Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


'Fast Scan' & 'Slow Scan'
Goto page Previous  1, 2, 3  Next
 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
iPromise
Grandmaster Cheater
Reputation: -1

Joined: 27 Jun 2009
Posts: 529
Location: Canada

PostPosted: Mon Apr 05, 2010 4:30 pm    Post subject: Reply with quote

This seems to work. I sorta did what dark byte told me to do.

Code:

SIZE_T S;

      MEMORY_BASIC_INFORMATION MBI;

      SYSTEM_INFO SI;

      GetSystemInfo(&SI);

      DWORD lpStartAddress, lpStopAddress;

      lpStartAddress = (DWORD) SI.lpMinimumApplicationAddress;
      lpStopAddress = (DWORD) SI.lpMaximumApplicationAddress;

      for (DWORD addr = lpStartAddress; addr <= lpStopAddress; addr++)
      {

         S = VirtualQueryX((LPCVOID) addr, &MBI, sizeof(MEMORY_BASIC_INFORMATION));

         if ((S == sizeof(MEMORY_BASIC_INFORMATION)) && (MBI.State == MEM_COMMIT) && (MBI.Type == MEM_PRIVATE) && (MBI.RegionSize > 0) && (MBI.Protect == PAGE_READWRITE))
         {
            for (DWORD i = (DWORD) MBI.BaseAddress; i <= ((DWORD) MBI.BaseAddress + (DWORD) MBI.RegionSize - 4096); i++)
            {
               if ((Type == 0 && *(BYTE*) i == (BYTE) Value) || ((Type == 1) && *(WORD*) i == (WORD) Value) || ((Type == 2) && *(DWORD*) i == (DWORD) Value) || ((Type == 3) && *(UINT64*) i == (UINT64) Value) || ((Type == 4) && *(char*) i == (char) Value_Text))
               {
                  InsertItem(i, hwndDlg);
               }
            }
         }

         addr = (DWORD) MBI.BaseAddress + (DWORD) MBI.RegionSize;
      }

      ShowResults(hwndDlg);
Back to top
View user's profile Send private message MSN Messenger
tombana
Master Cheater
Reputation: 2

Joined: 14 Jun 2007
Posts: 456
Location: The Netherlands

PostPosted: Tue Apr 06, 2010 3:36 am    Post subject: Reply with quote

Quote:
This seems to work.
No.

1. Remove the 'addr++' here, because at the end of the loop you are increasing addr already so no need to increment it by one.
Code:
for (DWORD addr = lpStartAddress; addr <= lpStopAddress; addr++)


2. Why are you subtracting 4096? You should actually check the next region to see if it's readable so you could read values that overlap two pages, and if not you shouldn't subtract 4096 but just the size of the type you are scanning for (so that would be 8 bytes for uint64).

3. ((Type == 4) && *(char*) i == (char) Value_Text))
I hope that's not the way you are comparing complete strings.
Back to top
View user's profile Send private message
Slugsnack
Grandmaster Cheater Supreme
Reputation: 71

Joined: 24 Jan 2007
Posts: 1857

PostPosted: Tue Apr 06, 2010 2:44 pm    Post subject: This post has 1 review(s) Reply with quote

Oh god. It's like watching a man slowly dying in a desert. Waiting for that little code snippet..

But oh.. oh.. it's Christmas day !!!!

Code:
while ( VirtualQuery( ( VOID * )( ( int )mbi.BaseAddress + mbi.RegionSize ), &mbi, sizeof( MEMORY_BASIC_INFORMATION ) ) ) {
    if( mbi.Protect == .............. ) {
      dwEndAddr = ( DWORD )mbi.BaseAddress + mbi.RegionSize - 1 - scanSize;

      for( DWORD i = ( DWORD )mbi.BaseAddress; i <= dwEndAddr; i++ ) {
        __try {
        .....
        }
        __except( true ) {
          i = dwEndAddr;
        }
      }
    }
}

inb4 my code has no scanSize or ........ gives errors, etc.

