Cheat Engine

homer_simpson · Posted: Tue Jul 01, 2014 5:18 pm Post subject: [Help] Process memory mapping

I'm looking to create an application that loads/saves memory states for a game using memory dumps. To do that I was thinking I need to create some sort of memory map based on what memory spaces are allocated when the game is running. Can anyone point me in the right direction on how I can do this? I was thinking of somehow hooking the functions the game uses to allocate memory while its running but I'm not entirely sure how to get around to do that.
Any insight is appreciated.

Dark Byte · Posted: Tue Jul 01, 2014 5:38 pm Post subject:

hooking those functions won't do any good as there's nothing you can use it for. When the game allocates memory, it writes down the result in another memory location. So when you load back the state, that memory address still holds that value specifying that specific address, and a hook won't tell you where it stored the result

With VirtualQueryEx you can get a layout of the memory as well.
VirtualAllocEx is most likely what you need, as it allows you to specify a specific base address (dividable by 64kb)

anyhow, i'm assuming this is for one specific game where you only save/load a specific state of the game that only works at specific points in the game? If not, look into writing a whole virtual machine with virtual hardware that you can access (or hook a lot more that you wish)

The reason for that is that you also need to load and store texture memory, gpu thread code, window handles, harddisk file handles and their current position, capture DMA transfers that are in progress, and some other stuff you have no access to in windows

homer_simpson · Posted: Tue Jul 01, 2014 6:08 pm Post subject:

Thank you for the quick reply. Yes, it's supposed to only work on a specific point of the game.

I'm not too sure about going through the trouble of creating a virtual machine for a small project like this, maybe if it were a bigger, more ambitious project.

Anywho, if I were to use VirtualQueryEx, is there any way to tell which specific memory regions are being used at that specific point of the game?
I tried setting a breakpoint on VirtualAllocEx while the game process is running but before the game loaded and it didn't get hit.

atom0s · Posted: Tue Jul 01, 2014 9:03 pm Post subject:

VirtualAllocEx is for allocating remote memory. The game will more than likely never call it. Instead it may be using:
- new
- malloc
- VirtualAlloc

Or any other similar memory allocation call that is local to its own process.

DeletedUser14087 · Posted: Thu Jul 03, 2014 8:09 am Post subject:

Dark Byte · Posted: Thu Jul 03, 2014 1:57 pm Post subject:

while i'm kinda sure this is a troll, it does bring up one method that can help you along a bit better
you could hook the allocation routines and make it return readonly memory. Then hook the exception handler and redirect every write to a special write logger and actually write it with WriteProcessMemory (it'll be slow) but it could be useful for something