MantisBT - Cheat Engine
View Issue Details
0000377Cheat Engine(No Category)public2015-02-28 01:512015-02-28 23:45
ReporterHans Henrik 
Assigned To 
PrioritylowSeverityfeatureReproducibilityN/A
StatusnewResolutionopen 
PlatformN/AOSN/AOS VersionN/A
Summary0000377: use thread injection to scan for memory?
Descriptionas far as i've guessed (haven't actually looked in the source code), cheat engine does a full memory copy of the target process (i guess this is because ReadProcessMemory calling is slow, so just make 1 big call with reading everything? or something like that),
question is, could we avoid copying memory like that, by something like this:
Freeze all target threads,
CreateRemoteThread,
make the new thread scan the process for us (either write the opcodes for the operation directly in the memory, or use a classic dll injection,), then use some IPC-thing (shared memory?) to tell cheat engine when the scan is done, and where to grab the results?

if something like this is possible, it would be nice in memory-constrained situations, i guess.
TagsNo tags attached.
Attached Files

Notes
(0000784)
Dark Byte   
2015-02-28 23:45   
It only makes a full copy when doing unknown initial value scans.
Normal scanning only it loads blocks the size of the scanbuffer you provide in settings(usually 512KB)
If you're on a low memory system, use a smaller scanbuffer.
Also, if you compile CE with the define lowmemoryusage unknown initial value scans will also be written to disk instead of being stored in memory

I did play with this method in the 5.* branch of CE (hyperscan), but the speed was always as fast as a normal non-injected scan, but with the added trouble that it would find memory blocks it allocated itself

Issue History
2015-02-28 01:51Hans HenrikNew Issue
2015-02-28 23:45Dark ByteNote Added: 0000784