inafter http://img255.imageshack.us/img255/7752/scan0003su.jpg
Back to top
View user's profile Send private message
iPromise
Grandmaster Cheater
Reputation: -1

Joined: 27 Jun 2009
Posts: 529
Location: Canada

PostPosted: Tue Apr 06, 2010 8:24 pm    Post subject: Reply with quote

Code:

if (CheckBox1 == BST_CHECKED)
   {
      SIZE_T ScanSize;

      if (Type == 0)
      {
         ScanSize = sizeof(BYTE);
      }

      if (Type == 1)
      {
         ScanSize = sizeof(WORD);
      }

      if (Type == 2)
      {
         ScanSize = sizeof(DWORD);
      }

      if (Type == 3)
      {
         ScanSize = sizeof(UINT64);
      }

      if (Type == 4)
      {
         ScanSize = sizeof(string);
      }

      DWORD lpflOldProtect;

      SIZE_T S;

      MEMORY_BASIC_INFORMATION MBI;

      SYSTEM_INFO SI;

      GetSystemInfo(&SI);

      DWORD lpStartAddress, lpStopAddress;

      lpStartAddress = (DWORD) SI.lpMinimumApplicationAddress;      

      lpStopAddress = (DWORD) SI.lpMaximumApplicationAddress; 

      for (DWORD addr = lpStartAddress; addr <= lpStopAddress; addr++)
      {

         S = VirtualQueryX((LPCVOID) addr, &MBI, sizeof(MEMORY_BASIC_INFORMATION));

         if ((S == sizeof(MEMORY_BASIC_INFORMATION)) && (MBI.State == MEM_COMMIT) && (MBI.Type == MEM_PRIVATE) && (MBI.RegionSize > 0) && (MBI.Protect == PAGE_READWRITE))
         {
            for (DWORD i = (DWORD) MBI.BaseAddress; i <= ((DWORD) MBI.BaseAddress + (DWORD) MBI.RegionSize - 4096); i++)
            {
               VirtualProtect((LPVOID) i, 4, PAGE_READWRITE, &lpflOldProtect);

               if ((Type == 0 && *(BYTE*) i == (BYTE) Value) || ((Type == 1) && *(WORD*) i == (WORD) Value) || ((Type == 2) && *(DWORD*) i == (DWORD) Value) || ((Type == 3) && *(UINT64*) i == (UINT64) Value) || ((Type == 4) && *(char*) i == (char) Value_Text))
               {
                  InsertItem(i, hwndDlg);
               }
            }
         }

         addr = (DWORD) addr + (DWORD) MBI.RegionSize;
      }

      ShowResults(hwndDlg);
   }


WORKS GREAT Smile
Back to top
View user's profile Send private message MSN Messenger
Flyte
Peanuts!!!!
Reputation: 6

Joined: 19 Apr 2006
Posts: 1887
Location: Canada

PostPosted: Tue Apr 06, 2010 9:04 pm    Post subject: Reply with quote

iPromise wrote:
-snip-
WORKS GREAT Smile


Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Tue Apr 06, 2010 9:11 pm    Post subject: Reply with quote

while flyte's post does explain this perfectly, i'll try to elaborate:

"VirtualProtect((LPVOID) i, 4, PAGE_READWRITE, &lpflOldProtect);" for every single byte.
And here I thought you wanted to increase the speed....

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Anden100
Grandmaster Cheater
Reputation: 0

Joined: 20 Apr 2007
Posts: 668

PostPosted: Wed Apr 07, 2010 4:29 am    Post subject: Reply with quote

Those nice if's concerning the ScanSize Razz, why is it there?, cause if it's to determine the amount of data to be compared:
Code:
      if (Type == 4)
      {
         ScanSize = sizeof(string);
      }

Should be the length of the string which you wish to compare
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Wed Apr 07, 2010 5:50 am    Post subject: Reply with quote

Looking at the code, he's not even using scansize for anything, so I doubt that will be a problem.

Of course, I guess he probably meant to do: i <= ((DWORD) MBI.BaseAddress + (DWORD) MBI.RegionSize - ScanSize+1

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Slugsnack
Grandmaster Cheater Supreme
Reputation: 71

Joined: 24 Jan 2007
Posts: 1857

PostPosted: Wed Apr 07, 2010 11:49 am    Post subject: Reply with quote

Dark Byte wrote:
Looking at the code, he's not even using scansize for anything, so I doubt that will be a problem.

Of course, I guess he probably meant to do: i <= ((DWORD) MBI.BaseAddress + (DWORD) MBI.RegionSize - ScanSize+1

shouldn't that be a -1 ?
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Wed Apr 07, 2010 1:25 pm    Post subject: Reply with quote

actually +0, I didn't notice he used <= instead of <

example:
base: 00400000 size=1000
size-4=ffc

so from 00400000 until address is > 00400ffc

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Anden100
Grandmaster Cheater
Reputation: 0

Joined: 20 Apr 2007
Posts: 668

PostPosted: Wed Apr 07, 2010 2:37 pm    Post subject: Reply with quote

Dark Byte wrote:
Looking at the code, he's not even using scansize for anything, so I doubt that will be a problem.


Did try to point that out as well, by asking him why they were there
And couldn't you as well use memcmp (or similar) to compare the values, instead of doing all those compares? (dunno if it would be faster, but it sure would look better)
Back to top
View user's profile Send private message
Slugsnack
Grandmaster Cheater Supreme
Reputation: 71

Joined: 24 Jan 2007
Posts: 1857

PostPosted: Wed Apr 07, 2010 2:49 pm    Post subject: Reply with quote

Anden100 wrote:
Dark Byte wrote:
Looking at the code, he's not even using scansize for anything, so I doubt that will be a problem.


Did try to point that out as well, by asking him why they were there
And couldn't you as well use memcmp (or similar) to compare the values, instead of doing all those compares? (dunno if it would be faster, but it sure would look better)

memcmp would not be smart. even using scasx would not necessarily be smart since those instructions became slow as manufacturers started making their processors more risc like. the overhead of having a call would not make memcmp viable especially as he's only comparing small blocks
Back to top
View user's profile Send private message
hcavolsdsadgadsg
I'm a spammer
Reputation: 26

Joined: 11 Jun 2007
Posts: 5801

PostPosted: Wed Apr 07, 2010 3:44 pm    Post subject: Reply with quote

most CRT functions now are probably implemented as a compiler intrinsic and will just get inlined as it deems necessary. if you enable the SSE/2 flag it'll try to use those versions as well.

but if you think you can do better, VS comes with the CRT source.
Back to top
View user's profile Send private message
CristoferMartins
Newbie cheater
Reputation: 0

Joined: 18 Dec 2009
Posts: 22

PostPosted: Thu Apr 08, 2010 11:18 am    Post subject: Reply with quote

Hey people,i have a question.
I make a prototype of a scan,and i dont know if this is efficient.
For search integer i copy the all memory of a region to a array of integers and then loop in this array...
Anyway,anyone know a amazing way to read the memory fast and work correct?I dont understand the cheat engine code...
Back to top
View user's profile Send private message
Burningmace
Grandmaster Cheater
Reputation: 5

Joined: 17 Feb 2008
Posts: 520
Location: Inside the Intel CET shadow stack

PostPosted: Thu Apr 08, 2010 11:25 am    Post subject: Reply with quote

Just a quick thought. Which of these is quicker?

1) Find page address and size, read whole page with single ReadProcessMemory call and iterate through that block of memory as a set of bytes, casting appropriately.
2) Find page address and size, read each value with its own ReadProcessMemory call.

_________________
It's not fun unless every exploit mitigation is enabled.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Goto page Previous  1, 2, 3  Next
Page 2 of 3

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites