| View previous topic :: View next topic | 
	
	
		| Author | Message | 
	
		| Dr.Disrespect Grandmaster Cheater
 
 ![]() Reputation: 3 
 Joined: 17 Feb 2016
 Posts: 526
 
 
 | 
			
				|  Posted: Sun Mar 06, 2016 11:39 am    Post subject: "Tools" in the "Memory Viewer". |   |  
				| 
 |  
				| I have searched the forum and couldn't find a tutorial about this. Please see the attached file. I have several questions(an answer to any of them is appreciated.): 1. what is"Allocate Memory" used for?
 2. what is"Scan for code caves" used for?
 3. what is "Fill Memory" used for?
 4. what is "Created Thread" used for?
 5. what is "Dissect PE headers" used for?
 6. what is "Structure spider' used for?
 7. what is "Ultimap" used for? (especially this one)
 8. what is "watch memory page access" used for?
 9. what is "watch memory allocations" used for?
 
 Thanks a lot and sorry for so many questions.
 
 
 
 
	
		
	 
		| Description: |  |  
		| Filesize: | 40.71 KB |  
		| Viewed: | 15202 Time(s) |  
		| 
  
 
 |  
 |  | 
	
		| Back to top |  | 
	
		|  | 
	
		| ++METHOS I post too much
 
 ![]() Reputation: 92 
 Joined: 29 Oct 2010
 Posts: 4197
 
 
 | 
			
				|  Posted: Sun Mar 06, 2016 12:18 pm    Post subject: |   |  
				| 
 |  
				| Look at the help file. |  | 
	
		| Back to top |  | 
	
		|  | 
	
		| ParkourPenguin I post too much
 
  Reputation: 152 
 Joined: 06 Jul 2014
 Posts: 4704
 
 
 | 
			
				|  Posted: Sun Mar 06, 2016 12:20 pm    Post subject: |   |  
				| 
 |  
				| 1. Allocating memory. 2. Scanning for code caves.
 3. Writing a specific byte to a block of memory.
 4. Creating a thread at a specific instruction.
 5. Looking at the Portable Executable header.
 6. Looking through a structure. It automatically dereferences pointers and dissects their structures. Can be used to compare two structures too.
 7. Scanning for code. It keeps track of all the calls that are made and how many times they're called. [1] [2]
 8. If you click on this, it explicitly tells you exactly what it does.
 9. I would guess this watches for and gathers information on memory allocations by the process.
 _________________
 
 I don't know where I'm going, but I'll figure it out when I get there. |  | 
	
		| Back to top |  | 
	
		|  | 
	
		| mgostIH Expert Cheater
 
  Reputation: 3 
 Joined: 01 Jan 2016
 Posts: 159
 
 
 | 
			
				|  Posted: Sun Mar 06, 2016 12:23 pm    Post subject: Re: "Tools" in the "Memory Viewer". |     |  
				| 
 |  
				|  	  | fmanager wrote: |  	  | I have searched the forum and couldn't find a tutorial about this. Please see the attached file. I have several questions(an answer to any of them is appreciated.): 1. what is"Allocate Memory" used for?
 2. what is"Scan for code caves" used for?
 3. what is "Fill Memory" used for?
 4. what is "Created Thread" used for?
 5. what is "Dissect PE headers" used for?
 6. what is "Structure spider' used for?
 7. what is "Ultimap" used for? (especially this one)
 8. what is "watch memory page access" used for?
 9. what is "watch memory allocations" used for?
 
 Thanks a lot and sorry for so many questions.
 | 
 
 1. Allocates new dynamic memory on the target process, can't be simpler than that. There you can put your own code and make a codecave or run it with a new thread
 
 2. Searches for patterns in executable memory that look like a codecave (example, 50 0xCC bytes one after the other)
 
 3.Substitures an entire specified block of memory with a byte you want.
 
 4.Create a new thread on the specified address that will start to run your code asynchronously, aka while the process main thread still runs.
 
 5.Gives you all the info you need about the executable PE header (Still, I would suggest you using appropriate tools for that, rather than CE default)
 
 6.The structure spider is used to improve finding patterns in structures and pointers. With the structure spider you can also check a structure against another one, to see the differences they have.
 
 7.Ultimap is a tool strictly related to DBVM, so you'll need that running first. It check every call that the executable makes, so you can find specific functions that would be hard to find otherwise.
 
 8.This aswell needs DBVM and returns you all the memory pages that are being accessed by the executable code.
 This can be used to find better pointers, or to analyze the code even further.
 
 9.This looks at all the memory pages being allocated in real time. I would suggest View->Memory Regions better though.
 _________________
 
 |  | 
	
		| Back to top |  | 
	
		|  | 
	
		| Dr.Disrespect Grandmaster Cheater
 
 ![]() Reputation: 3 
 Joined: 17 Feb 2016
 Posts: 526
 
 
 | 
			
				|  Posted: Mon Mar 07, 2016 1:16 am    Post subject: |   |  
				| 
 |  
				| Thanks for the replies, guys. 
 @mgostIH,
 what is "DBVM"? I have seen this word several times on the forum and some people say it causes bugs, doesn't it? Thanks.
 |  | 
	
		| Back to top |  | 
	
		|  | 
	
		| Redouane Master Cheater
 
 ![]() Reputation: 3 
 Joined: 05 Sep 2013
 Posts: 363
 Location: Algeria
 
 | 
			
				|  Posted: Mon Mar 07, 2016 4:08 am    Post subject: |   |  
				| 
 |  
				|  	  | fmanager wrote: |  	  | Thanks for the replies, guys. 
 @mgostIH,
 what is "DBVM"? I have seen this word several times on the forum and some people say it causes bugs, doesn't it? Thanks.
 | 
 
 http://cheatengine.org/aboutdbvm.php
 
 click "about" in cheat engine to check if your system supports it.
 
 and yes, it causes BSOD sometimes.
 
 [EDIT] a useful video that shows how to use the ultimap (requires DBVM)
 https://www.youtube.com/watch?v=T5sXoEEPFBQ
 |  | 
	
		| Back to top |  | 
	
		|  | 
	
		| Dark Byte Site Admin
 
  Reputation: 470 
 Joined: 09 May 2003
 Posts: 25806
 Location: The netherlands
 
 | 
			
				|  Posted: Mon Mar 07, 2016 5:13 am    Post subject: Re: "Tools" in the "Memory Viewer". |   |  
				| 
 |  
				|  	  | mgostIH wrote: |  	  | 8.This aswell needs DBVM and returns you all the memory pages that are being accessed by the executable code.
 This can be used to find better pointers, or to analyze the code even further.
 .
 | 
 
 no.  dbvm isn't needed for this.  Just dbk (which is something everyone can use)
 _________________
 
 Do not ask me about online cheats. I don't know any and wont help finding them.
 Like my help? Join me on Patreon so i can keep helping
 |  | 
	
		| Back to top |  | 
	
		|  | 
	
		| Dr.Disrespect Grandmaster Cheater
 
 ![]() Reputation: 3 
 Joined: 17 Feb 2016
 Posts: 526
 
 
 | 
			
				|  Posted: Mon Mar 07, 2016 8:06 pm    Post subject: |   |  
				| 
 |  
				| Thanks for each one of you.   |  | 
	
		| Back to top |  | 
	
		|  | 
	
		|  |