Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Problem ReadProcessMemory in Chunks

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
eclessiastes
How do I cheat?
Reputation: 0

Joined: 03 Sep 2016
Posts: 4

PostPosted: Sat Oct 29, 2016 3:23 am    Post subject: Problem ReadProcessMemory in Chunks Reply with quote

Hi experts,
I'm struggling to make my program read a process memory in chunks. Below is code i'm trying to make work.
Code:

RequestPrivileges();

SYSTEM_INFO sysInfo;
GetNativeSystemInfo(&sysInfo);

..CreateToolhelp32Snapshot...Process32First...OpenProcess...

LPVOID minAddress, maxAddress;
minAddress = sysInfo.lpMinimumApplicationAddress;
maxAddress = sysInfo.lpMaximumApplicationAddress;

while (minAddress < maxAddress)
{
MEMORY_BASIC_INFORMATION mbi = { 0 };
VirtualQueryEx(handleProc, minAddress, &mbi, sizeof(mbi);
if (mbi.Protect == PAGE_READWRITE && mbi.State == MEM_COMMIT)
{
printf("Block size %d\n", mbi.RegionSize);

wchar_t * dumpUnicode = new wchar_t[mbi.RegionSize + 100];
memset(dumpUnicode, 0x00, mbi.RegionSize + 100);
if (!ReadProcessMemory(handleProc, mbi.BaseAddress, dumpUnicode, mbi.RegionSize, &UBytesRead))
...
}
minAddress = (LPBYTE)mbi.BaseAddress + mbi.RegionSize;
}

Now the problem here is that my game has blocks of very large size, like 2 gb. I want to compare block size if its larger than 10000 bytes then i should read it in chunks. Thanks in advance for any help!!!
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Sat Oct 29, 2016 3:45 am    Post subject: Reply with quote

read 10000+comparesize so you have some overlap

e.g with compare size of 10 bytes:
0-10010
10000-10010
20000-20020
etc..

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
eclessiastes
How do I cheat?
Reputation: 0

Joined: 03 Sep 2016
Posts: 4

PostPosted: Sat Oct 29, 2016 1:23 pm    Post subject: Reply with quote

That is exactly what i want to do, problem is i have no vague idea how to do.
if (mbi.RegionSize>10000) { ???
how do i split in chunks the large block size ? I was trying to read it in a char then read the char in chunks but its crashing. I should use readprocessmemory multiple times for every 10000 bytes but haven't found a small example on web
Back to top
View user's profile Send private message
atom0s
Moderator
Reputation: 198

Joined: 25 Jan 2006
Posts: 8516
Location: 127.0.0.1

PostPosted: Sat Oct 29, 2016 1:45 pm    Post subject: Reply with quote

Some things to check:
- Make sure that your handle returned from OpenProcess is valid.
- Make sure that your handle has proper permissions.
- Ensure that the page you are reading to read has valid permissions. You are not checking for things like PAGE_GUARD and PAGE_NOACCESS which can lead to a crash.

In terms of your code you are missing a ) on the VirtualQueryEx line.

While dumping memory in raw, you should be using 'unsigned char' and not wchar_t as memory is not stored as unicode in general. It can hold unicode characters and information, but the raw dump should just be single bytes.

If you dump just the full region you should be fine without needing to overlap things. Or if you do need to overlap, what you can do is store the dumped/read data into a container of some sort and check if the next page of memory is directly after the previous one and combine them.

_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
H4x0rBattie
Advanced Cheater
Reputation: 0

Joined: 10 Nov 2016
Posts: 58

PostPosted: Wed Nov 23, 2016 3:22 am    Post subject: Reply with quote

There is an article at codeproject for C# if my memory serves me right. Search for memory scanner.
_________________
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites