Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


How does scanning for a double value work?

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
Michaelc
Cheater
Reputation: 0

Joined: 15 May 2016
Posts: 45

PostPosted: Sat Oct 14, 2017 6:02 pm    Post subject: How does scanning for a double value work? Reply with quote

Here is my question about the memory:

So I have a base address of a chunk of memory from it's size, from VirtualQueryEx

start = mbi.BaseAddress
finish = mbi.RegionSize

So at this time, I use while and this is how it looks like

while index < finish:
# access the memory here:
while memory function( index)
# then index += 1, for the inner loop

## this line complete the outer while loop
index += mbi.RegionSize


so Why did I put down index += 1 ?

That's because what I think about the memory looks like this
(short)(int)(double)(int)(int)(int)(double) and so on,

since I can't predict which address is the beginning of a double, the only way
to deal with that is to use increment by 1.

Now, from what I have been reading, it seems there is a better way to do it,
for instance, a for loop.

for(start,finish, 8)

why 8? because double begins at exact 0 or multiple of 8 bytes, right?






[code]

import ctypes
from ctypes.wintypes import WORD, DWORD, LPVOID

PVOID = LPVOID
SIZE_T = ctypes.c_size_t

# https://msdn.microsoft.com/en-us/library/aa383751#DWORD_PTR
if ctypes.sizeof(ctypes.c_void_p) == ctypes.sizeof(ctypes.c_ulonglong):
DWORD_PTR = ctypes.c_ulonglong
elif ctypes.sizeof(ctypes.c_void_p) == ctypes.sizeof(ctypes.c_ulong):
DWORD_PTR = ctypes.c_ulong

class SYSTEM_INFO(ctypes.Structure):
"""https://msdn.microsoft.com/en-us/library/ms724958"""
class _U(ctypes.Union):
class _S(ctypes.Structure):
_fields_ = (('wProcessorArchitecture', WORD),
('wReserved', WORD))
_fields_ = (('dwOemId', DWORD), # obsolete
('_s', _S))
_anonymous_ = ('_s',)
_fields_ = (('_u', _U),
('dwPageSize', DWORD),
('lpMinimumApplicationAddress', LPVOID),
('lpMaximumApplicationAddress', LPVOID),
('dwActiveProcessorMask', DWORD_PTR),
('dwNumberOfProcessors', DWORD),
('dwProcessorType', DWORD),
('dwAllocationGranularity', DWORD),
('wProcessorLevel', WORD),
('wProcessorRevision', WORD))
_anonymous_ = ('_u',)

LPSYSTEM_INFO = ctypes.POINTER(SYSTEM_INFO)



Kernel32 = ctypes.WinDLL('kernel32', use_last_error=True)
Kernel32.GetSystemInfo.restype = None
Kernel32.GetSystemInfo.argtypes = (LPSYSTEM_INFO,)

sysinfo = SYSTEM_INFO()
Kernel32.GetSystemInfo(ctypes.byref(sysinfo))

print(sysinfo.lpMinimumApplicationAddress)
print(sysinfo.lpMaximumApplicationAddress)


# maybe it will change, maybe it won't. Assuming it won't.

# 2nd, get Open process.
import psutil
import sys

for proc in psutil.process_iter():
if str('swtor.exe') in str(proc.name) and \
proc.memory_info().rss > 1000000000:
PID = proc.pid
print('PID:',PID)


PROCESS_QUERY_INFORMATION = 0x0400
PROCESS_VM_READ = 0x0010

Process = Kernel32.OpenProcess(PROCESS_QUERY_INFORMATION|PROCESS_VM_READ, False, PID)
print('process:', Process)



# 3rd

class MEMORY_BASIC_INFORMATION(ctypes.Structure):
"""https://msdn.microsoft.com/en-us/library/aa366775"""
_fields_ = (('BaseAddress', PVOID),
('AllocationBase', PVOID),
('AllocationProtect', DWORD),
('RegionSize', SIZE_T),
('State', DWORD),
('Protect', DWORD),
('Type', DWORD))

##PMEMORY_BASIC_INFORMATION = ctypes.POINTER(MEMORY_BASIC_INFORMATION)

mbi = MEMORY_BASIC_INFORMATION()
##sysinfo.lpMinimumApplicationAddress

print('VirtualQueryEx ran properly?',Kernel32.VirtualQueryEx(Process, \
sysinfo.lpMinimumApplicationAddress, ctypes.byref(mbi),ctypes.sizeof(mbi)))
# sysinfo.lpMinimumApplicationAddress replaced by None

##print('')
##print('mbi start')
##print('mbi.BaseAddress: ',mbi.BaseAddress)
##print('mbi.AllocationBase: ',mbi.AllocationBase)
##print('mbi.AllocationProtect: ',mbi.AllocationProtect)
##print('mbi.RegionSize: ',mbi.RegionSize)
##print('mbi.State: ',mbi.State)
##print('mbi.Protect: ', mbi.Protect)
##print('mbi.Type: ',mbi.Type)



ReadProcessMemory = Kernel32.ReadProcessMemory

##
MEM_COMMIT = 0x00001000;
PAGE_READWRITE = 0x04;

##buffer = ctypes.c_uint()
buffer = ctypes.c_double()

nread = SIZE_T()

##start = ctypes.c_void_p(mbi.BaseAddress)

current_address = sysinfo.lpMinimumApplicationAddress
end_address = sysinfo.lpMaximumApplicationAddress

hit_count = 0
target_value = -159

hit_pool = list()


while current_address < end_address:
Kernel32.VirtualQueryEx(Process, \
current_address, ctypes.byref(mbi),ctypes.sizeof(mbi))

if mbi.Protect == PAGE_READWRITE and mbi.State == MEM_COMMIT :
print('This region can be scanned!')
index = current_address
end = current_address + mbi.RegionSize - 7

for i in range(index, end, 8):
if ReadProcessMemory(Process, i, ctypes.byref(buffer), \
ctypes.sizeof(buffer), ctypes.byref(nread)):
## pass
# impletment value comparison now.
if buffer.value < (target_value + 1) and \
buffer.value > (target_value - 1):
print(buffer.value, hex(i), 'hit:', hit_count)
hit_count += 1
hit_pool.append(hex(i))


else:
print('else happend.')
## pass
## raise ctypes.WinError(ctypes.get_last_error())

current_address += mbi.RegionSize



print('done.')
print(hit_count)

print(hit_pool)
[/code]
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites