Cheat Engine

[paul44]

see: [ https://ibb.co/album/1tKsTk ]
(the 1st pic shows game with loaded pdb - 2nd game does not have a pdb)

In UE games, it is possible to find the actual memLocation of a 'function' via its object. Iow one has the function_name and its corresponding mem_location.
I wonder if it is possible to create a "pdb", which can then be loaded up - kinda like a standard pdb - just for quick search/reference purposes.

One can register them as symbols, but that will make the symbollist 'un-overseeable' (and might even have performance impact ?).
My question: i have no idea how CE loads up/links the pdb info to these mem_addresses, but it must maintain some sort of table for sure.
Is there any way to do something similar with "just": mem_address + fn_name (without param_info andwhatnot)?

ps: i did some research on PDBs (one does not find much info - nor api - on writing these files though; plenty on reading). And: there is also a 'Portable Pdb' as well; is CE suppporting this format too?

[Dark Byte]

you can create a userdefined symbollist (createSymbolList() ) and give it a name.
It's easy to delete when done
if you register() it it'll show up in the memoryview window

you can add symbols using addModule/addSymbol (addsymbol without module is also allowed) and the speed isn't that badly affected. It's a double binary tree. One for names to address and one for address to name. Only memory usage will grow noticeable, but speed won't be an issue


If you have parameters you can add them using the extradata field, but if you don't do that that's fine as well. Only the symbolnames will be used when entering the address (unless you make the parameters part of the name)

Cheat Engine uses microsofts symbol handler api for parsing pdb's . If it supports portable pdb, CE should as well. Else it's up to you to parse the file and add it as a symbollist

[paul44]

Honestly, i was not expecting a solution for this one. This tool just keeps amazing me; kudos to the dev_team !

see here: [ https://ibb.co/QBvmHQL ]

I did some serious googling here, but could not find any info on how to fill that extradata part. I initially plan to pass on the objectID, but i am aware about some Function_Flags as well. As i understood back then, these seem to be UE specific, but "knowing" UE the object structure probably 'holds/links_to' information such as parameters and return_value as well.. ?!
=> so, can you give an example on how to feed that 'extradata' ?
(I do not want to add this info to the symbol as - i assume - this would also mean that one needs to add that part to the 'search' string as well ?!)

I consider this topic as Solved; will leave it open for a week or so in case i ran into some snag...


ps1: atm i have a problem reading/treating the file line by one (yep, already tried them 3 different "lines" approaches, but no cigar sofar. I'll open a topic if i'm not getting anywhere...
ps2: reference to 'Portable PDB': [ https://github.com/dotnet/vscode-csharp/blob/main/docs/debugger/Portable-PDBs.md ]
(cross-OS support)

[Dark Byte]

looks like the extradata is currently not usable (best not use it at all)

Next version has it fixed

if it worked, you'd do something like:

[paul44]

yep, something i tried as well. Good to know it'll get fixed at some point...

There is just one "last' thing i need to ask: what do you need to fill in for [symbolsize] ? i assumed it was the ptr_address for that symbol, so gave it '8' (or 4). (in your example, you gave it 16 ?)
And btw: CE registered them symbols without probs (within the short period of testing ofc)

***************
fyi: got the routine working to read/treat them lines. 2000 lines gobbled up in about 1 sec or so; that looks promising...

ps: on a sidenote: did some additional reading and it looks that the Function Object should indeed 'link' to them params/returnval (~pretty much in the same way as with the structpropnames)

[Dark Byte]

symbolsize is just the range the symbol will take in the disassembler.
e.g if you set the size to 4096 then
symbolname to symbolname+fff will show up like that

[paul44]

Effect when using 'Symbolsize': [ https://ibb.co/album/rRDgqN ]
(incl memory_impact)

This is for about 10.000 entries (gear of war is an "old" UE game). I'm pretty sure - considering the size of PDBs that do come with certain games these days - that its mem_impact will be much larger for sure...

ps: i think it'll be more of a personal "taste", when chosing/changing this value
ps2: since this is defined per symbol, i assume that this "extension" will stop past your defined symbolsize for functions larger then this value...
(i gather that '4096' is not coincidental, but based on personal experience. iow a good value for one's money, sort of speak )