Cheat Engine

paul44 · Last edited by paul44 on Wed Sep 04, 2024 12:19 pm; edited 2 times in total

Table @FRF: "fearless rev Collecting Memory Regions" (Tools section)

images here: [ https://ibb.co/album/bRVwYY ] (pic_order not quite in par)

I'm currently working on an asm scanner, which allows me to find asm opcode while filtering on 'static addrs, structaddr & structname'.
Apart from the obvious ptr_checks,i'm getting far more issues now when trying to inmplement the structaddr part.

Practically, i'm "only" interested in opcode_hits here. Iow "Read Exec".
(there are games where opcode_flag can be writatble actually ~ usually game dlls)

=> Q: is it possible to find out what the protectionflags are of a particular memory_address (page ?); lua-wise t.i. ?

ps: initially i was using 'getInstructionSize(addrOpcode)' to get the number of bytes, but that gave me them errors? "Calculating" ( string.gsub(string.match(sASM,"- (.-)- "), "%s+", "") )them does not seem to cause this issue, but i'm not holding my breath on that one...
ps2: I also thought about doing an aobscan w/protectionflags set as such to identify protect_status, but i feel this is overkill (not to mention the performance hit)

ParkourPenguin · Posted: Sat Aug 24, 2024 9:35 am Post subject:

paul44 · Last edited by paul44 on Sat Aug 31, 2024 4:10 am; edited 2 times in total

thx, tried out your script and provides proper info: [ https://ibb.co/sRpT7C6 ]

I'll need to look into how to interpret them bits here; surely based on that referenced page...
that said: do you happen to know if one can collect the modulename, based on - in this case - 'BaseAddress' ?

Reason: 2 things i miss in this overview:
a. quick jump to selected address
b. copy/paste of part/all regions

=> did a quick celua scan, and got: enumRegisteredSymbolLists() & getModuleList() ?
Need to try this, plus getting the feeling it only produces the game's modulelist...

-EDIT-
I will take some time to work this out the way i entend, so putting 'in progress'...

ParkourPenguin · Posted: Wed Aug 28, 2024 9:47 am Post subject:

I'd do `enumModules` to get the name and base address, then `getModuleSize` to get the max size of each module.
The algorithm is very similar to my previous code in the `get_protect` function.

paul44 · Posted: Sun Sep 01, 2024 9:06 am Post subject: Finished...

see image: [ https://ibb.co/3M6RSq7 ]

I will be uploading this table some time later this week @FRF, and update this post with appropriate link. If you'd like to discuss things, do via that site...

@ParkourPenguin: as always, feedback is/was much appreciated.

-EDIT-
A minor hickup: in order to "place" oneself a bit below the top, i do:
oMemDis.TopAddress = process
oMemDis.SelectedAddress = addrItem + 0x15

However: most of the time, this does not work (meaning, you still wind up at the top of disassembler view). And if i move 'topaddress' after 'selectedaddr' then it jumps to start of memory ?!