 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
toadn
Newbie cheater
![]() Reputation: 0
Joined: 06 Jul 2014
Posts: 17
|
 Posted: Wed Sep 07, 2016 1:25 pm Post subject: a few questions about static address |
 |
|
I just want to make sure before I ask the questions ..
dynamic variables == variables are strored in the Stack.
static variables == variables are strored in the BSS/DATA section.
right?
1)
How CE identifies static address?
How CE know which address is dynamic, and which address is static?
*I expect to get a detailed answer, i want to know how CE actually doing it.
2)
If the program or game using a dynamic variable, is there a way to access the variable in a fixed way(like static address pointer)? Or every time i must look for the variable address again?
3)
Why game developers using static variables, and not only dynamic variables? After all, it will be harder for us to find the address of the variable we are looking for.
|
|
| Back to top |
|
 |
kuntz
Cheater
![]() Reputation: 0
Joined: 29 Aug 2016
Posts: 44
Location: Canada
|
| Posted: Wed Sep 07, 2016 3:39 pm Post subject: |
|
|
Dynamic variables are variables which have memory addresses that change with each run of the process, while static variables are not. It has nothing to do with stack or bss segments which is likely leading to confusion. With enough effort I can put "static" variables in my stack and use them as "static" variables.
1) There is no such thing as "dynamic" or "static" memory addresses, these are human concepts mostly used in Game Hacking to describe the two types of games in existence. Some older games used certain compiled languages that make heavy use of hardcoded addresses, while other's did the exact opposite. Today most games use compiled languages that make heavy use of dynamic allocation of memory blocks acquired from the OS during runtime. Every time the game is run, it allocates memory from the OS, the OS chooses a different region every time, thus first you need to "find" the region, and then once you've found it, you can find the variable within. For these types of games it is often easier to just modify the games' code for an intended effect, rather than trying to find the variable in memory and "freeze" it to a specific amount.
2) Yes. But it's easier to just modify the games' code for most people, so it's rarely done.
3) Game devs do not choose for a variable to be "static" or "dynamic" during development, it's up to the compiler and the memory allocation strategy they choose to use. But there is no one developing who is thinking to themselves "This variable will be static... oh but this one will be dynamic".
|
|
| Back to top |
|
|
toadn
Newbie cheater
![]() Reputation: 0
Joined: 06 Jul 2014
Posts: 17
|
| Posted: Thu Sep 08, 2016 5:51 am Post subject: |
|
|
| kuntz wrote: | Dynamic variables are variables which have memory addresses that change with each run of the process, while static variables are not. It has nothing to do with stack or bss segments which is likely leading to confusion. With enough effort I can put "static" variables in my stack and use them as "static" variables.
1) There is no such thing as "dynamic" or "static" memory addresses, these are human concepts mostly used in Game Hacking to describe the two types of games in existence. Some older games used certain compiled languages that make heavy use of hardcoded addresses, while other's did the exact opposite. Today most games use compiled languages that make heavy use of dynamic allocation of memory blocks acquired from the OS during runtime. Every time the game is run, it allocates memory from the OS, the OS chooses a different region every time, thus first you need to "find" the region, and then once you've found it, you can find the variable within. For these types of games it is often easier to just modify the games' code for an intended effect, rather than trying to find the variable in memory and "freeze" it to a specific amount.
2) Yes. But it's easier to just modify the games' code for most people, so it's rarely done.
3) Game devs do not choose for a variable to be "static" or "dynamic" during development, it's up to the compiler and the memory allocation strategy they choose to use. But there is no one developing who is thinking to themselves "This variable will be static... oh but this one will be dynamic". |
pastebin.c om/KY73HiRE
this code is taken from :
stackoverflow.c om/questions/572547/what-does-static-mean-in-a-c-program
How u can explain this :
i.gyazo.c om/56998c7e9523326b4088eb058bd7ad11.png
1)You did not answer the question.
How CE know if a some variables is:
Dynamic variables: are variables which have memory addresses that change with each run of the process.
Or it is a static varible that memory addresses not change with each run of the process.
2)To which answer you answered 'yes'?
(1) | Quote: | If the program or game using a dynamic variable, is there a way to access the variable in a fixed way(like static address pointer)?
|
(2) | Quote: | Or every time i must look for the variable address again?
|
3)
| Quote: | Game devs do not choose for a variable to be "static" or "dynamic" during development, it's up to the compiler and the memory allocation strategy they choose to use
|
Is not true, the game developers have a choice of what kind of variables to use.
I expect to get a detailed answers.
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
 Reputation: 152
Joined: 06 Jul 2014
Posts: 4711
|
| Posted: Thu Sep 08, 2016 9:53 am Post subject: |
|
|
From this point forward, I would suggest you change your wording to something less condescending. You are not entitled to anything on these forums and pretending like you are will not get you any help. I'll assume you don't have that intention.
1:
A "static" address is an address located inside a module (i.e. an exe or dll). While the module itself can be loaded at a different virtual address between separate instances of the program, a value stored in the module is unlikely to change its position in that module. Thus, it can be referenced persistently by getting the location of the module (see windows API documentation).
A "dynamic" address is anything not inside a module. This can include the stack, heap, and anything else that's been allocated at runtime by the program. It's uncertain exactly where a specific memory block will be allocated, but it is certain that some reference to it must exist somewhere; otherwise, the program wouldn't be able to use it and would just be allocating memory for the fun of it.
Note that addresses on the stack can sometimes act like static addresses. The first few values on the stacks of the first few threads usually don't change semantics between separate instances of the program. Thus, they can also be referenced persistently (this has been explained before on these forums).
2:
That's one of the most frequently asked questions on these forums. It has been answered many times and has many tutorials covering it, yet even more people ask it without searching.
3:
I highly doubt any developer takes that into account. They'll just use whichever makes the most sense. That isn't even a form of protection, as it doesn't have any baring on the ease at which a value can be found and changed. There are many better ways developers can go about protecting their program.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
kuntz
Cheater
![]() Reputation: 0
Joined: 29 Aug 2016
Posts: 44
Location: Canada
|
| Posted: Thu Sep 08, 2016 12:04 pm Post subject: |
|
|
| toadn wrote: |
pastebin.c om/KY73HiRE
this code is taken from :
stackoverflow.c om/questions/572547/what-does-static-mean-in-a-c-program
How u can explain this :
i.gyazo.c om/56998c7e9523326b4088eb058bd7ad11.png |
I already explained that to you above.
The code you provided is called "C" and it uses a "compiler" to "compile" the code. One of the keywords of C is "static" and it has a different meaning and use depending on the situation. In your example, the "static" keyword is telling the compiler that this variable needs to be globally available to that scope of code. It means nothing else. The C standard makes no reference to how the variable is stored in memory, nor how it is referenced from memory by code. I can write a C compiler that stores all "static" variables like the one you just used on the stack, or on the heap, or half on the stack and other other half on the heap, or entirely in registers. I am the compiler writer, I can do whatever I want. If I am on a CPU with 256 GPR's, I can store many "static" and "dynamic" C variables in specific registers for the entire execution of the program.
en.wikipedia-org/wiki/Static_variable
| toadn wrote: | | How CE know if a some variables is... |
It doesn't know and can't know. CE may take a guess based on common binary implementations found in the wild, but it cannot tell for sure if a var is "dynamic" or "static". These are concepts that don't even exist in binary code or assembler.
| toadn wrote: | | I expect to get a detailed answers. |
You got a detailed answer and it's about as detailed as anyone is going to give you.
|
|
| Back to top |
|
|
toadn
Newbie cheater
![]() Reputation: 0
Joined: 06 Jul 2014
Posts: 17
|
| Posted: Fri Sep 09, 2016 4:41 am Post subject: |
|
|
| ParkourPenguin wrote: | From this point forward, I would suggest you change your wording to something less condescending. You are not entitled to anything on these forums and pretending like you are will not get you any help. I'll assume you don't have that intention.
1:
A "static" address is an address located inside a module (i.e. an exe or dll). While the module itself can be loaded at a different virtual address between separate instances of the program, a value stored in the module is unlikely to change its position in that module. Thus, it can be referenced persistently by getting the location of the module (see windows API documentation).
A "dynamic" address is anything not inside a module. This can include the stack, heap, and anything else that's been allocated at runtime by the program. It's uncertain exactly where a specific memory block will be allocated, but it is certain that some reference to it must exist somewhere; otherwise, the program wouldn't be able to use it and would just be allocating memory for the fun of it.
Note that addresses on the stack can sometimes act like static addresses. The first few values on the stacks of the first few threads usually don't change semantics between separate instances of the program. Thus, they can also be referenced persistently (this has been explained before on these forums).
2:
That's one of the most frequently asked questions on these forums. It has been answered many times and has many tutorials covering it, yet even more people ask it without searching.
3:
I highly doubt any developer takes that into account. They'll just use whichever makes the most sense. That isn't even a form of protection, as it doesn't have any baring on the ease at which a value can be found and changed. There are many better ways developers can go about protecting their program. |
I'm sorry, I did not intend to be condescending.
English is not my language, therefore I shorten words and sometimes my things seem unclear.
| Quote: | Note that addresses on the stack can sometimes act like static addresses. The first few values on the stacks of the first few threads usually don't change semantics between separate instances of the program. Thus, they can also be referenced persistently (this has been explained before on these forums).
|
You can expand on that a little more? give me real example of this would really help..
2.This term/subject is called DMA?
3.I know, it was just a thought went through my head ..
Thank you very much.
| kuntz wrote: | | toadn wrote: |
pastebin.c om/KY73HiRE
this code is taken from :
stackoverflow.c om/questions/572547/what-does-static-mean-in-a-c-program
How u can explain this :
i.gyazo.c om/56998c7e9523326b4088eb058bd7ad11.png |
I already explained that to you above.
The code you provided is called "C" and it uses a "compiler" to "compile" the code. One of the keywords of C is "static" and it has a different meaning and use depending on the situation. In your example, the "static" keyword is telling the compiler that this variable needs to be globally available to that scope of code. It means nothing else. The C standard makes no reference to how the variable is stored in memory, nor how it is referenced from memory by code. I can write a C compiler that stores all "static" variables like the one you just used on the stack, or on the heap, or half on the stack and other other half on the heap, or entirely in registers. I am the compiler writer, I can do whatever I want. If I am on a CPU with 256 GPR's, I can store many "static" and "dynamic" C variables in specific registers for the entire execution of the program.
en.wikipedia-org/wiki/Static_variable
| toadn wrote: | | How CE know if a some variables is... |
It doesn't know and can't know. CE may take a guess based on common binary implementations found in the wild, but it cannot tell for sure if a var is "dynamic" or "static". These are concepts that don't even exist in binary code or assembler.
| toadn wrote: | | I expect to get a detailed answers. |
You got a detailed answer and it's about as detailed as anyone is going to give you. |
| Quote: | | CE may take a guess |
How does it really work? This is what I want to know
|
|
| Back to top |
|
|
mgostIH
Expert Cheater
 Reputation: 3
Joined: 01 Jan 2016
Posts: 159
|
| Posted: Fri Sep 09, 2016 6:00 am Post subject: |
|
|
CE dissects the PE header of the executable and checks how long static sections are and from what address they start.
Also, as a developer, you can't really get rid of static addresses, because your program needs to have references to it's own variables when it starts, so it's impossible to have a 100% dynamic executable.
_________________
|
|
| Back to top |
|
|
toadn
Newbie cheater
![]() Reputation: 0
Joined: 06 Jul 2014
Posts: 17
|
| Posted: Fri Sep 09, 2016 8:57 am Post subject: |
|
|
| mgostIH wrote: | CE dissects the PE header of the executable and checks how long static sections are and from what address they start.
Also, as a developer, you can't really get rid of static addresses, because your program needs to have references to it's own variables when it starts, so it's impossible to have a 100% dynamic executable. |
So like I said, it is related to to data/BSS segments, right?
And I want to fix the my question2:
| Quote: | If the program or game using a dynamic variable, is there a way to access the variable in a fixed way(like static address pointer)? Or every time i must look for the variable address again?
|
I know how to find a static address.
But if the programmer of the software/game is not defined static/global variable that will hold the dynamic variable.
There is a way to access a dynamic variable in a fixed way?
| Code: | int main()
{
int health;
int ammo;
//code here...
}
|
Maybe not the best example, but I hope you understand what I mean
|
|
| Back to top |
|
|
Dark Byte
Site Admin
 Reputation: 471
Joined: 09 May 2003
Posts: 25819
Location: The netherlands
|
| Posted: Fri Sep 09, 2016 9:17 am Post subject: |
|
|
Threadstack# addressing can find those.
The closer to the stack it is defined, the more static it is. Of course, the more higher up you get it becomes more random, but the base is always pretty static. And from there you can get paths to the rest
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
toadn
Newbie cheater
![]() Reputation: 0
Joined: 06 Jul 2014
Posts: 17
|
| Posted: Fri Sep 09, 2016 9:43 am Post subject: |
|
|
| Dark Byte wrote: | Threadstack# addressing can find those.
The closer to the stack it is defined, the more static it is. Of course, the more higher up you get it becomes more random, but the base is always pretty static. And from there you can get paths to the rest |
Hello Dark Byte! (CE is an amazing project, thank you that you are still active in the community and helps users solve various problems.)
---
Can you expand on that? I did not really understand..
Thank you!
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 152
Joined: 06 Jul 2014
Posts: 4711
|
| Posted: Fri Sep 09, 2016 9:45 am Post subject: |
|
|
I would like to point out that the term "static" can refer to several things. Different programming languages can have different meanings and implementations associated with that keyword. With regards to CE, the only apparent usage of the term "static" would be the "Find static addresses" menu item (Memory Viewer -> Tools). In this case, a static address is any memory operand of any instruction whose offset is specified by only a displacement (no base, index, or scale; see Intel V1 S3.7.5 "Specifying an Offset") [CE source]. It's common for some people to consider the green addresses in the hex view to be static, but these are determined solely on whether or not they're inside a module [CE source]. Given the context of the OP's question, I'm using the latter definition of "static."
Short C++ example of stack addresses:
| Code: | MyGame* game = new MyGame();
game->start(); |
This creates a pointer on the stack that points to a MyGame object on free store. Neither the pointer nor the object is located in static memory. Assuming this is near the start of the program, the pointer is unlikely to change its offset from the start of the stack both during runtime and on subsequent executions. As such, it can be used as a reference to the MyGame object just as if it was static and inside a module (with a few different steps on CE's part, of course).
| Quote: | | 2.This term/subject is called DMA? |
Some might, but that's not particularly important. There are many ways to go about it. The pointer scanner is probably the easiest one: start it, wait for it to finish, remove inconsistent results, and pick one of the remaining pointers. You can also try finding pointers by hand (see CE tutorial), but this is typically more inconsistent in practice.
Code injection is also an option. Hook some instruction that accesses an address you want a reference to, and store that address somewhere easily accessible by CE (i.e. a registered symbol). As a bonus, AoB scans for code are often more reliable than multilevel pointers if the game has an update.
Both of the above methods are covered in this topic.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
kuntz
Cheater
![]() Reputation: 0
Joined: 29 Aug 2016
Posts: 44
Location: Canada
|
| Posted: Fri Sep 09, 2016 12:27 pm Post subject: |
|
|
| toadn wrote: | | Quote: | | CE may take a guess |
How does it really work? This is what I want to know |
I do not know for sure how or what CE does, so it's best to ask DB or someone familiar with the program.
If I had to take a guess or implement something myself, I'd probably look at the instruction itself to see if it is using a hardcoded address within the instruction itself, or very recently in past-executed instructions:
Instructions that are very likely using a "static" address:
And then we might get situations where the compiler uses a static address but compiles instructions like:
| Code: | mov eax, 401680
mov [eax], 123
mov [eax+4], 456
mov [eax+80], 789 |
And instructions that are likely "dynamic" in nature will use pointers like the last example above, but the base pointer isn't a fixed address, but rather another variable stored somewhere, maybe on the stack, maybe in a heap somewhere:
| Code: | mov eax, [esp-4]
mov eax, [eax]
mov [eax], 123
mov [eax+4], 456
mov [eax+80], 789 |
One thing to keep in mind is that Disassembly and/or Code Analysis is an "art form" and not an exact science. It's basically guessing based on statistics/heuristics:
en.wikipedia-org/wiki/Disassembler
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
