Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Bytes + address

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
NoMercy
Master Cheater
Reputation: 1

Joined: 09 Feb 2009
Posts: 289

PostPosted: Sun Dec 05, 2010 10:26 am    Post subject: Bytes + address Reply with quote

Hello,

I'm trying to make a Memory viewer, I was thinking a long time about this and I cam up with this. I do this in .exe, so I don't know yet how to get the bytes from addresses.

I did this to find which addresses are readable:

Code:
void StartRegion()
{
   MEMORY_BASIC_INFORMATION MBI;
   VirtualQueryEx(hMsHandle,(VOID *)BaseAddress,&MBI,sizeof(MBI))
   int start = (int) MBI.BaseAddress;

   while(VirtualQueryEx(hMsHandle,( VOID * )( ( int )mbi.BaseAddress + mbi.RegionSize ),&MBI,sizeof(MBI)))
   {
      if (MBI.Protect == 0 || MBI.Protect == 0x01)
         break;
      int end = (int)MBI.BaseAddress + (int)MBI.RegionSize;


      for(int i = start; i<end; i++)
      {
         DWORD Buffer[5000];// these 2 lines are shit now, I think.
         ReadProcessMemory(hMsHandle,(LPCVOID)BaseAddress,Buffer,MBI.RegionSize,0);


         InsertLVItem("001000000","0","0"); //001 is base from notepad
      }

      
   }
}

void InsertLVItem(std::string First,std::string sec,std::string third);

Where the InsertLvItem() is my function to add things to the ListView.

So everytime the user scrolls down, just before the next region, I should call the next region to show?

Is showing really so dramaticaly as in CE? Where DB have an array from 1000? lines of all ASM commands?

Grz,

NM

UPDATE:

Code:
void StartRegion()
{
   MEMORY_BASIC_INFORMATION MBI;
   VirtualQueryEx(hMsHandle,(VOID *)BaseAddress,&MBI,sizeof(MBI));
   int start = (int) MBI.BaseAddress;

   while(VirtualQueryEx(hMsHandle,( VOID * )( ( int )MBI.BaseAddress + MBI.RegionSize ),&MBI,sizeof(MBI)))
   {
      if (MBI.Protect == 0 || MBI.Protect == 0x01)
         break;
      int end = start + 25; //(int)MBI.BaseAddress + (int)MBI.RegionSize;


      for(int i = start; i<end; i++)
      {
         DWORD Buffer = -1;
         DWORD bytesRead = 0;
         ReadProcessMemory(hMsHandle,(LPCVOID)BaseAddress,&Buffer,sizeof(int),&bytesRead);
         char buffer[32];
         wsprintfA(buffer, "%X", bytesRead);
         char buvver[32];
         wsprintfA(buvver, "%X",i);
         std::string x = buffer;
         std::string y = buvver;
         InsertLVItem(y,x,"0");
         bytesRead = 0;
      }

      
   }
}


Still not very good, it scans every adress, gotta find something on that.

EDIT: I see something now, I use RMP wrong, I should read the buffer which is big as the Memory region, and after that read from the buffer and not RPM.
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 373

Joined: 09 May 2003
Posts: 22009
Location: The netherlands

PostPosted: Sun Dec 05, 2010 11:33 am    Post subject: Reply with quote

Quote:
Is showing really so dramaticaly as in CE? Where DB have an array from 1000? lines of all ASM commands?

I just like keeping stuff orderly for speed and future enhancements (and yes, inserting all the data into a listview will be slow and will eat up too much memory to be usable)

And as you've mentioned you're using the results of RPM wrong , unless you like seeing:
Code:

base+0 - 4 - 0
base+1 - 4 - 0
base+2 - 4 - 0
base+3 - 4 - 0
base+4 - 4 - 0


As for what's going wrong, I really recommend showing the new code as my original reply was such a big flame I just couldn't get myself to press submit

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
NoMercy
Master Cheater
Reputation: 1

Joined: 09 Feb 2009
Posts: 289

PostPosted: Sun Dec 05, 2010 12:55 pm    Post subject: Reply with quote

Dark Byte wrote:
Quote:
Is showing really so dramaticaly as in CE? Where DB have an array from 1000? lines of all ASM commands?

I just like keeping stuff orderly for speed and future enhancements (and yes, inserting all the data into a listview will be slow and will eat up too much memory to be usable)

And as you've mentioned you're using the results of RPM wrong , unless you like seeing:
Code:

base+0 - 4 - 0
base+1 - 4 - 0
base+2 - 4 - 0
base+3 - 4 - 0
base+4 - 4 - 0


As for what's going wrong, I really recommend showing the new code as my original reply was such a big flame I just couldn't get myself to press submit


Hmm, So there is no easier way then doing that, al ASM commands in a array?

Well anyway thanks for the help, I recoded shit with examples now.

came up with this

Code:
BOOL StartRegion()
{
   SYSTEM_INFO sInfo;
    GetSystemInfo(&sInfo);                 
    SIZE_T s;           
    DWORD min = (DWORD) BaseAddress;
    DWORD max = (DWORD) sInfo.lpMaximumApplicationAddress;

   MEMORY_BASIC_INFORMATION mbi;

   for(int i = min; i < max;)
   {
      s = VirtualQueryEx(hMsHandle, (LPVOID)i, &mbi, sizeof(MEMORY_BASIC_INFORMATION));

      if(s == sizeof(MEMORY_BASIC_INFORMATION) && mbi.Type == MEM_PRIVATE && mbi.State == MEM_COMMIT && mbi.RegionSize > 0)
     {
         size_t reg = mbi.RegionSize;
         void *buffer = malloc(reg);
         ReadProcessMemory(hMsHandle, (LPVOID)mbi.BaseAddress, buffer, reg, NULL);
         
       for(unsigned int j = 0; j < reg; j++)
         {
            int val = (int)(*(DWORD*)buffer + j);
            std::stringstream ss;
            std::string lByte;
            ss << val;
            ss >> lByte;
         }
               
           
         
      }
      if(s == 0)
      {
          MessageBoxA(NULL, "VirtualQuery error", "Error!", 0);
         return FALSE;
      }
       DWORD prog = (DWORD)mbi.BaseAddress + (DWORD)mbi.RegionSize;
      i = prog;
   }

   return TRUE;
}


Still no succes to read bytes/ addresses
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 373

Joined: 09 May 2003
Posts: 22009
Location: The netherlands

PostPosted: Sun Dec 05, 2010 3:29 pm    Post subject: This post has 1 review(s) Reply with quote

Is there a reason why you only want to show memory in chunks of 4 bytes ?

And check if ReadProcessMemory returns true or not.


then there's :int val = (int)(*(DWORD*)buffer + j);
I'm not so good with dword pointers (which is why I always downcast to unsigned chars first) so not sure if buffer +j increases the pointer with j or with j*4 instead
Of course, that is not the problem here because of missing brackets. Here you are typecasting the void buffer pointer to a DWORD buffer pointer, and then is dereferenced into a value, and then the value j is added to it. So if the first byte in the buffer is 10 and j is 2 then val would turn 12

as for stringstream no idea, I never use C++, I'd rather use sprintf but it might work


also, free the buffer at the end of the loop

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
NoMercy
Master Cheater
Reputation: 1

Joined: 09 Feb 2009
Posts: 289

PostPosted: Mon Dec 06, 2010 8:38 am    Post subject: Reply with quote

Thanks that helped a lot,

I'm coming closer now, I'm now debugging in DOS, which is way easier to do shit like this. My output is now:

Quote:

Mine Output:
905a4d
3
4
ffff
b8

CE's output:
01000000 4d
01000001 5a
01000002 90
01000003 00 03
01000005 00 00
01000006 00 04 00
0100000A 00 00
0100000C ff
0100000D ff 00
0100000F 00 b8


It's getting closer, but how can I read the address, I need to know if it's valid or not? And how to know what bytes belong to which address? Further seems it like mine thing skips the 00 ones?

My code now: (DOS)
Code:
BOOL StartRegion()
{
   SYSTEM_INFO sInfo;
    GetSystemInfo(&sInfo);                           
    DWORD min = BaseAddress;
    DWORD max = (DWORD) sInfo.lpMaximumApplicationAddress;

   MEMORY_BASIC_INFORMATION mbi;

   VirtualQueryEx(hProc, (LPVOID)BaseAddress, &mbi, sizeof(MEMORY_BASIC_INFORMATION));
   int buffer[ 5 ] = {0};
    if(ReadProcessMemory(hProc, (VOID*)(BaseAddress), &buffer, sizeof(buffer), NULL))
   {
      for( int i= 0; i< 5; i++)
      cout << hex << buffer[i] << endl;
   }
   return 1;
}


Thanks DB for help so far:)
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 373

Joined: 09 May 2003
Posts: 22009
Location: The netherlands

PostPosted: Mon Dec 06, 2010 12:56 pm    Post subject: Reply with quote

first change int buffer to "unsigned char"
and replace sizeof(buffer) with 5 because sizeof(buffer) always returns 4

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
NoMercy
Master Cheater
Reputation: 1

Joined: 09 Feb 2009
Posts: 289

PostPosted: Mon Dec 06, 2010 1:04 pm    Post subject: Reply with quote

Dark Byte wrote:
first change int buffer to "unsigned char"
and replace sizeof(buffer) with 5 because sizeof(buffer) always returns 4


Would that be better then this?

Code:
BYTE buffer[50] = {0};


      if(ReadProcessMemory(hProc, (VOID*)mbi.BaseAddress, buffer, sizeof(buffer), NULL))
      {
         for( int i= 0; i < sizeof(buffer); i++)
         {      

                  if(buffer[i] == 0 || buffer[i] <= 16)
                     cout << "0";

                  printf("%X", buffer[i]);

                  cout << " ";
               
         }


this returns all bytes, even with 00.

Further Am I now trying to convert ur assemblerunit.pas from delphi to C. all those types are struct I suppose? eo_none,par_1, etc are const chars?
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 373

Joined: 09 May 2003
Posts: 22009
Location: The netherlands

PostPosted: Mon Dec 06, 2010 1:15 pm    Post subject: Reply with quote

probably

also:
Code:

if(buffer[i] == 0 || buffer[i] <= 16)
  cout << "0";

That is just sad, and I think the compiler reads this as :
Code:

if(buffer[i] == ((0 || buffer[i]) <= 16))


which will only be true when buffer[i]=1


as for the assembler they are c's equivalent of typedefs
But honestly not sure if assembler is something you should work with for the moment. Perhaps using a third party assembler library is easier in this case...

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
NoMercy
Master Cheater
Reputation: 1

Joined: 09 Feb 2009
Posts: 289

PostPosted: Mon Dec 06, 2010 1:24 pm    Post subject: Reply with quote

Dark Byte wrote:
probably

also:
Code:

if(buffer[i] == 0 || buffer[i] <= 16)
  cout << "0";

That is just sad, and I think the compiler reads this as :
if(buffer[i] == (0 || buffer[i]) <= 16)


as for the assembler they are c's equivalent of typedefs


I'm intrested in why you think its sad, it will just improve my code + my way of thinking. Further seems it to work quite well, I don't think the () are needed.

For C thing: ypedef TTokenType =(
ttInvalidtoken , will never work I've to declare ttInvalidtoken right?
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites