Cheat Engine

darien fear · Newbie cheater Reputation: 0 Joined: 23 Nov 2007 Posts: 19

ok, first off, cheatengine may already have a way to do this, if so just let me know. if not hear me out. from what I've noticed, the "find out what writes to" and "find out what reads from" options seem to be the only kinds of breakpoint you can place on a non gamecode value. as great as these options are, I was wondering if it was possible to place an actual read or write breakpoint that would stop the game at the exact instant a value is being changed (like in odbg) instead of just taking a snapshot. right now, I'm using odbg to do it, but I would much rather work with a single application attached to my process instead of having both cheat engine and odbg fighting over it. if this is already possible with cheatengine alone, pls let me know how, if not, then I'm putting it down as a suggestion for the next cheatengine release (maybe place it as a sub menu to the find out options) also a don't break on certain address option would be great too. sorry for dumping so much in one go, its just that cheateangine is by far one of the best cheating devices out there and I feel it seems incomplete without the options found in odbg

Dark Byte · Posted: Fri Sep 19, 2008 9:31 pm Post subject:

well, there is a bug in ce that causes this (open the memory browser, do some single step debugging anywhere, continue with running, and then use find out what accesses/writes and it'll break inside the debugger instead of just logging, assuming you use the normal debugging and not the kernelmode debugging)
Will be fixed, but I was already planning on something like that.

darien fear · Newbie cheater Reputation: 0 Joined: 23 Nov 2007 Posts: 19

thx dark bite, I can't wait for the next version to be released. keep up the good work.
update, I've tried to get that bug to work but I don't quite understand what you mean by single step debugging, sorry for being such a bother with this, I'm developing a new way to hack emulators and this option is a must for it to succeed. thx

Dark Byte · Posted: Sat Sep 20, 2008 4:46 pm Post subject:

e.g find an address you know the game executes (e.g one you found with find what accesses before)
then set a breakpoint on that address (f5)
step a few times (f7) and then continue (f9)

I'm not fully sure why the bug ignores the "already debugging" part, you might have to do some obscure stuff for it to happen (Only got it happening to me once when making a aimbot for ut3), but if you then do a "find what accesses" on a address the debugger will beak as if you just had set a breakpoint on the address

darien fear · Newbie cheater Reputation: 0 Joined: 23 Nov 2007 Posts: 19

aww crap, I understand what you mean, but sadly what I'm trying to do won't work with that since the address I'm trying to freezeat also writes to hundreds of other values (you know how emulator data is) so I guess I'll just have to work with odbg untill you implament a break on read/write option thx anyways, I'll be donating some cash from paypal to help you out, sorry for bothering you

Dark Byte · Posted: Sat Sep 20, 2008 5:46 pm Post subject:

I don't think you fully you understood what I said.

Of course, it's just a bug to get it to work, but to get the bug to cause breakpoints on accesses you first must get into debug mode.
You do that by stepping through any random part of the code (e.g a often called routine like that routine that changes all code, I guess it's called often enough to get it to break at least once)
Then you have to step a few times, go to 00000001 and press f4 on that address (it'll run and wait for a breakpoint that'll never happen)

Now when you select an address in the list you can choose "find what accesses" on that address and just drag that window away (used for nothing)

Then each time that specific address is accessed ce will break on it and fill in all registers at that time. (for that specific address) And then allows you to edit the registers, single step, backtrace, etc...

If this isn't what you meant then I don't understand how a break on read/write will result in anything different (it will break on the code that changes all addresses and show the registers for that specific address selector and then lets you debug through the code right after that address is accessed)

darien fear · Newbie cheater Reputation: 0 Joined: 23 Nov 2007 Posts: 19

its a little hard to explain, basically, I'm trying to freeze an emulator at the exact instant a ram code is written to, so I can then check the emulator's debugger (all its registers and current addresses are being monitored by ce, so I can view them even if the emulator is frozen) the problem with the bug you pointed out is that it will break every time the code that writes to my ram code is executed, this wouldn't be a problem if this was just an average game, but in an emulator the same code can be responsible for writing to literally thousands of different ram codes, it would just keep breaking whether the event I'm trying to freeze is happening or not (it would take forever for it to freeze at the right spot) where as with obdg I can select my ram address place a write breakpoint on it and start playing, when it breaks I lok at ce and write down the emulator debugger's registers and the address it is currently executing (which is also the game code responsible for affecting my ram code) all this would allow me to use breakpoints in an emulator withough breakpoint support and to create console cheat device cheats.

Dark Byte · Posted: Sat Sep 20, 2008 9:37 pm Post subject:

when you've used the option "Find out what accesses this address" it will only break when that specific address is accessed" not each time that code is executed

as I said, it's a bug that's it's doing this, since you'd expect it would only fill that list of instructions it finds, but due to this bug, it also breaks when the instruction accesses that specific address