the last node too, you know?

ansi string, unicode string, array of bytes, byte, 2bytes - for those we have inc/dec 1

integer, single - for those, inc/dec 4 (currentHealth and maximumHealth next to it)

long long int, double - just click it two times, wow 4+4 is 8


If you opened 64bit target and you have e.g. arrays of pointers, again, just click it two times. Or maybe you are too lazy? (you started it)

(0000907)
brainiac147   
2015-12-06 18:04   
(Last edited: 2015-12-06 18:07)
you clearly have no idea what padding is

https://en.wikipedia.org/wiki/Data_structure_alignment

(0000909)
Dark Byte   
2015-12-06 22:31   
(Last edited: 2015-12-06 22:36)
64-bit compilers still prefer 32-bit integers and align those on a 32-bit alignment.

But I agree with brainiac, the default stepsize should be the pointersize alignment. The overrides should be 4 and 1
Usually the arrows are used for pointers to quickly see if the pointer you found can be used for other things.
But the the final offset is different though, as that will point to a structure of elements instead of pointers. (Although I guess the final offset could be on a 32-bit stepsize, but that would be inconsistent with the rest)

(0000911)
mgr_inz_Player   
2015-12-07 01:00   
(Last edited: 2015-12-07 01:08)
@brainiac147, I know what padding is. Stop acting like that. Not cool. Do you know what packing is?




@DarkByte, I thought you left it, as it is, on purpose.

I often use pointerscanner, pointer paths usually looks like this:

pointerbase -> structure1 -> structure2 -> structure3 -> structure4 -> integer/float/double

[[[[[base]+offset1]+offset2]+offset3]+offset4]+offset5


What if structure3 is packed and it is a mix of elements and pointers. Using arrows with stepsize 8 to see if there are other pointers, we can miss some of them. We can miss much more with stepsize 8 compared to stepsize 4.




e.g.

#pragma pack( 1 )
struct struct3{
  dword playerID;
  dword Health
  inverntoryItem** list; // offset 0x08
  dword Armor
  integer* ammunition; // offset 0x14
  ...
  ...
};
#pragma pack( )





Anyway, no problem for me. I will just remember to override it to 4 by pressing SHIFT when I find such structures in 64bit app.

(0000912)
brainiac147   
2015-12-07 01:19   
So you've given again, a specific example, which is a packed struct. Notice you had to put #pragma pack ( 1 ) before that code. And why? Because it's not default behavior.

What if it's not a struct. What if it's say, an array of player pointers? Your whole argument goes out the window if it's anything other than a struct. And it has to be a special kind of struct for you to be right.
(0000913)
mgr_inz_Player   
2015-12-07 01:26   
(Last edited: 2015-12-07 01:39)
CheatEngine is mainly for games. Games have optimizations. Some structures are packed to save memory, some of them aren't packed.

The default behaviour is to use packing where it is needed.

End of story. Good bye.

(0000914)
brainiac147   
2015-12-07 05:12   
Well there's optimizations for memory consumption and then there's optimizations for speed. Nowdays speed is more important.

And you keep on talking about structures after I just told you that's a special case, and only under certain conditions would you be right.
(0000915)
mgr_inz_Player   
2015-12-07 10:16   
Nowadays ignoring optimizations for memory consumption have impact on speed. Most recent example: Call of Duty: Black Ops 3.

"I just told you that's a special case..." - you still don't get it? This special case is not that rare as you think.


Pointerscanner mostly finds "base > object1 > object2 > ...", rather than "base > array1ofpointers > array2ofpointers > ..."





Anyway, look at latest commit on GitHub:
https://github.com/cheat-engine/cheat-engine/commit/94e8404c278e1d75a850e2f06b261eed6ac7431a


CE version 6.5 will behave like this:

- target is 32bit:
step is 4 for all nodes.
CTRL overrides step to 1, SHIFT overrides step to 8

- target is 64bit:
step is 8, except the last offset, it is still 4
CTRL overrides step to 1, SHIFT overrides step to 4
(0000916)
brainiac147   
2015-12-08 22:44   
(Last edited: 2015-12-08 22:45)
dude you keep going back to structs. I told you 3 times already. There's many other uses where this is absolutely needed and it's not just for structs.

Here's a challenge: Find me a pointer table on x64 that is 32 bit aligned and not 64 bit aligned, and I will take back everything i said. And you're allowed to pack it or do #pragma(whatever) you want.

(0000917)
mgr_inz_Player   
2015-12-08 23:23   
(Last edited: 2015-12-08 23:46)
@brainiac147, dude, you are irritating. What I'm trying to say, the whole time, is that +-4 is more universal. There is no point in talking to you about this any more.


@Dark Byte, I compiled it, tested and I think it is the best compromise.
I think you could add hints or change captions to "+4" "-4" ("+8" "-8") of those speedbuttons.

PATCH
############################
Index: formAddressChangeUnit.pas
===================================================================
--- formAddressChangeUnit.pas (revision 2209)
+++ formAddressChangeUnit.pas (working copy)
@@ -358,9 +358,15 @@
         lblPointerAddressToValue.Caption:=sbase+sign+soffset+' = '+inttohex(dword(fBaseAddress+offset),8)
 
     end;
+ sbDecrease.caption:='-4';
+ sbIncrease.caption:='+4';
   end
   else
+ begin
     lblPointerAddressToValue.Caption:='['+sbase+sign+soffset+'] -> '+SPointsTo;
+ sbDecrease.caption:='-'+inttostr( processhandler.pointersize );
+ sbIncrease.caption:='+'+inttostr( processhandler.pointersize );
+ end;
 
   //update positions
   newwidth:=lblPointerAddressToValue.left+lblPointerAddressToValue.Width;
@@ -497,7 +503,7 @@
   sbDecrease:=TSpeedButton.create(parent);
   sbDecrease.height:=edtOffset.height;
   sbDecrease.width:=sbDecrease.height;
- sbDecrease.caption:='<';
+ // sbDecrease.caption:='<'; // moved to UpdateLabels
  // sbDecrease.OnClick:=DecreaseClick;
   sbDecrease.OnMouseDown:=DecreaseDown;
   sbDecrease.OnMouseUp:=IncreaseDecreaseUp;
@@ -506,7 +512,7 @@
   sbIncrease:=TSpeedButton.create(parent);
   sbIncrease.height:=sbDecrease.height;
   sbIncrease.width:=sbDecrease.width;
- sbIncrease.caption:='>';
+ // sbIncrease.caption:='>'; // moved to UpdateLabels
  // sbIncrease.OnClick:=IncreaseClick;
   sbIncrease.OnMouseDown:=IncreaseDown;
   sbIncrease.OnMouseUp:=IncreaseDecreaseUp;
############################



RESULT:
http://i.imgur.com/wh7qdH4.png

(0000918)
brainiac147   
2015-12-09 05:39   
I'm irritating? you're the one who keeps coming back here posting after you said 3 times you were done, and didn't have time or w/e.

Pointer size on 64 bit is 8 bytes! you're traversing from one pointer to the next... should be 8 bytes. Plain and simple! knock this shift/ctrl nonsense.
(0000919)
mgr_inz_Player   
2015-12-09 11:28   
(Last edited: 2015-12-09 11:39)
"Pointer size on 64 bit is 8 bytes!" - of course it is. I know about it.

If you still don't get it, DarkByte already fixed your issue. Recent SVN version already use step "8" for all nodes except last, when target is 64bit. I will use overrides when I need them. You don't have to.

If you want to try it, install CE6.5 Beta3, and overwrite files from "update 15.12.07.7z"

https://googledrive.com/host/0BwMAnE6mjogMTmpYMGstY1NPQnc/


PS: CTRL override (step "1") exists from CE version 6.2





View Issue Details
422 [Cheat Engine] (No Category) minor have not tried 2015-12-18 04:15 2015-12-21 10:47
pausebreak7  
Dark Byte  
normal  
resolved  
no change required  
none    
none  
   
x64 auto assembler offset too big error
x64 openprocess autoassembler copy memory

line 22 offset too big error message

call qword ptr [KERNELBASE.NlsUpdateLocale+AB0] { ->ntdll.ZwOpenProcess } <-error
alloc(create,1024)
registersymbol(create)
create:
//open process
sub rsp,68
xor r9d,r9d
movsxd rax,r8d
mov [rsp+30],00000030
mov [rsp+28],r9
mov [rsp+20],rax
mov [rsp+38],r9
test edx,edx
jne KERNELBASE.TlsGetValue+1D10
mov [rsp+48],r9d
mov [rsp+40],r9
mov [rsp+50],r9
mov [rsp+58],r9
mov edx,ecx
lea r9,[rsp+20]
lea r8,[rsp+30]
lea rcx,[rsp+00000088]
call qword ptr [KERNELBASE.NlsUpdateLocale+AB0] { ->ntdll.ZwOpenProcess }
test eax,eax
js KERNELBASE.GetSecurityDescriptorSacl+105
mov rax,[rsp+00000088]
add rsp,68
ret
offset too big error.png (70,073 bytes) 2015-12-18 04:15
http://cheatengine.org/mantis/file_download.php?file_id=165&type=bug
png
 
Notes
(0000921)
Dark Byte   
2015-12-20 19:54   
(Last edited: 2015-12-20 19:57)
that is normal.
A memory distance from RIP to an address (data or code) can only be 2GB

You can solve this by either allocating create near the location of kernelbase, use a register with the address build up, or a local jump table


e.g:
alloc(create,1024,KERNELBASE)

or
mov rax,KERNELBASE.NlsUpdateLocale+AB0 //mov rax,imm64 is one of the very few instructions that support a direct 64 bit value
mov rax,[rax]
call rax

or

alloc(addresswithdestination,8) //make sure it's allocated near create, so if you do specify an preferred base for create, use the same address

addresswithdestination:
dq ntdll.ZwOpenProcess
...
call [addresswithdestination]




Also, check that "jne KERNELBASE.TlsGetValue+1D10" the assembler might not give a message, but there is a decent chance it's going to overflow and point to the wrong location

(0000922)
pausebreak7   
2015-12-21 06:21   
thank you ! db




View Issue Details
421 [Cheat Engine] (No Category) crash always 2015-12-18 04:01 2015-12-20 19:50
pausebreak7  
Dark Byte  
normal  
resolved  
fixed  
none    
none  
   
cheat engine auto assembler syscall create error
x64 process auto assembler syscall create error

x64 disassembler auto assembler

syscall -> create error

db 0f 05 -> success
error in line 7 (syscall) : this instruction can't be compiled
error.png (52,749 bytes) 2015-12-18 04:01
http://cheatengine.org/mantis/file_download.php?file_id=164&type=bug
png
 
Notes
(0000920)
Dark Byte   
2015-12-20 19:50   
fixed




View Issue Details
392 [Cheat Engine] (No Category) minor always 2015-05-04 20:01 2015-11-20 00:37
Arznaar PC  
Dark Byte Windows  
normal 7-10  
resolved  
fixed  
none    
none  
   
Don't create empty "My Cheat Tables" folder in Documents
CE creates annoying "My Cheat Tables" in documents folder. It's understandable if there is any saved table, but it's continue to recreate this folder even if there is no tables at all.
Today i know many people, who always keep their "Documents" folder clean and who automatically syncs this folder in the cloud. Most of this people are annoyed by empty. non-functional folders in this directory.
Please make this folder disappear.
 
Notes
(0000898)
Dark Byte   
2015-11-20 00:37   
Only the installer will create that folder now




View Issue Details
413 [Cheat Engine] (No Category) minor have not tried 2015-10-14 15:07 2015-11-19 22:07
pausebreak7 windows7  
x64  
normal  
new  
open  
none    
none  
   
dark byte OpenProcess Fake Code impossible?
video link openprocess detect idea:
https://www.dropbox.com/s/wm30g3hors0rdeu/bandicam%202015-10-14%2021-32-58-820.avi?dl=0
process handle information fake information change possible?
0x1f1fff
1.Query information
2.Set information
3.Set quotas
4.Set session ID
5.Create threads
6.Create processes
7.VM operation
8.VM read
9.VM write
10.Duplicate handles
11.Suspend/resume
12.Terminate
13.Synchronize
14.Delete
15.Read control
16.Write DAC
17.Write owner
two Patch Guard Disable Mode ProcessHandle information dkom but Detect

hidecon process handle pht option handle list hide
link:
http://fyyre.ivory-tower.de/projects/hidecon.rar

processhacker link:
http://processhacker.sourceforge.net/downloads.php

============================================================

three

DBVM Machine VM_OPENPROCESS READ Write virtual openprocess possible?

============================================================
obregistercallback hiding Procsss

Openprocess access denied

ctrl+alt+s Enumerate dll information not view

Do you get the information without the openprocess?

thankyou dark byte




test.png (123,740 bytes) 2015-10-16 05:59
http://cheatengine.org/mantis/file_download.php?file_id=159&type=bug
png

test2.png (57,796 bytes) 2015-10-16 17:35
http://cheatengine.org/mantis/file_download.php?file_id=160&type=bug
png

test3.png (55,567 bytes) 2015-10-20 09:56
http://cheatengine.org/mantis/file_download.php?file_id=161&type=bug
png
 
Notes
(0000881)
pausebreak7   
2015-10-16 05:58   
0x1010 (Query limited information, VM read)

OpenProcess Minimal options
Enumerate information View Success
User, Kernel both impossible without an openprocess?

========================================================

0x1a (Create threads, VM operation, VM read)
OpenProcess Minimal options
dbvm load breakpoint access success
Do Debugging is impossible without the use of OP options?
========================================================

With OpenProcess Properties detect, it can be bypassed without using the above options?
(0000882)
pausebreak7   
2015-10-16 06:51   
ChangeProcAccess (
    ACCESS_MASK *pDesiredAccess
    )
{
    ACCESS_MASK DesiredAcces = *pDesiredAccess;
/*
    DesiredAcces &= ~PROCESS_CREATE_THREAD;
    DesiredAcces &= ~PROCESS_CREATE_PROCESS;
    DesiredAcces &= ~PROCESS_TERMINATE;
    DesiredAcces &= ~PROCESS_VM_WRITE;
    DesiredAcces &= ~PROCESS_VM_READ;
    DesiredAcces &= ~PROCESS_VM_OPERATION;
    DesiredAcces &= ~PROCESS_SUSPEND_RESUME;
    DesiredAcces &= ~PROCESS_DUP_HANDLE;
    *pDesiredAccess = DesiredAcces;
*/
    *pDesiredAccess = ~1F0FFF
}

*pDesiredAccess = ~1F0FFF //obregistercallback Process handle protect falg on
*pDesiredAccess = 1F0FFF //obregistercallback Process handle protect falg off

my drvier create *pDesiredAccess = 1F0FFF Driver Run Protect Flag OFF

But Security Process -> Engine Openprocess option information
vmread,vmwrite,createthread,VM_OPERATION,TERMINATE etc

Release the protection force to detect if you have information to confirm the Oprocess options

=====================================================================
0x101a implementing the minimum required information on the engine without using the

Openprocess?

======================================================================
user, kernel openprocess disabled
DBVM VirtualMachine VMOPENPROCESS POSSIBLE?
(0000883)
pausebreak7   
2015-10-16 17:35   
Duplicate Handle from CSRSS.exe

Process Handle Csrss.exe

Csrss Process handle information copy -> Engine Target Process Access possible?

===============================================================================
process target open->handle 0x278 create
but 0x278 created information ->detected!
0x278 no created ->not detect
csrss.exe handle link access fake possible?
(0000884)
pausebreak7   
2015-10-19 17:47   
Process list reload click ->openprocess detect!

windows list reload click ->not detect!

Processlist reload handle detect

windows list reload handle not detect -> But Process Open -> Detect!

ObOpenObjectByPointer ->ZwOpenProcess
Api Change And Handle Access information hide & Fake information Possible?
(0000885)
pausebreak7   
2015-10-20 04:41   
original:
ntStatus=ObOpenObjectByPointer
(
selectedprocess,
0,
NULL,
PROCESS_ALL_ACCESS,
*PsProcessType,
KernelMode, //UserMode,
&ProcessHandle);
edit:
ntStatus=ObOpenObjectByPointer
(
selectedprocess,
0,
NULL,
//PROCESS_ALL_ACCESS,
*PsProcessType,
KernelMode, //UserMode,
&ProcessHandle);

PROCESS_ALL_ACCESS DELETE ->NOT DETECT

BUT
1.DBVM LOAD DBVM DEBUG CRASH
2.ENUMERATE DLL'S AND SYMBOL INFORMATION NOT VIEW

Do you write two functions without using the OP(OPENPROCESS)?
(0000886)
pausebreak7   
2015-10-20 05:39   
(Last edited: 2015-10-20 06:21)
maybe..

ZwQuerySystemInformation system handle list structure

pid& openprocess access information detect?

====================================================
driver hiding detect bypass possible?

http://www.rohitab.com/discuss/topic/41522-hiding-loaded-driver-with-dkom/

dbkdrvc.c

line 80 fix?

(0000887)
pausebreak7   
2015-10-20 09:56   
bypass idea

External handle 0x0

Cheat Engine Fake or inside handle 0X1F0FFF Possible?
(0000889)
pausebreak7   
2015-10-29 12:47   
GetModuleFileNameEx -> NtReadVirtualMemory -> PEB -> LDR -> NtQueryVirtualMemory PROCESS_QUERY_INFORMATION?
NtReadVirtualMemory -> PROCESS_VM_READ?

Can I use the openprocess created an API of his own?

handle open address & object bypass impossible?
(0000893)
pausebreak7   
2015-11-14 11:20   
openprocess obregistercallback guard Ignore

force openprocess ctrl+alt+s enumerate dll & process handle open possible?

-;;
(0000897)
Dark Byte   
2015-11-19 22:07   
You have access to the memory, but just lack some of the query tools.

if you have no valid processhandle, but wish a dll list, then you will have to manually get that data.
e.g scan through the memory looking for the MZ/PE header of a module, and then enumerate the symbols when found. Or use the windows internal structures om where it stores that information.




View Issue Details
416 [Cheat Engine] (No Category) minor have not tried 2015-11-11 18:53 2015-11-19 21:50
chris20194  
Dark Byte  
normal  
resolved  
fixed  
none    
none  
   
Window doesn't attach to changed desktop-resolution
If you first move the CE window to the very right of the screen / to a secondary monitor, close it and then decrease the desktop resolution / disable the secondary monitor, CE will open "outside the screen" and the only way to move it back is WindowsKey+ArrowKeys
1)open CE
2)Move the CE window to the very right of the screen / to a secondary monitor
3)close CE
4)decrease the desktop resolution / disable the secondary monitor
5)open CE

example: https://youtu.be/b7xokoOVTME
 
There are no notes attached to this issue.




View Issue Details
415 [Cheat Engine] (No Category) minor always 2015-11-11 18:48 2015-11-19 21:44
chris20194  
Dark Byte  
normal  
resolved  
fixed  
none    
none  
   
If the address is shown as hexadecimal, hotkeys for decreasing the value of the address won't work.
If the address is shown as hexadecimal, hotkeys for decreasing the value of the address won't work.

First time reporting a bug, dunno what else to put here.
1)Get a random address
2)show value as hexadecimal
3)Create a hotkey for decreasing the value by whatever
4)try using that hotkey

Example: https://youtu.be/nvXjnEq9Vi0
 
Notes
(0000894)
Dark Byte   
2015-11-19 21:44   
That bug has been fixed




View Issue Details
412 [Cheat Engine] (No Category) minor have not tried 2015-10-11 08:47 2015-10-11 09:18
pausebreak7 win7  
x64  
normal  
new  
open  
none    
none  
   
dark byte vm detect bypass ok but kernel debug process dead bug or rdtsc time check detect
1.
Old Bug process restart f5 debug start

http://cheatengine.org/mantis/view.php?id=340

code google cheat engine rev 2629,2631 error

process dead

2.

Open Source Code

https://github.com/a0rtega/pafish [^]

https://github.com/a0rtega/pafish/archive/v0.5.4.zip [^]

pafish Code Check the difference between Cpu timestamp counters rdtsc

forcing VM Exit Code Detect
cpuid detect bypass success!

error& not bypass?

1.kernel debug process dead bug

2.vmexit rdtsc time check detect

 
Notes
(0000880)
pausebreak7   
2015-10-11 09:18   
crash code debugeventhandler.pas

line 790,791 Crash Code

original
if (not (CurrentDebuggerInterface is TNetworkDebuggerInterface)) and (debugreg in [0..4]) and (bpp.breakpointMethod=bpmDebugRegister) and (bpp.debugRegister<>debugreg) then
continue; //this is not the correct breakpoint. Skip it

edit
//if (not (CurrentDebuggerInterface is TNetworkDebuggerInterface)) and (debugreg in //[0..4]) and (bpp.breakpointMethod=bpmDebugRegister) and //(bpp.debugRegister<>debugreg) then
//continue; //this is not the correct breakpoint. Skip it

Original code Process ReTarget Debugging Crash

Edit code Process ReTarget Debugging Not Crash




View Issue Details
410 [Cheat Engine] (No Category) minor always 2015-10-02 22:30 2015-10-06 00:29
stringint Windows  
Dark Byte Vista  
low SP2  
resolved  
fixed  
none    
none  
   
"Recalculate new addresses" has Offset Limit
The Recalculate Address option seems to have an offset limit of 0xFFFFFFFF. The Change to Address option seems to ignore the first three digits of the address when preforming the offset calculation. This is on the x64 Version of Cheat Engine 6.4.
Find an address in a x64 program. Change the first digit of the address and attempt to recalculate the address.
When the HEX option is checked off in "Change by offset" the correct offset is displayed.
 
Notes
(0000879)
Dark Byte   
2015-10-06 00:29   
fixed on github




View Issue Details
411 [Cheat Engine] (No Category) minor have not tried 2015-10-03 22:54 2015-10-05 22:05
pausebreak7 windows7  
x64  
normal  
new  
open  
none    
none  
   
darkbyte manually dbvm load bsod crash!
commit 2bf8b431251c71ebb042141cd86c139181cf9560

new version test crash bsod

dbvm right click cpu0~cpu3 manually load success

but debug option kernel mode / global debug / ability kernel code check

breakpoint access -> BSOD 0x1E error

///////////////////////////////////////
original left dbvm load -> No Bsod but VM Detect
Test engine -> latest version
Test dbvm -> latest version
dbvk64.sys -> latest version
bsod.jpg upload

/////////////////////////////////////////////////////////
cpuid.exe
manually load dbvm -> CPUID Dbvm load -> not Detect

pafish.exe
manually load dbvm -> Forcing vm Exit RDTST -> Dbvm load Detect

bsod.jpg (145,702 bytes) 2015-10-03 22:54
http://cheatengine.org/mantis/file_download.php?file_id=158&type=bug
jpg
 
Notes
(0000877)
pausebreak7   
2015-10-03 23:02   
Additional information

manually dbvm load -> Close manually dbvm -> Reload About Cheat Engine Click

Your system supports DBVM Message View

Error?

-----------------------------------------------------
manually dbvm load -> close manually view -> manually dbvm load click -> Access violation Message Box
(0000878)
pausebreak7   
2015-10-03 23:21   
Manually dbvm load [intel i5 cpu core 4]

maybe...
cpu0 click, cpu1 click,cpu2 click,cpu3 click all cpu load?

-----------------------------------------------------------

cpu one load -> Individual Load -> breakpoint bsod

cpu 0,1,2,3 click -> allload -> breakpoint Not BSOD
-----------------------------------------------------------

Individual Load error

Add a manual loading feature?

Sorry db

Bypass information code misunderstanding




View Issue Details
409 [Cheat Engine] (No Category) minor have not tried 2015-10-01 18:52 2015-10-01 19:43
pausebreak7 windows  
7 x64  
normal  
new  
open  
none    
none  
   
DarkByte VMPROTECT DBVM Detect VM EXIT?
I've recently found more relevant data

Open Source Code

https://github.com/a0rtega/pafish

https://github.com/a0rtega/pafish/archive/v0.5.4.zip

pafish Code Check the difference between Cpu timestamp counters rdtsc

forcing VM Exit Code Detect

DBVM LOAD -> VM_EXIT RDTSC TIMESTAMP DETECT

DBVM NOT LOAD ->VM_EXIT RDTSC TIMESTAMP NOT DETECT

vmprotect also detect vm_exit?

vmprotect detection logic even vm_exit might have been detected

Is it possible to bypass the detection if right?
detect.png upload

detect.png (143,593 bytes) 2015-10-01 18:52
http://cheatengine.org/mantis/file_download.php?file_id=157&type=bug
png
 
Notes
(0000875)
pausebreak7   
2015-10-01 19:05   
cpu.c code line

static inline unsigned long long rdtsc_diff_vmexit() {
    unsigned long long ret, ret2;
    unsigned eax, edx;
    __asm__ volatile("rdtsc" : "=a" (eax), "=d" (edx));
    ret = ((unsigned long long)eax) | (((unsigned long long)edx) << 32);
    /* vm exit forced here. it uses: eax = 0; cpuid; */
    __asm__ volatile("cpuid" : /* no output */ : "a"(0x00));
    /**/
    __asm__ volatile("rdtsc" : "=a" (eax), "=d" (edx));
    ret2 = ((unsigned long long)eax) | (((unsigned long long)edx) << 32);
    return ret2 - ret;
}

------------------------------------------------------------------

int cpu_rdtsc_force_vmexit() {
    int i;
    unsigned long long avg = 0;
    for (i = 0; i < 10; i++) {
        avg = avg + rdtsc_diff_vmexit();
        Sleep(500);
    }
    avg = avg / 10;
    return (avg < 1000 && avg > 0) ? FALSE : TRUE;
}

------------------------------------------------------------------
static inline int cpuid_hv_bit() {
    int ecx;
    __asm__ volatile("cpuid" \
            : "=c"(ecx) \
            : "a"(0x01));
    return (ecx >> 31) & 0x1;
}

How do you think the code can bypass the vm_exit?
(0000876)
pausebreak7   
2015-10-01 19:43   
cpuid detect add information

https://www.virtualbox.org/ticket/10947

https://www.virtualbox.org/raw-attachment/ticket/10947/Test%20Examples.rar

cpuid.exe
dbvm load -> Flag Value is wrong! //detect
dbvm not load ->flag value is right! //not detect
rdtsc.exe
dbvm load -> flag value is right! //not detect
dbvm not load -> flag value is right! //not detect

cpuid detect code

---------------------------------------
      .586
      .model flat, stdcall
      option casemap :none ; case sensitive
      
      include windows.inc
      include kernel32.inc
      include user32.inc
      includelib kernel32.lib
      includelib user32.lib
     
.data
Flag dd 0
szRight db 'Flag Value is right!',0
szWrong db 'Flag Value is wrong!',0
szInfo db 'Info:'

.code
start:
    assume fs: nothing
    call @MyCode
    mov ecx, dword ptr [esp+0Ch]
    mov ecx, dword ptr [ecx+0B8h] ;;Ecx = Seh.eip
    .if ecx == offset @WrongExceptionEip
        mov Flag,0
    .else
        mov Flag,1
    .endif
    xor eax, eax
    retn
    @MyCode:
    push dword ptr fs:[0]
    mov dword ptr fs:[0], esp
    push 397h ;;Set Eflags.
    popfd
    cpuid
    @RightExceptionEip: ;;Normally,Seh.eip should be pointed here
    nop
    @WrongExceptionEip: ;;In Guest system,('With' VT-X/AMD-V),Seh.eip is pointed here.But 'Without' VT-X/AMD-V,Seh.eip is right.
                    ;;It's different than 'Rdtsc',This problem only appear in the VT-X/AMD-V
    .if Flag == 1
        invoke MessageBoxA,0,offset szRight,offset szInfo,MB_OK
    .else
        invoke MessageBoxA,0,offset szWrong,offset szInfo,MB_OK
    .endif
    invoke ExitProcess,0
end start




View Issue Details
408 [Cheat Engine] (No Category) minor have not tried 2015-09-21 16:16 2015-09-22 11:47
pausebreak7  
 
normal  
new  
open  
none    
none  
   
dark byte x64 patchguard disable mode IDT debug hook possible?
cheat engine source debugger.c
_declspec( naked ) void interrupt1_asmentry( void )
windows x32 IDT HOOK CODE

windows x64 IDT HOOKING CODE POSSIBLE?(PatchGuard Disable Mode)

And Debug Option

Use windows debugger,veh,kernelmode

possible only kernel-mode options?

Is it possible to bypass the debug detected by IDT hooking without the dbvm








qq.png (105,356 bytes) 2015-09-21 16:16
http://cheatengine.org/mantis/file_download.php?file_id=155&type=bug
png

bsod.png (181,501 bytes) 2015-09-22 11:44
http://cheatengine.org/mantis/file_download.php?file_id=156&type=bug
png
 
Notes
(0000868)
pausebreak7   
2015-09-21 16:21   
x64 computer

debug kernelmode option -> DBVM NOT LOAD ->DEBUG START -> SYSTEM BSOD?

safe options Suggested

safe option -> DBVM NOT LOAD ->DEBUG NOT START -> Safe Messagebox
(0000869)
pausebreak7   
2015-09-21 16:29   
lua command dbk_writesIgnoreWriteProtection(true)

Lua functions can be added to the command as shown above?

Not possible, I will not question anymore
(0000870)
Dark Byte   
2015-09-21 17:17   
(Last edited: 2015-09-21 17:22)
the interrupt hooker in the driver has a check for dbvm. Just ignore that and it'll fall back on IDT hooking

but keep in mind that anti reverse engineering tools and anti cheats check the idt for tampering first (you may be able to hook the address the original idt points to, but you'll have to adjust the code to deal with that yourself)

(0000871)
pausebreak7   
2015-09-21 19:10   
TitanHide
https://bitbucket.org/mrexodia/titanhide

Engine

debug option

windows debugger,try to prevent check

TBreakOption = (bo_Break = 0, bo_ChangeRegister = 1, bo_FindCode = 2, bo_FindWhatCodeAccesses = 3, bo_BreakAndTrace=4, bo_OnBreakpoint=5);

Find out what addresses this instruction accesses(3)

TitanHide Driver Load Pid Fake Option Check
processDebugFlags
processDebugPort
ProcessDebugobjectHandle
debugobject

Find out what addresses this instruction accesses(3) <-Not Detect
bo_ChangeRegister <-Detect
bo_FindCode <-Detect
bo_BreakAndTrace <Detect
bo_OnBreakpoint <-Detect

If the other options are all hidden in TitanHide detected

Driver Source Debugger.c Fake Dr7? Dr0~3?

How Does it not also detect other accessibility features?
(0000872)
pausebreak7   
2015-09-21 19:17   
windows Debug is going to be detected should not be the case where ring0 ssdt hooking?

TitanHide Option All Check Debug Test[Windows Debugger]
ProcessDebugFlags (NtQueryInformationProcess)
ProcessDebugPort (NtQueryInformationProcess)
ProcessDebugObjectHandle (NtQueryInformationProcess)
DebugObject (NtQueryObject)
SystemKernelDebuggerInformation (NtQuerySystemInformation)
NtClose (STATUS_INVALID_HANDLE exception)
ThreadHideFromDebugger (NtSetInformationThread)
Protect DRx (HW BPs) (NtSetContextThread)

Find out what addresses this instruction accesses <-Not Detect

Other Change Register,Debugger Find,break,findcode,trace,Onbreak <-Detect

Is it possible to modify the source Cheat Engine?

Or it does need to hook the ssdt apart from titanhide?
(0000873)
pausebreak7   
2015-09-22 11:44   
DBVM Not Load ->F5 Attack Debug
->System Freeze -> BSOD
DBVM LOAD -> F5 Attack Debug
->Process Success NOT BSOD

DBVM Not Load Global Debug Routines
Check IDT HOOKing Error?
Driver.sys Memory Code Information
mov eax,Dr7 BSOD

BSOD.PNG UPDATE
(0000874)
pausebreak7   
2015-09-22 11:47   
Global Debug(DBVM NoT load) BSOD Safe Option

can you add options?

Do IDT x64 HOOKING example?




View Issue Details
406 [Cheat Engine] major always 2015-09-10 22:41 2015-09-17 00:01
magusmarisa x86_64  
Dark Byte Windows  
normal 8.1  
resolved  
fixed  
none    
none  
   
Dereferencing 64-bit pointers in memory viewer and auto assembler fails
While the former has been happening before I moved from 7, the latter started after the move to 8.1. I can use absolute addresses perfectly, but trying to dereference pointers just results in a "This is not a valid address" on the memory viewer and a "This address specifier is not valid" in the auto assembler.
I'll be using Dark Souls II SotFS as an example because I really haven't done CE work for any other 64-bit game.

Let's say for example, going into the memory viewer and setting the address to "DarkSoulsII.exe"+160B8D0, the pointer to the player heap practically everyone knows by heart. It works fine, so does manually typing the address it holds, but trying to use ["DarkSoulsII.exe"+160B8D0] instead just results in the "This is not a valid address".

In the case of the auto assembler, the issue arises when I register a symbol... let's say for example "passert", in one script then set its value to an address. If in another script I try to use "[passert]:" to inject code there, the assembler shouts "This address specifier is not valid". But using the actual "DarkSoulsII.exe"+whatever address works fine. I know this sounds convoluted, but I have my reasons for it (it's faster to replace one address than dozens of instances of it when an update hits the game).
Table entries that use pointers themselves work perfectly with 64-bit programs.

The auto assembler issue is limited only to labels, dereferencing in instructions like mov is perfectly fine, likely because the size of the pointer is perfectly known in that situation.
 
Notes
(0000859)
mgr_inz_Player   
2015-09-11 16:22   
(Last edited: 2015-09-11 16:27)
Yes. It is a bug in symbolhandler.pas in TSymhandler.GetAddressFromPointer,
In all CE6.0 - CE6.4 versions.

It was fixed in the SVN:
https://code.google.com/p/cheat-engine/source/detail?r=2845



And here is Lua script I created to fix this issue in CE6.4:
#############################################################
#############################################################
#############################################################
[ENABLE]
{$lua}
fix64bitPointerString = [[

// only for 64bit CE6.4 from 26 VI 2014

define(address1,cheatengine-x86_64.exe+957AC)
define(bytes1,89 45 C0 EB 2B)
define(address2,cheatengine-x86_64.exe+95944)
define(bytes2,8B 45 C0 48 89 45 A8)

alloc(newmem,64,cheatengine-x86_64.exe)
label(part2)
label(return2)

assert(address1,bytes1)
assert(address2,bytes2)


newmem:
  mov [rbp-40],rax
  jmp cheatengine-x86_64.exe+957DC

part2:
  mov rax,[rbp-40]
  mov [rbp-58],rax
  jmp return2

address1:
  jmp newmem

address2:
  jmp part2
  nop
  nop
return2:
]]

autoAssemble(fix64bitPointerString,true)
-- it is safe to execute it many times because of 'assert' instruction
{$asm}


//place your code here

[DISABLE]




#############################################################
#############################################################
#############################################################

(0000860)
magusmarisa   
2015-09-14 12:51   
Oh, that's pretty handy, thank you.




View Issue Details
405 [Cheat Engine] (No Category) feature always 2015-09-04 10:12 2015-09-04 10:13
pausebreak7 windows7  
7 x64  
none  
new  
open  
none    
none  
   
darkbyte kernelmemory address break point impossible?
cmp dword ptr [rax],01

Can I get a break point on the address rax address

windows7 x64 kernel driver.sys

f5 break point & find what access breakpoint impossible?

Is it possible to cheat engine!

who.png (56,979 bytes) 2015-09-04 10:12
http://cheatengine.org/mantis/file_download.php?file_id=153&type=bug
png
 
Notes
(0000858)
pausebreak7   
2015-09-04 10:13   
Is only driver debugging windbg?




View Issue Details
399 [Cheat Engine] (No Category) minor always 2015-08-11 19:54 2015-08-28 16:58
pausebreak7 windows  
x64  
normal  
new  
open  
none    
none  
   
darkbyte one more question?
VMPROTECT DBVM DETECT BYPASS?

dbvm 5~9 version always error messangebox

VMPROTECT
Sorry,this application cannot run under a virtual Machine

new dbvm9 version not bypass

Do you ever can be bypassed?





File Download link:
https://www.dropbox.com/s/ilop072569dv23a/TEST%20VMPROTECT.zip?dl=0
error.png (26,613 bytes) 2015-08-11 19:54
http://cheatengine.org/mantis/file_download.php?file_id=146&type=bug
png

error 2.png (101,207 bytes) 2015-08-11 19:55
http://cheatengine.org/mantis/file_download.php?file_id=147&type=bug
png

error5.png (63,121 bytes) 2015-08-16 11:02
http://cheatengine.org/mantis/file_download.php?file_id=149&type=bug
png

dbvm9.1.rar (81,219 bytes) 2015-08-16 11:30
http://cheatengine.org/mantis/file_download.php?file_id=150&type=bug
sssd.png (325,962 bytes) 2015-08-21 17:49
http://cheatengine.org/mantis/file_download.php?file_id=151&type=bug
 
Notes
(0000832)
Dark Byte   
2015-08-12 02:46   
show the sourcecode on how it detects it and i'll look into it.
without sourcecode i can't help you
(0000833)
pausebreak7   
2015-08-12 09:29   
my test vmprotect pack link:
https://www.dropbox.com/s/5yijydzjlxg6qc7/VmProtect.V2.12.3.License.INCLUDED.RETAIL.BY-1ST.rar?dl=0

I do not know the source code for the Detection

VMPROTECT will detect that virtualmachine
(0000837)
pausebreak7   
2015-08-15 21:15   
I found via Google Search

Found a hypervisor detection methods

http://pastebin.com/2gv72r7d

I do not know how to detect vmdisk.img

DBVM virtual machine LOAD ->Packing File Run-> Error Message

DBVM virtual machine Not Load->Packing File Run-> No error Message

Packing File RUN->DBVM Virtual machine Load -> No error message
(0000838)
Dark Byte   
2015-08-15 23:53   
(Last edited: 2015-08-16 00:00)
What CPU do you have? Apparently my test system (i7 920) doesn't have this cpuid feature

Anyhow, if you can compile DBVM (And it's an Intel), go to vmeventhandler.c , find int handleCPUID(VMRegisters *vmregisters)

and after the _cpuid() call add the code
  if (oldeax==1)
  {
    //remove the hypervisor active bit (bit 31 in ecx)
    vmregisters->rcx=vmregisters->rcx & (~(1 << 31));
  }


If it's AMD then you'll have to do some more research on getting it to break on cpuid

(0000839)
pausebreak7   
2015-08-16 11:06   
my computer intel i5 Sandy Bridge

dbvm 8 version vmeventhandler.c edit

///////////////////////////////
int handleCPUID(VMRegisters *vmregisters)
{
// sendstring("handling CPUID\n\r");

  UINT64 oldeax=vmregisters->rax;

  _cpuid(&(vmregisters->rax),&(vmregisters->rbx),&(vmregisters->rcx),&(vmregisters->rdx));

  
  if (oldeax==1)
  {
    //remove the hypervisor active bit (bit 31 in ecx)
    vmregisters->rcx=vmregisters->rcx & (~(1 << 31));
  }


  /*
  if (oldeax==1)
  {
    //remove vmx capability in ecx
    vmregisters->rcx=vmregisters->rcx & (~(1 << 5)); //set bit 5 to 0
  }*/

//////////////////////////////

edit dbvm 8 version test error message screenshot error5

i dont'know what you did.you didn't crash,but you also didn't load sys

cheat engine dbvm load fail

dbvm9 version compile?(my test dbvm8 version)
(0000840)
pausebreak7   
2015-08-16 11:30   
my test vmx password mistake

code not error,but vmprotect detect no bypass
(0000841)
Dark Byte   
2015-08-16 11:30   
(Last edited: 2015-08-16 11:31)
I've uploaded dbvm9 with this modification. Try testing it on an official ce 6.4 release first (And reboot first, perhaps your system is already running under DBVM but it's not visible)

Edit, ah ok. Yeah, I guessed this wasn't it. (It's too easy)

(0000842)
pausebreak7   
2015-08-16 11:39   
cheat engine 6.4 RUN dbvm 9.1 version load test
----------------------

vmprotect no bypass

maybe...
detecting a hypervisor running?
(0000843)
pausebreak7   
2015-08-16 11:50   
I think this situation detection methods

-Examples--
dbvm run -> vmware run error
dbvm no run -> vmware run success

If you are running other virtualization is detected
(0000844)
pausebreak7   
2015-08-17 14:28   
(Last edited: 2015-08-17 15:14)
google search

http://artemonsecurity.com/vmde.pdf

51page hypervisor detection code

bypass impossible?

detected flag has been running virtualization?

(0000845)
Dark Byte   
2015-08-17 22:50   
That pdf only describes how to detect known virtual machines by scanning for the extra features they come with (vga, devices,etc...).
(0000846)
pausebreak7   
2015-08-17 23:00   
Search for Google do not even know

Check the virtual machine load information

Something about loads at boot detect VT activated

I do not know the solution to this

thank you dark byte
(0000847)
pausebreak7   
2015-08-18 14:28   
windows 7 x64 intel i5 Sandy Bridge
dbvm 9 version load
fix binding deactivate for children test
////////////////////////////////////
test cap label click information
DBVM UNLOAD no hypervisor detected 1FBAE3FF
DBVM LOAD no hypervisor detected 17BAE3FF
/////////////////////////////////////////////

The same happened cpuid information changes
(0000848)
pausebreak7   
2015-08-21 17:49   
(Last edited: 2015-08-21 17:54)
--------------------------------------------------
vmprotect windows8.1 hypervisor detect

link:

http://vmpsoft.com/forum/viewtopic.php?f=4&t=1481&hilit=hyper

http://vmpsoft.com/forum/viewtopic.php?f=4&t=1474

--------------------------------------------------

vmprotect can crash Windows 8.1 hyper-v

--------------------------------------------------
screenshot sssd.png

vmplayer run -> hyper-v not detect message

vmplayer also writes the virtualization code

But VMP detection message is not output

-cpuid test label-
DBVM UNLOAD no hypervisor detected 1FBAE3FF
vmplay run no hypervisor detected 1FBAE3FF
DBVM LOAD no hypervisor detected 17BAE3FF

(0000851)
pausebreak7   
2015-08-26 09:40   
(Last edited: 2015-08-26 09:43)
hmm vmprotect unpack

https://forum.tuts4you.com/topic/30733-vmprotect-ultra-unpacker-10/page-1

----------------------------------------------------------------------------

https://forum.tuts4you.com/topic/33835-vmp-unpack-videeo-by-kge/?hl=vmprotect

http://www.sendspace.com/file/jn8rhb --password:bbs.chinapyg.com

----------------------------------------------------------------------------
Would not the relevant code is detected in the process of unpacking?

When packing a 64-bit program, the message is not output
(64bit cheatengine vmp packing -> vmprotect vt detect not message)
(maybe... vmprotect bug)

Low versions of VMP unpacked, but as I have found during the detection code?

the best ideas

Unpacking for days to find relevant material in the course code to detect

(0000852)
pausebreak7   
2015-08-26 10:07   
(Last edited: 2015-08-26 10:51)
https://tuts4you.com/download.php?view.3432

VMProtect 1.xx - 2.xx Ultra Unpacker v1.0 folder


VMProtect 2.06 -> VMProtector_2.06_unpackme.exe ->dbvm load detect


VMProtect 2.12 -> notepad.vmp.exe ->dbvm load detect

http://www.52pojie.cn/forum.php?mod=viewthread&tid=129047

http://down.52pojie.cn/LCG/Zeus_Tutorial.rar
-------------------------------------------------------------
not test can not unpack file

If unpacking is not detected, then there side code analysis?
-------------------------------------------------------------

Tutorial video cpuid? Modified

What it is detected by cpuid?

(0000853)
pausebreak7   
2015-08-26 16:57   
vmprotect Analysis pdf 52page cpuid

http://lille1tv.univ-lille1.fr/telecharge.aspx?id=d5b2487e-cacc-4596-ab37-dab2b362cb9e

VM CPUID
There is a special opcode for making CPUID
instruction
Op_01: Value
Save 0x0C on VM_STACK (EBP) for storing eax, ebx,
ecx, edx

PDF is the analysis of data for VMprotect
(0000857)
pausebreak7   
2015-08-28 16:58   
wrta sFile2, "CPUID Exsample:"
wrta sFile2, "----------------------------------"
wrta sFile2, "CPUID ; Command of VMP code!Access first and read and note the return values!"
wrta sFile2, "\r\n"
wrta sFile2, "VMP COMMAND xy ; Original VMP command before hooking!"
wrta sFile2, "cmp R32, 01 ; In some cases VMP access the command with conditions!Mostly eax 1!"
wrta sFile2, "je short @PATCH ; If eax 01 then jump to our patch!"
wrta sFile2, "CPUID ; Fill CPUID if you hooked VMP before that command!"
wrta sFile2, "jmp Back to VMP ; Jump to VMP code again after Hook! >>>> A1 <<<<"
wrta sFile2, "@PATCH: ; Your Patch code label!"
wrta sFile2, "mov eax, xxxxxxxx ; Enter value of "eax" after the step over the VMP CPUID!"
wrta sFile2, "mov ecx, xxxxxxxx ; Enter value of "ecx" after the step over the VMP CPUID!"
wrta sFile2, "mov edx, xxxxxxxx ; Enter value of "edx" after the step over the VMP CPUID!"
wrta sFile2, "mov ebx, xxxxxxxx ; Enter value of "ebx" after the step over the VMP CPUID!"
wrta sFile2, "jmp Back to VMP ; Jump to VMP code again after Hook!You can also make a short jump to >>>> A1! <<<<"
wrta sFile2, "\r\n\r\n"
wrta sFile2, "\r\n"
wrta sFile2, "////////////////////"
wrta sFile2, "RDTSC Exsample:"
wrta sFile2, "----------------------------------"
wrta sFile2, "RDTSC ; Command of VMP code!Access first and read and note the return values!"
wrta sFile2, "\r\n"
wrta sFile2, "VMP COMMAND xy ; Original VMP command before hooking!"
wrta sFile2, "RDTSC" ; Insert command if needed!"
wrta sFile2, "mov eax, xxxxxxxx ; Enter value of "eax" after the step over the VMP RDTSC!"
wrta sFile2, "mov edx, xxxxxxxx ; Enter value of "edx" after the step over the VMP RDTSC!"
wrta sFile2, "jmp Back to VMP ; Jump to VMP code again after Hook!"
wrta sFile2, "\r\n\r\n"
wrta sFile2, "Just test your dumped file under VM with a other OS and check whether it's needed to patch CPUID & RDTSC!"
wrta sFile2, "Note that you will have problems with that if VMP used also CRC checks on that VMP addresses!"
wrta sFile2, "Just play a little with that till you got some success or till you failed!"
wrta sFile2, "\r\n"
wrta sFile2, "So I hope that you have understand the exsamples above!"
wrta sFile2, "\r\n"
wrta sFile2, "----------------------------------"
wrta sFile2, "LCF-AT"


cpuid eax,ebx,ecx,edx -> ORIGINAL value
cpuid eax,ebx,ecx,edx -> DBVM LOAD value

cpuid data difference?

and rdtsc(read timestamp count) dbvm check possible?

------------------------------------------------
I do not know any more information to give up

When the time comes I'll try once again

thank you darkbyte

have a good day




View Issue Details
403 [Cheat Engine] (No Category) minor have not tried 2015-08-23 15:44 2015-08-23 16:56
Zsarnok  
 
normal  
new  
open  
none    
none  
   
Lack of disk space and search
program after stop
Lack of drive(c:) space


Google translation
I'm sorry I did not get well
6.4 CheatEngine
1.Unknown inital value First Scan
2.Unchanged value
3.Unchanged value
4.Unchanged value
5.Unchanged value
.
.
.
Program stop
Insufficient Disk Space
 
Notes
(0000850)
Dark Byte   
2015-08-23 16:56   
Doing an unchanged value scan after unknown initial value is just asking for diskspace issues.

Assuming you did an "All" type scan, with fastscan off, on a target process that takes up 6GB of RAM:

For "all" types, each result takes 2*8=16 bytes (Unless you use custom types which will be 8+maxcustomtypesize )

assume absolutely nothing changed in the target process, which means every byte returns a result
6GB = 6442450944 Bytes, so 6442450944 results.

6442450944*16 bytes=103079215104 bytes

Now, assume you didn't deselect the ability to undo scans, that means each scan result will be made a copy off.
So, 103079215104 *2=206158430208

And don't forget that the first scan is often saved as well. In this case an unknown initial value scan, so a full copy of the game: 6GB
206158430208+6442450944 = 212600881152

Soooo, for such a scan, you would need at least 212GB free diskspace

To deal with this, go to scan settings, and set the temporary scan folder to a disk with at least 212GB diskspace free




View Issue Details
402 [Cheat Engine] (No Category) major have not tried 2015-08-20 14:03 2015-08-22 11:59
Kaeden319  
Dark Byte Windows 7  
immediate Ultimate  
acknowledged  
open  
none    
none  
   
"ALL" search doesn't work in the latest SVN build,
I got the latest version of the SVN build from here:
https://1e97ecfb19139e5335995ff96bb835d04ab12791.googledrive.com/host/0BwMAnE6mjogMTmpYMGstY1NPQnc/

and noticed two major bugs.
1) Search for "Unknown" All Value and Certain number and "ALL" return 0 results. Previous version of the SVN build wasn't affected.
2) I have 4GB of RAM free, however memory scan for GTA V require 6.5 (unknown initial value, float). On the previous version I was able to perform search like this without any issues (because of the page file), but latest SVN build simple won't let me.
 
Notes
(0000849)
Dark Byte   
2015-08-22 11:59   
1: Is the type you're looking for a 1 or 2 byte value? If so, go to settings->scan settings and tick "byte" and "2 bytes" for the all type

2: What do you mean it won't let you? Do you get an allocation error? Or do you mean CE looks like it's frozen ?




View Issue Details
401 [Cheat Engine] (No Category) crash always 2015-08-20 13:58 2015-08-21 00:10
Kaeden319  
Dark Byte Windows 7  
immediate Ultimate 64-bit  
acknowledged  
open  
none    
none  
   
Cheat Engine Mono Feature doesn't work correctly with latest Unity Games.
Game: Warlocks vs Shadows
Bug description: Enabling Mono Features and opening the structure dissect (normal, not mono) cause abnormal memory usage. cheatengine-x86_64.exe start eating memory (up to 6GB) and everything freeze and crash. Note: I don't perform any search. I just open structure dissect and looking there. Tested on 6.4 and latest SVN build

Game:Empyrion - Galactic Survival:
Bug description: Impossible to open Mono Structure because it cause instant crash. Sometimes can't even activate Mono Features on Cheat Engine 6.4.

Game: Subnautica.
Bug description: Impossible to activate Mono Features on version 6.4. Latest SVN build doesn't have this problem.
Warlocks vs Shadows:

1) Get player structure by searching for HP address and subtracting HP offset.
2) Enable Mono Features
3) Open Structure Dissect
4) Be there for a whole, open pointers, look for stuff.


Game:Empyrion - Galactic Survival:

1) Open the game.
2) Mono - Mono Dissect

 
There are no notes attached to this issue.




View Issue Details
400 [Cheat Engine] (No Category) minor always 2015-08-11 20:21 2015-08-12 10:52
pausebreak7  
 
normal  
new  
open  
none    
none  
   
writes Ignore WriteProtection bug or option?
new release version
implement dbk_getPhysicalAddress and dbk_writesIgnoreWriteProtection

driver kernel memory fix computer BSOD

Cheat Engine WP Control OPTION & BUG?

I solved the problem but new release code bsod

success code last comment

http://cheatengine.org/mantis/view.php?id=386
BOOL disabledWP = FALSE;
target=Address;
source=Buffer;
if (loadedbydbvm) //add a extra security around it as the PF will not be handled
if ((loadedbydbvm) || (KernelWritesIgnoreWP)) //add a extra security around it as the PF will not be handled
{
disableInterrupts();
vmx_disable_dataPageFaults();
}
if (loadedbydbvm)
vmx_disable_dataPageFaults();
for (i=0; i<Size; i++)
{
target[i]=source[i];
if (KernelWritesIgnoreWP)
{
DbgPrint("Disabling CR0.WP");
setCR0(getCR0() & (~(1 << 16))); //disable the WP bit
disabledWP = TRUE;
}
}
RtlCopyMemory(target, source, Size);
ntStatus = STATUS_SUCCESS;
if (loadedbydbvm)
if ((loadedbydbvm) || (disabledWP))
{
UINT_PTR lastError;
lastError=vmx_getLastSkippedPageFault();
vmx_enable_dataPageFaults();
UINT_PTR lastError=0;
if (disabledWP)
{
setCR0(getCR0() | (1 << 16));
DbgPrint("Enabled CR0.WP");
}
if (loadedbydbvm)
{
lastError = vmx_getLastSkippedPageFault();
vmx_enable_dataPageFaults();
}
enableInterrupts();
error3.png (165,181 bytes) 2015-08-11 20:21
http://cheatengine.org/mantis/file_download.php?file_id=148&type=bug
png
 
Notes
(0000831)
Dark Byte   
2015-08-12 02:44   
your modifications didn't get properly merged with the new code. You need to get a clean copy or do not get the latest version of that function and use your own
(0000834)
pausebreak7   
2015-08-12 09:32   
Incomplete code

latest source version updates wait?
(0000835)
Dark Byte   
2015-08-12 10:44   
(Last edited: 2015-08-12 10:52)
The code is fine, but your previous modifications are conflicting with the new code

e.g:
if (loadedbydbvm) //add a extra security around it as the PF will not be handled
if ((loadedbydbvm) || (KernelWritesIgnoreWP)) //add a extra security around it as the PF will not be handled
{

That first if statement shouldn't be there, it will negate the OR statement of the next IF line

and:
for (i=0; i<Size; i++)
{
target[i]=source[i];
if (KernelWritesIgnoreWP)
{

that for loop got replaced and there's certainly no need to do that if check inside the loop

this is how it should look: https://github.com/cheat-engine/cheat-engine/blob/master/DBKKernel/memscan.c#L188

Anyhow, this patch is most likely not compatible with your requirement, so you can ignore it if you want and just keep your own code.

e.g you added a check for kernelmode memory only so it doesn't affect all processes, but I made this option specifically so it can affect all processes at the same time.

( Default it's off. But you enable/disable the feature with the lua command dbk_writesIgnoreWriteProtection(true) and dbk_writesIgnoreWriteProtection(false) )

(0000836)
pausebreak7   
2015-08-12 10:52   
thankyou darkbyte




View Issue Details
396 [Cheat Engine] (No Category) major always 2015-07-09 12:24 2015-07-13 00:41
Hans Henrik  
Dark Byte  
high  
resolved  
fixed  
none    
none  
   
no good way to see "conditional complex breakpoint" errors
when writing conditional complex breakpoints,
if i make a syntax error, or an undefined variable error,
the lua execution will __SILENTLY__ crash, as far as i know, there is no way to see the error, when, where, or why. makes it much harder to debug complex conditional breakpoint scripts; could we fix this somehow?
 
Notes
(0000829)
Dark Byte   
2015-07-13 00:41   
there will now be a messagebox when a lua script fails




View Issue Details
397 [Cheat Engine] (No Category) major always 2015-07-10 06:19 2015-07-12 22:44
metachrono Windows 7  
Dark Byte  
normal  
resolved  
fixed  
none    
none  
   
Pointer scanner - repeat rescan memory leak
When using the pointer scanner,rescan memory function with repeat rescan until stopped enabled, CE rapidly increases its memory usage, and does not decrease when rescan is stopped.

Tested on a 1 million pointer list, reached 3.5 gb in 10-20 seconds, and on a 1000 pointer list reached 0.5 gb in about the same time, before crashing with an Out of Memory warning.
 
Notes
(0000828)
Dark Byte   
2015-07-12 22:44   
fixed on github




View Issue Details
391 [Cheat Engine] (No Category) minor always 2015-04-29 17:34 2015-06-20 01:00
pausebreak7  
 
normal  
new  
open  
none    
none  
   
my testing some hexview stuff language
My Cheat Engine Test some hexview Korea Language

1.Dual Engine 5.4 MemoryView Font Korea Ansi&Wide Char Memory View Success
(Cheat Engine 5.4 Source)

SourceCode:

http://blog.daum.net/temp_/6696362

-------------------------------

if WJmp=1 then
WJmp:=0
else if buffer[j+(i*8*rowsof8)]=$0 then
begin
mbcanvas.Canvas.TextOut(start+20+20*((8*rowsof8)-1)+j*chrlength,5+i*textHeight+2,' ');
mbimage.Canvas.TextOut(start+20+20*((8*rowsof8)-1)+j*chrlength,5+i*textHeight+2,' ');
end else if buffer[j+(i*8*rowsof8)]>$7f then
begin
WJmp:=1;
mbcanvas.Canvas.TextOut(start+20+20*((8*rowsof8)-1)+j*chrlength,5+i*textHeight+2,chr(buffer[j+(i*8*rowsof8)])+chr(buffer[j+(i*8*rowsof8)+1]));
mbimage.Canvas.TextOut(start+20+20*((8*rowsof8)-1)+j*chrlength,5+i*textHeight+2,chr(buffer[j+(i*8*rowsof8)])+chr(buffer[j+(i*8*rowsof8)+1]));
end else
begin
mbcanvas.Canvas.TextOut(start+20+20*((8*rowsof8)-1)+j*chrlength,5+i*textHeight+2,chr(buffer[j+(i*8*rowsof8)]));
mbimage.Canvas.TextOut(start+20+20*((8*rowsof8)-1)+j*chrlength,5+i*textHeight+2,chr(buffer[j+(i*8*rowsof8)]));
end;

-------------------------------

2.Cheat Engine 6.4 MemoryView Font Korea Not Memory View



maybe error?(single line code fix)

Memory View Single Change Text Code Change -> Memory View English View (Dual Engine 5.4)

Memory View Single Change Text Code Change -> Memory View Korea Crash View (Dual Engine 5.4)

Memory View Single Text Code Change -> Memory View Korea& English Not View (CE 6.4)
DualEngine DownLoad Link:

https://www.dropbox.com/s/g1w05kx9umjscjb/DualEngine.zip?dl=0

My Test Video:

https://www.dropbox.com/s/25530hz275bnp7v/bandicam%202015-04-29%2021-54-45-206.avi?dl=0

Cheat Engine 5.4 Memory Viewer WideChar Source(Korea Language):

http://blog.daum.net/temp_/6696362
test.png (220,962 bytes) 2015-04-29 17:49
http://cheatengine.org/mantis/file_download.php?file_id=141&type=bug
png

error2.png (102,118 bytes) 2015-04-30 10:26
http://cheatengine.org/mantis/file_download.php?file_id=142&type=bug
png
 
Notes
(0000810)
pausebreak7   
2015-04-29 17:44   
Dual Engine ansicode Korean language Memory View Success

Dual Engine Unicode Korean language Memory View Fail

Cheat Engine ansicode Korean language Memory View Fail

Cheat Engine Unicode Korean language Memory View Fail
(0000811)
pausebreak7   
2015-04-29 17:55   
Korea Multi line Change Apple Ansi Code -> BB E7 B0 FA

Korea Multi line Change Apple Uni code AC C0 FC AC

Korea Multi line Change Apple Uni Code -> AC C0 FC AC 00 00 6C 00 70

But Bug Code 00 00 6C 00 70 (Delete)
(0000812)
pausebreak7   
2015-04-29 18:04   
(Last edited: 2015-04-29 18:10)
Korea Multi Line Change Apple Ansi Code ->BB E7 B0 FA

Korea single Line Change Apple Ansi Code ->EC 82 AC EA B3 BC

-------------------------------------------------------------

Korea Multi Line Change Apple Uni code AC C0 FC AC 00 00 6C

00 00 6C Bug code (Delete)

Korea single Line Change Apple Uni code 3F 00 48 04 B5 B0 00 00 30 00 30 00 33

00 30 00 30 00 33 bug code (Delete)

(0000813)
pausebreak7   
2015-04-29 18:17   
Single Line Fix View Error Video:
https://www.dropbox.com/s/30uvotbq6igvvx7/bandicam%202015-04-29%2022-48-36-254.avi?dl=0
(0000814)
pausebreak7   
2015-04-29 18:30   
(Last edited: 2015-04-29 18:46)
my error if the font is MS Sans Serif?

maybe can be a font error?

video link:

https://www.dropbox.com/s/28i36l7vlfgdy8q/bandicam%202015-04-29%2023-17-48-790.avi?dl=0

(0000815)
Dark Byte   
2015-04-30 02:34   
it's a short list because the hexview requires a font that has unchanging character widths. That means that both '1' and 'Q' will take up the equal amount of space

Also, to test the 16 bit encoding, rightclick the hexview and set text encoding to 16 bit, else it will keep showing it as default 8 bit
(0000817)
pausebreak7   
2015-04-30 10:30   
(Last edited: 2015-04-30 10:30)
my testing screenshot error2.png

1.regedit save font name error(korean language font)

2.single line edit bug (english not bug,korean language bug)

3.korean language memory view blank

(0000818)
pausebreak7   
2015-05-01 00:23   
http://blog.daum.net/temp_/6696362

maybe..

procedure TMemoryBrowser.RefreshMB[Cheat Engine 5.4]
procedure THexView.render;[Cheat Engine 6.4]

Cheat Engine hexviewunit.render textout code fix?
(0000824)
pausebreak7   
2015-06-19 14:40   
Latest Cheat Engine Source rev Text Encoding Visible = False

Other languages are impossible?
(0000825)
Dark Byte   
2015-06-19 20:14   
It is impossible for me to test as I can not input those characters, my windows build can't display those characters, and even if I could, I wouldn't know if it displayed properly. And not to mention that there are over 20 different encoding types.

Someone else will have to try and fix/implement that. (Also, there is some talk that the compiler or lcl library that ce makes use of, doesn't properly support it either)
(0000826)
pausebreak7   
2015-06-20 01:00   
Thank you for answer

have a good day darkbyte!




View Issue Details
369 [Cheat Engine] (No Category) block always 2015-02-07 14:35 2015-06-11 02:21
grimmdev CESERVER  
Dark Byte Android  
immediate 5.0.2  
assigned  
open  
none    
none  
   
error: only position independent executables (PIE) are supported.
Device:Nexus 5
Root Access
Android OS:5.0.2
Tried latest Ceserver files from Cheatengine website. As you can see from the screenshot, it mostly says it all. This error halts the process and keeps me from connecting to it via network.

When I googled the issue I found this.
https://github.com/tatsuhiro-t/aria2/issues/321
Just seems it might need to be compiled with the latest api.
Use any android device with Android L OS.
Run Ceserver with Root privileges.
Screenshot_2015-02-07-06-12-18.png (72,558 bytes) 2015-02-07 14:35
http://cheatengine.org/mantis/file_download.php?file_id=128&type=bug
png

Screenshot_2015-02-07-22-59-31.png (125,869 bytes) 2015-02-08 07:14
http://cheatengine.org/mantis/file_download.php?file_id=129&type=bug
png
 
Notes
(0000732)
Dark Byte   
2015-02-08 03:24   
I've compiled ceserver with -fPIC which should theoretically fix this (untested)

Download http://cheatengine.org/temp/ceserverupdate.rar

Because this build is from the current svn it won't work with the released 6.4 version and requires the current svn build of cheat engine as well.

This archive contains both ceserver and the current 64-bit build of cheat engine. Extract the exe in this archive over the one in your current cheat engine folder (make a backup if you wish)

then replace the ceserver and libceserver-extension.so files on your device with the ones in this archive and see if it works.

Also, there is a 'hack' that removes the PIC requirement in android 5 ( http://forum.xda-developers.com/showpost.php?p=57467067&postcount=65 )
(0000737)
grimmdev   
2015-02-08 07:15   
didn't seem to work, but I'll try the hack with both provided and official ceserver
(0000738)
grimmdev   
2015-02-08 07:39   
well I tried both with the patch/hack, there's an underlying problem still. I just am not really sure what it is, proper way to collect log files? now it shows up and connects.. but after that point.. any app I connect it to, freezes the app and cheat engine on pc also freezes, I tried to make sure they both have the exact same versions. I don't think it worked very well.
(0000739)
Dark Byte   
2015-02-08 11:58   
(Last edited: 2015-02-09 15:30)
what does the output of ceserver say?(the last part specifically)


and make sure you only use the new ceserver with the new ce exe. the protocol has changed and there's no handling for different versions yet

try: http://cheatengine.org/temp/ceserver (armv7 version)
I've tested it on an android 5 emulator and it seems to work

(0000819)
grimmdev   
2015-05-12 08:39   
Welcome to the CEServer test app
Expect it to not work
Trying to fetch ceserver from the package...
  stage 1 success
  stage 2 success
    copying.................
  stage 3 success
Extraction successfull
Trying to fetch libceserver-extension.so from the package...
  stage 1 success
  stage 2 success
    copying............
  stage 3 success
Extraction successfull
-BOC-
uid=0(root) gid=0(root) context=u:r:sudaemon:s0
onCommandResult
Welcome
/
drwxrwx--x u0_a212 u0_a212 2015-05-08 03:03 cache
-rwxrwxrwx u0_a212 u0_a212 110112 2015-05-11 23:59 ceserver
lrwxrwxrwx install install 2015-05-04 05:00 lib -> /data/app-lib/org.cheatengine.cetest
-rwxrwxrwx u0_a212 u0_a212 71240 2015-05-11 23:59 libceserver-extension.so
drwxrwx--x u0_a212 u0_a212 2015-05-08 03:03 cache
-rwxrwxrwx u0_a212 u0_a212 110112 2015-05-11 23:59 ceserver
lrwxrwxrwx install install 2015-05-04 05:00 lib -> /data/app-lib/org.cheatengine.cetest
-rwxrwxrwx u0_a212 u0_a212 71240 2015-05-11 23:59 libceserver-extension.so
&s=0xbe9aaa20
main=0xe590
CEServer. Waiting for client connection
socket=3
IdentifierThread active
bind=0
listen=0
Identifier thread received a message :1
sizeof(packet)=6
packet.checksum=3e
packet.checksum=31e4
sendto returned 6
accept=5
(0000820)
grimmdev   
2015-05-12 09:00   
also it seems to freeze my app every time I've opened a process on it, well it's been doing that since I updated to android L (5)
(0000821)
grimmdev   
2015-06-11 02:21   
I have found a real solution, instead of using the the ceserver.
I used this.
http://forum.cheatengine.org/viewtopic.php?t=579943 and I was able to fix it without using the pie hack, in fact the problem seemed to be CM and how it handles Super User, I tried several different options. I found that chainfires Super user app with it's binaries solved the issue completely.




View Issue Details
393 [Cheat Engine] (No Category) minor always 2015-05-14 17:04 2015-05-14 17:04
sikaolfs  
 
normal  
new  
open  
none    
none  
   
ce6.4Injection to trim assembly
ce6.4Injection to trim assembly


I have a problem 。the game is that Assembler code:

mov [0054D99C],eax
ret

yet is that
89 05 9c d9 54 00
c3

then i use CE6.4 Injection to,Assembler code change

jmp 06400000 //newmem
add bl,al

yet is that

E9 B4 27 FF 05
00 c3

cade "ret" become to code"add"。game program crashes

then I Input code "nop" Align trim
jmp newmem
nop
ret

but Another mistake again As shown in the picture

how?
2015-05-14_202426.png (37,399 bytes) 2015-05-14 17:04
http://cheatengine.org/mantis/file_download.php?file_id=143&type=bug
png
 
There are no notes attached to this issue.




View Issue Details
328 [Cheat Engine] minor always 2014-05-01 01:54 2015-04-30 04:53
flarn2006  
Dark Byte  
normal  
resolved  
fixed  
none    
none  
   
Lua tonumber() function not returning negative numbers in some cases
For some reason, when using the tonumber() function on a string containing a negative number, starting with "-0.", it returns the absolute value of that number. This happens with any negative number -1 < x < 0, and only when the zero is given before the decimal point in the string.

To reproduce:

Open Lua Engine window, and type: print(tonumber("-0.028"))

Then click Execute. It will say "0.028", while it should say "-0.028".
 
Notes
(0000675)
Dark Byte   
2014-05-03 14:04   
(Last edited: 2014-05-03 14:06)
Confirmed. The problem is that this is lua which is an external library. There is a new version, but it's missing some of the patches I need (large number support)

But for now you can 'fix' the problem by always executing this script (it could be improved to deal with annoying users that do ----0.12 or add spaces in front, but you should get the idea)

---
if original_tonumber==nil then
  original_tonumber=tonumber
end

function tonumber(value)
  local result=original_tonumber(value)
  if string.sub(s,1,1)=="-" then
    if result>0 then
      result=-result
    end
  end

  return result
end
--

place it in main.lua, or in the autorun folder, or just in the start of your tables/trainers if they use it

(0000676)
mgr_inz_Player   
2014-05-05 15:03   
function tonumber2(value)
  value = value:gsub( "%-0*%." , "-." ):gsub("%-%-","")
  return tonumber(value)
end

test1 = "-0.234"
test2 = "-000.234"
test3 = "---0.234"
test4 = "-----0000.234"
test5 = "------0000.234" -- positive value. ( -1^6 )

print( tonumber2(test1) )
print( tonumber2(test2) )
print( tonumber2(test3) )
print( tonumber2(test4) )
print( tonumber2(test5) )



output:
-0.234
-0.234
-0.234
-0.234
0.234
(0000677)
flarn2006   
2014-05-05 15:04   
@Dark Byte: That's pretty much what I did, but thanks! :-)
(0000816)
Dark Byte   
2015-04-30 04:53   
fixed now that ce is using Lua 5.3




View Issue Details
329 [Cheat Engine] minor have not tried 2014-05-07 22:18 2015-04-29 15:57
pausebreak7  
Dark Byte  
normal  
resolved  
fixed  
none    
none  
   
dark byte Memory View WideChar view?
Korean language Ansi Char & Wide Char Memory View Not View
AnsiChar & Wide Char Option Select Function Or
Korean language View Edit Plz
//Korean Language ->??

1234.png (36,186 bytes) 2014-05-07 22:18
http://cheatengine.org/mantis/file_download.php?file_id=109&type=bug
png
 
Notes
(0000809)
Dark Byte   
2015-04-29 15:57   
this may have just been implemented. (testing this is pretty much impossible for me)




View Issue Details
332 [Cheat Engine] feature N/A 2014-05-23 00:45 2015-04-29 02:06
Csimbi  
Dark Byte  
normal  
resolved  
fixed  
none    
none  
   
CE 6.3 - allow storing data using wildcards
I'd like if CE would accept wildcards (?? or *) in all data types and skip over those bytes when writing data (i.e. do not write on those spots).

E.g.
[ENABLE]
aobscan(aob1,24 50 24 00 24 40 d0 46 ?? ?? ?? a2 a0 46 ?? ?? ?? d0 46 ?? ?? ?? 24 14 a1)

label(aob1_r)
registersymbol(aob1_r)

aob1:
aob1_r:
db 24 64 24 14 24 69 d0 46 ?? ?? ?? a2 a0 46 ?? ?? ?? d0 46 ?? ?? ?? 24 00 a1

[DISABLE]
aob1_r:
db 24 50 24 00 24 40 d0 46 ?? ?? ?? a2 a0 46 ?? ?? ?? d0 46 ?? ?? ?? 24 14 a1

unregistersymbol(aob1_r)

Thank you for considering.
 
Notes
(0000808)
Dark Byte   
2015-04-29 02:06   
implemented




View Issue Details
347 [Cheat Engine] tweak always 2014-10-14 03:16 2015-04-29 01:51
mgr_inz_Player  
Dark Byte  
normal  
resolved  
fixed  
none    
none  
   
Dealing with "other" whitespace characters in AutoAssembly script.
Adding trivial AA script:
[ENABLE] 
400500:
db 01

[DISABLE]
400500:
db 00

It won't accept it because of whitespace I used at the end of "[ENABLE]" line, the "no-break space" (0xA0).

Currently, SynEdit is set to trim 0x0-0x20 chars at the end of line, it doesn't know what to do with other white characters.
 
Notes
(0000807)
Dark Byte   
2015-04-29 01:51   
fixed




View Issue Details
309 [Cheat Engine] major always 2013-11-30 23:48 2015-04-29 01:40
mgr_inz_Player  
Dark Byte  
normal  
resolved  
fixed  
none    
none  
   
FPU instructions in 64bit mode
I'm really confused.

In 32bit we have
d9 1c 24 - fstp Dword ptr [esp]
dd 1c 24 - fstp Dword ptr [esp]




In 64bit there are issues.

Disassabler output (data crated with db command):
DD 1C 24 - fstp Qword ptr [rsp]
48 DD 1C 24 - fstp Qword ptr [rsp]
66 48 DD 1C 24 - fstp Qword ptr [rsp]
D9 1C 24 - fstp Dword ptr [rsp]
48 D9 1C 24 - fstp Dword ptr [rsp]
66 48 D9 1C 24 - fstp Dword ptr [rsp]
Some of above aren't correct



Assembler (I type those and I get opcodes):
fstp Dword ptr [rsp] - opcodes are D9 1C 24 - fstp Dword ptr [rsp]
fstp Qword ptr [rsp] - opcodes are 48 D9 1C 24 - fstp Dword ptr [rsp]






 
Notes
(0000647)
mgr_inz_Player   
2014-02-05 20:26   
64bit assembler:

typing those:
"user input" => "CE assemblerUnit converts it to"
fstp Dword ptr [rsp] => D9 1C 24 - fstp dword ptr [rsp]
fstp Qword ptr [rsp] => 48 D9 1C 24 - fstp dword ptr [rsp] - BUG (should be "DD 1C 24")

fstp Dword ptr [rax] => D9 18 - fstp dword ptr [rax]
fstp Qword ptr [rax] => 48 D9 18 - fstp dword ptr [rax] - BUG (should be "DD 18")
(0000648)
Dark Byte   
2014-02-06 11:55   
fixed in the svn
(0000696)
mgr_inz_Player   
2014-09-15 22:10   
(Last edited: 2014-09-15 22:27)
https://code.google.com/p/cheat-engine/source/detail?r=2357
The same goes to FST - we need another fix


and another
"fld qword ptr [rsp]" should be DD 04 24, not the 48 D9 04 24
"fld qword ptr [rax]" should be DD 00, not the 48 D9 00


and another
"fsub qword ptr [rsp]" should be DC 24 24, not the 48 D8 24 24
"fsub qword ptr [rax]" should be DC 20, not the 48 D8 20


and for other FPU commands.

(0000806)
Dark Byte   
2015-04-29 01:40   
should be fixed now




View Issue Details
338 [Cheat Engine] feature N/A 2014-07-08 21:10 2015-04-29 01:32
Csimbi  
Dark Byte  
normal  
resolved  
fixed  
none    
none  
   
Feature request: Custom set of types to scan
Setting the value type to 'All' scans for all data types (incl. custom types if enabled in settings).
This is find and dandy, however not very efficient.

My use case is that I would like to avoid scanning for byte and double values in games where I know that it will never occur. This means I'd like to scan for 2- and 4-byte integers and floating point values.

Would it be possible to add a 'Custom set' to the list with a button on the side where I could select the set of standard types (i.e. custom types excluded) to use for the scan?

Thank you for considering!
 
Notes
(0000805)
Dark Byte   
2015-04-29 01:32   
implemented




View Issue Details
387 [Cheat Engine] (No Category) block always 2015-03-25 23:12 2015-04-07 20:52
pausebreak7  
 
high  
new  
open  
none    
none  
   
Dark Byte OP(Openprocess Detection Bypass? IDEA?)
-Dbk32functions.pas-
function {OpenProcess}OP(dwDesiredAccess:DWORD;bInheritHandle:BOOL;dwProcessId:DWORD):THANDLE; stdcall;
var valid:boolean;
    //Processhandle: uint64;
    Processhandle: Thandle;
    i:integer;
    cc,x: dword;

begin

  valid:=true;
  if dwProcessId=0 then
  begin
    result:=0;
    exit;
  end;

  if hdevice<>INVALID_HANDLE_VALUE then
  begin
    cc:=IOCTL_CE_OPENPROCESS; //여기를 주석 하거나 hdevice,cc -> hdevice,0으로 하면 OP 동작 안함
    if deviceiocontrol(hdevice,cc,@dwProcessId,4,@processhandle,8,x,nil) then
    begin
    result:=processhandle;
    end
    else
  result:=0;
end

case IOCTL_CE_OPENPROCESS:
{
PEPROCESS selectedprocess;
ULONG processid=*(PULONG)Irp->AssociatedIrp.SystemBuffer;
HANDLE ProcessHandle;
ntStatus=STATUS_SUCCESS;
__try
{
ProcessHandle=0;
if (PsLookupProcessByProcessId((PVOID)(UINT_PTR)(processid),&selectedprocess)==STATUS_SUCCESS)
{
//DbgPrint("Calling ObOpenObjectByPointer\n");
ntStatus=ObOpenObjectByPointer (
selectedprocess,
0,
NULL,
PROCESS_ALL_ACCESS,
*PsProcessType,
KernelMode, //UserMode,
&ProcessHandle);
//DbgPrint("ntStatus=%x",ntStatus);
}
}
__except(1)
{
ntStatus=STATUS_UNSUCCESSFUL;
}
*(PUINT64)Irp->AssociatedIrp.SystemBuffer=(UINT64)ProcessHandle;
break;
}
My Test Source Code Fix
dbk32functions.pas
original -> result:=processhandle;
     fix -> result:=processhandle xor $1234;

IOPLDispatcher.c
Original-> *(PUINT64)Irp->AssociatedIrp.SystemBuffer=(UINT64)ProcessHandle;
     Fix-> *(PUINT64)Irp->AssociatedIrp.SystemBuffer=(UINT64)ProcessHandle ^0x1234;

OpenProcess Detection Bypass Fail

may be...

Openprocess Process Handle Or ProcessID Check Detect...

Do you have a good idea?
 
Notes
(0000795)
pausebreak7   
2015-03-25 23:24   
Sys Code IOPLDispatcher.h
// Test Compile
#define IOCTL_CE_OPENPROCESS CTL_CODE(IOCTL_UNKNOWN_BASE, 0x0802, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS) <-- Detect
//#define IOCTL_CE_OPENPROCESS <--Not Detect

//#define IOCTL_CE_READMEMORY CTL_CODE(IOCTL_UNKNOWN_BASE, 0x0800, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
//#define IOCTL_CE_WRITEMEMORY CTL_CODE(IOCTL_UNKNOWN_BASE, 0x0801, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
(0000796)
pausebreak7   
2015-03-26 01:05   
Is associated with the following code to bypass?

//newkernelhandler.pas
//procedure UseDBKOpenProcess;

nthookscript:=tstringlist.create;
nthookscript.add('NtOpenProcess:');
nthookscript.add('jmp '+IntToHex(ptruint(@NOP),8));
autoassemble(nthookscript, false, true, false, true);
(0000797)
pausebreak7   
2015-03-30 00:54   
(Last edited: 2015-03-30 00:57)
hmm openprocess flag vm write delete bypass success

original: PROCESS_ALL_ACCESS(0x1fffff)
(Query information,Set information, Set quotas, Set session ID, Create threads, Create processes, VM operation, VM read, VM write, Duplicate handles, Suspend/resume, Terminate, Synchronize, Delete, Read control, Write DAC, Write owner)
edit: 0X1FFFDF(0x1fffdf)
(Query information,Set information, Set quotas, Set session ID, Create threads, Create processes, VM operation, VM read, Duplicate handles, Suspend/resume, Terminate, Synchronize, Delete, Read control, Write DAC, Write owner))

ACCESS_MASK DesiredAccess <-Detect

Remove the vm_write function ->bypass success

but Can not be bypassed while using functions without removing the vm_write?

You know you're vm_write to be replaced with the writeprocess but not while

bypassing do I apply without having to remove the flag?

(0000798)
pausebreak7   
2015-03-30 01:15   
(Last edited: 2015-03-30 01:17)
without removing the process flag

bypass idea...plz

(0000799)
Dark Byte   
2015-04-01 14:02   
(Last edited: 2015-04-01 14:02)
try this:
change
ntStatus=ObOpenObjectByPointer (
selectedprocess,
0,
NULL,
PROCESS_ALL_ACCESS,
*PsProcessType,
KernelMode, //UserMode,
&ProcessHandle);
to
ntStatus=STATUS_UNSUCCESSFUL;

CE will then fallback on pure kernelmode(CR3 access). (symbol lookup will fail)

(0000800)
pausebreak7   
2015-04-02 03:40   
(Last edited: 2015-04-02 03:44)
bypass success

ntStatus=ObOpenObjectByPointer (
selectedprocess,
0,
NULL,
0X1FFFDF,
*PsProcessType,
KernelMode, //UserMode,
&ProcessHandle);

Can not be bypassed while using functions without removing the vm_write?

fake pid & fake handle & fake process flag idea?...

(0000801)
Dark Byte   
2015-04-02 15:24   
remove the vm_write and see if you can still write or not (kernelmode read/write do not look at the rights of the handle)
(0000802)
pausebreak7   
2015-04-03 12:20   
vm_write substitute-> read/write kernelmode&usermode
but...
I would like to bypass function without erasing vm_write
(0000803)
pausebreak7   
2015-04-07 20:52   
I have an idea

1.OpenProcess Handle dkom(Direct Kernel Object Manipulation)

Process Target Handle Link Hide(x64 System Not Patch Guard possibility?)

2.Handle Granted Access
Original 0x1FFFFF -> Fake Granted Access Code 0X??????

3.TarGet ProcessID Fake Change?

Original 0x1234 ->Fake PID -> 0x1234+3

Is it possible in three ways?




View Issue Details
389 [Cheat Engine] (No Category) minor random 2015-04-02 07:35 2015-04-02 07:35
CongNong win7  
 
normal  
new  
open  
none    
none  
   
5.0 vs 5
I dont known this is a real bug or not, just noticed it.

Speed hack issue with numeric number: example, when i used 5 instead of 5.0, my target app crashed.

Version: C.E 6.4
OS: Win 7 Ultimate, 32b.
 
There are no notes attached to this issue.




View Issue Details
388 [Cheat Engine] (No Category) trivial always 2015-03-28 13:34 2015-03-29 20:47
Hans Henrik  
Dark Byte  
normal  
confirmed  
open  
none    
none  
   
will only replace 1 instruction at a time with NOP(s)
when i select several instructions, then right-click and press "replace with code that does nothing", i'd expect it to replace all the selected instructions, but it will only replace 1 of them.
 
There are no notes attached to this issue.




View Issue Details
386 [Cheat Engine] (No Category) crash always 2015-03-23 18:52 2015-03-23 22:05
pausebreak7  
 
normal  
new  
open  
none    
none  
   
Dark Byte Cheat engine X64 kernel Memory Edit Kernel32.dll API ALL PROCESS FIX
write process memory source edit
------------------------------
setCR0(getCR0() & (~(1<<16)));
disableInterrupts();
for (i=0; i<Size; i++)
{
target[i]=source[i];
}
setCR0(getCR0() | (1<<16));
enableInterrupts();
ntStatus = STATUS_SUCCESS;

Kernel Memory Edit Fix Source Compile

Kernel32.dll API Code Fix -> ALL PROCESSS Kernel32.dll CODE FIX

I do not understand

videoLink:
https://www.dropbox.com/s/1g8yqer5mc4jbba/bandicam%202015-03-24%2000-26-44-944.avi?dl=0

 
Notes
(0000792)
Dark Byte   
2015-03-23 20:51   
(Last edited: 2015-03-23 20:51)
If you disable the write exception, you also skip the "copy-on-write" mechanism in windows, which will copy the page and assign it to that specific process specifically.
So instead of editing it for one process, you're editing it for all processes that have share that specific page.

The easiest solution is only apply the setCR0 code when the address is bigger than 0xf000000000000000ULL

(0000793)
pausebreak7   
2015-03-23 21:42   
//simple Code PLZ
//Sorry Darkbyte
//I do not know how to write code
//Can you help me out?


setCR0(getCR0() & (~(1<<16)));
disableInterrupts();
for (i=0; i<Size; i++)
{
target[i]=source[i];
}
setCR0(getCR0() | (1<<16));
enableInterrupts();


--WriteProcessMemory Source CODE--

BOOLEAN WriteProcessMemory(DWORD PID,PEPROCESS PEProcess,PVOID Address,DWORD Size, PVOID Buffer)
{
PEPROCESS selectedprocess=PEProcess;
KAPC_STATE apc_state;
NTSTATUS ntStatus=STATUS_UNSUCCESSFUL;
if (selectedprocess==NULL)
{
//DbgPrint("WriteProcessMemory:Getting PEPROCESS\n");
if (!NT_SUCCESS(PsLookupProcessByProcessId((PVOID)(UINT_PTR)PID,&selectedprocess)))
return FALSE; //couldn't get the PID
//DbgPrint("Retrieved peprocess");
}
//selectedprocess now holds a valid peprocess value
__try
{
UINT_PTR temp=(UINT_PTR)Address;
RtlZeroMemory(&apc_state,sizeof(apc_state));
KeAttachProcess((PEPROCESS)selectedprocess);
__try
{
char* target;
char* source;
unsigned int i;
//DbgPrint("Checking safety of memory\n");
if ((IsAddressSafe((UINT_PTR)Address)) && (IsAddressSafe((UINT_PTR)Address+Size-1)))
{
//still here, then I gues it's safe to read. (But I can't be 100% sure though, it's still the users problem if he accesses memory that doesn't exist)
target=Address;
source=Buffer;
if (loadedbydbvm) //add a extra security around it as the PF will not be handled
{
disableInterrupts();
vmx_disable_dataPageFaults();
}
setCR0(getCR0() & (~(1<<16)));
disableInterrupts();
for (i=0; i<Size; i++)
{
target[i]=source[i];
}
setCR0(getCR0() | (1<<16));
enableInterrupts();
ntStatus = STATUS_SUCCESS;
if (loadedbydbvm)
{
UINT_PTR lastError;
lastError=vmx_getLastSkippedPageFault();
vmx_enable_dataPageFaults();
enableInterrupts();
DbgPrint("lastError=%p\n", lastError);
if (lastError)
ntStatus=STATUS_UNSUCCESSFUL;
}
}
}
__finally
{
KeDetachProcess();
}
}
__except(1)
{
//DbgPrint("Error while writing\n");
ntStatus = STATUS_UNSUCCESSFUL;
}
if (PEProcess==NULL) //no valid peprocess was given so I made a reference, so lets also dereference
ObDereferenceObject(selectedprocess);
return NT_SUCCESS(ntStatus);
}
(0000794)
pausebreak7   
2015-03-23 22:04   
(Last edited: 2015-03-23 22:05)
I solved the problem

Thank you dark byte

have a nice day

////////my fix code////////

if (target>0xf000000000000000ULL) //kernel32.dll fix compare
{
setCR0(getCR0() & (~(1<<16)));
disableInterrupts();
}
else
{
}
for (i=0; i<Size; i++)
{
target[i]=source[i];
}
setCR0(getCR0() | (1<<16));
enableInterrupts();
ntStatus = STATUS_SUCCESS;





View Issue Details
385 [Cheat Engine] (No Category) minor always 2015-03-18 03:22 2015-03-19 14:07
Ajural  
Dark Byte  
low  
resolved  
fixed  
none    
none  
   
CE 6.4 Inconsistent math on hotkey in-/decreases on hex values
When using a hotkey set to increase a float value shown as hex by 800000, it doubles it, as expected (example: 0x3F800000 -> 0x40000000, 1f -> 2f).
In reverse however, decreasing 0x40000000 by 800000, which should just turn the 2f back into 1f, instead it subtracts 800000 from 0x40000000 as if it was a decimal value, resulting in 0x39200000, and it doesn't subtract anything if the value of which to subtract from contains letters, leading me to the conclusion that "Decrease value with:" hotkeys do not work (correctly) on hexadecimal values, while "Increase value with:" does.
1. Open any process with CE
2. Find a float number, add to address list
3. Right Click float in address list, show as hexadecimal
4. Add 2 hotkeys to that float, one increasing, one decreasing
5. Use the hotkeys and watch the odd behaviour of the hex value increasing as a hexadecimal, but decreasing as if it was decimal
 
Notes
(0000791)
Dark Byte   
2015-03-19 14:07   
fixed in the svn




View Issue Details
383 [Cheat Engine] (No Category) minor have not tried 2015-03-12 02:16 2015-03-12 02:16
jrob80  
 
normal  
new  
open  
none    
none  
   
Vaule not staying them same
Hello when I get my stuff done and entered with first scann next scann ect. When I double click to bring to bottom. I click to change vaule it's doesn't change to value I change it at. How do I get it to stay is there a fix I know I'm doing the cheat right but that part not working.
 
There are no notes attached to this issue.




View Issue Details
382 [Cheat Engine] (No Category) major have not tried 2015-03-11 02:39 2015-03-11 02:39
jrob80  
 
high  
new  
open  
none    
none  
   
Not scaning
does clicking on the debugging help with your scans every time I put in a amount click new scan it works. When I have to erase that put in new amount and hit next scan it doesn't want to work. Is there a fix or something I can do to make it work I even change the process I do everything excatly according to what the viedo shows on how to do cheat but can't get anthing to scan next scan thansk if you can help
 
There are no notes attached to this issue.




View Issue Details
381 [Cheat Engine] (No Category) minor N/A 2015-03-10 20:18 2015-03-10 22:36
jrob80  
 
normal  
new  
open  
none    
none  
   
Need help not getting anything in scan
When I'm in my game I have cheat engine up and when I place my line bet at 100. Then type that in to engine hit first scan it works when I down bet 50 enter that in engine hit next scan I get nothing. Then calls to repeat I would have to checkck line bet 100 enter 100 hit next scan then line 50 enter 50 hit next scan. So I just get 1 50 showing double click so it's at bottom. Then click speedhack change speed to 3 slow spins click on spin on game. When I get winning hand I stop spin click on 50 change value bunch 9's click ok. Changes my line bet 9's put back on normal spin get lot of coins but when I got to do the first part I can't get 50 to scan to get the info. When I hit next scan is there a fix if you can help thanks.
 
Notes
(0000788)
jrob80   
2015-03-10 22:34   
(Last edited: 2015-03-10 22:36)
it's pretty much every other I have to enter for the cheat to work it's 100-50 back to 100-50 but can't get the 50 to scan when I click next scan. It's like I can get 1 scan to work but when I have to click next scan after typing in another number it doesn't work





View Issue Details
380 [Cheat Engine] (No Category) crash always 2015-03-09 20:43 2015-03-09 21:03
pausebreak7  
 
none  
new  
open  
none    
none  
   
Dark Byte One suggestion?
x64 OS
1.dbvm this does not load
2.dbk64.sys load Success
3.setting KernelMode Debugger
4.Find Out Access Debug Or Change Register location Click
5.Computer BSOD
------------------------------------------
Dark Byte One suggestion?
X64 OS
DBVM NOT LOAD->debug actions -> add safety message work?
------------------------------------------


suggestion.png (130,492 bytes) 2015-03-09 20:43
http://cheatengine.org/mantis/file_download.php?file_id=140&type=bug
png
 
Notes
(0000787)
pausebreak7   
2015-03-09 21:02   
(Last edited: 2015-03-09 21:03)
I suggest to Dark Byte

debug function works -> DBVM NOT LOAD -> safety message box display





View Issue Details
379 [Cheat Engine] (No Category) minor always 2015-03-04 23:22 2015-03-04 23:22
LuvaL 64bit  
Windows  
normal 8.1  
new  
open  
none    
none  
   
Tutorial crash on code injection/disassembler edit/replacing with NOP
Hi everybody and sorry for bad english.

Everytime i try to Replace some opcodes, during the tutorial, it crashes.

This happens at every step, even if i just NOP.

Discovered this during step 7.

Tutorial.exe stopped working

  Nome evento problema: APPCRASH
  Nome applicazione: Tutorial-i386.exe
  Versione applicazione: 0.0.0.0
  Timestamp applicazione: 00000000
  Nome modulo con errori: Tutorial-i386.exe
  Versione modulo con errori: 0.0.0.0
  Timestamp modulo con errori: 00000000
  Codice eccezione: 4000001e
  Offset eccezione: 00026c46
  Versione SO: 6.3.9600.2.0.0.768.101
  ID impostazioni locali: 1040
  Informazioni aggiuntive 1: 3dc9
  Ulteriori informazioni 2: 3dc96cbba8a8e2a00ff33b23c3937fdb
  Ulteriori informazioni 3: 35e3
  Ulteriori informazioni 4: 35e3560bc7e9069b024bbb98c30c1d58

Sorry for my english, i'm italian.
Example:

Step 7:

1) Find Address.

2) Find out what writes to this address.

This is the opcode:
dec [ebx+00000478]

Address:
Tutorial-i386.exe+26C40


3) Autoassemble -> Template -> code injection
This is my code:
@@@@@@@@@@@@@@@@@@@@@@
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)

newmem:
add [ebx+00000478], 2

originalcode:
dec [ebx+00000478]

exit:
jmp returnhere

"Tutorial-i386.exe"+26C40:
jmp newmem
nop
returnhere:
@@@@@@@@@@@@@@@@@@@@@

4) Trying the "Hit button"

5) Crash.
 
There are no notes attached to this issue.




View Issue Details
376 [Cheat Engine] (No Category) minor always 2015-02-28 01:33 2015-03-01 12:48
Hans Henrik Intel Core i7 4910MQ, 32gb ram  
Dark Byte Windows 7 x64 SP1  
normal  
resolved  
fixed  
none    
none  
   
x64 cheat engine fails to allocate 9GB ram
When i try to scan for a single byte with unknown initial value on a process having approximately 230 MB of virtual memory memory, i get the error "Scan error:controller:Failure allocating memory for copy.
Tried allocating 9006934577437375 KB" (this is circa 9 GB)
now, this is despite having over 22GB of memory free. ( http://prntscr.com/6ao6jy )

..bug?
 
Notes
(0000783)
pausebreak7   
2015-02-28 09:56   
SVN Rev 2857 Patch

New Compile Cheat Engine
(0000785)
Dark Byte   
2015-02-28 23:50   
(Last edited: 2015-02-28 23:53)
You're using the kernelmode memory access functions ? If so, this has been fixed in the svn as stated above. (it's an issue with enumerating memory regions by parsing the pagetables manually)

In the meantime, disable kernelmode, it's faster anyhow (I wouldn't call that value 9GB)

(0000786)
Hans Henrik   
2015-03-01 07:31   
yes, yes i was. awesome! resolved then, i guess ^^




View Issue Details
378 [Cheat Engine] (No Category) minor always 2015-03-01 00:50 2015-03-01 00:50
Kyokyonos Android Emulator (Andy)  
Android 4.2.2 (rooted)  
normal x86_32  
new  
open  
none    
none  
   
[ceserver] CE client frequently unresponsive in Windows after connecting.
Problem: The CE client is generally unresponsive after connecting to the ceserver on android.

Running the emulator using: Windows 8.1 x64, 6GB RAM, 2GHZ AMD QuadCore APU. CPU and RAM usage both average 50%.

The ceserver and client (for 32bit android) obtained from:
http://cheatengine.org/temp/ceserverupdate.rar

1 - Replaced cheatengine-x86_64 executable in CE 6.4 installation directory with the one provided in rar file.

2 - Transfered ceserver and libceserver-extension.so to emulator's system/xbin and maximized permissions as root (777).

3 - Executed ceserver binary as root in terminal emulator on android. ceserver waits for client connection.

4 - Launched provided cheatengine-x86_64 and open process list and can see the server correctly listed in network list.

5 - Connected to server. At this point, the CE client becomes frequently unresponsive as errors appear looping within the android terminal.
Is this normal? This did not happen with the version (although lacking in features) compiled by CEF user greyman.

It happens immediately after connecting. The client still works (scanning, memory viewing etc.), but is unusable due to the overall slow and non-neglible unresponsiveness that makes it hard to navigate and make changes using CE (In other words, it's like a bad case of FPS lag).

Ironically, giving the VM more CPUs makes the problem worse for the CE client as the frequency at which it is unresponsive increases.
Capture.PNG (70,647 bytes) 2015-03-01 00:50
http://cheatengine.org/mantis/file_download.php?file_id=139&type=bug
png
 
There are no notes attached to this issue.




View Issue Details
377 [Cheat Engine] (No Category) feature N/A 2015-02-28 01:51 2015-02-28 23:45
Hans Henrik N/A  
N/A  
low N/A  
new  
open  
none    
none  
   
use thread injection to scan for memory?
as far as i've guessed (haven't actually looked in the source code), cheat engine does a full memory copy of the target process (i guess this is because ReadProcessMemory calling is slow, so just make 1 big call with reading everything? or something like that),
question is, could we avoid copying memory like that, by something like this:
Freeze all target threads,
CreateRemoteThread,
make the new thread scan the process for us (either write the opcodes for the operation directly in the memory, or use a classic dll injection,), then use some IPC-thing (shared memory?) to tell cheat engine when the scan is done, and where to grab the results?

if something like this is possible, it would be nice in memory-constrained situations, i guess.
 
Notes
(0000784)
Dark Byte   
2015-02-28 23:45   
It only makes a full copy when doing unknown initial value scans.
Normal scanning only it loads blocks the size of the scanbuffer you provide in settings(usually 512KB)
If you're on a low memory system, use a smaller scanbuffer.
Also, if you compile CE with the define lowmemoryusage unknown initial value scans will also be written to disk instead of being stored in memory

I did play with this method in the 5.* branch of CE (hyperscan), but the speed was always as fast as a normal non-injected scan, but with the added trouble that it would find memory blocks it allocated itself




View Issue Details
375 [Cheat Engine] (No Category) major always 2015-02-21 21:46 2015-02-28 01:37
Hans Henrik x86_64  
Windows 7 x64 ultimate SP1  
low  
new  
open  
none    
none  
   
unable to scan for single bit
when trying to scan for single bit 0, cheat engine will just show an error:
Scan error: thread 0: Stream write error
open a process
Value Type: Binary
Scan Type: Exact
check Bits
Value: 0

press First Scan.
scanforbit.jpg (75,442 bytes) 2015-02-21 21:46
http://cheatengine.org/mantis/file_download.php?file_id=136&type=bug
jpg
 
Notes
(0000765)
Dark Byte   
2015-02-21 22:39   
(Last edited: 2015-02-21 23:09)
Every address found will eat up 13 bytes (address+bitspecifier+originalvalue)
process memory exists 85% out of 0 bits

let's assume this game uses 1GB RAM, so 1000000000*8 bits=8000000000
85% of 8000000000 = 6800000000 addresses will be found
6800000000 * 13 will end up eating about 88.400.000.000 bytes. So make sure the folder your scanresults are in is formatted using NTFS (not FAT as that is limited to 4GB) and that it has at least 88.4GB diskspace left

Oh yeah, I forgot the First scan saving so you can compare to the first scan results, so 88.4*2=176.8GB

And don't forget the UNDO feature (which you can disable on settings). If it's enabled (default) then that one will also make a copy of the results:
88.4*3=265.2 GB

So yeah,
my suggestion is: NEVER scan for the BIT 0 (if you have to, scan for 1, or more than just 1 bit)

(0000780)
Hans Henrik   
2015-02-28 01:24   
(Last edited: 2015-02-28 01:37)
if i read this right http://prntscr.com/6anso6
the game use about 232 MB ram?
now, i have about 22.2 GB ram available ( http://prntscr.com/6antto )
i have 366 GB hdd available ( http://prntscr.com/6anufq )

VirtualMemoryBytes=232260000;
VirtualMemoryBits=VirtualMemoryBytes*8;
BytesNeededToStoreResults=(VirtualMemoryBits*13)*3 //assuming EVERY BIT is 0 ofc. 1 copy for original scan, 1 copy for compare with last scan, and... my brain is derping
//
MegabytesNeededToStoreResults=(BytesNeededToStoreResults/1024)/1024;
//69108 mb
GigabytesNeededToStoreResults=MegabytesNeededToStoreResults/1024;
//67.48 GB
// ^fully valid javascript btw. run it in your browser if you wish to verify :p
..this should be possible, afaik?





View Issue Details
374 [Cheat Engine] (No Category) minor N/A 2015-02-21 13:46 2015-02-23 23:22
pausebreak7  
Dark Byte  
none  
resolved  
fixed  
none    
none  
   
Dark Byte Cheat engine X64 kernel Memory Edit Impossible?
Process Protect Kernel Driver Memory Fix ->BSOD

Obregister call back

Cheat Engine Kernel Edit impossible?

Kernel Memory Edit -> JMP OR NOP ->BSOD

But Win64ast Kernel Explorer & Pchunter(Xuetr) Obregister call back Edit possible


cheatengine is not possible to modify the kernel memory?





hmm.png (71,876 bytes) 2015-02-21 13:46
http://cheatengine.org/mantis/file_download.php?file_id=133&type=bug
png

win64ast.png (68,792 bytes) 2015-02-21 13:59
http://cheatengine.org/mantis/file_download.php?file_id=134&type=bug
png

testS.png (128,274 bytes) 2015-02-21 20:29
http://cheatengine.org/mantis/file_download.php?file_id=135&type=bug
png

Thanks.png (108,798 bytes) 2015-02-21 23:44
http://cheatengine.org/mantis/file_download.php?file_id=137&type=bug
png

bluescreen.png (1,085,156 bytes) 2015-02-22 12:39
http://cheatengine.org/mantis/file_download.php?file_id=138&type=bug
 
Notes
(0000759)
pausebreak7   
2015-02-21 13:59   
win64ast technology

possible Cheat Engine?
(0000760)
Dark Byte   
2015-02-21 18:51   
you need to disable patchguard first which will BSOD you when kernelmode memory gets changed
Try out kpp destroyer: http://forum.cheatengine.org/viewtopic.php?t=573311
(0000761)
pausebreak7   
2015-02-21 20:32   
(Last edited: 2015-02-21 20:45)
Patch Guard On System Test
(disable patchguard No Setup)

standard windows 7 64bit OS

win64ast Modify -> Not BSOD

Cheat Engine Kernel Edit -> BSOD

Obregistercallback Cheat engine kernel memory edit Fail

Test Info:

PatchGuard ON System

Original Windows7 64bit

------------------------------
win64 ast Modify

xor eax,eax
ret

No blue Screen
------------------------------

Test Win64 ast file

win64ast -> http://pan.baidu.com/s/1o6MDJmE

NET Framework 4.0 -> http://pan.baidu.com/s/1bnnitIJ

http://m5home.blog.163.com/blog/static/2091221812012760245552

(0000762)
pausebreak7   
2015-02-21 20:39   
Cheat engine technology is impossible?

Please answer the Darkbyte
(0000764)
Dark Byte   
2015-02-21 22:28   
what is the bsod you get? (details)
Try editing the physical memory of that page instead
(0000766)
pausebreak7   
2015-02-21 23:44   
(Last edited: 2015-02-21 23:56)
DarkByte Genius Thanks

-My Test Success Or small Bug-

1.dbk.sys Load My Cheat Engine TarGet Open And Driver Memory Address
  Go to the Address(Screen Shot)
  Driver Address : 0xfffff8800cf50880
  Physical address : 41DA7A880

2.Go To the Physical Address 41DA7A880 -> Memory View ?? ?? ?? ??

3.Process Open Physical Memory click -> 41DA7A880 -> Memory View 48 89 54 10

4.Physical Memory Edit NOP -> Not Bsod Kernel Memory Change Success

-small bug?-
5.Process Change My Cheat Engine Process Re open
 -> Kernel Memory 0xfffff8800cf50880 Memory View -> ?? ?? ?? ??
(Process again to the memory kernel driver address is not visible)

*Does this fix should select a physical memory Open?

(0000767)
Dark Byte   
2015-02-22 00:23   
(Last edited: 2015-02-22 01:06)
sometimes you need to change to a process multiple times for it to fix.
physical memory is mainly used in a second instance of ce next to another one(so usually doesn't require this)

and this is why bsod information helps instead of saying it just bsod's. my guess is that you get a pagefault in nonpaged area exception, instead of an integrity violation error.
you can bypass that without physical memory by editing the pagetable entry and mark it writable before writing

in your example:
0xfffff8800cf50880 has it's pagetable entry at: (in win7)

0xfffff68000000000+(((0xfffff8800cf50880 & 0x0000ffffffffffff) >> 0xc)*8)=FFFFF6FC40067A80

There change bit 1(the second bit) to 1

(0000768)
pausebreak7   
2015-02-22 00:46   
Where do I modify the code?

CheatEngine Source MemoryBrowserFormUnit.pas Edit?
(0000769)
Dark Byte   
2015-02-22 01:10   
(Last edited: 2015-02-22 02:29)
best in the driver, but you can do it in memorybrowser as well, or write a hook on writeProcessMemory (you can even fix it with lua using a wpm hook)

before you write to an address do the calculation: PTE=$fffff68000000000+(((address and $0000ffffffffffff) shr 12)*8)
then read the byte from that address, and set bit 1 to true. : bytevalue:=bytevalue or 2; and write that to the page table entry
then you can write the page

in the driver you might also be able to just unset the WP bit (bit 16) in CR0, so it won't generate write protect pagefaults in kernelmode, but you must disable interrupts before doing that (cli) and when done restore them (sti)
And make sure you restore the WP bit in CR0 back to the original state

(0000770)
pausebreak7   
2015-02-22 09:35   
(Last edited: 2015-02-22 09:54)
I Temporarily resolved

PTE is Okay But Driver Source Code I'll never understand

Where do I modify the code?(DBKDrvr.c?,memscan.c?,IOPLDispatcher.c?)

generate write protect pagefaults in kernelmode Create Source Code ?

Dark Byte Thanks

(0000771)
Dark Byte   
2015-02-22 10:49   
memscan.c has a writeProcessMemory function. you can do that there
(0000772)
pausebreak7   
2015-02-22 11:45   
BlueScreen Bug Check 0xBE: ATTEMPTED_WRITE_TO_READONLY_MEMORY

Where Does the need to modify the code?

Disableinterrupts()->Enable?

vmx_disable_dataPageFaults->enable?


---------------------
if (loadedbydbvm) //add a extra security around it
{
disableInterrupts();
vmx_disable_dataPageFaults();
}
RtlCopyMemory(target,source,Size);
ntStatus = STATUS_SUCCESS;
if (loadedbydbvm)
{
UINT_PTR lastError;
lastError=vmx_getLastSkippedPageFault();
vmx_enable_dataPageFaults();
enableInterrupts();
DbgPrint("lastError=%p\n", lastError);
if (lastError)
ntStatus=STATUS_UNSUCCESSFUL;
}
(0000773)
Dark Byte   
2015-02-22 11:52   
(Last edited: 2015-02-22 11:54)
Outside of the vmx related parts:

disableInterrupts()
setCR0(getCR0() & (~(1<<16)))

writetothememory (rtlcopymemory might not function)

setCR0(getCR0() | (1<<16))
enableInterrupts()

(0000774)
pausebreak7   
2015-02-22 12:17   
(Last edited: 2015-02-22 12:40)
blue screen shot image upload

I compile this code?

if (loadedbydbvm) //add a extra security around it as the PF will not be handled
{
disableInterrupts();
setCR0(getCR0() & (~(1<<16)));
vmx_disable_dataPageFaults();
}
for (i=0; i<Size; i++)
{
target[i]=source[i];
}
ntStatus = STATUS_SUCCESS;
if (loadedbydbvm)
{
UINT_PTR lastError;
lastError=vmx_getLastSkippedPageFault();
vmx_enable_dataPageFaults();
setCR0(getCR0() | (1<<16));
enableInterrupts();
DbgPrint("lastError=%p\n", lastError);
if (lastError)
ntStatus=STATUS_UNSUCCESSFUL;
}

(0000775)
Dark Byte   
2015-02-22 13:35   
(Last edited: 2015-02-22 13:36)
i said to put it outside of the vmx related parts, yet you put it in the vmx only part
move it out of there as the vmx hasn't force loaded the driver(loadedbydbvm is false)

(0000776)
pausebreak7   
2015-02-22 15:20   
(Last edited: 2015-02-22 15:24)
Dark Byte sorry

I would not know how to solve

Is there certainly know how to modify the source where?

Sorry, do not know for sure

Can you upload the modified file memscan.c?

------------------- Write Process Memory -----------
BOOLEAN WriteProcessMemory(DWORD PID,PEPROCESS PEProcess,PVOID Address,DWORD Size, PVOID Buffer)
{
PEPROCESS selectedprocess=PEProcess;
KAPC_STATE apc_state;
NTSTATUS ntStatus=STATUS_UNSUCCESSFUL;
if (selectedprocess==NULL)
{
//DbgPrint("WriteProcessMemory:Getting PEPROCESS\n");
if (!NT_SUCCESS(PsLookupProcessByProcessId((PVOID)(UINT_PTR)PID,&selectedprocess)))
return FALSE; //couldn't get the PID
//DbgPrint("Retrieved peprocess");
}
//selectedprocess now holds a valid peprocess value
__try
{
UINT_PTR temp=(UINT_PTR)Address;
RtlZeroMemory(&apc_state,sizeof(apc_state));
KeAttachProcess((PEPROCESS)selectedprocess);
__try
{
char* target;
char* source;
unsigned int i;
//DbgPrint("Checking safety of memory\n");
if ((IsAddressSafe((UINT_PTR)Address)) && (IsAddressSafe((UINT_PTR)Address+Size-1)))
{
//still here, then I gues it's safe to read. (But I can't be 100% sure though, it's still the users problem if he accesses memory that doesn't exist)
target=Address;
source=Buffer;
if (loadedbydbvm) //add a extra security around it as the PF will not be handled
{
disableInterrupts();
vmx_disable_dataPageFaults();
}
for (i=0; i<Size; i++)
{
target[i]=source[i];
}
ntStatus = STATUS_SUCCESS;
if (loadedbydbvm)
{
UINT_PTR lastError;
lastError=vmx_getLastSkippedPageFault();
vmx_enable_dataPageFaults();
enableInterrupts();
DbgPrint("lastError=%p\n", lastError);
if (lastError)
ntStatus=STATUS_UNSUCCESSFUL;
}
}
}
__finally
{
KeDetachProcess();
}
}
__except(1)
{
//DbgPrint("Error while writing\n");
ntStatus = STATUS_UNSUCCESSFUL;
}
if (PEProcess==NULL) //no valid peprocess was given so I made a reference, so lets also dereference
ObDereferenceObject(selectedprocess);
return NT_SUCCESS(ntStatus);
}

(0000777)
Dark Byte   
2015-02-23 01:10   
change CR0 and disable interrupts before the for loop, and change CR0 back and re-enable interrupts after the for loop
stay out of loadedbydbvm
(0000778)
pausebreak7   
2015-02-23 08:37   
Dark Byte Thank you!

I solved the problem 100%

I am honored to know a great person like you.

Thank you for your answer for a long time ^^




View Issue Details
373 [Cheat Engine] (No Category) minor always 2015-02-11 10:04 2015-02-17 14:39
pausebreak7  
Dark Byte  
normal  
resolved  
fixed  
none    
none  
   
Ansi String & Unicode Change And Input String Data 0D 0A bug?
Originally zero, but 0D 0A generated

61 62 63 64 65 66 00 00 <- Cheat engine 6.3 abcdef input and Change

61 62 63 64 65 66 0D 0A <- Rev 2902 Cheat engine abcdef input and Change

String Bug?

Why 0D 0A input?
error string.png (55,659 bytes) 2015-02-11 10:04
http://cheatengine.org/mantis/file_download.php?file_id=132&type=bug
png
 
Notes
(0000754)
pausebreak7   
2015-02-11 10:25   
Cheat Engine 6.4 release version

abcdef [61 62 63 64 65 66] -> Change 12345 [31 32 33 34 35 00]

The last code 00 input

but rev 2902 version input 0D 0A
(0000755)
pausebreak7   
2015-02-11 11:07   
Multi Line Command -> 0D 0A Input

single Line command -> Not 0D 0A input

When using a multi-line commands are your intended?
(0000756)
mgr_inz_Player   
2015-02-16 04:16   
(Last edited: 2015-02-16 04:19)
This functionality was added in 4 Dec 2014 (revision 2852)

You can change line 980 in addresslist.pas:
value:=TrimRight(Utf8ToAnsi(value));

(0000757)
pausebreak7   
2015-02-17 08:29   
mgr inz player thank you
(0000758)
Dark Byte   
2015-02-17 14:39   
applied this fix in the svn




View Issue Details
372 [Cheat Engine] (No Category) crash always 2015-02-10 15:09 2015-02-10 22:21
pausebreak7  
Dark Byte  
high  
resolved  
no change required  
none    
none  
   
DarkByte Cheat engine Dbvm bsod crash bug?
My linux dbvm 64bit compile 369kb(377 856byte)
Cheat Engine Rev 2902 Run

DBVM Version 8 Load -> Process Open -> Find Out What Accesses this address click
->Computer Bsod Crash ShutDown


error bsod.png (109,515 bytes) 2015-02-10 15:09
http://cheatengine.org/mantis/file_download.php?file_id=131&type=bug
png
 
Notes
(0000744)
pausebreak7   
2015-02-10 16:29   
Compile make clean cdimage

vmdisk144.img and vmdisk.img Copy Cheat engine Folder
dbk64.sys
cheatengine-x86_64.exe
vmdisk.img and vmdisk144.img

Do I need any other files?

----------------------------------
vmdisk.img 285KB (291,840 byte) <--Cheat engine 6.4 Original Release vmdisk.img

Not Bsod

my vmdisk.img 369kb(377 856byte) <--Bsod
(0000745)
pausebreak7   
2015-02-10 16:47   
computer info:
cpu: i5 Sandy Bridge
ram: 16GB
hdd: ssd
vga: NVIDIA GTX
(0000746)
pausebreak7   
2015-02-10 17:05   
my linux ubuntu 14.04 Compile

How do I use a different compiler?

I would like to know your build environment
(0000747)
Dark Byte   
2015-02-10 17:23   
i used linux mint 14 and compile it using "make clean install"
but are you sure it's your build being the culprit? It could be it's the 30% chance you crash. Does it always crash? And does it crash when starting it from the about screen?

it's possible you need an older version of gcc. I read somewhere that it has changed the calling convention recently(16 byte alignment of the stack, including 32 bit code)
(0000748)
pausebreak7   
2015-02-10 17:24   
The compiled file size is too different

You think there is a problem with the compilation method?

But Cheat engine Source Error?
(0000749)
pausebreak7   
2015-02-10 17:27   
Always crash 100%
(0000750)
Dark Byte   
2015-02-10 17:29   
(Last edited: 2015-02-10 17:33)
https://code.google.com/p/cheat-engine/source/browse/trunk/dbvm/vmm/common.h
comment line 6 and 7 (or if you have a serial port adjust the makefile, it will help with debugging)
perhaps 11 as well

edit: actually, just edit https://code.google.com/p/cheat-engine/source/browse/trunk/dbvm/Makefile
and set serialport to 0

(0000751)
pausebreak7   
2015-02-10 17:47   
Dark Byte

serial port to 0 compile bsod not crash

Why do you do that?
(0000752)
Dark Byte   
2015-02-10 18:05   
when serialport is not 0 it compiles into debug mode
in debug mode right before it starts, it prints out a menu with lots of options to the serial port, and then waits for the user to send it an option. (e. g. 0 to start)
but if no one is sending it the command to start, it will wait forever
(0000753)
pausebreak7   
2015-02-10 18:11   
Dark Byte Thank you^^

Have a nice day!




View Issue Details
371 [Cheat Engine] (No Category) minor always 2015-02-09 07:31 2015-02-09 14:34
pausebreak7  
Dark Byte  
normal  
resolved  
fixed  
none    
none  
   
[rev2901 Compile] disassembly out put Holding a 64-bit process seems to be a 32-bit process
Compile rev2901 cheat engine

64bit process target -> auto detect disassembly -> 32bit process memory view

64bit process target -> disassembly out put 64bit ->64bit process memory view

But In case of a jump hook in the auto assembler does not move when you press the space at that address
error.png (51,611 bytes) 2015-02-09 07:31
http://cheatengine.org/mantis/file_download.php?file_id=130&type=bug
png
 
Notes
(0000740)
Dark Byte   
2015-02-09 11:30   
(Last edited: 2015-02-09 11:33)
is the address you're looking at part of the exe, runtime generated(no module) or part of windows?
And does the windows taskmanager under processes put an *32 behind the processname?

(0000741)
pausebreak7   
2015-02-09 12:24   
Target is a Windows 64-bit programs
(Select the 64-bit cheat engine Recognizing their program as a 32-bit program)

The program is not shown in Task Manager * 32
(0000742)
pausebreak7   
2015-02-09 12:34   
Video Link:
https://www.dropbox.com/s/lxgpn04pg6mb79o/bandicam%202015-02-09%2018-16-34-880.avi?dl=0
(0000743)
Dark Byte   
2015-02-09 14:34   
fixed in the svn




View Issue Details
368 [Cheat Engine] (No Category) crash N/A 2015-02-07 05:24 2015-02-08 04:50
pausebreak7  
Windows X64  
none  
new  
open  
none    
none  
   
Hello,Dark byte 1 More Question? Cheat Engine Dbvm Kernel Detective VMProtect
File:
https://www.dropbox.com/s/3p3gfstu9szmwr7/DBVM%20Detect.zip?dl=0

VMProtect Option Virtualzation tools(VMware/Virtual PC/Sandboxie)

32Bit Process File Packing

1.DBVM Not Run Process File Start(NoPacking Injetor) -> Not Message

2.DBVM Run Process File Start(VMProtect Virual Detect Packing.exe)

Message-> Sorry,this application cannot run under a Virtual Machine

Dbvm 5~8 All Version Dbvm Bootloader Detect? VMProtect Solution

Wondering what methods to detect?

Avast antivirus and seems to have a different error

I do not know how it should be resolved.. T_T

Plz Comment Dark byte


 
Notes
(0000731)
pausebreak7   
2015-02-07 05:31   
Can you upload a file that can solve vmdisk.img?

Genius Dark Byte Plz...
(0000733)
Dark Byte   
2015-02-08 03:33   
Have you tried changing the password required to talk to dbvm ?
If you launch dbvm using runtime, the driver64.dat file (last 2 lines) assigns it new passwords

Alternatively, you can rebuild dbvm with different default passwords
(0000734)
pausebreak7   
2015-02-08 03:44   
(Last edited: 2015-02-08 03:58)
password1: $ 12345678
password2: $ 5128a150

Change the password as above before running Dark Byte comment

But vmprotect the message has not been bypassed

(0000735)
pausebreak7   
2015-02-08 04:50   
I try to rebuild a different default password dbvm

But still VMPROTECT virtualization does is not to bypass detection

VMProtect rather seems to have a different detection techniques, except for vmm_entry

password




View Issue Details
367 [Cheat Engine] minor have not tried 2015-02-02 02:47 2015-02-08 04:11
Dark Byte  
Dark Byte  
normal  
confirmed  
open  
none    
none  
   
.net: fieldnames of superclasses in different assemblies are wrong
http://forum.cheatengine.org/viewtopic.php?t=579393
 
There are no notes attached to this issue.




View Issue Details
370 [Cheat Engine] (No Category) major always 2015-02-07 16:03 2015-02-07 16:03
MiDnIgHtXeLiTe Cheat Engine 6.4  
Windows 8.1  
urgent  
new  
open  
none    
none  
   
Speedhack is stuck on in Euro Truck Simulator 2
I set speedhack to 20 and now its stuck on. I have reinstalled cheatengine and Euro Truck Simulator 2 and its still stuck on.
 
There are no notes attached to this issue.




View Issue Details
362 [Cheat Engine] minor always 2015-01-19 09:21 2015-01-19 22:20
ATrulyAwesomePerson  
Dark Byte  
normal  
resolved  
fixed  
none    
none  
   
0F 50 D1 is disassembled incorrectly
0F 50 D1 is disassembled to movmskps ecx, xmm2 instead of movmskps edx, xmm2 (as confirmed by Ida Free).
 
Notes
(0000728)
Dark Byte   
2015-01-19 22:20   
fixed in the svn




View Issue Details
361 [Cheat Engine] major always 2015-01-18 18:42 2015-01-19 02:19
cynosure  
 
normal  
confirmed  
open  
none    
none  
   
Interface unusably small on high dpi 4k display
CE is completely unusable as is due to the interface and text being rendered at an unreadably miniscule size on my laptop's 4k (2160p) 15.6" display. Text does not properly apply OS high-dpi 250% scaling settings.

Hardware affected: Lenovo y50 UHD 4k
SpeedHack
I resized a fullscreen screencap to 1080p, as I'm not sure if a 4k screen will properly render reproducing the visual issue on a low-dpi screen.
ce_1080.png (180,374 bytes) 2015-01-18 18:42
http://cheatengine.org/mantis/file_download.php?file_id=122&type=bug
png
 
There are no notes attached to this issue.




View Issue Details
356 [Cheat Engine] major always 2014-12-08 06:24 2015-01-07 00:57
pausebreak7  
Dark Byte  
normal  
resolved  
fixed  
none    
none  
   
Cheat Engine Query Memory Region Routines Error?
Cheat Engine Extra Setting
1.Query Memory Region Routines Check
2.Process TarGet Open
3.Scan Type Unknown intial value & 4Byte
4.first scan click

Error Message

Scan error:Failure allocating Memory for copy, Tried allocating
9006934577432383 KB

The intention error?






Error Screen Shot
error.png (41,311 bytes) 2014-12-08 06:24
http://cheatengine.org/mantis/file_download.php?file_id=116&type=bug
png

check.png (21,261 bytes) 2015-01-06 03:18
http://cheatengine.org/mantis/file_download.php?file_id=117&type=bug
png
 
Notes
(0000723)
pausebreak7   
2015-01-06 03:20   
(Last edited: 2015-01-06 03:22)
check.png screenshot upload

Write Table Scan Memory Option

Unchecked -> Not Error
checked ->Error
Gray ->Error

Scan error:Failure allocating Memory for copy, Tried allocating
9006934577432383 KB

(0000724)
Dark Byte   
2015-01-07 00:57   
already fixed in the svn




View Issue Details
357 [Cheat Engine] text have not tried 2014-12-21 15:16 2014-12-21 15:16
IxI_JOKER_IxI  
 
normal  
new  
open  
none    
none  
   
Add support of the Ukrainian language.
Add support of the Ukrainian language. Make a multi-language program.
Cast the translation project in the popular service to transfer programs and I will translate it for the Ukrainian language.
 
There are no notes attached to this issue.




View Issue Details
340 [Cheat Engine] crash always 2014-07-24 23:29 2014-12-10 02:12
pausebreak7  
 
normal  
acknowledged  
open  
none    
none  
   
cheat engine 6.4 dbvm kernel debug process crash bug fix plz
hello dark byte
cheat engine 6.4 dbvm kernel mode process debug crash bug

my video link:
https://www.dropbox.com/s/w50dz5ttgg61f45/bandicam%202014-07-25%2004-36-55-026.avi

1.dbvm debug mode process find what access this address

2.process exit

3.new process load find what access this address click crash cheat engine error
 
Notes
(0000686)
Dark Byte   
2014-07-25 12:01   
does it also crash if you close cheat engine ,reopen it and target the new process ? (So I know if it's the usermode or kernelmode part that breaks)
And is this an AMD or Intel cpu? (so I know which section to look at)
And did you use any kind of patchguard override before? (in case dbvm has failed completely and it's falling back on stupid interrupt hooks which would normally bsod you instead without such an override)
(0000687)
pausebreak7   
2014-07-25 13:14   
(Last edited: 2014-07-25 13:20)
1.
--my computer info--
OS: Windows 7 x64(64bit) Ultimate K Service Pack 1
CPU: intel(R) Core(TM) i5-2500 CPU @ 3.30GHZ
Ram: 16GB

2.process no exit process list re open process cheat engine not error
so target process crash bug

3. cheat engine 6.2 or 6.3 ->not error
   cheat engine 6.4 ->error

4. no bsod target process crash and computer system very slow target
process cpu 99%

--my viedo link2:

https://www.dropbox.com/s/r5n29cbbx4ivgkj/bandicam%202014-07-25%2018-26-28-375.avi

(0000688)
pausebreak7   
2014-07-29 13:19   
--Intel i5 core cpu win7 x64--

crash:
debugger options -> user global debug routines check-> crash error

Not crash:
debugger options -> user global debug routines no check-> no error
(0000689)
pausebreak7   
2014-08-03 22:54   
Hi, dark byte
Cheat Engine Rev 2398 & 2634 compare code test

-> debugeventhandler.pas bug code fix plz

my test debugeventhandler.pas original code
 if (debugreg in [0..4]) and (bpp.breakpointMethod=bpmDebugRegister) and (bpp.debugRegister<>debugreg) then
continue; //this is not the correct breakpoint. Skip it

debugeventhandler.pas code edit

// if (debugreg in [0..4]) and (bpp.breakpointMethod=bpmDebugRegister) and //(bpp.debugRegister<>debugreg) then
//continue; //this is not the correct breakpoint. Skip it

debugeventhandler.pas 771-772 line Delete the code -> Dbvm global debug process Not Error!

Dont know about the Delphi Code

Code Fix Plz
(0000690)
Dark Byte   
2014-08-04 02:15   
(Last edited: 2014-08-04 02:19)
That will break properly deleting/resetting breakpoints.

anyhow, what happens if you close cheat engine as well and then reopen cheat engine and attach it to the new process and debug that ? (you haven't done that in the videos)
Also, check the threadlist and the debug registers to see if they are filled in before

you may want to do that fix with global debug only, or better fix the cause for the wrong debug reg

(0000691)
pausebreak7   
2014-08-04 03:35   
(Last edited: 2014-08-04 03:38)
dark byte
error does not go out when it is moved to the active under the code of if as follows deiphi code
Do you have any code that has been modified correctly this?

Original:
if InRangeX (address, bpp.address, bpp.address + bpp.size-1) then
begin

if (debugreg in [0..4]) and (bpp.breakpointMethod = bpmDebugRegister) and (bpp.debugRegister <> debugreg) then
continue; // this is not the correct breakpoint. Skip it
found: = true;
bpp2: = bpp;
active: = bpp ^ .active;


Edit:
if InRangeX (address, bpp.address, bpp.address + bpp.size-1) then
begin
found: = true;
bpp2: = bpp;
active: = bpp ^ .active;

if (debugreg in [0..4]) and (bpp.breakpointMethod = bpmDebugRegister) and (bpp.debugRegister <> debugreg) then
continue; // this is not the correct breakpoint. Skip it

(0000721)
pausebreak7   
2014-12-10 02:12   
(Last edited: 2014-12-10 02:12)
dark byte
I Love You!
Rev 2629,2631 Source Code Thanks

After 1 months in advance Happy New Year 2015





View Issue Details
352 [Cheat Engine] minor have not tried 2014-11-12 08:32 2014-11-16 02:35
checkmate216  
Dark Byte  
normal  
resolved  
fixed  
none    
none  
   
debug_getBreakpointList and IsDebugging
Both of these functions doesn't seem to work in CE 6.3 or 6.4
virus
 
Notes
(0000711)
Dark Byte   
2014-11-14 02:05   
I can't reproduce debug_isDebugging() from not working(check the charcase) but i've fixed debug_getBreakpointList()
(0000712)
checkmate216   
2014-11-15 17:32   
(Last edited: 2014-11-15 17:35)
Yeah, my casing was messed up. As for debug_getBreakpointList() would I need to wait for a later release of CE or just reinstall from the site?

(0000713)
Dark Byte   
2014-11-16 02:35   
Best wait till next version
Or download this file and overwrite the files in your current ce folder
https://googledrive.com/host/0BwMAnE6mjogMTmpYMGstY1NPQnc/pure%20r2842.7z




View Issue Details
345 [Cheat Engine] block always 2014-10-12 00:30 2014-11-03 08:37
Csimbi  
Dark Byte  
normal  
resolved  
fixed  
none    
none  
   
CE 6.4 Pointer scan sort throws ioob error
Just did a level 5 search.
Whenever I click on the first column's heading ("Base address"), CE throws the error shown on the attached image.
CE_PointerScan2.png (62,728 bytes) 2014-10-12 00:30
http://cheatengine.org/mantis/file_download.php?file_id=114&type=bug
png
 
Notes
(0000707)
Dark Byte   
2014-11-03 08:37   
fixed in the svn




View Issue Details
344 [Cheat Engine] block always 2014-10-11 21:49 2014-10-21 14:36
Csimbi  
Dark Byte  
normal  
resolved  
no change required  
none    
none  
   
CE 6.4 Pointer scan yields incorrect pointers
Please see attached screenshot while reading this.

I ran a scan, the results are on the screenshot.
According to that, all pointers in the result list point to 0x3EFA5C80.

I included the dissected structure shot and the Change address dialog as proofs that these are not valid pointers.
If you check the last offset (0x780) of the the highlighted pointer scan result, you'll see that the address 0x3EFA5C80 points to 0x02A01F00.

I got the address 0x3EFA5C80 all right, but not as a pointer.
The second Change address dialog shows another address, so you can see it's not specific to one pointer.

I used compressed pointer scan file.

As a side note, CE created 5*100GB scan files before the disk filled up - I had to stop the scan. Creating that amount took about 3 hours. Rescanning the pointer was at 0000011:0000015-20% after 4 hours of rescan - all four CPU core performance maxed out. Something is slowing down the rescan. I had to close CE to abort the re-scan as it would take 2 days...
CE_PointerScan.png (64,179 bytes) 2014-10-11 21:49
http://cheatengine.org/mantis/file_download.php?file_id=113&type=bug
png
 
Notes
(0000697)
Dark Byte   
2014-10-12 01:10   
(Last edited: 2014-10-12 01:15)
You're making the mistake that the last line is a pointer+offset.
But look closely and you'll see it's missing the [ ] around it. That means it's just a calculation

The final address in the structure isn't a pointer, but it's the actual address you're interested in
3efac5c80 : xxxxxxxx

from that point on it's up to you to interpret it as the type you wish. you 'could' interpret it as a pointer itself as you did in the screenshot, but showing it as an integer, or 2 byte, ot whatever type it actually is would be better


As for rescans taking long that it because the results are read from disk. Rescans will take at least the amount of time it took the scan to write them to disk in the first place

Anyhow, next version you can do a rescan before the results are written to disk, greatly reducing diskspace (e.g instead of 100 billion results you only get 1 or 2 million)
Will eat up yet another 2 to 4 GB of RAM depending on the game

(0000699)
Csimbi   
2014-10-12 11:28   
(Last edited: 2014-10-12 12:00)
Yes, I can see that they are not pointers, that's why I filed the report.
I have hundreds of gigabytes of these 'calculations'.

From my perspecive, it's a bug because the pointer scan collects a lot of irrelevant data - these calcualtions are not pointers after all.

If possible, I'd like to have these thrown away during the first scan already; I'd think it would reduce number of paths to scan and the number of false results.

Thought I am not sure how CE works internally. If these calculations are really needed, I'd like all these calculations stored separately from the actual results (maybe save them to a different file?), so the results are really pointer results.

Edit:
Could the cause of the slow rescan be that the pointer files are highly fragmented?
They are on a HDD rather than an SSD and CE wrong 5 of them in parallel (during the scan), so I'm sure they are very fragmented.
There's no way to force writing results to a single file, or, to write different files on different disks, is there?

(0000701)
Dark Byte   
2014-10-12 16:59   
(Last edited: 2014-10-12 17:08)
all results in the pointerfiles are valid pointers. (valid at that time)
A valid pointer is a path that goes from any base address to the address you're looking for.
It doesn't contain any irrelevant data (if any field is missing it's impossible to find the address)
e.g it's stored as:
moduleid+offsetintomodule, offsetcount, offset1, offset2, offset3, offset4
moduleid+offsetintomodule, offsetcount, offset1, offset2, offset3, offset4
moduleid+offsetintomodule, offsetcount, offset1, offset2, offset3, offset4
moduleid+offsetintomodule, offsetcount, offset1, offset2, offset3, offset4
...

on a 4 offset entry:
baseaddress+offset1 points to a pointer
that pointer+offset2 points to another pointer
that pointer+offset3 points to another pointer
that pointer+offset4 points to the final address

that last offset is required else you wouldn't know where the final address is

As for fragmentation that could be an issue yes. Although the files are written in decent sized chunks at a time (16MB at once) there can still be some overlap at the same time.
Have you tried manually defragmenting the disk before doing a rescan ? (Or just copy the files to another disk)

Anyhow, as I mentioned earlier, if you use next ce's pointerscan properly you will be able to really cut down on the disk access
It involves finding the address, taking a snapshot of the game, restart the game, find the address again and then do a pointerscan with for the new address combined with the snapshot you made earlier

(0000702)
Csimbi   
2014-10-12 18:32   
Is that how it was earlier? (the results)
I have not used it for ages so I can't recall.
(0000703)
Dark Byte   
2014-10-12 23:21   
not sure what you mean with that question. Anyhow, it has always been like that yes.
Even compressed pointers files store it like that. It's just that in that case there's less space between offsets. Instead of 32 bits for each offset it now only stores the max amount of bits needed(sz 2047 means 11 bits) and stuffs them together. 4*11=44 bits( =6 bytes rounded) as opposed to 4*32=128 bits (=16 bytes) for every pointer found
(0000704)
Csimbi   
2014-10-13 14:29   
(Last edited: 2014-10-13 14:31)
I meant individial results.
Hmmm. I remember differently, buy okay; I'll just accept that my memory has faded over the years.
With that, this report should be closed.

On the second part:
So that's why it does not look compressed... I'll send a PM about this shortly to avoid having to keep this report open.





View Issue Details
349 [Cheat Engine] text always 2014-10-20 23:21 2014-10-21 03:13
Csimbi  
Dark Byte  
normal  
resolved  
fixed  
none    
none  
   
CE 6.4 displays wrong comment
CE displays '233' as comment for the following line of code:
...+68AB3 - 3D E9030000 - cmp eax,000003E9

I should be displaying 1001.
Attached a screenshot.
CE.png (633 bytes) 2014-10-20 23:21
http://cheatengine.org/mantis/file_download.php?file_id=115&type=bug
png
 
Notes
(0000706)
Dark Byte   
2014-10-21 03:13   
fixed in the svn




View Issue Details
346 [Cheat Engine] minor always 2014-10-12 00:44 2014-10-12 16:47
Csimbi  
Dark Byte  
normal  
resolved  
fixed  
none    
none  
   
CE 6.4 Pointer scan does not compress pointer file when first scan was uncompressed
First, do a pointer scan with the compression off. Make sure the level is deep enough so you can see the writing % go up.
Eventually, abort.
Next, delete all the scan files from the disk manually, and repeat the same scan but this time, turn compression on.
You should see that CE does not compress the pointer data.
 
Notes
(0000698)
Dark Byte   
2014-10-12 01:13   
(Last edited: 2014-10-12 01:31)
can you actually confirm the results are not compressed ? Due to caching it's possible that it finds results a lot faster now (also, the default behavior is to reuse the previous pointermap so the progressbar part gets skipped)

(and ssd's have this annoying 'issue' where initial write bursts get handled fast, but subsequent write bursts within a specific time are slower. Probably due to cleanup/maintenace)

Could you upload the .ptr and .ptr.* files where you did enable compression but it failed ?

(0000700)
Csimbi   
2014-10-12 11:46   
Meh, I was look it at the wrong pointer file all the time.
False report, sorry!!!




View Issue Details
343 [Cheat Engine] crash always 2014-09-10 18:42 2014-09-13 22:58
cheatenginefan  
 
normal  
acknowledged  
open  
none    
none  
   
Android ceserver/cheatengine "All debug registers are currently used " and Freeze
Rooted Kyocera C5170 Hyrdo Android 4.0.4
Linux Kernel 3.0.8-perf ([email protected]) (gcc version 4.4.3 (GCC) ) 0000001 PREEMPT Wed Aug 7 14:26:30

Steps:
>attach debugger
>Load my cheat list
>Click a cheat and Hit F5 (Find out what accesses this address)
>Error: All debug registers are currently used up. Free one and try again

The same thing occurs with F6(Find out what writes to this address), but usually the client locks up and becomes unresponsive.

Some stuff I've tried:
I've run "stop debuggerd"

Here is a pastie of my PS:http://pastie.org/pastes/9542318/text?key=xqhkpqbieyh8txwoyhxmlw

Here is the log from ceserver: http://pastie.org/pastes/9542153/text?key=d3hew5oebimrc6nhlioq

I can run any command you'd like including running a gdb server, and also provide any additional information that might be needed.
 
Notes
(0000694)
cheatenginefan   
2014-09-10 18:47   
This is both from the ceserver on the main download page and the one available from the apk http://forum.cheatengine.org/viewtopic.php?t=575084&postdays=0&postorder=asc&start=0

Using Cheatengine 6.4.
(0000695)
Dark Byte   
2014-09-13 22:58   
Could be the processor or linux version doesn't have any read/write breakpoints implemented




View Issue Details
342 [Cheat Engine] minor always 2014-09-05 03:44 2014-09-06 12:57
ThisIsADogHello  
Dark Byte  
normal  
resolved  
fixed  
none    
none  
   
In Lua, getAddress/inModule can return errors that pcall() cannot catch
I am trying to find some addreses which do not always exist, as the target is a .NET program and the functions are only JIT'd when they are called.

If I try to call getAddress or inModule to find whether they exist, I get the error:
  Error:Failure determining what asdf means
  Script Error

Script execution is then halted, and if the script is run automatically with the table, cheat engine immediately closes and takes the debugged program with it.

I tried catching this error with popen, as explained in http://www.lua.org/pil/8.4.html , and while popen can catch errors I throw myself, it cannot catch the errors that getAddress or inModule throw.

With this bug, I can't periodically check for if the functions appear later, and have to ensure that every function my script wants to debug has been called before I load my cheat table with the lua script in it.
 
Notes
(0000692)
Dark Byte   
2014-09-05 18:24   
Call errorOnLookupFailure(false) so the lookup will result into address 0 instead of erroring out
(0000693)
ThisIsADogHello   
2014-09-05 22:31   
Ah, yep. That works fine, thanks. I've updated the wiki to include this function in the Lua function list, and added references to it in getAddress and inModule so hopefully no one else checking the wiki will get caught by this.




View Issue Details
339 [Cheat Engine] feature N/A 2014-07-10 10:39 2014-07-10 10:39
Csimbi  
 
normal  
new  
open  
none    
none  
   
Feature request: Compact UI
Any chance to add a 'Full UI'/'Compact UI' option in CE settings?
I'm thinking the 'Full UI' would show CE as it is today, while the 'Compact UI' would show only the menu bar, the Attach/Open/Save/Table extras buttons and the cheat table opened - everything else would be removed.
Thank you for considering.
 
There are no notes attached to this issue.




View Issue Details
336 [Cheat Engine] minor always 2014-06-07 12:30 2014-06-16 00:35
mgr_inz_Player  
Dark Byte  
normal  
resolved  
fixed  
none    
none  
   
aob injection and full injection, CE freeze
Minor bug.

1) Open CE, do not open any process, open "auto assemble" window,

2) choose "aob injection", click OK two times, access violation will show up, click OK

3) do step 2 again, CE will hang (main thread will use 100% of CPU)

The same with "full injection".
 
There are no notes attached to this issue.




View Issue Details
335 [Cheat Engine] feature N/A 2014-06-06 21:39 2014-06-16 00:30
Csimbi  
Dark Byte  
normal  
resolved  
fixed  
none    
none  
   
Feature request: save region settings
Would it be possible to save all settings from this dialog (see attachment) throughout the current CE session (i.e. until CE is closed)?
It is becoming a burden to add regions manually every time (and check the box and click yes).

Thank you!
CE_SaveRegion.png (7,714 bytes) 2014-06-06 21:39
http://cheatengine.org/mantis/file_download.php?file_id=111&type=bug
png
 
There are no notes attached to this issue.




View Issue Details
334 [Cheat Engine] minor always 2014-06-02 02:01 2014-06-03 13:54
asciicat  
Dark Byte  
normal  
resolved  
fixed  
none    
none  
   
crash on watching memory allocations of ce's own process
1) Open cheat engine
2) Select cheat engine's process
3) Click mem view
4) Debug -> watch memory allocations (shift control m)
Then CE hangs

This makes sense to me though, I'm assuming it's getting stuck in a loop, while watching memory allocations it is allocating, and thus making another alloc etc etc.
 
Notes
(0000681)
Dark Byte   
2014-06-03 13:54   
it now detects if it's CE and tell you to not do that




View Issue Details
323 [Cheat Engine] minor N/A 2014-03-19 15:58 2014-05-14 15:16
pausebreak7  
Dark Byte  
normal  
resolved  
fixed  
none    
none  
   
dark byte plz ceserver-linux_arm_android new version
ceserver-linux_arm_android
new version svn update plz
android mobile app ce 6.4? my test...
svn bin folder ceserver-linux_arm_android new version update plz!

 
Notes
(0000678)
Dark Byte   
2014-05-14 15:16   
http://cheatengine.org/temp/ceserverbin.zip




View Issue Details
324 [Cheat Engine] text always 2014-03-29 14:38 2014-04-21 07:09
SERGANT  
Dark Byte  
normal  
resolved  
fixed  
none    
none  
   
Hotkeys «` = - , . / \ ; ' [ ]»
Hotkeys «` = - , . / \ ; ' [ ]» are displayed as decimal value (0000192,0000189, 0000187,etc)
Just need to add

VK_OEM_PLUS : newstr:='='; //or +
VK_OEM_MINUS : newstr:='-';
VK_OEM_PERIOD : newstr:=','; //or <
VK_OEM_COMMA : newstr:='.'; //or >
VK_OEM_1 : newstr:=';';
VK_OEM_2 : newstr:='/'; //or ?
VK_OEM_3 : newstr:='`'; //or ~
VK_OEM_4 : newstr:='[';
VK_OEM_5 : newstr:='\';
VK_OEM_6 : newstr:=']';
VK_OEM_7 : newstr:='"'; //newstr:='''; isn't compiled =)

to ConvertKeyComboToString function in CEFuncProc.pas
 
Notes
(0000674)
Dark Byte   
2014-04-21 07:09   
fixed in the svn




View Issue Details
325 [Cheat Engine] text always 2014-04-02 23:55 2014-04-21 07:05
SERGANT  
Dark Byte  
normal  
resolved  
fixed  
none    
none  
   
RadioButton "cbTiny" doesn't show the hint
Just add
        ParentShowHint = False
        ShowHint = True

to "frmExeTrainerGeneratorUnit.lfm" after this

      Height = 19
        Hint = 'Only put the trainer data in the trainer. The user must have Cheat Engine installed to run this trainer'
        Top = 0
        Width = 43
        Caption = 'Tiny'
        OnChange = cbTrainersizeChange
=)
 
Notes
(0000673)
Dark Byte   
2014-04-21 07:05   
fixed in the svn




View Issue Details
327 [Cheat Engine] feature N/A 2014-04-19 21:08 2014-04-19 21:08
Csimbi  
 
normal  
new  
open  
none    
none  
   
Feature request: hint for table entries
I would like to have hints for each table entry types (addresses, scripts, headers, whatever can be inserted).

The hint should be editable via the right-click menu.

The hint editor should accept international characters.

The hint text should appear on hover after 1s, and the duration (for the hint
to remain displayed while hovering with the mouse) should be: <number of characters> * 0.1 seconds (or so).
You might want to consider the timers be configurable via the Settings/General settings page. For now, I am happy with hard-coding these values, too.

The hint text should disappear when the mouse no longer hovers over the entry, regardless of the current timer state.

Thank you for considering!
 
There are no notes attached to this issue.




View Issue Details
326 [Cheat Engine] crash always 2014-04-10 02:49 2014-04-14 13:37
SERGANT  
Dark Byte  
normal  
resolved  
fixed  
none    
none  
   
The case where CE isn't responding when trying to open "Process List"
Click to "Memory View" -> "Tools" -> "Watch memory allocations" without any open process. You will see the message "Please target a process first".
Now try to open any process.
 
Notes
(0000670)
SERGANT   
2014-04-10 03:00   
This also happens with "Memory View" -> "View" -> "Heaplist"
(0000671)
mgr_inz_Player   
2014-04-10 20:36   
Can confirm this. It happens only for 32bit version. 64bit version works fine.

Official CE6.3 (32&64 bit) doesn't have this bug.
(0000672)
Dark Byte   
2014-04-14 13:36   
should hopefully be fixed in the svn.




View Issue Details
230 [Cheat Engine] tweak always 2013-03-16 04:15 2014-02-25 05:43
mgr_inz_Player 32bit  
Dark Byte Windows  
normal XP  
resolved  
rev. 1703 fixed  
none    
none  
   
timer, ontimer, sender, related to 0000211
This code:
####################################################
if toggle~=nil then toggle= not toggle else toggle=true end

function sharedOnTimer(timer)
  print(tostring(timer))
end

if Timer1~=nil then object_destroy(Timer1);Timer1=nil;end
if Timer2~=nil then object_destroy(Timer2);Timer2=nil;end

if toggle then
  Timer1 = createTimer(nil,false)
  timer_onTimer(Timer1,sharedOnTimer)
  timer_setInterval(Timer1,1000)
  timer_setEnabled(Timer1,true)

  Timer2 = createTimer(nil,false)
  timer_onTimer(Timer2,sharedOnTimer)
  timer_setInterval(Timer2,500)
  timer_setEnabled(Timer2,true)
  print('both timers enabled\r\n\r\n')
  print("print=", Timer1,Timer2)
  print("tostring=", tostring(Timer1),tostring(Timer2))
else
  print('both timers disabled')
end
####################################################


In old CE6.2, produce this output:
####################################################
both timers enabled

 
print= 000E0AD8 000DFE18
tostring= userdata: 000E0AD8 userdata: 000DFE18
userdata: 000DFE18
userdata: 000E0AD8
userdata: 000DFE18
userdata: 000DFE18
userdata: 000E0AD8
userdata: 000DFE18
userdata: 000DFE18
userdata: 000E0AD8
userdata: 000DFE18
both timers disabled
####################################################



With CE6.2+ (rev.1703), we have:
####################################################
both timers enabled

 
print= 000E6820 000E6880
tostring= userdata: 03A77230 userdata: 03A79E18
userdata: 03A7AED0
userdata: 03A7BE50
userdata: 03A7CDD0
userdata: 03A7DD50
userdata: 03A7ECD8
userdata: 03A7FC58
userdata: 03A80BD8
userdata: 03A81B58
userdata: 03A82AD8
userdata: 03A83A58
userdata: 03A849D8
userdata: 03A85958
userdata: 03A868D8
userdata: 03A87858
userdata: 03A887D8
both timers disabled
####################################################


Summary:

Old ce6.2, sender has only two values (because only two timers)
and this, numbers from "print" and "tostring" are equal:
print= 000E0AD8 000DFE18
tostring= userdata: 000E0AD8 userdata: 000DFE18


New ce6.2+, sender has many many values (!)
and this (values from print and tostring AREN'T equal):
print= 000E6820 000E6880
tostring= userdata: 03A77230 userdata: 03A79E18


Why I need "old behavior"? Example:
####################################################
if toggle~=nil then toggle= not toggle else toggle=true end

timerArg = {}
function sharedOnTimer(timer)
  print(timerArg[timer])
end

if Timer1~=nil then object_destroy(Timer1);Timer1=nil;end
if Timer2~=nil then object_destroy(Timer2);Timer2=nil;end

if toggle then
  Timer1 = createTimer(nil,false)
  timer_onTimer(Timer1,sharedOnTimer)
  timer_setInterval(Timer1,1000)
  timer_setEnabled(Timer1,true)

  Timer2 = createTimer(nil,false)
  timer_onTimer(Timer2,sharedOnTimer)
  timer_setInterval(Timer2,500)
  timer_setEnabled(Timer2,true)

  timerArg[Timer1] = "called by Timer1"
  timerArg[Timer2] = "called by Timer2"
  print('both timers enabled\r\n\r\n')
else
  print('both timers disabled')
end
####################################################


So I can use shared onTimer function. Of course for two timers we just write two onTimer. But what if we want to do for example 40 timers at runtime? It would be great if we could determine which timer called this function. I used Lua table for this, but in CE6.2+ this no longer works (above lua code doesn't print anything).



 
Notes
(0000484)
Dark Byte   
2013-03-17 23:43   
(Last edited: 2013-03-17 23:51)
You should be able to use == between sender and a timer you created earlier to see it's the same object.
the userdata is now a pointer to a pointer to the object, but if you compare between two class objects if it's the same the __eq metatable will check if it's the same object

Also, you should have used userDataToInteger(timer) in 6.2 instead of using the userdata as a map key

(0000485)
mgr_inz_Player   
2013-03-18 01:43   
(Last edited: 2013-03-18 02:02)
OK, tried this in the last script:

Changing this:
print(timerArg[timer])
to:
print(timerArg[userDataToInteger(timer)])

And this:
timerArg[Timer1] = "called by Timer1"
timerArg[Timer2] = "called by Timer2"
to:
timerArg[userDataToInteger(Timer1)] = "called by Timer1"
timerArg[userDataToInteger(Timer2)] = "called by Timer2"

Solves everything.

Is there a better method?





View Issue Details
322 [Cheat Engine] minor always 2014-02-23 16:18 2014-02-24 15:34
Jou  
Dark Byte  
normal  
resolved  
fixed  
none    
none  
   
speedhack_setSpeed(1/240) speedhack_setSpeed(0.004166666666666666) interpreted as speedhack_setSpeed(0.00)
Just as the summary:
LUA speedhack_setSpeed(1/240) or speedhack_setSpeed(0.004166666666666666)
are interpreted as speedhack_setSpeed(0.00), clearly visible by the program stopping.
Minor problem of the bug reporting from: I cannot select a category?
SpeedHack, Virtual families 2

 
Notes
(0000667)
Jou   
2014-02-23 16:20   
PS: Fixing this and pushing a release (or a compile a binary for me), 30$ OK or more?
(0000668)
Jou   
2014-02-23 17:15   
PPS:
my current ugly workaround which requires me to stay on the hotkey:

function checkKeys(timer)
  if (isKeyPressed(VK_J)) then
    openProcess( "demo.exe" )
    speedhack_setSpeed(1)
  end
  if (isKeyPressed(VK_K)) then
    openProcess( "demo.exe" )
    speedhack_setSpeed(0.05)
    sleep(83)
-- = 0.00416
-- sleep(100)
-- = 0.00500
-- sleep(333)
-- = 0,01665
    speedhack_setSpeed(0.00)
  end
end

t=createTimer(nil)
timer_setInterval(t,1000)
timer_onTimer(t, checkKeys)
timer_setEnabled(t, true)

If you know a better LUA implementation just say ;)
(0000669)
Dark Byte   
2014-02-24 15:34   
fixed in the svn.
You'll have to wait a bit for a binary though, or compile it yourself




View Issue Details
321 [Cheat Engine] minor always 2014-02-18 01:38 2014-02-18 02:36
mgr_inz_Player  
Dark Byte  
normal  
resolved  
fixed  
none    
none  
   
[Lua] Canvas lineTo
I launched my old CT file from 2011.


In CE6.2 this draws fabulous house (polygon):

canvas_setPenPosition(canvas, 80, 100)
canvas_lineTo(canvas,120,140)
canvas_lineTo(canvas,120,190)
canvas_lineTo(canvas,40,190)
canvas_lineTo(canvas,40,140)
canvas_lineTo(canvas,80,100)



But in CE6.3 and from SVN, this draws curve (but it should be polygon).

I also tried this:
canvas.setPenPosition(80, 100)
canvas.lineTo(120,140)
canvas.lineTo(120,190)
canvas.lineTo(40,190)
canvas.lineTo(40,140)
canvas.lineTo(80,100)


Revision: r1670 and newer have this bug (probably it started with r1598)
(it's not caused by patches made in r1708 and r1720)
 
Notes
(0000666)
Dark Byte   
2014-02-18 02:36   
should be fixed in the svn now




View Issue Details
320 [Cheat Engine] text always 2014-02-15 00:04 2014-02-15 19:20
SERGANT  
Dark Byte  
normal  
resolved  
fixed  
none    
none  
   
Cyrillic encoding trouble in MemoryView
See example.png in attach

troubles with the following strings:

debughelper.rsdebuggercrash
disassemblerviewlinesunit.rscall
disassemblerviewlinesunit.rscon
disassemblerviewlinesunit.rsmemory
disassemblerviewlinesunit.rsun
maybe some other strings from "disassemblerviewlinesunit" and "debughelper" have these problems. I can't catch them all.

Also this problem with encoding is present if create custom header by using "Set/Change header" with cyrillic.
Cheat Engine 6.3+ rev2385

In CE 6.3 Final everything is good with "disassemblerviewlinesunit" strings.
example.png (68,800 bytes) 2014-02-15 00:04
http://cheatengine.org/mantis/file_download.php?file_id=108&type=bug
png
 
Notes
(0000660)
Dark Byte   
2014-02-15 15:33   
(Last edited: 2014-02-15 15:47)
Check out rev2386 and check if that lets you set the header/comments properly

And check out rev2387 to see if the disassemblerviewlinesunit are shown properly (not sure about this one. It depends on the encoding you use in your translation files)

(0000662)
SERGANT   
2014-02-15 16:13   
Now all is ok with "disassemblerviewlinesunit" strings and custom header with cyrillic.

But trouble with «#: debughelper.rsdebuggercrash msgid "Debugger Crash"» still is present. But I'll leave it as is. It's a simple message that is clear without translation

Thanks!
(0000664)
Dark Byte   
2014-02-15 17:54   
try revision 2389 with the rsdebuggercrash
(0000665)
SERGANT   
2014-02-15 18:02   
It's fixed now.
Thanks again!




View Issue Details
319 [Cheat Engine] minor always 2014-02-14 21:53 2014-02-15 17:52
SERGANT  
Dark Byte  
normal  
resolved  
fixed  
none    
none  
   
"Access violation" while trying to change the header or comment in MemoryView
For the first time when I try to change the header("Set/Change header") or comment("Set/Change comment") I get the error message with "Access violation" text.
If I try to change it again - CE isn't responding.
Cheat Engine 6.3+ rev2385
 
Notes
(0000659)
Dark Byte   
2014-02-15 15:19   
I can not reproduce this. Does this happen without translation files present ?
(0000661)
SERGANT   
2014-02-15 15:55   
I tested this on a clean version without any plugins or translation files with any of presented debug metod.
If you can't reproduce it... maybe problem only on my side?
Anyway, here's the video:
https://dl.dropboxusercontent.com/u/50323360/misc/access.violation.video.exe
(0000663)
Dark Byte   
2014-02-15 17:52   
should be fixed now




View Issue Details
314 [Cheat Engine] crash always 2013-12-24 11:16 2014-02-13 07:14
Robintron  
Dark Byte  
normal  
resolved  
fixed  
none    
none  
   
Scan Dir
When i start Cheat engine i get a error:
The temporary scan directory
C:/pylo/mcreator/jdk/bin
does not exist, Check your scan settings

But where can i change my scan settings?
PS: The folder pylo does not exist on my pc so its weird it says that folder!
Crash.PNG (32,616 bytes) 2013-12-24 11:16
http://cheatengine.org/mantis/file_download.php?file_id=106&type=bug
png
 
Notes
(0000646)
Dark Byte   
2013-12-25 02:17   
Change your temp environment variable, or go to settings scan settings and set a custom path (don't use the windows tempdir)




View Issue Details
299 [Cheat Engine] tweak always 2013-11-19 21:54 2014-02-13 07:12
Csimbi  
Dark Byte  
normal  
resolved  
fixed  
none    
none  
   
CE 6.3 - Order of editboxes for pointer rescan dialog's 'End address'
In the pointer re-scan dialog, when you tick 'must end with offsets', an editbox appears. I enter an offset and rescan the results.
I press CTRL+R to rescan again and click the 'Add' button to add more offsets.
The new editbox appears at the bottom, and the previously present offsets remain it place. This means, that in order to enter a new offset before the existing list, I have to copy each and every offset manually one box below.
I attached a screenshot to illustrate what happens after I click 'Add' button.

There are three solutions that I can think off the top of my head:
 - editboxes to appear in reverse order (i.e. first editbox contains last offset), so the newly appearing editbox is ok at the end as that's the right spot for the 'previous' offset,
 - new editbox appears at the top, and when it does, CE updates the 'Top' and 'Left' coordinates of all existing editboxes so they move down, making space for the editbox appearing on top,
 - new editbox appears at the bottom, but when it does, CE copies all offsets one box down automatically.
And, of course, the 'Remove' button would need to do the opposite.

Each of these options have their own ups and downs, I'm sure you'll weigh them make a good choice - maybe even come up with a better solution.

Thank you for considering.
CE-RescanEndOffsets.png (10,233 bytes) 2013-11-19 21:54
http://cheatengine.org/mantis/file_download.php?file_id=101&type=bug
png
 
Notes
(0000626)
Csimbi   
2013-11-19 22:07   
(Last edited: 2013-11-19 22:14)
Forgot: The pointer scan dialog does this with reverse-ordered editboxes; you might want to adopt that same solution on the rescan dialog for the sake of consistency.

(0000628)
mgr_inz_Player   
2013-11-20 15:24   
(Last edited: 2013-11-20 15:28)
about "reverse-ordered editboxes", I was thinking about adding additional label(s) which will move always next to corresponding editbox (L next to last offset, F next to first offset).

MSPaint example:
http://i.imgur.com/oxKbwMt.png

and
http://i.imgur.com/fR7r6nY.png

(0000631)
mgr_inz_Player   
2013-11-20 20:14   
(Last edited: 2013-11-20 22:28)
About "must end editboxes" inside rescan window, we can change this line:
http://code.google.com/p/cheat-engine/source/browse/trunk/Cheat+Engine/frmRescanPointerUnit.pas#470

to
"endoffsets.Insert(0,e);"

and small modification at line 481 (delete element at zero)

Edit:
Maybe DB will apply this patch for rescan window: http://pastebin.com/jwQf50Rz
It changes "must end" editbox creation and changes position of "must end" add(remove) button.
Editbox order is still the same as original CE6.3, so it will not mislead new users.

Plus, this patch adds two labels when needed:
- "First offset" so you will know which editbox is first ("must start")
- "Last offset" so you will know which editbox is last ("must end")


Demo:
http://i.imgur.com/tvthHjx.gif

(0000632)
Csimbi   
2013-11-20 22:52   
That Demo GIF is great; that'd be great; thanks!
(0000658)
Dark Byte   
2014-02-13 07:12   
implemented




View Issue Details
318 [Cheat Engine] minor have not tried 2014-02-13 05:30 2014-02-13 07:12
Dirrrty  
Dark Byte  
normal  
resolved  
fixed  
none    
none  
   
Speedhack box covering other things
The speedhack menu thing is covering other parts of the program, when activated.
I haven't tried to replicate it, but all I did was open the program, (opened a process)did a couple scans, opened a scan tab, did a couple there, closed the second tab, then activated speedhack, and then bam.
Screenshot_5.png (109,005 bytes) 2014-02-13 05:30
http://cheatengine.org/mantis/file_download.php?file_id=107&type=bug
png
 
Notes
(0000657)
Dark Byte   
2014-02-13 07:12   
should be fixed in the svn now




View Issue Details
306 [Cheat Engine] crash always 2013-11-24 01:10 2014-02-13 06:54
Csimbi  
Dark Byte  
normal  
resolved  
fixed  
none    
none  
   
CE 6.3 - Error in AOB scan instruction is not detected
Try this:
aobscan(aobText,process.exe,03 FA 89 7C 24 10 D8 95)

This is accepted when the code is added to the table - no error is thrown.
There's no error when the script is enabled, either.
As a result, code in the script is injected at the wrong address, causing a crash.

Thanks for fixing.
 
Notes
(0000639)
Csimbi   
2013-11-24 08:47   
I made a typo like this (the closing bracket is an underline, see last char):
aobscanmodule(aobText,process.exe,03 FA 89 7C 24 10 D8 95_
and there was no error on this, either.
(0000656)
Dark Byte   
2014-02-13 06:54   
the aobscanmodule is an error, but the first one is more a "feature"
anything that isn't a valid hexadecimal work gets converted into a wildcard, and comma's are allowed as word separators for aob's

it parses it into this:
* 03 FA 89 7C 24 10 D8 95




View Issue Details
297 [Cheat Engine] feature N/A 2013-11-03 20:04 2014-02-13 06:44
Csimbi  
Dark Byte  
normal  
resolved  
fixed  
none    
none  
   
Audio feedback on hotkey
In the table, one can create hotkeys for values, toggles and stuff.
It'd be nice if I could select a WAV file (8/16/24bit mono/stereo, max. 5secs) for each hotkey separately, which, when pressed, would be played, giving an audible feedback that the hotkey has been recognized.

The WAVs should be saved into the table itself for easy distribution.
Alternatively, CE could ship with a set of WAVs (at least two, please), which could be selected for the hotkey from a combobox; users could replace the WAV files themselves to create their own themes.

If WAVs (maybe MP3s?) are too complicated, then a simple 'beep' will do, though it has to come through the audio card because it seems modern PCs are no longer equipped with PC speakers.

Thank you for considering!
I attached two very simple 'tick' WAVs.
I used these two to signal "on"/"off" back in the days when I made trainers instead of tables.
ticks.zip (1,048 bytes) 2013-11-03 20:04
http://cheatengine.org/mantis/file_download.php?file_id=100&type=bug
 
Notes
(0000629)
mgr_inz_Player   
2013-11-20 16:17   
I'm sure you read this topic (you posted here)
forum.cheatengine.org/viewtopic.php?t=559298


And, I made improved v ersion, "customSound" here
forum.cheatengine.org/viewtopic.php?t=565651

You can select a WAV file for each hotkey separately, and you can choose different sound when deactivating, i.e. you have three cheats, three hotkeys, first hotkey will have sound1_ON.wav and sound1_OFF.wav, second hotkey will have sound2_ON.wav and sound2_OFF.wav, third hotkey will have sound3_ON.wav and sound3_OFF.wav.

you add those 6 files to CT, and then you write this Lua code:

soundTable = { "sound1_ON.wav","sound1_OFF.wav", -- hotkey type 1
               "sound2_ON.wav","sound2_OFF.wav", -- hotkey type 2
               "sound3_ON.wav","sound3_OFF.wav" } -- hotkey type 3
customSound.Init(soundTable)






And those auto generated functions:

function onPostHotkeyXXXX(Hotkey)
  local memrec=memoryrecordhotkey_getOwner(Hotkey)
  local isActive=memoryrecord_isActive(memrec)
  cheatcomponent_setActive(CETrainer_CHEAT0, isActive)
  if gBeepOnAction then
    beep()
  end
end

change to:
function onPostHotkeyXXXX(Hotkey)
  local memrec=memoryrecordhotkey_getOwner(Hotkey)
  local isActive=memoryrecord_isActive(memrec)
  cheatcomponent_setActive(CETrainer_CHEAT0, isActive)
  beep(1,isActive) -- hotkey type is 1
end

and add this:
function beep(hotkeytype,isActive)
 local OnOrOff = isActive and 0 or 1
 customSound.PlaySound(hotkeytype*2-1 + OnOrOff)
end




The downside is that CE will freeze once for up to 1s, just after calling function CustomSound.Init().


I think, you can build your own CE, just add this line
"loadlibrary('winmm.dll');" here
code.google.com/p/cheat-engine/source/browse/trunk/Cheat%20Engine/symbolhandler.pas#2788
CE shouldn't freeze.


To continue CustomSound discussion go here forum.cheatengine.org/viewtopic.php?t=565651




Of course, this feature officially build-in, would be nice.
(0000630)
Csimbi   
2013-11-20 16:38   
Hiya, thanks!
Yes, I remember it well, and yes, it's great stuff for advanced users - those that make trainers.

However, I am after a simplistic version of this that's built into CE itself.
You see, having to build the same thing over and over into every table seems to be a waste of space and time - it'd far more easier to select something from a box and CE could take care of the rest (and users could replace the sound files with whatever they want).
(0000655)
Dark Byte   
2014-02-13 06:44   
This is added to the trainer generator now, including the two sound files
playSound(findTableFile("Activate"))
playSound(findTableFile("Deactivate"))




View Issue Details
305 [Cheat Engine] block always 2013-11-20 23:10 2014-02-13 04:01
Csimbi  
Dark Byte  
normal  
resolved  
fixed  
none    
none  
   
CE 6.3 - Trace does not trace into calls
These are examples of calls within the executable module itself (not kernel32.dll or any excluded module):
 - call XComEW.PIBGetInterface+1DA460
 - call edx
 - etc.

For some reason, CE does not trace into them - just as if the "Step over instead of single step" was checked. Except, it's not checked.

Issue 0000293 (new feature) and 0000302 (bug) may be related.
pure rev.2229_32&64bit.7z
CE_CallSamples.png (45,308 bytes) 2013-11-21 17:54
http://cheatengine.org/mantis/file_download.php?file_id=102&type=bug
png
 
Notes
(0000633)
Dark Byte   
2013-11-21 10:29   
Is there a (conditional) jump in front of there? (Could be the jump is taken, but the instruction after it is disassembled instead)
(0000634)
Csimbi   
2013-11-21 17:54   
No, there's no jump before these.
I uploaded a sample pic.
(0000635)
Dark Byte   
2013-11-21 22:49   
Ah ok. It's the same thing. The instruction after it is disassembled instead of the actual one
What you highlighted is actually push esi. The call is the next instruction
(E.g. note that int3 after the ret, that int3 is the ret)
(0000636)
Csimbi   
2013-11-22 00:36   
Are you saying that trace actually breaks into these calls but does not display them?
(0000637)
Dark Byte   
2013-11-22 00:46   
(Last edited: 2013-11-22 00:48)
It does display them. Just click on the + sign before "inc [esi+18]" which is in fact "call edx"

same for "add esp,60" which is actually "call 01ee65b8"

(it's a bug yes, but just pointing out where the bug is, the disassembler address)

(0000638)
Csimbi   
2013-11-22 02:28   
Me blind, lol
Got it, thanks.
(0000654)
Dark Byte   
2014-02-13 04:01   
fixed in the svn (a while ago)
same bug as 302




View Issue Details
302 [Cheat Engine] minor always 2013-11-20 04:03 2014-02-13 04:01
Csimbi  
Dark Byte  
normal  
resolved  
fixed  
none    
none  
   
CE 6.3 - Trace does not include the first instruction on break
I set a "break and trace", at address 'X'.
I set the break condition for EBX == 0xE5 for the trace.
It trace triggers just fine at 'X' with the right condition, but it seems that the first instruction (at 'X') is missing from the trace as a whole.

E.g.

...
conditional jump to instr. below
...
somecode
...
mov eax,[edi+3C] <= Break & trace here if EBX == 0xE5
mov eax,[eax+ebx*4] <= This is the first instruction in the trace.
mov [esp+10],eax
...

It's important that the first instruction is captured because sometimes the original register contents are destroyed (mov eax,[eax+n], etc.).

Thank you for fixing.
This is the x64 from "pure rev.2229_32&64bit.7z" that was just posted in the unofficial build thread.

I did not try quite a few unofficial builds, but it was surely working in "Frankenstein_Base_1975_upto_2180_.7z" - not sure what has been changed since.
 
Notes
(0000627)
Csimbi   
2013-11-20 04:42   
(Last edited: 2013-11-20 22:57)
I'd seem that the instruction's data is captured, but there's no entry created for it in the tree - and hence all instructions are shifted by 1 (vs. the registers states and jump index).

I.e.
mov eax,[edi+40] => first instruction (not added on break)
cmp ebx,eax => first instruction in trace, showing the state from mov eax,[edi+40] (and double-clicking this instruction in the trace jumps to mov eax,[edi+40] in the code).

Edit: now it's two instructions away. One of those things that make you go "Hmmm..."

(0000653)
Dark Byte   
2014-02-13 04:01   
fixed in the svn (a while ago)




View Issue Details
304 [Cheat Engine] feature N/A 2013-11-20 04:33 2014-02-12 23:16
Csimbi  
Dark Byte  
normal  
resolved  
fixed  
none    
none  
   
Intermodular call index
I am seeking for a facility to jump across the code for specific calls in a selected module, so I could set easily breakpoints at all places where a specific 'call' is made.

If you have used Ollydbg, such index is generated when you click "Search for" -> "All intermodular calls".

Ideally, CE would let me select the module - sometimes it's not the opened process I am interested in.

I'd like the columns sortable (unconditionally sorted, unlike Ollydbg that uses conditional sorting), so I could find specific calls fast (i.e. sort by name would let me see all kernel32.* calls next to each other).

Double-clicking an entry in the index would jump to the right instruction in the memory view, where the module makes the call.

Having multiple call indexes open (in different windows) would be nice, but I am pretty sure I can manage without it.

Thank you for considering!
There's a 'Dissect code' feature in CE already that analyzes the code in the selected modules (jumps, call, etc.), so I am hoping that the groundwork for this feature is already there and you won't be discouraged with this addition being a big task.
I am guessing - since the groundwork seems to be in place already - that all that's needed is:
 - a menu item entry,
 - a dialog to select the module(s) with OK/Cancel buttons,
 - a with a sortable grid (same as pointer scan?),
 - calling the same code as the 'Dissect code' does but collecting the 'call' instructions from the selected module into the sortable grid (with the appropriate metadata).
 - discard data when the grid is closed.
 
Notes
(0000652)
Dark Byte   
2014-02-12 23:16   
Implemented in the svn. Using the same design as the referenced strings window




View Issue Details
303 [Cheat Engine] feature N/A 2013-11-20 04:10 2014-02-12 19:29
Csimbi  
Dark Byte  
normal  
resolved  
fixed  
none    
none  
   
Remember "Break and trace" condition settings
I find myself typing up the exact same condition.
It'd be far easier if CE could remember the last setting (the radio button selection and the condition text entered) within the current session (i.e. no need to save it on CE exit).

Thank you for considering.
 
Notes
(0000651)
Dark Byte   
2014-02-12 19:29   
fixed in the svn




View Issue Details
301 [Cheat Engine] minor always 2013-11-20 03:26 2014-02-12 15:11
Csimbi  
Dark Byte  
normal  
resolved  
fixed  
none    
none  
   
CE 6.3 - Pasted address does not set type for pointers
Define a structure and call it 'String'.
In another structure, find a pointer and change it so that it points to 'String'.
Highlight the pointer and press CTRL+C, then move a bit down and press CTRL+V.

Check the newly pasted pointer and see what it says at "Points to" - mine says "Undefined" every time (instead of "String").

Thanks for fixing.
This is the x64 from "pure rev.2229_32&64bit.7z" that was just posted in the unofficial build thread.
 
Notes
(0000650)
Dark Byte   
2014-02-12 15:11   
fixed in the svn




View Issue Details
300 [Cheat Engine] minor always 2013-11-20 02:59 2014-02-12 14:33
armorfid  
Dark Byte  
normal  
resolved  
fixed  
none    
none  
   
Case sensitive checkbox for String type is reset when clicking New Scan
The title says it all. This bug has been present as long as I can remember, and it's a bit annoying having to tick it off every time you want to make a new scan.
 
Notes
(0000649)
Dark Byte   
2014-02-12 14:33   
fixed in the svn




View Issue Details
286 [Cheat Engine] tweak always 2013-10-03 10:06 2013-12-20 03:39
Csimbi  
Dark Byte  
normal  
feedback  
reopened  
none    
none  
   
CE 6.3 - Pointer rescan speed
I have been doing a few pointer scans and a bunch of re-scans lately.
I am getting the impression that the rescan procedure is slower than it used to be.
I am filtering out invalid pointers in the first few iterations usually - don't know if that matters.

I save the dumps on SSD, which is fairly quick. I just did the test, I can copy a 9GB file onto the same partition in about 16 secs. Doing a 'filter out invalid pointers' scan takes about 2 minutes.
I also noticed that the processor is barely used in the process.

I always thought the limiting factor would be the hard drive, but it seems it's not the case. Well, at least the file copy is fast.

I wonder if it could be the write-caching. Does CE write in 4k or larger blocks?
SSDs need to rewrite a whole 4k block even if a single byte is updated in a block. That would certainly explain the speed drop.

Any chance to take a look?

Thank you!
 
Notes
(0000594)
Dark Byte   
2013-10-03 19:43   
(Last edited: 2013-10-03 19:55)
In 6.3 (and all earlier versions) rescans only uses 1 cpu thread. (so in a 4 core cpu with hyperthreading (8 threads) the max cpu usage would be around 12)
Next ce version will use more threads (And you can even use multiple systems at the same time)

Rescans store the results in memory, until the 16MB buffer is full, or the scan ends. Only then will the results be written to disk, so the 4KB thing isn't a problem

that it's slower than it used to be, could be that you're using a debug build (not optimized) or your disk is becoming fragmented

(0000596)
Csimbi   
2013-10-05 17:09   
(Last edited: 2013-10-05 17:10)
It's the pure build from mgr.inz.Player, pure rev.2127_32&64bit.7z
I am using x64 CE.

(0000609)
Dark Byte   
2013-10-25 20:01   
should be fixed now
(0000645)
Csimbi   
2013-12-20 03:39   
I am not seeing any improvement on r2229 (from mgr.inc.player).
Here's a screenshot about 10 mins into rescan.
http://s10.postimg.org/blj8cia3d/CE_Ptr_Rescan_10_minutes.png




View Issue Details
313 [Cheat Engine] feature N/A 2013-12-19 17:41 2013-12-19 17:41
phadeb  
 
normal  
new  
open  
none    
none  
   
Tables Database
A new module that would be a tables database. It would be connected to the internet and every member could upload their tables for the matching games to that database. The information included could contain the OS version and the game version. People could vote for trainers with a 5-star based rating system and comment on each table. Once a table has got enough votes, it could be verified by a trusted member and flagged as verified working. There could be a way for people to say for each table, what features of the table specifically worked and how well they worked (with their OS and game versions embedded), and the uploader would have the ability to update his table accordingly. For each game there would be informations about the different versions and an MD5 for each version to make sure the table is used on the same file.
tables database draft.png (8,171 bytes) 2013-12-19 17:41
http://cheatengine.org/mantis/file_download.php?file_id=105&type=bug
png
 
There are no notes attached to this issue.




View Issue Details
312 [Cheat Engine] crash always 2013-12-14 14:42 2013-12-14 14:42
Blacknight962  
Windows x64  
normal 8.1  
new  
6.3 open  
none    
none  
   
Breakpoint crash
Cheat Engine crashes when attempting to remove a data breakpoint, from any process.
- F5 Breakpoint somewhere before a write instruction
- Select the 4 bytes, that the write instruction, will write to
- "Data breakpoint" -> "Break on Write"
- Remove F5 breakpoint
- "Run"
- On break, "Delete breakpoint"
- Crash
- Windows debugger
- Happens with both hardware and int3 breakpoints.
 
There are no notes attached to this issue.




View Issue Details
311 [Cheat Engine] crash N/A 2013-12-04 11:59 2013-12-05 21:14
pausebreak7  
Dark Byte  
normal  
resolved  
fixed  
none    
none  
   
darkbyte 32bit driver compile error[rev2239]
1>c:\users\administrator\desktop\bb\dbkkernel\iopldispatcher.c(1568) : error C2065: 'i' : undeclared identifier
1>c:\users\administrator\desktop\bb\dbkkernel\iopldispatcher.c(1569) : error C2065: 'i' : undeclared identifier
1>c:\users\administrator\desktop\bb\dbkkernel\iopldispatcher.c(1571) : error C2065: 'i' : undeclared identifier
1>c:\users\administrator\desktop\bb\dbkkernel\iopldispatcher.c(1580) : error C2065: 'i' : undeclared identifier
1>c:\users\administrator\desktop\bb\dbkkernel\iopldispatcher.c(1581) : error C2065: 'i' : undeclared identifier
1>c:\users\administrator\desktop\bb\dbkkernel\iopldispatcher.c(1583) : error C2065: 'i' : undeclared identifier
1>c:\users\administrator\desktop\bb\dbkkernel\iopldispatcher.c(1584) : error C2065: 'i' : undeclared identifier
1>c:\users\administrator\desktop\bb\dbkkernel\iopldispatcher.c(1586) : error C2065: 'i' : undeclared identifier
1>c:\users\administrator\desktop\bb\dbkkernel\iopldispatcher.c(1592) : error C2065: 'i' : undeclared identifier
1>c:\users\administrator\desktop\bb\dbkkernel\iopldispatcher.c(1609) : error C2065: 'i' : undeclared identifier

IOPLDispatcher.c windows7 32bit or windows xp dbk.sys
wdk builed error

 
Notes
(0000644)
Dark Byte   
2013-12-05 21:14   
the 32-bit build has been fixed in the svn now




View Issue Details
308 [Cheat Engine] tweak always 2013-11-24 22:36 2013-11-25 03:36
Csimbi  
 
normal  
new  
open  
none    
none  
   
CE 6.3 - CE spins up unused HDD on scan (and CE hangs in the meantime)
I'll start with my disk layout:
C - System drive, 256GB SSD. Stores the OS itself (W7x64), the paging file and small apps (browser, office, utils, etc., including Cheat Engine in the Program Files dir) and user profiles (My Document