 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
superative
How do I cheat?
![]() Reputation: 0
Joined: 23 Feb 2015
Posts: 3
|
 Posted: Mon Feb 23, 2015 10:26 pm Post subject: [C++] Array of byte scanning |
 |
|
I need to scan for array of bytes, this is what I have.
| Code: |
char LagWrite[] = "\x00\x00\x20\x8C\x01\x00\x00\x00";
dyAdd = FindPattern(0x00000000, 0x7FFFFFFF, (PBYTE)"\x00\x00\x70\x41\x01\x00\x00\x00", "??xxx???");
WriteToMemory(dyAdd, LagWrite, 8);
|
I need to scan read only regions for this byte, is there any way to accomplish this?
I have heard about virtual query, but I cannot find any example codes. If you know how to accomplish this, please post an example.
|
|
| Back to top |
|
 |
DDS
Expert Cheater
 Reputation: 3
Joined: 10 Feb 2011
Posts: 112
Location: Bill's Planet
|
|
| Back to top |
|
|
SteveAndrew
Master Cheater
 Reputation: 30
Joined: 02 Sep 2012
Posts: 323
|
| Posted: Tue Feb 24, 2015 10:10 am Post subject: |
 |
|
Sure it's real simple. It's just memory basic information  lol A little joke before I begin with my example!
You call VirtualQuery in a loop with the address you call with it += page size, until the end of readable memory is reached.
Using the MEMORY_BASIC_INFORMATION structure returned, you can filter out what you don't want. In this case you only want to look at PAGE_READONLY(0x2) memory.
Example code -> NOTE: You can set "CheatEngineScanSettings" to true and memory of type 'MEM_MAPPED' will be skipped like cheat engines default settings. As that's usually emulator memory, but I've set it to false by default so ALL memory that is PAGE_READONLY will be scanned for a certain AOB! In my test I was just using the bytes of the instruction "xor eax,eax" making sure it worked! 
void WINAPI AOBScanReadOnlyMemory() contains the main code
| Code: |
#include "main.h"
HMODULE hInst;
DWORD ProcessorArch, PageSize;
bool CheatEngineScanSettings=false;
char *dbg=new char[260];
LPFN_ISWOW64PROCESS fnIsWow64Process;
bool Compare(const BYTE *pData,const BYTE *bMask,const char *szMask)
{
for(;*szMask;++szMask,++pData,++bMask)
if(*szMask=='x' && *pData!=*bMask) return 0;
return (*szMask) == NULL;
}
DWORD FindPattern(DWORD dwAddress,DWORD dwLen,BYTE *bMask,char *szMask)
{
for(DWORD i=0; i<dwLen; i++)
if (Compare((BYTE*)(dwAddress+i),bMask,szMask)) return (DWORD)(dwAddress+i);
return 0;
}
BOOL IsWow64()
{
BOOL bIsWow64=FALSE;
fnIsWow64Process=(LPFN_ISWOW64PROCESS)GetProcAddress(GetModuleHandleW(L"kernel32"),"IsWow64Process");
if(fnIsWow64Process!=0)
{
fnIsWow64Process((HANDLE)-1,&bIsWow64);
}
return bIsWow64;
}
void WINAPI Initialize()
{
SYSTEM_INFO si;
if(IsWow64())
GetNativeSystemInfo(&si);
else
GetSystemInfo(&si);
PageSize=si.dwPageSize;
ProcessorArch=si.wProcessorArchitecture;
sprintf(dbg,"PageSize: %X, CPU Arch: %X",PageSize,ProcessorArch);
OutputDebugStringA(dbg);
}
void WINAPI AOBScanReadOnlyMemory()
{
Initialize();
MEMORY_BASIC_INFORMATION mi;
for(DWORD lpAddr=0; lpAddr<0x7FFFFFFF; lpAddr+=PageSize)
{
DWORD vq=VirtualQuery((void*)lpAddr,&mi,PageSize);
if(vq==ERROR_INVALID_PARAMETER || vq==0) break;
//Skip mapped memory (usually emulator memory, like CE's default settings :D)
//Other two are MEM_IMAGE, and MEM_PRIVATE
if(CheatEngineScanSettings==true && mi.Type==MEM_MAPPED) continue;
if(mi.Protect==PAGE_READONLY)
{
sprintf(dbg,"baseAddr: %08x; allocBase: %08x; Protection: %x; Type: %x",mi.BaseAddress,mi.AllocationBase,
mi.Protect,mi.Type);
OutputDebugStringA(dbg);
DWORD addr=FindPattern(lpAddr,PageSize,(PBYTE)"\x31\xc0","xx"); //scan per page
if(addr!=0)
{
sprintf(dbg,"Found AOB! At: %08x",addr);
OutputDebugStringA(dbg);
}
}
}
FreeLibraryAndExitThread(hInst, 0);
}
extern "C" DLL_EXPORT BOOL APIENTRY DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{
switch (fdwReason)
{
case DLL_PROCESS_ATTACH:
hInst=hinstDLL;
DisableThreadLibraryCalls(hInst);
CreateThread(0,0,(LPTHREAD_START_ROUTINE)AOBScanReadOnlyMemory,0,0,0);
break;
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
|
P.S. I wanted to leave it as an exercise for the reader, but I have a feeling you're going to ask about it anyway. An improved version that scans per region instead of per page, and also finds all matches within each memory region instead of just the first and then skipping to the next page/region
| Code: |
void WINAPI AOBScanReadOnlyMemory()
{
Initialize();
MEMORY_BASIC_INFORMATION mi;
for(DWORD lpAddr=0; lpAddr<0x7FFFFFFF; lpAddr+=PageSize)
{
DWORD vq=VirtualQuery((void*)lpAddr,&mi,PageSize);
if(vq==ERROR_INVALID_PARAMETER || vq==0) break;
//Skip mapped memory (usually emulator memory, like CE's default settings :D)
//Other two are MEM_IMAGE, and MEM_PRIVATE
if(CheatEngineScanSettings==true && mi.Type==MEM_MAPPED)
{
lpAddr+=(mi.RegionSize-PageSize); //move past region
continue;
}
if(mi.Protect==PAGE_READONLY)
{
sprintf(dbg,"baseAddr: %08x; allocBase: %08x; Size: %x; Protection: %x; Type: %x",
mi.BaseAddress,mi.AllocationBase,mi.RegionSize,mi.Protect,mi.Type);
OutputDebugStringA(dbg);
DWORD addr=FindPattern(lpAddr,mi.RegionSize,(PBYTE)"\x31\xc0","xx"); //scan per REGION instead of per page...
while(addr!=0)
{
sprintf(dbg,"Found AOB! At: %08x",addr);
OutputDebugStringA(dbg);
DWORD Offset=((addr-lpAddr)+1); //and find all occurrences within the region
addr=FindPattern((addr+1),(mi.RegionSize-Offset),(PBYTE)"\x31\xc0","xx");
}
}
lpAddr+=(mi.RegionSize-PageSize); //move past region
}
FreeLibraryAndExitThread(hInst, 0);
}
|
_________________
|
|
| Back to top |
|
|
superative
How do I cheat?
![]() Reputation: 0
Joined: 23 Feb 2015
Posts: 3
|
| Posted: Sat Mar 07, 2015 1:51 pm Post subject: |
|
|
Not sure how to use that code,
Can you help me out a bit?
|
|
| Back to top |
|
|
atom0s
Moderator
 Reputation: 205
Joined: 25 Jan 2006
Posts: 8585
Location: 127.0.0.1
|
| Posted: Sat Mar 07, 2015 4:08 pm Post subject: |
|
|
| superative wrote: |
Not sure how to use that code,
Can you help me out a bit? |
You should stop and actually learn the language then if you can't understand his example as it is a fairly basic and just calling normal Win32 API.
_________________
- Retired. |
|
| Back to top |
|
|
superative
How do I cheat?
![]() Reputation: 0
Joined: 23 Feb 2015
Posts: 3
|
| Posted: Sat Mar 07, 2015 4:42 pm Post subject: |
|
|
| atom0s wrote: | | superative wrote: |
Not sure how to use that code,
Can you help me out a bit? |
You should stop and actually learn the language then if you can't understand his example as it is a fairly basic and just calling normal Win32 API. |
The code has an error.
Plus I cannot figure it out and I've tried everything. So please do not tell me that I have to learn more of the language. I am asking for help and you just tell me to learn the language.
|
|
| Back to top |
|
|
atom0s
Moderator
Reputation: 205
Joined: 25 Jan 2006
Posts: 8585
Location: 127.0.0.1
|
| Posted: Sat Mar 07, 2015 10:07 pm Post subject: |
|
|
If it has an error fix it, if you understand the language then you would know how. 'tried everything' is also not an excuse. Given how many people in your similar situation come here begging for copy paste code, it's a fair answer to tell you to learn the language when you are showing no signs of actually knowing it already.
_________________
- Retired. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
