Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


memheader.h

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming -> Binaries
View previous topic :: View next topic  
Author Message
iPromise
Grandmaster Cheater
Reputation: -1

Joined: 27 Jun 2009
Posts: 522
Location: Canada

PostPosted: Mon Aug 16, 2010 5:45 am    Post subject: memheader.h Reply with quote

This is dedicated to the users who arn't so profound with memory allocation, scanning, etc. Its a header which contains two classes named "Memory" and "Other". The "Memory" class persists five functions:

Code:

[i]void ScanMemory ( HANDLE hProcess, DWORD dwStartAddr, DWORD dwStopAddr, unsigned int Value, SIZE_T szScan, int Type )[/i]


There are 6 arguments / parameters that need to passed on to this function for it to work. The first parameter HANDLE hProcess is the targets handle, you can simply obtain this with OpenProcess(), etc. The second parameter DWORD dwStartAddr, is the beginning address of the range of memory you want to scan. The third paramter DWORD dwStopAddr is the end of the range of memory you want to scan. The fourth parameter unsigned int Value is the value of which you want to scan. The fifth paramter SIZE_T szScan is the size of the scan (ex size of BYTE, or WORD). Finally, the last paramter int Type is the type of scan, the values are predefined:

Code:

- 0 for BYTE ([i] 1 Byte / 8 Bits[/i])
- 1 for WORD ([i] 2 Bytes / 16 Bits[/i])
- 2 for DWORD ([i] 4 Bytes / 32 Bits[/i])
- 3 for UINT64 ([i] 8 Bytes / 64 Bits[/i])


The return value is a file called "Output.txt" in the C:\ drive, with the results inside from the scan.

Code:

bool CompareMemory ( HANDLE hProcess, DWORD dwAddr, unsigned int Value, int Type )


This function is used to compare memory values. The parameters needed are pretty self-explanatory. The handle to the process, the address needed to be read, the value your comparing the address with, the type of comparison ( BYTE, WORD, etc ).

The return value is boolean, meaning if the comparison succeeded the function returns [b]true
. If the comparison failed, the return value is false.

Code:

unsigned int ReadMemory ( HANDLE hProcess, DWORD dwAddr, int Type )


This function is used to read memory from an address. The parameters are as follows; handle, address to be read, and the type of reading you'd prefer ( BYTE, WORD, etc ). The return value is the value of the address.

Code:

bool WriteMemory ( HANDLE hProcess, DWORD dwAddr, unsigned int Value, int Type )


The parameters are the same as the "ReadMemory" function. If the function succeeds, the return value is true, if not, false. The point of this function is to modify / render the value of a address.

Code:

DWORD AddrStatus ( DWORD dwAddr, string strModuleName )


This function is used to determine whether an address is dynamic or static. If the address is indeed static, the return value is the offset to the address, if not, NULL is returned. The parameters are as follows; address to be read, name of the target process (ex: "iexplorer.exe").

In the "Other" class, it persists of two functions:

Code:
DWORD ProcessID ( string strModule )


In order for this function to work you must turn off the Character Set in your projects properties.

This function enumerates through all the open processes in search of the parameter you pass it, if it finds the process module string you specified in the parameter the return value is the process ID.

Code:
HANDLE GetHandle ( DWORD ProcessID )


The return value is a handle with PROCESS_ALL_ACCESS rights, the parameter you need to pass on to it is the process ID of the target.

Download:

http://www.sendspace.com/file/avjs92
Back to top
View user's profile Send private message MSN Messenger
atom0s
Moderator
Reputation: 135

Joined: 25 Jan 2006
Posts: 7125
Location: 127.0.0.1

PostPosted: Mon Aug 16, 2010 6:26 am    Post subject: Reply with quote

Some suggestions and feedback:

- The namespaces are pointless and unneeded for this kind of thing.

- ProcessID( .. ) leaks a handle.
- GetHandle( .. ) will fail on Vista/Windows 7 due to PROCESS_ALL_ACCESS if the debug flag is not set for the process.
- ReadMemory( .. ) will return invalid results depending on the type used. (You are forcing unsigned int return.)
- WriteMemory( .. ) will not write correct values depending on the type used. (You are forcing unsigned int.)

Because you are using string, you should be passing references to the functions. The way you pass them causes copying which can be expensive and time consuming based on the strings.

Ex:
Code:

DWORD ProcessID( cosnt std::string& strModule )
{
 ...
}


Overall I would suggest looking into templates if you want to do stuff like this.

_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
Slugsnack
Grandmaster Cheater Supreme
Reputation: 71

Joined: 24 Jan 2007
Posts: 1858

PostPosted: Mon Aug 16, 2010 7:26 am    Post subject: Reply with quote

Why is there no support for tchar or Unicode ?
_________________
Back to top
View user's profile Send private message
iPromise
Grandmaster Cheater
Reputation: -1

Joined: 27 Jun 2009
Posts: 522
Location: Canada

PostPosted: Mon Aug 16, 2010 4:24 pm    Post subject: Reply with quote

Thanks for the suggestions Wiccaan, I coded this in a rush so I didn't have much time to check out each function, i'll improve it based on your suggestions. I'll try to support tchar, unicode, etc, for my scans as well.
Back to top
View user's profile Send private message MSN Messenger
justa_dude
Grandmaster Cheater
Reputation: 23

Joined: 29 Jun 2010
Posts: 890

PostPosted: Sun Aug 22, 2010 8:07 am    Post subject: Reply with quote

Wiccaan wrote:
Some suggestions and feedback:

- The namespaces are pointless and unneeded for this kind of thing.

- ProcessID( .. ) leaks a handle.
- GetHandle( .. ) will fail on Vista/Windows 7 due to PROCESS_ALL_ACCESS if the debug flag is not set for the process.
- ReadMemory( .. ) will return invalid results depending on the type used. (You are forcing unsigned int return.)
- WriteMemory( .. ) will not write correct values depending on the type used. (You are forcing unsigned int.)

Because you are using string, you should be passing references to the functions. The way you pass them causes copying which can be expensive and time consuming based on the strings.

Ex:
Code:

DWORD ProcessID( cosnt std::string& strModule )
{
 ...
}


Overall I would suggest looking into templates if you want to do stuff like this.


I haven't looked at his code, just your example, but which part would benefit from being templated?
Back to top
View user's profile Send private message
Flyte
Peanuts!!!!
Reputation: 6

Joined: 19 Apr 2006
Posts: 1888
Location: Canada

PostPosted: Sun Aug 22, 2010 11:44 am    Post subject: Reply with quote

justa_dude wrote:
Wiccaan wrote:
Some suggestions and feedback:

- The namespaces are pointless and unneeded for this kind of thing.

- ProcessID( .. ) leaks a handle.
- GetHandle( .. ) will fail on Vista/Windows 7 due to PROCESS_ALL_ACCESS if the debug flag is not set for the process.
- ReadMemory( .. ) will return invalid results depending on the type used. (You are forcing unsigned int return.)
- WriteMemory( .. ) will not write correct values depending on the type used. (You are forcing unsigned int.)

Because you are using string, you should be passing references to the functions. The way you pass them causes copying which can be expensive and time consuming based on the strings.

Ex:
Code:

DWORD ProcessID( cosnt std::string& strModule )
{
 ...
}


Overall I would suggest looking into templates if you want to do stuff like this.


I haven't looked at his code, just your example, but which part would benefit from being templated?


ReadMemory/WriteMemory/etc
Back to top
View user's profile Send private message
justa_dude
Grandmaster Cheater
Reputation: 23

Joined: 29 Jun 2010
Posts: 890

PostPosted: Sun Aug 22, 2010 1:22 pm    Post subject: Reply with quote

Please elaborate, my interest is piqued.
Back to top
View user's profile Send private message
Flyte
Peanuts!!!!
Reputation: 6

Joined: 19 Apr 2006
Posts: 1888
Location: Canada

PostPosted: Sun Aug 22, 2010 9:33 pm    Post subject: Reply with quote

justa_dude wrote:
Please elaborate, my interest is piqued.


More info in this post: http://forum.cheatengine.org/viewtopic.php?p=4934352#4934352
Back to top
View user's profile Send private message
iPromise
Grandmaster Cheater
Reputation: -1

Joined: 27 Jun 2009
Posts: 522
Location: Canada

PostPosted: Mon Aug 23, 2010 2:43 am    Post subject: Reply with quote

I guess i'll update this one. Add templates, fix functions up, fix leaks, etc.
Back to top
View user's profile Send private message MSN Messenger
justa_dude
Grandmaster Cheater
Reputation: 23

Joined: 29 Jun 2010
Posts: 890

PostPosted: Mon Aug 23, 2010 6:36 am    Post subject: Reply with quote

I'm looking at the link you provided, Flyte, but I don't see any templated functions in the code you linked to. I still wonder how templating the ReadMemory/WriteMemory functions will benefit, since they ultimately read an array of bytes regardless of interpreted type.
Back to top
View user's profile Send private message
Flyte
Peanuts!!!!
Reputation: 6

Joined: 19 Apr 2006
Posts: 1888
Location: Canada

PostPosted: Mon Aug 23, 2010 12:39 pm    Post subject: Reply with quote

justa_dude wrote:
I'm looking at the link you provided, Flyte, but I don't see any templated functions in the code you linked to. I still wonder how templating the ReadMemory/WriteMemory functions will benefit, since they ultimately read an array of bytes regardless of interpreted type.


Are you sure you know what a template is? 80% of the functions in the code I linked (memory.hpp; you did look at it, right?) are templated.

Templating those functions does two things:
  1. You can extract the size of the type so you know how many bytes to read/write.
  2. In the case of reading, casting the returned value to the proper type. In the case of writing, avoiding casts everywhere.
Back to top
View user's profile Send private message
justa_dude
Grandmaster Cheater
Reputation: 23

Joined: 29 Jun 2010
Posts: 890

PostPosted: Mon Aug 23, 2010 3:02 pm    Post subject: Reply with quote

Flyte wrote:
justa_dude wrote:
I'm looking at the link you provided, Flyte, but I don't see any templated functions in the code you linked to. I still wonder how templating the ReadMemory/WriteMemory functions will benefit, since they ultimately read an array of bytes regardless of interpreted type.


Are you sure you know what a template is? 80% of the functions in the code I linked (memory.hpp; you did look at it, right?) are templated.

Templating those functions does two things:
  1. You can extract the size of the type so you know how many bytes to read/write.
  2. In the case of reading, casting the returned value to the proper type. In the case of writing, avoiding casts everywhere.


Yeah, at university a decade ago we had to rewrite the STL in our data structures class. I'm comfortable w/ templates. In truth, I haven't followed links on either thread, I only looked at what was written in the messages. I can see why templates and/or functional objects would be useful for comparators for searches and so forth. From the context of this thread, I was looking for templated versions of the API calls (specifically, read/write/gethandle/processid). I don't see any way around (or benefit from) using some sort of cast to call the API functions, and I thought you might've been suggesting something clever.

Cheers,
adude
Back to top
View user's profile Send private message
Flyte
Peanuts!!!!
Reputation: 6

Joined: 19 Apr 2006
Posts: 1888
Location: Canada

PostPosted: Mon Aug 23, 2010 4:30 pm    Post subject: Reply with quote

justa_dude wrote:
Yeah, at university a decade ago we had to rewrite the STL in our data structures class. I'm comfortable w/ templates. In truth, I haven't followed links on either thread, I only looked at what was written in the messages. I can see why templates and/or functional objects would be useful for comparators for searches and so forth. From the context of this thread, I was looking for templated versions of the API calls (specifically, read/write/gethandle/processid). I don't see any way around (or benefit from) using some sort of cast to call the API functions, and I thought you might've been suggesting something clever.

Cheers,
adude


Small example:

Code:
#include <windows.h>

template <typename T, typename S>
bool WriteMemory(HANDLE handle, S addr, T const & data) {
   SIZE_T junk;
   return WriteProcessMemory(handle, (LPVOID)addr, (LPCVOID)&data, sizeof(data), &junk) ? true : false;
}

int main()
{
   HANDLE someValidHandle;
   WriteMemory<int>(someValidHandle, 0xBADF00D, 23);
   WriteMemory<double>(someValidHandle, 0xBADF00D, 23);
   return 0;
}


Make sense yet?
Back to top
View user's profile Send private message
justa_dude
Grandmaster Cheater
Reputation: 23

Joined: 29 Jun 2010
Posts: 890

PostPosted: Mon Aug 23, 2010 6:08 pm    Post subject: Reply with quote

Why do you feel that this is better?
Back to top
View user's profile Send private message
Flyte
Peanuts!!!!
Reputation: 6

Joined: 19 Apr 2006
Posts: 1888
Location: Canada

PostPosted: Mon Aug 23, 2010 8:25 pm    Post subject: Reply with quote

justa_dude wrote:
Why do you feel that this is better?


Type safety is extremely important, and it results in cleaner code. Why wouldn't you want that?

You take this further as I did in the (experimental/untested) code I linked, and you can abstract it down to:

Code:
int main()
{
   Address addr = Memory().Reference(0xBADF00D);
   int foo = (int)addr; // Read
   addr = 42; // Write
   addr = 2 + 5 * (int)addr; // Both
   return 0;
}
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming -> Binaries All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites