Cheat Engine

Slugsnack · Posted: Mon Nov 09, 2009 6:13 pm Post subject: Addresses List

How does CE implement this or rather, how does it store that list ? On disk, linked list, huge array, etc. ? Just curious a bit.

Also how do you split up the job in terms of multithreading ? It seems inefficient to me to create a new thread for each block of scanning although that would take advantage of multiple cores/processors. I assume CE does it more intelligently ?

Dark Byte · Posted: Tue Nov 10, 2009 4:53 am Post subject:

The addresslist is stored asa huge array on disk.

First it queries all the memory that is in the process using virtualqueryex

Then it splits that amount by the number of cores your system has and assigns each cpu core the memory blocks that fall in the appropriate regions

Each thread has it's own list of results (addresslist) and at the end all the results are concatenated into the final addresslist.

On a next scan that addresslist is split into the number of cores, and scanned like that. Of course, it's not read into memory all at once, but in small chunks

Slugsnack · Posted: Tue Nov 10, 2009 11:35 am Post subject:

I thought of a solution which was to split it in the way you describe but instead of storing as an array to store it in the listview on the left holding addresses/values. And then next scan could just read off there too.

Am I correct in guessing the reason you don't do that is for the cases when that listview will not be able to hold enough elements ?

Dark Byte · Posted: Tue Nov 10, 2009 11:54 am Post subject:

more because it's too slow (adding a item will create a new listview item, which is then assigned to the list, this is way slower than just using raw data)

also, the listview of ce doesn't contain the addresslist itself, it just holds a pointer to the start of the file based on the current scroll position and only updates the list from disk when you scroll

Slugsnack · Posted: Tue Nov 10, 2009 12:11 pm Post subject:

If it's a speed thing, why not do it all in memory in a vector or something ? Too small ?

Oh and umm just something small. I wondered how you make it on your listview so it selects the whole row. In the past I've worked with listviews and they only select one subitem, eg:

The way you're only loading stuff into the listview on demand is very nice though :]

Dark Byte · Posted: Tue Nov 10, 2009 12:19 pm Post subject:

memory reasons

imagine a binary scan for the value 0 in a process that has a 1 GB array all initialized to 0
That'd mean it has 8*1GB entries * 5 bytes for a binary entry (address+bit specifier)

and since ce has been designed for 32-bit, there's just not enough memory in a process to store that (so it just fetches the previous 1000, and next 1000, so simply moving up/down won't hog the harddisk)

and for selecting the whole line: If you're using delphi, you'd have to set the property "rowselect" to true"

Slugsnack · Posted: Tue Nov 10, 2009 4:48 pm Post subject:

ahhh very nice. figured out the line thing too :

Slugsnack · Posted: Wed Nov 11, 2009 7:46 am Post subject:

next question hahaha. what regions does CE scan ? i thought it was PAGE_READWRITE but i'm not so sure anymore

btw thanks a lot for your time answering

also when doing dword/word scans does CE only check on dword/word aligned addresses ?

Dark Byte · Posted: Wed Nov 11, 2009 8:45 am Post subject:

that depends on multiple settings.
e.g if you want readonly memory to scan as well or not

also, don't only check for page_readwrite, also check for page_execute_readwrite (they are 2 different bits)

it also scans mem_private and mem_image , but by default skips mem_mapped memory (that's memory of either a file mapping, or mapped hardware memory like that of the graphics card. Useless for almost anything)