|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
NoMercy Master Cheater Reputation: 1
Joined: 09 Feb 2009 Posts: 289
|
Posted: Sun Dec 05, 2010 10:26 am Post subject: Bytes + address |
|
|
Hello,
I'm trying to make a Memory viewer, I was thinking a long time about this and I cam up with this. I do this in .exe, so I don't know yet how to get the bytes from addresses.
I did this to find which addresses are readable:
Code: | void StartRegion()
{
MEMORY_BASIC_INFORMATION MBI;
VirtualQueryEx(hMsHandle,(VOID *)BaseAddress,&MBI,sizeof(MBI))
int start = (int) MBI.BaseAddress;
while(VirtualQueryEx(hMsHandle,( VOID * )( ( int )mbi.BaseAddress + mbi.RegionSize ),&MBI,sizeof(MBI)))
{
if (MBI.Protect == 0 || MBI.Protect == 0x01)
break;
int end = (int)MBI.BaseAddress + (int)MBI.RegionSize;
for(int i = start; i<end; i++)
{
DWORD Buffer[5000];// these 2 lines are shit now, I think.
ReadProcessMemory(hMsHandle,(LPCVOID)BaseAddress,Buffer,MBI.RegionSize,0);
InsertLVItem("001000000","0","0"); //001 is base from notepad
}
}
} |
void InsertLVItem(std::string First,std::string sec,std::string third);
Where the InsertLvItem() is my function to add things to the ListView.
So everytime the user scrolls down, just before the next region, I should call the next region to show?
Is showing really so dramaticaly as in CE? Where DB have an array from 1000? lines of all ASM commands?
Grz,
NM
UPDATE:
Code: | void StartRegion()
{
MEMORY_BASIC_INFORMATION MBI;
VirtualQueryEx(hMsHandle,(VOID *)BaseAddress,&MBI,sizeof(MBI));
int start = (int) MBI.BaseAddress;
while(VirtualQueryEx(hMsHandle,( VOID * )( ( int )MBI.BaseAddress + MBI.RegionSize ),&MBI,sizeof(MBI)))
{
if (MBI.Protect == 0 || MBI.Protect == 0x01)
break;
int end = start + 25; //(int)MBI.BaseAddress + (int)MBI.RegionSize;
for(int i = start; i<end; i++)
{
DWORD Buffer = -1;
DWORD bytesRead = 0;
ReadProcessMemory(hMsHandle,(LPCVOID)BaseAddress,&Buffer,sizeof(int),&bytesRead);
char buffer[32];
wsprintfA(buffer, "%X", bytesRead);
char buvver[32];
wsprintfA(buvver, "%X",i);
std::string x = buffer;
std::string y = buvver;
InsertLVItem(y,x,"0");
bytesRead = 0;
}
}
} |
Still not very good, it scans every adress, gotta find something on that.
EDIT: I see something now, I use RMP wrong, I should read the buffer which is big as the Memory region, and after that read from the buffer and not RPM.
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25288 Location: The netherlands
|
Posted: Sun Dec 05, 2010 11:33 am Post subject: |
|
|
Quote: | Is showing really so dramaticaly as in CE? Where DB have an array from 1000? lines of all ASM commands? |
I just like keeping stuff orderly for speed and future enhancements (and yes, inserting all the data into a listview will be slow and will eat up too much memory to be usable)
And as you've mentioned you're using the results of RPM wrong , unless you like seeing:
Code: |
base+0 - 4 - 0
base+1 - 4 - 0
base+2 - 4 - 0
base+3 - 4 - 0
base+4 - 4 - 0
|
As for what's going wrong, I really recommend showing the new code as my original reply was such a big flame I just couldn't get myself to press submit
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
NoMercy Master Cheater Reputation: 1
Joined: 09 Feb 2009 Posts: 289
|
Posted: Sun Dec 05, 2010 12:55 pm Post subject: |
|
|
Dark Byte wrote: | Quote: | Is showing really so dramaticaly as in CE? Where DB have an array from 1000? lines of all ASM commands? |
I just like keeping stuff orderly for speed and future enhancements (and yes, inserting all the data into a listview will be slow and will eat up too much memory to be usable)
And as you've mentioned you're using the results of RPM wrong , unless you like seeing:
Code: |
base+0 - 4 - 0
base+1 - 4 - 0
base+2 - 4 - 0
base+3 - 4 - 0
base+4 - 4 - 0
|
As for what's going wrong, I really recommend showing the new code as my original reply was such a big flame I just couldn't get myself to press submit |
Hmm, So there is no easier way then doing that, al ASM commands in a array?
Well anyway thanks for the help, I recoded shit with examples now.
came up with this
Code: | BOOL StartRegion()
{
SYSTEM_INFO sInfo;
GetSystemInfo(&sInfo);
SIZE_T s;
DWORD min = (DWORD) BaseAddress;
DWORD max = (DWORD) sInfo.lpMaximumApplicationAddress;
MEMORY_BASIC_INFORMATION mbi;
for(int i = min; i < max;)
{
s = VirtualQueryEx(hMsHandle, (LPVOID)i, &mbi, sizeof(MEMORY_BASIC_INFORMATION));
if(s == sizeof(MEMORY_BASIC_INFORMATION) && mbi.Type == MEM_PRIVATE && mbi.State == MEM_COMMIT && mbi.RegionSize > 0)
{
size_t reg = mbi.RegionSize;
void *buffer = malloc(reg);
ReadProcessMemory(hMsHandle, (LPVOID)mbi.BaseAddress, buffer, reg, NULL);
for(unsigned int j = 0; j < reg; j++)
{
int val = (int)(*(DWORD*)buffer + j);
std::stringstream ss;
std::string lByte;
ss << val;
ss >> lByte;
}
}
if(s == 0)
{
MessageBoxA(NULL, "VirtualQuery error", "Error!", 0);
return FALSE;
}
DWORD prog = (DWORD)mbi.BaseAddress + (DWORD)mbi.RegionSize;
i = prog;
}
return TRUE;
} |
Still no succes to read bytes/ addresses
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25288 Location: The netherlands
|
Posted: Sun Dec 05, 2010 3:29 pm Post subject: |
|
|
Is there a reason why you only want to show memory in chunks of 4 bytes ?
And check if ReadProcessMemory returns true or not.
then there's :int val = (int)(*(DWORD*)buffer + j);
I'm not so good with dword pointers (which is why I always downcast to unsigned chars first) so not sure if buffer +j increases the pointer with j or with j*4 instead
Of course, that is not the problem here because of missing brackets. Here you are typecasting the void buffer pointer to a DWORD buffer pointer, and then is dereferenced into a value, and then the value j is added to it. So if the first byte in the buffer is 10 and j is 2 then val would turn 12
as for stringstream no idea, I never use C++, I'd rather use sprintf but it might work
also, free the buffer at the end of the loop
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
NoMercy Master Cheater Reputation: 1
Joined: 09 Feb 2009 Posts: 289
|
Posted: Mon Dec 06, 2010 8:38 am Post subject: |
|
|
Thanks that helped a lot,
I'm coming closer now, I'm now debugging in DOS, which is way easier to do shit like this. My output is now:
Quote: |
Mine Output:
905a4d
3
4
ffff
b8
CE's output:
01000000 4d
01000001 5a
01000002 90
01000003 00 03
01000005 00 00
01000006 00 04 00
0100000A 00 00
0100000C ff
0100000D ff 00
0100000F 00 b8
|
It's getting closer, but how can I read the address, I need to know if it's valid or not? And how to know what bytes belong to which address? Further seems it like mine thing skips the 00 ones?
My code now: (DOS)
Code: | BOOL StartRegion()
{
SYSTEM_INFO sInfo;
GetSystemInfo(&sInfo);
DWORD min = BaseAddress;
DWORD max = (DWORD) sInfo.lpMaximumApplicationAddress;
MEMORY_BASIC_INFORMATION mbi;
VirtualQueryEx(hProc, (LPVOID)BaseAddress, &mbi, sizeof(MEMORY_BASIC_INFORMATION));
int buffer[ 5 ] = {0};
if(ReadProcessMemory(hProc, (VOID*)(BaseAddress), &buffer, sizeof(buffer), NULL))
{
for( int i= 0; i< 5; i++)
cout << hex << buffer[i] << endl;
}
return 1;
} |
Thanks DB for help so far:)
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25288 Location: The netherlands
|
Posted: Mon Dec 06, 2010 12:56 pm Post subject: |
|
|
first change int buffer to "unsigned char"
and replace sizeof(buffer) with 5 because sizeof(buffer) always returns 4
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
NoMercy Master Cheater Reputation: 1
Joined: 09 Feb 2009 Posts: 289
|
Posted: Mon Dec 06, 2010 1:04 pm Post subject: |
|
|
Dark Byte wrote: | first change int buffer to "unsigned char"
and replace sizeof(buffer) with 5 because sizeof(buffer) always returns 4 |
Would that be better then this?
Code: | BYTE buffer[50] = {0};
if(ReadProcessMemory(hProc, (VOID*)mbi.BaseAddress, buffer, sizeof(buffer), NULL))
{
for( int i= 0; i < sizeof(buffer); i++)
{
if(buffer[i] == 0 || buffer[i] <= 16)
cout << "0";
printf("%X", buffer[i]);
cout << " ";
} |
this returns all bytes, even with 00.
Further Am I now trying to convert ur assemblerunit.pas from delphi to C. all those types are struct I suppose? eo_none,par_1, etc are const chars?
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25288 Location: The netherlands
|
Posted: Mon Dec 06, 2010 1:15 pm Post subject: |
|
|
probably
also:
Code: |
if(buffer[i] == 0 || buffer[i] <= 16)
cout << "0";
|
That is just sad, and I think the compiler reads this as :
Code: |
if(buffer[i] == ((0 || buffer[i]) <= 16))
|
which will only be true when buffer[i]=1
as for the assembler they are c's equivalent of typedefs
But honestly not sure if assembler is something you should work with for the moment. Perhaps using a third party assembler library is easier in this case...
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
NoMercy Master Cheater Reputation: 1
Joined: 09 Feb 2009 Posts: 289
|
Posted: Mon Dec 06, 2010 1:24 pm Post subject: |
|
|
Dark Byte wrote: | probably
also:
Code: |
if(buffer[i] == 0 || buffer[i] <= 16)
cout << "0";
|
That is just sad, and I think the compiler reads this as :
if(buffer[i] == (0 || buffer[i]) <= 16)
as for the assembler they are c's equivalent of typedefs |
I'm intrested in why you think its sad, it will just improve my code + my way of thinking. Further seems it to work quite well, I don't think the () are needed.
For C thing: ypedef TTokenType =(
ttInvalidtoken , will never work I've to declare ttInvalidtoken right?
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|