Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Virtual Pagedir and improved physical memory browse ( In C )

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Source -> Plugin development
View previous topic :: View next topic  
Author Message
Dark Byte
Site Admin
Reputation: 329

Joined: 09 May 2003
Posts: 19511
Location: The netherlands

PostPosted: Tue Jan 27, 2009 6:47 pm    Post subject: Virtual Pagedir and improved physical memory browse ( In C ) Reply with quote

Here's a plugin that will read the memory using physical memory instead of virtual memory by reading the CR3 control register and traversing the page tables at the physical side of memory (So it will only find memory that is actually being accessed by the game, and not paged out)

It also includes an improved physical memory browser, accessible from the processlist.
It's tested with a PAE system, could be I messed up with the non pae part though, so fix it if you like.
(and for those that look through the code and want to compile, yeah, I guess I should care more about type and type safety, problem is, I couldn't get myself... same goes for splitting up the code into separate sourcefiles)


Code:

virtualpagedir.c:
This plugin will hook openprocess.
If the opened process is not Cheat engine itself it'll redirect the ReadProcessMemory calls to it's own
internel equivalents of ReadProcessMemory and WriteProcessMemory and try to get the CR3 register of the
target process. (CR3 holds the physical address address of the pagetable of a process)

In the new Read/WriteProcessMemory the provided virtual address is converted to a physical address by
traversing the pagetable structure (Keeping in mind about normal, PAE, and in the future 64-bit paging)
Finally the physical address is read out and sent to the caller.


Due to a problem with readphysicalmemory not mapping above 0x80000000 and not everyone wnts to boot up
with dbvm, readphysicalmemory is implemented by mapping the physical address to 0x1000

VirtualQueryEx is also hooked to provide a memory region overview of accesible memory

-------------------
The Processlist is also extended with a [Physical Memory 2 (plugin)] entry by hooking the Process32First
/Process32Next links
The function of this is to provide an improved Read Physical Memory substitute for ce leaving the original
so it can be used to compare. It is quite easy to just replace the original ReadPhysicalMemory of ce so no
new entry is needed in the processlist


todo: When not present, see if you can fetch it from the pagefile, and if possible, write to the pagefile as well

note: Remember, it doesn't implement copy on write, so if you change a module address, you're changing it in all processes that use that module

note2: Yes, it can be abused as an alternative form of memory bypass

Download: http://cheatengine.org/download/virtualpagedir.rar



The Extension 'rar' was deactivated by an board admin, therefore this Attachment is not displayed.


_________________
Do not ask me about online cheats. I don't know any and wont help finding them.


Last edited by Dark Byte on Mon Jan 18, 2010 8:11 pm; edited 4 times in total
Back to top
View user's profile Send private message MSN Messenger
BanMe
Master Cheater
Reputation: 0

Joined: 29 Nov 2005
Posts: 375
Location: Farmington NH, USA

PostPosted: Tue Jan 27, 2009 7:18 pm    Post subject: Reply with quote

excellent plugin DB!!

if i had a job id give u money! then again if i had a job i wouldn't spend so much time here helping noobs...but we all were noob at 1 point Wink

Thanx again, invaluable source xD yet i do not see why you allow the CRT or CLR to bloat your code.. (i despise CLR and CRT!) but none the less excellent! it reminds of DebugX2, mooses, and FairX's code Cool

regards BanMe
Back to top
View user's profile Send private message MSN Messenger
_dan
How do I cheat?
Reputation: 0

Joined: 06 May 2009
Posts: 3

PostPosted: Wed May 06, 2009 9:42 am    Post subject: Reply with quote

Would love to grab hold of the source but its not activated anymore, maybe you can reactive .rar extensions or re-upload this DarkByte? Thanks Smile
_________________
Cogito Ergo Sum
Back to top
View user's profile Send private message
Holland
Something epic
Ban
Reputation: 60

Joined: 22 Jun 2007
Posts: 2083

PostPosted: Wed May 06, 2009 10:00 am    Post subject: Reply with quote

Maybe it's in the SVN.

http://ce.colddot.nl/browser
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 329

Joined: 09 May 2003
Posts: 19511
Location: The netherlands

PostPosted: Wed May 06, 2009 10:11 am    Post subject: Reply with quote

I've uploaded it here: http://cheatengine.org/download/virtualpagedir.rar
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.


Last edited by Dark Byte on Mon Jan 18, 2010 8:12 pm; edited 1 time in total
Back to top
View user's profile Send private message MSN Messenger
NooBpluSS
Cheater
Reputation: 0

Joined: 24 Jun 2007
Posts: 37

PostPosted: Tue Jul 28, 2009 7:59 pm    Post subject: Reply with quote

Ohhh !! Nice Very Happy
Now I go try write it in delphi or put it in the driver ;P..

_________________

Newbie cheater ;]
Back to top
View user's profile Send private message
BanMe
Master Cheater
Reputation: 0

Joined: 29 Nov 2005
Posts: 375
Location: Farmington NH, USA

PostPosted: Fri Jul 31, 2009 6:14 pm    Post subject: Reply with quote

you have fun doing that...cause that isn't possible delphi isnt for driver development..
_________________
don't +rep me..i do not wish to have "status" or "recognition" from you or anyone.. thank you.
Back to top
View user's profile Send private message MSN Messenger
user601
Moderator
Reputation: 0

Joined: 07 Oct 2004
Posts: 65

PostPosted: Fri Jul 31, 2009 6:37 pm    Post subject: Reply with quote

this plugin can be ported to delphi without a problem.

As for driver development, alone delphi can't make drivers no, but you can make obj files that you can link into your project. (you'll have to write all imports yourself first though which is annoying)

_________________
Back to top
View user's profile Send private message
Ind3siszive
Cheater
Reputation: 0

Joined: 23 Apr 2009
Posts: 43
Location: in a glitch

PostPosted: Mon Jan 18, 2010 10:14 am    Post subject: Reply with quote

its gone again, I would like to download it too Smile
_________________
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger
Dark Byte
Site Admin
Reputation: 329

Joined: 09 May 2003
Posts: 19511
Location: The netherlands

PostPosted: Mon Jan 18, 2010 8:12 pm    Post subject: Reply with quote

updated the link
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Back to top
View user's profile Send private message MSN Messenger
Irtzach
How do I cheat?
Reputation: 0

Joined: 21 Oct 2015
Posts: 2

PostPosted: Wed Oct 21, 2015 11:29 am    Post subject: I have tried but Reply with quote

i have downloaded what u have posted now dont know from where or howto use it... i have to open it with cheat engine???


Screenshot_3.png
 Description:
rar file
 Filesize:  104.57 KB
 Viewed:  14220 Time(s)

Screenshot_3.png


Back to top
View user's profile Send private message
atom0s
Moderator
Reputation: 133

Joined: 25 Jan 2006
Posts: 7028
Location: 127.0.0.1

PostPosted: Sun Oct 25, 2015 9:49 pm    Post subject: Reply with quote

You need to place the .dll inside of the Cheat Engine plugin folder. If you want to build from source yourself, you need to download Visual Studio if you want to use the premade .sln file. Otherwise you will need to rebuild a new project in your personal editor of choice.
_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
lylcheat
Newbie cheater
Reputation: 0

Joined: 14 Feb 2009
Posts: 24
Location: Planet 3 Solar System Orion Arm Spiral Galaxy Milky Way

PostPosted: Tue Oct 27, 2015 8:00 am    Post subject: Reply with quote

It doesn't work with CE6. The code needs update

http://forum.cheatengine.org/viewtopic.php?t=585139
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Source -> Plugin development All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites