| View previous topic :: View next topic |
| Author |
Message |
OldCheatEngineUser
Whateven rank
 Reputation: 20
Joined: 01 Feb 2016
Posts: 1586
|
 Posted: Tue Feb 06, 2018 4:14 am Post subject: memory editor |
 |
|
| Code: | about:
me.7z contains my basic program to read and write memory.
special thanks to Dark Byte. |
here is the source code:
project discarded, aug.2018
update load pointers
update patch instructions
update save pointers and instructions to file
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
Last edited by OldCheatEngineUser on Sat Aug 04, 2018 3:29 pm; edited 3 times in total |
|
| Back to top |
|
 |
FreeER
Grandmaster Cheater Supreme
![]() Reputation: 53
Joined: 09 Aug 2013
Posts: 1091
|
| Posted: Tue Feb 06, 2018 7:31 am Post subject: |
|
|
| Quote: | | needs to be compiled for each game |
sounds like that should be the next practical step. Either reading from a file or the console to figure out what game it should attach to. Then reading the pointer path as well.
Though for readability/learning purposes you might also want to at least comment constants, if not use some kind of define, like
push 0xFFFFFFF5
call [GetStdHandle]
is getting STDOUT (-11)
might also want more descriptive label/variable names like "consoleTitle" instead of "cname" or "gameWindowCaption" instead of "gname".
At the end is there any actual reason to close the console and phandle, other than cause a tiny amount of delay between telling the program to close and it actually doing so? Won't windows simply do that for you "in the background" after you exit the process?
I don't actually have much asm/winapi experience however. |
|
| Back to top |
|
|
OldCheatEngineUser
Whateven rank
Reputation: 20
Joined: 01 Feb 2016
Posts: 1586
|
| Posted: Tue Feb 06, 2018 7:37 am Post subject: |
|
|
| FreeER wrote: | | Won't windows simply do that for you "in the background" after you exit the process? |
no, not in assembly.
so you have to close them manually, unless its compiler generated assembly.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
|
|
| Back to top |
|
|
FreeER
Grandmaster Cheater Supreme
![]() Reputation: 53
Joined: 09 Aug 2013
Posts: 1091
|
| Posted: Tue Feb 06, 2018 7:41 am Post subject: |
|
|
why would the compiler be any different? We're not talking C++ RAII where you coded the destructor to release handles. Pretty certain basic C will do that too and there's no way the compiler is keeping track of everything opened at runtime.
Might want to double/triple check that 
I mean, it wouldn't entirely surprise me if some part of the C standard library is setting some boolean for Windows to keep track/close things but I wouldn't expect it to. |
|
| Back to top |
|
|
OldCheatEngineUser
Whateven rank
Reputation: 20
Joined: 01 Feb 2016
Posts: 1586
|
| Posted: Tue Feb 06, 2018 7:47 am Post subject: |
|
|
my answer remains no, in higher programming languages the compiler will control and manage that.
which means the system is not responsible for closing handles opened by you, so you have to close whatever handles you opened. (also not every handle need to be closed)
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
|
|
| Back to top |
|
|
FreeER
Grandmaster Cheater Supreme
![]() Reputation: 53
Joined: 09 Aug 2013
Posts: 1091
|
| Posted: Tue Feb 06, 2018 7:57 am Post subject: |
|
|
The compiler can't manage that for you when so much of it is done at run time or with multi-threading etc. It may be magical but it's not that magical or you wouldn't need things like RAII in C++ at all.
Yeah, if you look at ExitProcess you'll see | Quote: | | 6. All of the object handles opened by the process are closed. |
edit: And if it's done by the compiler that assumes the compiler is taking on the job of doing it for whatever OS you are compiling for... which is about 9000% unlikely |
|
| Back to top |
|
|
OldCheatEngineUser
Whateven rank
Reputation: 20
Joined: 01 Feb 2016
Posts: 1586
|
| Posted: Tue Feb 06, 2018 8:13 am Post subject: |
|
|
| FreeER wrote: | | And if it's done by the compiler that assumes the compiler is taking on the job of doing it for whatever OS you are compiling for |
i didnt mean that, i meant the compiler will add CloseHandle function and put it into your code automatically.
about msdn, that doesnt mean opened handles for other processes. (like process handle)
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
|
|
| Back to top |
|
|
FreeER
Grandmaster Cheater Supreme
![]() Reputation: 53
Joined: 09 Aug 2013
Posts: 1091
|
| Posted: Tue Feb 06, 2018 8:21 am Post subject: |
|
|
BS. Show me the source and disassembly for that 
As for process handles, a trivial way to test should be to have it open a bunch without closing and then have CE list all the opened handles with lua's getHandeList. I find it inconceivable that windows would go to the effort of closing file handles for a dead process but won't close process handles for that same dead process. Certainly it won't kill a started process but that's not what CloseHandle does. |
|
| Back to top |
|
|
OldCheatEngineUser
Whateven rank
Reputation: 20
Joined: 01 Feb 2016
Posts: 1586
|
| Posted: Tue Feb 06, 2018 8:27 am Post subject: |
|
|
https://docs.microsoft.com/en-us/sysinternals/downloads/handle
run the tests yourself, the handle remains opened. (unitl both are closed) so far that what i got.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
|
|
| Back to top |
|
|
FreeER
Grandmaster Cheater Supreme
![]() Reputation: 53
Joined: 09 Aug 2013
Posts: 1091
|
| Posted: Tue Feb 06, 2018 10:04 am Post subject: |
|
|
I ran https://pastebin.com/ME0du7Hj which just sits in a loop calling OpenProcess on what was the PID for notepad and in CE called return #getHandleList(2)
here's the results
| Code: |
-- before opened
:6
return #getHandleList(2)
-- after opened
:19
return #getHandleList(2)
:24
return #getHandleList(2)
:31
...
:65
return #getHandleList(2)
:67
return #getHandleList(2)
:68
return #getHandleList(2)
:70
-- after closed
return #getHandleList(2)
:6
|
OS: Windows 10, and it just did the fall creators update, who knows if that matters lol  |
|
| Back to top |
|
|
OldCheatEngineUser
Whateven rank
Reputation: 20
Joined: 01 Feb 2016
Posts: 1586
|
| Posted: Wed Feb 07, 2018 12:51 am Post subject: |
|
|
quick update:
- ok i was able to change page rights (i.e. read/write execute) using VirtualProtectEx
now i can nop instructions, ill see what else i can put into this.
edit: note:
i didnt upload the file. (files uploaded now)
...
previous post
...
ok im done with it, any ideas? or what else i can put into this dirt? idk.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
|
|
| Back to top |
|
|
FreeER
Grandmaster Cheater Supreme
![]() Reputation: 53
Joined: 09 Aug 2013
Posts: 1091
|
| Posted: Wed Feb 07, 2018 6:44 am Post subject: |
|
|
As for ideas,
1. read from a file (possibly "resource files" ie. put the file in the exe)
That way when developing the trainer you can just use a text file rather than recompiling, also makes it a bit more of a cheat tool like CE than a trainer since you could share it with other people and they could create new text files to work on different games.
2. have multiple options and offer a menu to let the user select one, do whatever (increase, decrease, toggle) and then go back to the selection menu and repeat
2.1 hotkeys
3. allocate memory? VirtualAllocEx
4. list modules/symbols?
5. createThread?
6. display values?, for games that have hidden stats. And I just mean print to console not a game overlay
7. breakpoints/change register on breakpoint?, Probably overkill |
|
| Back to top |
|
|
OldCheatEngineUser
Whateven rank
Reputation: 20
Joined: 01 Feb 2016
Posts: 1586
|
| Posted: Wed Feb 07, 2018 7:09 am Post subject: |
|
|
1. ill work on this (i think a .ini file to store stupid configurations, and a simple .txt for other user stuff i also might create a .dll for other purpose)
2. im not good with user interaction
3. im done with virtualallocex and virtualfreeex (but not yet updated)
4. i have no idea about these or how to get them
5. im working on CreateRemoteThreadEx, and it takes many parameters which i dont understand
6. the required console apis arent easy to use, i tried couple times and failed (that doesnt mean ill stop trying but ill keep it for other time)
7. debugging is much more away and above my current knowledge level
thats not everything, since i succeeded on allocating and deallocating memory.
then i need to figure out a way to write couple instructions there and create a thread to execute them, this part requires more time to work on but it worth.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
|
|
| Back to top |
|
|
TheyCallMeTim13
Wiki Contributor
 Reputation: 50
Joined: 24 Feb 2017
Posts: 976
Location: Pluto
|
| Posted: Wed Feb 07, 2018 7:29 am Post subject: |
|
|
It might be better for a separate tool, but you could recreate the pointer scanner, I have considered it just to better understand exactly how it works. Not sure how easy it would be is ASM.
_________________
|
|
| Back to top |
|
|
FreeER
Grandmaster Cheater Supreme
![]() Reputation: 53
Joined: 09 Aug 2013
Posts: 1091
|
| Posted: Wed Feb 07, 2018 7:30 am Post subject: |
|
|
Hm, are you not good with UI or asm just makes it difficult? I could understand the latter but the backspace code didn't look too bad... you could always look at something like https://www.youtube.com/watch?v=pyEAgx1hhiU for ideas (just the first I googled lol)
As for modules ToolHelp32Snapshot or something like that I believe, possibly paired with another call to get more info if it doesn't give the name.... ah,yeah that seems right, see: https://msdn.microsoft.com/en-us/library/windows/desktop/ms684218(v=vs.85).aspx as for other symbols like pdb files... I assume it'd just parsing a file format but that might be a little overkill for handwritten asm
CreateRemoteThreadEx hm, seems simple enough...
| Code: | HANDLE CreateRemoteThreadEx(
_In_ HANDLE hProcess,
_In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes,
_In_ SIZE_T dwStackSize,
_In_ LPTHREAD_START_ROUTINE lpStartAddress,
_In_opt_ LPVOID lpParameter,
_In_ DWORD dwCreationFlags,
_In_opt_ LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList,
_Out_opt_ LPDWORD lpThreadId
); |
aka | Code: | // assuming process was opened with permission to create threads
DWORD threadID;
HANDLE threadHandle = CreateRemoteThreadEx(
processHandleToSpawnThreadIn,
NULL, // security stuff we don't care about
0, // thread stack size, use default for executable
pointer to function to start executing, // stdcall, void pointer, returns DWORD
pointer arg to pass to above function,
0, // just start, don't need to suspend or only reserve the stack
NULL, // more random crap we don't care about
&threadID
);
|
if you're curious about the attribute list see https://msdn.microsoft.com/en-us/library/windows/desktop/ms686880(v=vs.85).aspx
6. fair enough
7. also fair, I don't really know much about it either though to be clear I wasn't suggesting a disassembler or being able to step through the code. Just being able to set a breakpoint and do pre-defined actions before continuing, though I suppose if you got that far stepping wouldn't take much more (it'd just be blind without a disassembly lol)
edit:
@Tim hm, I assume the basic logic is loop through all the (readable) memory by the size of a pointer, if the value is within the +-offset range then add it to the list of possible pointers, repeat for as many levels as there are with each result in the list. Then for usability you'd want to determine if the base is static or not lol
Not sure how pointer maps work unless it's just recording every value (and it's address) that points to a possible address in the process...
Last edited by FreeER on Wed Feb 07, 2018 7:54 am; edited 5 times in total |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
