|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
pisto Newbie cheater Reputation: 0
Joined: 30 Sep 2007 Posts: 18
|
Posted: Sun Jul 19, 2009 4:07 pm Post subject: some thoughts about heap |
|
|
I'm writing because I think that 2 features of Cheatengine need an improvement: heaplist and pointer scan.
I have never seen the pointer scan work (perhpas I've always been unlucky), it always give fake results, or not at all, and it's slow. Then, listing the heap blocks is *very* slow, and that little window shows the blocks' bound, but not its size, and it's annoying to open the calculator and calculate the difference.
So, I'd suggest the coders of cheatengine to read this article that I found: securityxploded[dot]com/enumheaps.php
I didn't test it, but the author claims that his replacement of Heap32First and Heap32Next is much faster.
Moreover, I'd like to see the call stack of when the memory block has been allocated.
Could this be something useful in cheatengine?
I implemented this last feature, and a pointer scan, as a dll that's injected at process startup: it hooks and catches any call to HeapAlloc (and HeapFree and HeapReAlloc). About the pointer scan, the algorithm uses the heaplist built with these 3 hooks, and so checks only the valid memory (does Cheatengine do the same?): it works more quickly than cheatengine (usually 10 seconds with a maximum pointer depth of 10 on my 9 years () old pc).
If you think that these features are worthy, I can give you the source code of my dll.
bye |
|
Back to top |
|
|
Csimbi I post too much Reputation: 94
Joined: 14 Jul 2007 Posts: 3110
|
Posted: Sun Jul 19, 2009 4:49 pm Post subject: Re: some thoughts about heap |
|
|
pisto wrote: | About the pointer scan, the algorithm uses the heaplist built with these 3 hooks, and so checks only the valid memory (does Cheatengine do the same?): it works more quickly than cheatengine (usually 10 seconds with a maximum pointer depth of 10 on my 9 years () old pc). |
The pointer scan usually works for me (I use the old method), but I can never go deeper than level4, because it's never gonna finish.
So, I would love to see an improvement regarding the speed of pointer scan.
Have a chat with Dark Byte about this. AFAIK, he is very open to suggestions, especially if you are going to contribute code.
My recommendation: grab the current SVN, put your code there, see how it works and send the updated files to Dark Byte. |
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25288 Location: The netherlands
|
Posted: Sun Jul 19, 2009 6:31 pm Post subject: |
|
|
ce's pointer scan checks all writable memory(Virtualqueryex filtering regions with write access), not only heap memory, but I guess I could add in a option to limit to heap only, since most base class objects are usually allocated in the heap anyhow
Best way to test if the method works is using the pointerscan routine on ce's tutorial step 8 (ce tutorial step 8 pass=525927)
And sure, send me the source, I'll have a look at it, could be useful
as for ce's pointer scan speed in 5.5, use the non-injected version, the injected one is slow _________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
pisto Newbie cheater Reputation: 0
Joined: 30 Sep 2007 Posts: 18
|
Posted: Mon Jul 20, 2009 12:11 am Post subject: |
|
|
I'm going to leave right today for holydays. I'll get back in a week, and then I'll put some comments on my code and translate some names (my code is a funny mix of italian and sloppy english) and I'll send you. I can't just patch the svn, I'm coding in C++, as the author of the link in my first post, I don't know anything about delphi.
EDIT:
just ran some tests with the cheatengine tutorial: my code doesn't work because the pointer at step 8 is not within a heap block (uh?). Besides, originally my code added the heap block captured in the hooks only if the caller of HeapAlloc was the main executable module: but since the tutorial uses the old GlobalAlloc/LocalAlloc functions (why?), the call to HeapAlloc is made from the code that wraps the heap functions in the global/local ones (that is in kernel32.dll).
All of this can be fixed, and probably you can override the normal cheatengine behaviour with mine only when reading a page that's used as heap.
EDIT2:
here is the code, and the binary too.
My dll is made for a program called Wormkit, a sort of (hack)add-on loader for Worms Armageddon. Unfortunatly, Wormkit.exe loads only WA.exe: you should rename your executable to that for testing. Anyway, Wormkit is coded in Delphi, and you can easily change it (I included the sources its sources too).
I think that the pointer scan should look on memory that's both readable and writable, what's the point in searching in non-modificable memory?
www dot webalice.it/micioptah/pointerScan.rar |
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25288 Location: The netherlands
|
Posted: Mon Jul 27, 2009 9:50 pm Post subject: |
|
|
Ok, i'll check it out _________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
pisto Newbie cheater Reputation: 0
Joined: 30 Sep 2007 Posts: 18
|
Posted: Tue Jul 28, 2009 12:50 am Post subject: |
|
|
I forgot to describe the weird input method:
because I don't know how to code a GUI, and for some reasons I couldn't create a console window, yo need to put commands (start [address], checknow, etc... described in the cpp file) in a input.txt file, in the current directory of the program. Then, click ok on the little message box asking to go, and it will parse the file. Output will be in output.txt. |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|