Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


How to detour to a VirtualAllocated address

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
Viloresi
Expert Cheater
Reputation: 0

Joined: 02 Feb 2017
Posts: 149

PostPosted: Sat Apr 29, 2017 1:47 pm    Post subject: How to detour to a VirtualAllocated address Reply with quote

Hi, I'm trying to set the VirtualAlloc base address after the target address that I've chosen...
But VirtualAlloc fails to alloc because the address I'm giving it's not the base address of that memory region, also I'm getting that address from the FindPattern (classic function) that returns the address in form of DWORD64 so I cast it to a LPVOID...
I would like to do it like cheat engine does with alloc function, (it allocate the memory closer to the selected address, and also after that, never before).

So resuming, do you know what I've to pass to VirtualAlloc first parameter (base address of the allocation) to accomplish this?

P.s. I've a custom detour function that uses E9 jump, I'm using it because it's small and requires just 5 bytes.
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Sat Apr 29, 2017 2:44 pm    Post subject: Reply with quote

virtualloc base address must be dividable by 64KB and the whole 64KB has to be free
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Viloresi
Expert Cheater
Reputation: 0

Joined: 02 Feb 2017
Posts: 149

PostPosted: Sun Apr 30, 2017 6:25 am    Post subject: Reply with quote

Dark Byte wrote:
virtualloc base address must be dividable by 64KB and the whole 64KB has to be free

I don't understand why in MSDN they say If the memory is already reserved and is being committed, the address is rounded down to the next page boundary.
The only way to find a free space after a chosen address inside a process it to use the virtualquery right? I can't give a random address and hoping that the system would round it to the correct freed page after that, right?

Aniway I'm using this code
Code:

DWORD64 Addr= FindPattern("MyProcess.exe", "\x8B\x42\x08\xC7\x01\x01\x00\x00\x00\x89", "xxxxxxxxxx");
   SYSTEM_INFO si;
   GetSystemInfo(&si);
   
   DWORD64 Granularity = si.dwAllocationGranularity;
   DWORD64 AllocAddy = (Granularity - (Addr % Granularity) + Addr);
   LPVOID NewPageAddy = VirtualAlloc((LPVOID)AllocAddy, 1000, MEM_RESERVE | MEM_COMMIT, PAGE_EXECUTE_READWRITE) ;

and the virtualalloc fails.


EDIT:
I've found a solution, I share the snippet of code in case someone will need it.
Code:

MEMORY_BASIC_INFORMATION mbi = { 0 };
   for (uintptr_t addr = (uintptr_t)ChosenAddr;
      addr > (uintptr_t)ChosenAddr- 0x80000000;
      addr = (uintptr_t)mbi.BaseAddress - 1)
   {
      if (VirtualQuery((LPCVOID)addr, &mbi, sizeof(mbi)) != sizeof(MEMORY_BASIC_INFORMATION))
         break;

      if (mbi.State == MEM_FREE)
      {
         NewPageAddy = VirtualAlloc(mbi.BaseAddress, 0x1000, MEM_RESERVE | MEM_COMMIT, PAGE_EXECUTE_READWRITE);
         
         break;
      }
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites