 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
AlbanainRetard
Master Cheater
 Reputation: 0
Joined: 02 Nov 2008
Posts: 494
Location: Canada eh?
|
 Posted: Tue Mar 17, 2009 5:54 pm Post subject: Memory address(es) scan? |
 |
|
Where do I start from and end?
Is this right?
00400000-7FFFFFFF
And is there a way I can dynamically detect min and max, Winter was going to talk but he had to leave for shcool o.0.
Offtopic: I am this far i need to know this for memory scanner
And yes you can check the address with Sora. It sucks o.o
_________________
|
|
| Back to top |
|
 |
samuri25404
Grandmaster Cheater
 Reputation: 7
Joined: 04 May 2007
Posts: 955
Location: Why do you care?
|
| Posted: Tue Mar 17, 2009 6:33 pm Post subject: |
|
|
Here's what you need to do:
Call GetSystemInfo( ). That'll give you the minimum and maximum application addresses.
Pseudocode:
| Code: |
while( VirtualQueryEx( Process, CurrentAddress, buffer ) and CurrentAddress < MaxAddress )
{
if (GetLastError() != 0)
//stop and do something...
Pages.add( buffer ); //keep a collection of all the valid pages
CurrentAddress += buffer.Size;
}
foreach( Page p in Pages )
{
if (p doesn't have readable settings )
next page
ReadProcessMemory( Process, p.Base, otherBuffer, p.Size )
for( int i = 0; i < p.Size; i++ )
{
if( otherBuffer[ i ] == val )
Results.add( p.Base + i );
}
}
|
_________________
|
|
| Back to top |
|
|
AlbanainRetard
Master Cheater
Reputation: 0
Joined: 02 Nov 2008
Posts: 494
Location: Canada eh?
|
| Posted: Tue Mar 17, 2009 6:35 pm Post subject: |
|
|
| samuri25404 wrote: | Here's what you need to do:
Call GetSystemInfo( ). That'll give you the minimum and maximum application addresses.
Pseudocode:
| Code: |
while( VirtualQueryEx( Process, CurrentAddress, buffer ) and CurrentAddress < MaxAddress )
{
if (GetLastError() != 0)
//stop and do something...
Pages.add( buffer ); //keep a collection of all the valid pages
CurrentAddress += buffer.Size;
}
foreach( Page p in Pages )
{
if (p doesn't have readable settings )
next page
ReadProcessMemory( Process, p.Base, otherBuffer, p.Size )
for( int i = 0; i < p.Size; i++ )
{
if( otherBuffer[ i ] == val )
Results.add( p.Base + i );
}
}
|
|
Thanks, Time to undertake.
_________________
|
|
| Back to top |
|
|
Anden100
Grandmaster Cheater
![]() Reputation: 0
Joined: 20 Apr 2007
Posts: 668
|
| Posted: Wed Mar 18, 2009 12:19 am Post subject: |
|
|
| AlbanainRetard wrote: | | samuri25404 wrote: | Here's what you need to do:
Call GetSystemInfo( ). That'll give you the minimum and maximum application addresses.
Pseudocode:
| Code: |
while( VirtualQueryEx( Process, CurrentAddress, buffer ) and CurrentAddress < MaxAddress )
{
if (GetLastError() != 0)
//stop and do something...
Pages.add( buffer ); //keep a collection of all the valid pages
CurrentAddress += buffer.Size;
}
foreach( Page p in Pages )
{
if (p doesn't have readable settings )
next page
ReadProcessMemory( Process, p.Base, otherBuffer, p.Size )
for( int i = 0; i < p.Size; i++ )
{
if( otherBuffer[ i ] == val )
Results.add( p.Base + i );
}
}
|
|
Thanks, Time to undertake. |
I will advice you to save the scan results to a file, instead of the RAM. Scanning for "0" in MS will crap your ram O.o., it took 1,5gb of ram for me...
|
|
| Back to top |
|
|
mStorm
Expert Cheater
![]() Reputation: 0
Joined: 21 Feb 2009
Posts: 107
|
| Posted: Wed Mar 18, 2009 8:17 am Post subject: |
|
|
| Make sure you are scanning queried regions and not every byte.
|
|
| Back to top |
|
|
AlbanainRetard
Master Cheater
Reputation: 0
Joined: 02 Nov 2008
Posts: 494
Location: Canada eh?
|
| Posted: Wed Mar 18, 2009 1:49 pm Post subject: |
|
|
| mStorm wrote: | | Make sure you are scanning queried regions and not every byte. |
Well I am scanning it in a DLL I got it to work, I just chrash I think its because of my list box.
_________________
|
|
| Back to top |
|
|
Anden100
Grandmaster Cheater
![]() Reputation: 0
Joined: 20 Apr 2007
Posts: 668
|
| Posted: Wed Mar 18, 2009 2:51 pm Post subject: |
|
|
| AlbanainRetard wrote: | | mStorm wrote: | | Make sure you are scanning queried regions and not every byte. |
Well I am scanning it in a DLL I got it to work, I just chrash I think its because of my list box. |
So your so called "CE" is a .dll?, that changes anything quiet a bit...
|
|
| Back to top |
|
|
AlbanainRetard
Master Cheater
Reputation: 0
Joined: 02 Nov 2008
Posts: 494
Location: Canada eh?
|
| Posted: Wed Mar 18, 2009 3:11 pm Post subject: |
|
|
| Anden100 wrote: | | AlbanainRetard wrote: | | mStorm wrote: | | Make sure you are scanning queried regions and not every byte. |
Well I am scanning it in a DLL I got it to work, I just chrash I think its because of my list box. |
So your so called "CE" is a .dll?, that changes anything quiet a bit... |
Pretty much, Now that I can search for memory I add to a listbox but when I click on it, it crashes itself and the injected process. Do I need to alloc more memory? Oh I also am using threads.
_________________
|
|
| Back to top |
|
|
Anden100
Grandmaster Cheater
![]() Reputation: 0
Joined: 20 Apr 2007
Posts: 668
|
| Posted: Wed Mar 18, 2009 3:14 pm Post subject: |
|
|
| AlbanainRetard wrote: | | Anden100 wrote: | | AlbanainRetard wrote: | | mStorm wrote: | | Make sure you are scanning queried regions and not every byte. |
Well I am scanning it in a DLL I got it to work, I just chrash I think its because of my list box. |
So your so called "CE" is a .dll?, that changes anything quiet a bit... |
Pretty much, Now that I can search for memory I add to a listbox but when I click on it, it crashes itself and the injected process. Do I need to alloc more memory? Oh I also am using threads. |
Still save your scanning results to a file, but dont use RPM
And when you do a memory scan, you will also include the values in your "CE"...
Last edited by Anden100 on Wed Mar 18, 2009 3:22 pm; edited 1 time in total |
|
| Back to top |
|
|
AlbanainRetard
Master Cheater
Reputation: 0
Joined: 02 Nov 2008
Posts: 494
Location: Canada eh?
|
| Posted: Wed Mar 18, 2009 3:19 pm Post subject: |
|
|
| Anden100 wrote: | | AlbanainRetard wrote: | | Anden100 wrote: | | AlbanainRetard wrote: | | mStorm wrote: | | Make sure you are scanning queried regions and not every byte. |
Well I am scanning it in a DLL I got it to work, I just chrash I think its because of my list box. |
So your so called "CE" is a .dll?, that changes anything quiet a bit... |
Pretty much, Now that I can search for memory I add to a listbox but when I click on it, it crashes itself and the injected process. Do I need to alloc more memory? Oh I also am using threads. |
Still save your scanning results to a file, but dont use RPM |
When I scan, I don't get to much RAM increase o.0 maybe 0.01 GB but I mean thats nothing and could just be even smaller because it could be like:
1.379
so I add 1mb..
But it does add up, and CE uses memory and it doesn't jump mine up.
Also it just closes after while I scanned 100 and it crashed it has to be the size of the list box
EDIT: Eylaos (I think thats the name) trainer saves it to a array, I need to see if he actually saves it to a file, plus I need to have first scan and next.
_________________
|
|
| Back to top |
|
|
Anden100
Grandmaster Cheater
![]() Reputation: 0
Joined: 20 Apr 2007
Posts: 668
|
| Posted: Wed Mar 18, 2009 3:31 pm Post subject: |
|
|
| AlbanainRetard wrote: | | Anden100 wrote: | | AlbanainRetard wrote: | | Anden100 wrote: | | AlbanainRetard wrote: | | mStorm wrote: | | Make sure you are scanning queried regions and not every byte. |
Well I am scanning it in a DLL I got it to work, I just chrash I think its because of my list box. |
So your so called "CE" is a .dll?, that changes anything quiet a bit... |
Pretty much, Now that I can search for memory I add to a listbox but when I click on it, it crashes itself and the injected process. Do I need to alloc more memory? Oh I also am using threads. |
Still save your scanning results to a file, but dont use RPM |
When I scan, I don't get to much RAM increase o.0 maybe 0.01 GB but I mean thats nothing and could just be even smaller because it could be like:
1.379
so I add 1mb..
But it does add up, and CE uses memory and it doesn't jump mine up.
Also it just closes after while I scanned 100 and it crashed it has to be the size of the list box
EDIT: Eylaos (I think thats the name) trainer saves it to a array, I need to see if he actually saves it to a file, plus I need to have first scan and next. |
If you only scan for 100 values, and it then crashes, you wont see a RAM change...
Lets search for "0" in firefox, using CE
it gives me 16427771 results. Your max result was 100, which gave an increasement of 0,01gb ram. 16427771/100*0,01 = 1642,7771gb of RAM. For some reason, i dont think you got that much RAM O.o
I'ma do a more precise calculation for you here:
For each value you find, you will need to store the value and the address (cas' the printing and the scanning should not be done in the same loop). Lets say you scan for an integer value, and save the result addr in an integer value.
An integer value is 4 bytes, and you need 2 of them. That gives 8 bytes/value
8*16427771=131422168 bytes
131422168/1024/1024=125,33394622802734375gb of ram
Wow... i did some mis-calculation there..., someone please correct it O.o
Also, creating a .dll memory scanner aint to smart, since you will include all the values in your "CE", in your scan
|
|
| Back to top |
|
|
AlbanainRetard
Master Cheater
Reputation: 0
Joined: 02 Nov 2008
Posts: 494
Location: Canada eh?
|
| Posted: Wed Mar 18, 2009 3:36 pm Post subject: |
|
|
| Anden100 wrote: | | AlbanainRetard wrote: | | Anden100 wrote: | | AlbanainRetard wrote: | | Anden100 wrote: | | AlbanainRetard wrote: | | mStorm wrote: | | Make sure you are scanning queried regions and not every byte. |
Well I am scanning it in a DLL I got it to work, I just chrash I think its because of my list box. |
So your so called "CE" is a .dll?, that changes anything quiet a bit... |
Pretty much, Now that I can search for memory I add to a listbox but when I click on it, it crashes itself and the injected process. Do I need to alloc more memory? Oh I also am using threads. |
Still save your scanning results to a file, but dont use RPM |
When I scan, I don't get to much RAM increase o.0 maybe 0.01 GB but I mean thats nothing and could just be even smaller because it could be like:
1.379
so I add 1mb..
But it does add up, and CE uses memory and it doesn't jump mine up.
Also it just closes after while I scanned 100 and it crashed it has to be the size of the list box
EDIT: Eylaos (I think thats the name) trainer saves it to a array, I need to see if he actually saves it to a file, plus I need to have first scan and next. |
If you only scan for 100 values, and it then crashes, you wont see a RAM change...
Lets search for "0" in firefox, using CE
it gives me 16427771 results. Your max result was 100, which gave an increasement of 0,01gb ram. 16427771/100*0,01 = 1642,7771gb of RAM. For some reason, i dont think you got that much RAM O.o
I'ma do a more precise calculation for you here:
For each value you find, you will need to store the value and the address (cas' the printing and the scanning should not be done in the same loop). Lets say you scan for an integer value, and save the result addr in an integer value.
An integer value is 4 bytes, and you need 2 of them. That gives 8 bytes/value
8*16427771=131422168 bytes
131422168/1024/1024=125,33394622802734375gb of ram
Wow... i did some mis-calculation there..., someone please correct it O.o
Also, creating a .dll memory scanner aint to smart, since you will include all the values in your "CE", in your scan |
Um: I scaned for the value 100 and got shit loads like my scroll bar in listbox was a tiny pixel and I did it again and not to much ram increase. I am sorry to say but it seems I am right.
_________________
|
|
| Back to top |
|
|
Anden100
Grandmaster Cheater
![]() Reputation: 0
Joined: 20 Apr 2007
Posts: 668
|
| Posted: Wed Mar 18, 2009 3:40 pm Post subject: |
|
|
| AlbanainRetard wrote: | | Um: I scaned for the value 100 and got shit loads like my scroll bar in listbox was a tiny pixel and I did it again and not to much ram increase. I am sorry to say but it seems I am right. |
Do you print the values, as soon as you find them, or do you save the scan results to a dynamic array?
|
|
| Back to top |
|
|
Dark Byte
Site Admin
 Reputation: 471
Joined: 09 May 2003
Posts: 25864
Location: The netherlands
|
| Posted: Wed Mar 18, 2009 3:44 pm Post subject: |
|
|
well, not too much wrong with memory scanning from inside a dll (e.g ce's hyperscan) just make sure when enumerating the memory regions to scan to strip out the memory your dll uses. (So keep track of the location of your stack, the memory buffers your dll alocates, etc... and after/during the memory enumeration with virtualquery skip those regions)
as for your calculation: it's 125MB
But yes, I do recommend saving the results to a file. That also makes it easier to filter out your own dll's memory . (e.g ce allocates a couple of MB of ram, depending on the scansettings, and when the buffer is full it flushes it to disk, so no memory allocations during the scan, which will really slow you down)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Anden100
Grandmaster Cheater
![]() Reputation: 0
Joined: 20 Apr 2007
Posts: 668
|
| Posted: Wed Mar 18, 2009 3:45 pm Post subject: |
|
|
| Dark Byte wrote: | well, not too much wrong with memory scanning from inside a dll (e.g ce's hyperscan) just make sure when enumerating the memory regions to scan to strip out the memory your dll uses. (So keep track of the location of your stack, the memory buffers your dll alocates, etc... and after/during the memory enumeration with virtualquery skip those regions)
as for your calculation: it's 125MB
But yes, I do recommend saving the results to a file. That also makes it easier to filter out your own dll's memory . (e.g ce allocates a couple of MB of ram, depending on the scansettings, and when the buffer is full it flushes it to disk, so no memory allocations during the scan, which will really slow you down) |
argh!, i forgot KB...
And for me, implementing use of files instead of an dynamic array, it almost halfen my scan duration...
And i like the e.g, i didnt think of doing it that way! 
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
