Cheat Engine

[foggyspider]

Hello, I have started on a project to track some text in a program down in memory and patch it from Korean to English.
I found the pointers for the text and successfully modified them in memory, but a problem arises for me.

Sometimes the text needs to be longer than the original, but there is not enough room, because If I try to lengthen the text it will overwrite more text beside it in memory.

I have done some reading and googling and understand the basic concept of a code cave, and I believe thats exactly what I need now is to jump the current pointer to my code cave where I have room to take the text on out.

I have been using cheat engine's search for text function and pointer scan function to quickly find the text I want to modify, and it does have some code cave options, but I don't know much about what to do once the pointer has been jumped to my code cave.

How do I use a code cave to lengthen text? Can It be done with assembly / Code injection?

[Radiation]

[foggyspider]

Nothing writes to my text address, but a couple things read from it.

I have gotten as far as the jump and initialize code cave. I scanned for code caves and have plenty of places to store my text.


How do I allocate memory? and also how do I make the text longer? Or how do I even edit the text once I have created the jump?

[Radiation]

our goal here is to move the current text address to a new allocated address so we have plenty of space for the new text. you will have to patch the memory to point to that address instead of the current one.

allocate memory: Ctrl + Alt + M in the memory view.

[Uzeil]

I'm not sure if this is understood so I'm just going to throw this out there.

Text is referenced using(generally) static pointers. Meaning an address preallocated in memory points to where the string starts. So what you're doing is allocating new memory(what you're calling a code cave), storing your text at the code cave, then modifying the value of that earlier-mentioned pointer to point to the beginning of the string you just wrote into the code cave.

In other words

0x004abcde = 0x0badf00d
0x0badf00d = 'Konichiwaaaaa' (whatever japanese)
var memaddr = first address from virtualalloc (or whatever CE alloc function like alloc(memaddr, 1024) or whatever order the parameters are haven't AA'd in forever)
then write 'hellooo' into memaddr starting at it's first address (and probably a db 00 at the end for null termination)
then mov [0x004abcde], @memaddr

again, no clue the auto assembler syntax for variable names and the like.

Sorry if I'm just repeating things you already know full well.

[foggyspider]

thanks to the both of you, this is exactly what I am trying to do.

I just need a more technical description of how to use the tool, because I'm finding it difficult to find which address is looking at my pointer, and how to reroute it.

I'm going to give it another try and see how i do.

[Radiation]

[foggyspider]

the .exe does not contain the text itself, it is loaded in from a dll.

Would I still need to patch the exe or would I need to modify / inject the dll?

[Radiation]

[Uzeil]

You can use memory access read(/write) breakpoints to see when the text is read. I personally haven't used CE's breakpoint system in at least 2 years, but I don't doubt that with such a basic part of a memory editing program, Dark_Byte delivered.

(I personally usually use OllyDbg)

Edit:

Note: By the way, when I say 'memory access read(/write) breakpoints' I'm not being one of these technical douchebags that uses stupid terminology to look all "smart."

I mean literally, the "tool" is the memory access breakpoint tool. Another tool (that uses memory access breakpoints to determine this stuff) is CE's "find addresses that read/write to this address" function, but because this is loaded from a DLL (and I have no recollection of whether CE can start an application suspended(paused) or not), that wouldn't help you because by the time you used that on CE, the program would have already loaded it from the DLL.


Note: If you aren't trying to do this dynamically(at run-time), you could always just go in and edit the DLL. You'll probably have to research a decent amount in how DLL's tell applications that load them where everything is, how to modify that without corrupting anything, etc -- but with the project you're looking to do, it's a given you'll have to do some research.

Anyway, learning this stuff will give useful insight for future toying