Cheat Engine

[OldCheatEngineUser]

is implementing a debugger or a disassembler is a tough task?
and what are the requirements?

im talking seriously, so please some helpful answers. ( i couldnt find much on google )
(it might be a thing that is much above my current knowledge level, but i can spend time reading and testing if someone pointse to the important titles)

[FreeER]

MSDN has a page for debuggers: https://msdn.microsoft.com/en-us/library/windows/desktop/ms679288%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396 though this may provide more detail: http://www.codereversing.com/blog/archives/168

As for the disassembler from what I've read it's not particularly hard, it's just time consuming to switch over everything. Check out the opensource Capstone https://github.com/aquynh/capstone/tree/master/arch/X86

[OldCheatEngineUser]

ehm no, that doesnt contain much.

[FreeER]

If it gives you something that can set breakpoints and list register values, and step through instructions then it's a lot more than nothing, the rest would mostly be a UI and a basic disassembly view so that you could see what you were stepping through, which could be accomplished with a library. Admittedly I didn't try and compile any of it but it seemed like there was enough there to get someone started if they wanted to. Anymore and you'd probably be looking at mostly source code or an entire video log of someone developing it or some long history of how debuggers began (several of which I found on youtube ~1 hour long based on linux)...

As for disassemblers if you don't like code then you could look at https://wiki.osdev.org/X86-64_Instruction_Encoding but glancing through the code gives you an idea of how much of it is essentially switch statements and how many lines of code it might take which was the point I was trying to make. Simply looking at the anatomy of an instruction isn't really going to give you that...


Of course they are non-trivial applications, that's why you don't find many beginner tutorials teaching you how to make them. And just like anything else non-trivial it's easy to make mistakes and these tools tend to be ones that people just want to work so choose to depend on someone else's tested code rather than make their own.

[OldCheatEngineUser]

debugger:
yeah what you said is true. (also the links you shared are useful somehow to get you started)
BUT the main thing that i was looking and searching for is not only functions (api) but some stuff under the hood and debugger internals, i like to understand totally what im writing or doing not just using things without knowledge. (you probably understand me)

disassembler:
THANK YOU, there are some stuff that i didnt know about (osdev link) ill make sure to spend time reading it.

yes maybe reading the code is great, but personally i like to read and get enough knowledge about what i want then i can test and try to make it.

anyways, thats enough for now .. couple links and each link contain a bit so yeah thanks Free.

[FreeER]

Yeah, it's great when you can find that info but generally once you get into projects of a sufficient size you're not going to find anything that really covers it in that level of detail. You have to find the general stuff and then look up the details for each piece as you go. Going over everything like that would be equivalent to having very heavily commented code, which is rare, and if you're doing just the more "important" parts it tends to get split up if nothing else because each is done at different times so they get put in separate articles / blog posts named after that specific topic.

Especially when you start getting into closed source API calls like the windows API, you'd likely find a bit more info on exactly how linux debugging API calls work because it's opensource and anyone can look/share/explain it without having to reverse engineer it (and anything related to it) from assembly.

Glad you got something out of it

If anyone else has some good info to share that'd be appreciated of course, I intend to keep the link to this topic as a reference lol

[OldCheatEngineUser]

that what i usually do to learn stuff when reading, i split the topics / subjects and try to understand each one alone .. and it gonna be the same exact thing when i want yo write code do each thing separately then combine.

good thing in windows that they have covered most of the APIs (while still there many hidden) and its a little bit easier to go with (even tho they prevented the accesses to kernel and bios interrupts directly) so it requires either a driver or running in real mode.

linux is good for taking the control of things, from kernel to bios interrupts are available to use.
but the high level APIs arent easy to find, and each distro MIGHT have some small differences when calling an api .. so yeah in linux they might talk and share things about APIs from high to low level while in windows it requires some reverse engineering.

hoping someone will share something useful, to keep this thread as a reference.