 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
aldelaro5
Newbie cheater
![]() Reputation: 0
Joined: 16 Oct 2015
Posts: 10
|
 Posted: Fri Oct 16, 2015 5:57 pm Post subject: Windows 10: issues when working with MEM_MAPPED memory |
 |
|
Hi!
I have an issue with Cheat Engine that seems to ONLY happen on Windows 10, I tested with windows 7, know that it doesn't happen with Windows 8 and I even got cheat engine to work on linux using wine and ceserver and still never experienced this issue.
What happens is I want to use cheat engine to scan and hack the emulated memory of the dolphin emulator. Because this is an emulated memory, I need to check MEM_MAPPED under scan settings for the memory scan to function. The problem is if I check that, no matter what i will try to edit using the address list, the value will turn into ?? and even the memory region near it will turn into ??.
And this also happens in every programs, I tested with the EDGE browser and if I had that checked when I launched cheat engine, it could not even be related to MEM_MAPPED and still do that. The value in dolphin actually changes, but I can;t access it any more after and even worse, if I load a savestate, Dolphin will just crash so it;s practically not stable.
The workaround would be to uncheck that option and have already found value in the list (which I did as I had a cheat table with working addresses), however now I can edit EVERYTHING BUT the MEM_MAPPED memory without getting the issue. I could even edit other values of dolphin that isn't part of the emulated memory.
The end result is I can't edit the values from the list. For whatever reasons, I can edit them if I use the memory viewer and this will work with no issue, but I often edit 2 byte or even float type so it's not possible to rely on this workaround.
Again, worked fine on Windows 7, 8 and even wine under linux. it only does this in Windows 10.
Can I at least know if it's the OS or CE? Because it really seems like Windows is somehow preventing the memory to be touched. I would also like to know if this can be fixed.
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25792
Location: The netherlands
|
| Posted: Fri Oct 16, 2015 6:18 pm Post subject: |
|
|
is it the exact same version of dolphin? Same revision, same release date ?
Try with enabling kernelmode read/write processmemory (or disable it if you had it enabled)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
aldelaro5
Newbie cheater
![]() Reputation: 0
Joined: 16 Oct 2015
Posts: 10
|
| Posted: Fri Oct 16, 2015 6:21 pm Post subject: |
|
|
| Dark Byte wrote: | is it the exact same version of dolphin? Same revision, same release date ?
Try with enabling kernelmode read/write processmemory (or disable it if you had it enabled) |
I forgot to tell that Dolphin isn't the culprit because although this was tested on the latest dev revision (4.0-8xxx something), I know this issues happened on stable 4.0.2 which was actually released before windows 10 (and I know that because other tested it).
I tried both to enable and disable that, made no difference.
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25792
Location: The netherlands
|
| Posted: Fri Oct 16, 2015 6:37 pm Post subject: |
|
|
| Quote: |
For whatever reasons, I can edit them if I use the memory viewer and this will work with no issue
|
I may know one reason for this.
Try this:
Rightclick the memory and choose "make page writable"
If I'm right the memory will become ?? 's (or not, it could be it's the restoring to original protection that can mess up as well, which this function won't do)
The only difference between addresslist editing and memview editing, is that the addresslist will force it to be writable. Perhaps something goes wrong with the windows 10 VirtualProtectEx api. (This may need to get reported to Microsoft. Windows 10 is still kinda Beta. 2 Weeks before release it actually contained a bug that broke debugging )
| Quote: |
, but I often edit 2 byte or even float type so it's not possible to rely on this workaround.
|
ctrl+4=2 byte editing mode
ctrl+9=float editing mode
and then there's also the scripting features of ce
| Code: |
address:
dw (int)123
|
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
aldelaro5
Newbie cheater
![]() Reputation: 0
Joined: 16 Oct 2015
Posts: 10
|
| Posted: Fri Oct 16, 2015 6:42 pm Post subject: |
|
|
| Dark Byte wrote: | | Quote: |
For whatever reasons, I can edit them if I use the memory viewer and this will work with no issue
|
I may know one reason for this.
Try this:
Rightclick the memory and choose "make page writable"
If I'm right the memory will become ?? 's (or not, it could be it's the restoring to original protection that can mess up as well, which this function won't do)
The only difference between addresslist editing and memview editing, is that the addresslist will force it to be writable. Perhaps something goes wrong with the windows 10 VirtualProtectEx api. (This may need to get reported to Microsoft. Windows 10 is still kinda Beta. 2 Weeks before release it actually contained a bug that broke debugging )
|
I think I did this once and I don;t think it did anything.....
As for windows, does it mean that this will never work for that OS currently and it can't be fixed on the CE side?
| Quote: |
| Quote: |
, but I often edit 2 byte or even float type so it's not possible to rely on this workaround.
|
ctrl+4=2 byte editing mode
ctrl+9=float editing mode |
Even then, the problem is that the setup I use (which is glitch hunting for speedrunning stuff) just requires me to have every address close to each other because I also want to monitor them.
Using the viewer for the edits is practically not convenient enough for this to be good especially since you have to change mode as the type changes.....not a really acceptable solution. Also, edits are so frequent that it would complicate it more than anything.
EDIT: I forgot, I use the big endian custom type as the games I hack uses big endian, if this solution is for little endian, then it actually won;t work at all.
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25792
Location: The netherlands
|
| Posted: Fri Oct 16, 2015 7:01 pm Post subject: |
|
|
| Quote: |
As for windows, does it mean that this will never work for that OS currently and it can't be fixed on the CE side?
|
It may one day work when microsoft fixes the bug (perhaps it's not returning a valid protection flag which is a bug on their side)
anyhow, try this lua script before you target the process:
| Code: |
openProcess([[cheatengine-x86_64.exe]])
reinitializeSymbolHandler()
autoAssemble([[
alloc(NewVirtualProtectEx,256)
alloc(OriginalVirtualProtectEx, 8)
registersymbol(NewVirtualProtectEx)
registersymbol(OriginalVirtualProtectEx)
label(notself)
NewVirtualProtectEx:
cmp ecx,ffffffff
jne short notself
sub rsp,38
call [OriginalVirtualProtectEx]
add rsp,38
ret
notself:
xor rax,rax
ret
]])
s=generateAPIHookScript("VirtualProtectEx", "NewVirtualProtectEx", "OriginalVirtualProtectEx")
--stupid bug in generateAPIHookScript forgets the alloc originalcall0
s=[[alloc(originalcall0, 64, VirtualProtectEx)
]]..s
autoAssemble(s)
|
It'll nerf ce's ability to make memory writable (Assuming you're using the 64-bit ce)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
aldelaro5
Newbie cheater
![]() Reputation: 0
Joined: 16 Oct 2015
Posts: 10
|
| Posted: Fri Oct 16, 2015 7:14 pm Post subject: |
|
|
| Dark Byte wrote: | | Quote: |
As for windows, does it mean that this will never work for that OS currently and it can't be fixed on the CE side?
|
It may one day work when microsoft fixes the bug (perhaps it's not returning a valid protection flag which is a bug on their side)
anyhow, try this lua script before you target the process:
| Code: |
openProcess([[cheatengine-x86_64.exe]])
reinitializeSymbolHandler()
autoAssemble([[
alloc(NewVirtualProtectEx,256)
alloc(OriginalVirtualProtectEx, 8)
registersymbol(NewVirtualProtectEx)
registersymbol(OriginalVirtualProtectEx)
label(notself)
NewVirtualProtectEx:
cmp ecx,ffffffff
jne short notself
sub rsp,38
call [OriginalVirtualProtectEx]
add rsp,38
ret
notself:
xor rax,rax
ret
]])
s=generateAPIHookScript("VirtualProtectEx", "NewVirtualProtectEx", "OriginalVirtualProtectEx")
--stupid bug in generateAPIHookScript forgets the alloc originalcall0
s=[[alloc(originalcall0, 64, VirtualProtectEx)
]]..s
autoAssemble(s)
|
It'll nerf ce's ability to make memory writable (Assuming you're using the 64-bit ce) |
I get this error:
Error:[string "openProcess([[cheatengine-x86_64.exe]])..."]:2: attempt to call global 'reinitializeSymbolHandler' (a nil value)
Script Error
Oh and I also tried the "make page writable" again, can confirm that it indeed doesn't make the ?? appears
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25792
Location: The netherlands
|
| Posted: Fri Oct 16, 2015 7:17 pm Post subject: |
|
|
Sorry, that should have been reinitializeSymbolhandler() (lowercase h)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
aldelaro5
Newbie cheater
![]() Reputation: 0
Joined: 16 Oct 2015
Posts: 10
|
| Posted: Fri Oct 16, 2015 7:28 pm Post subject: |
|
|
| Dark Byte wrote: | | Sorry, that should have been reinitializeSymbolhandler() (lowercase h) |
YAY!
It works, but (and this won't be this bad if it can't be fixed), for some reasons, cheat engine will crash if I run this script without having a table already opened and try to open one after. If I had one opened however, I can open another one after which is rather strange.
Because I would love to have the convenience of this script working as autorun so I won't have to open the engine every time.
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25792
Location: The netherlands
|
| Posted: Fri Oct 16, 2015 7:54 pm Post subject: |
|
|
fixed a small mistake. Also, this will work as an autorun script:
| Code: |
openProcess([[cheatengine-x86_64.exe]])
reinitializeSymbolhandler()
autoAssemble([[
alloc(NewVirtualProtectEx,256)
alloc(OriginalVirtualProtectEx, 8)
registersymbol(NewVirtualProtectEx)
registersymbol(OriginalVirtualProtectEx)
label(notself)
NewVirtualProtectEx:
cmp ecx,ffffffff
jne short notself
call [OriginalVirtualProtectEx]
ret
notself:
xor rax,rax
ret
]])
s=generateAPIHookScript("VirtualProtectEx", "NewVirtualProtectEx", "OriginalVirtualProtectEx")
--stupid bug in generateAPIHookScript forgets the alloc originalcall0
s=[[alloc(originalcall0, 64, VirtualProtectEx)
]]..s
autoAssemble(s)
|
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
aldelaro5
Newbie cheater
![]() Reputation: 0
Joined: 16 Oct 2015
Posts: 10
|
| Posted: Fri Oct 16, 2015 8:04 pm Post subject: |
|
|
| Dark Byte wrote: | fixed a small mistake. Also, this will work as an autorun script:
| Code: |
openProcess([[cheatengine-x86_64.exe]])
reinitializeSymbolhandler()
autoAssemble([[
alloc(NewVirtualProtectEx,256)
alloc(OriginalVirtualProtectEx, 8)
registersymbol(NewVirtualProtectEx)
registersymbol(OriginalVirtualProtectEx)
label(notself)
NewVirtualProtectEx:
cmp ecx,ffffffff
jne short notself
call [OriginalVirtualProtectEx]
ret
notself:
xor rax,rax
ret
]])
s=generateAPIHookScript("VirtualProtectEx", "NewVirtualProtectEx", "OriginalVirtualProtectEx")
--stupid bug in generateAPIHookScript forgets the alloc originalcall0
s=[[alloc(originalcall0, 64, VirtualProtectEx)
]]..s
autoAssemble(s)
|
|
unfortunately, it doesn't work as autorun because whenever I attempt to open a table, it crashes.
I have to run the script after a table is opened which is why autorun doesn't work.
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25792
Location: The netherlands
|
| Posted: Fri Oct 16, 2015 8:18 pm Post subject: |
|
|
works for me. it might be an issue with that specific table. (Or you have a shell extention running that talks to a secondary process and uses virtualProtectEx to do some memory management )
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
aldelaro5
Newbie cheater
![]() Reputation: 0
Joined: 16 Oct 2015
Posts: 10
|
| Posted: Fri Oct 16, 2015 8:23 pm Post subject: |
|
|
| Dark Byte wrote: | | works for me. it might be an issue with that specific table. (Or you have a shell extention running that talks to a secondary process and uses virtualProtectEx to do some memory management ) |
it;s not with any table because what happens is as soon as i press the open button, then it crashes.
And I don't think I could have extensions, that windows 10 doesn't have much installed......maybe some virtualbox guest additions because I also uses it as a vm in linux, but I did my tests while booting to it normally with my real machine.
I just either run it manually or with autorun and I can open any process, but as soon as I press the open table button, then it jsut says the CE stopped responding.
EDIT: tested with safe mode, same. Also tested with another windows 7 machine which worked so idk......
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
