Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Memory Hacker
Goto page 1, 2  Next
 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming -> Binaries
View previous topic :: View next topic  
Author Message
OldCheatEngineUser
Whateven rank
Reputation: 9

Joined: 01 Feb 2016
Posts: 867

PostPosted: Tue Feb 06, 2018 4:14 am    Post subject: Memory Hacker Reply with quote

Code:
about:
cheat.7z contains my basic program to read and write memory.

its written in assembly programming language, using fasm 1.72
simple console program under gui subsystem.

special thanks to Dark Byte.


if you have experience in ASM and Win32 APIs, then help me adding extra features .. or improving it.

needs to be compiled for each game

here is the source code:
- cheat.7z

(update-1) load pointers
(update-2) nop instructions and make read-only memory regions writable

_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
patched cheat engine tutorials
Memory Hacker


Last edited by OldCheatEngineUser on Wed Feb 07, 2018 12:50 am; edited 1 time in total
Back to top
View user's profile Send private message Visit poster's website
FreeER
Grandmaster Cheater
Reputation: 30

Joined: 09 Aug 2013
Posts: 717

PostPosted: Tue Feb 06, 2018 7:31 am    Post subject: Reply with quote

Quote:
needs to be compiled for each game
sounds like that should be the next practical step. Either reading from a file or the console to figure out what game it should attach to. Then reading the pointer path as well.

Though for readability/learning purposes you might also want to at least comment constants, if not use some kind of define, like

push 0xFFFFFFF5
call [GetStdHandle]

is getting STDOUT (-11)

might also want more descriptive label/variable names like "consoleTitle" instead of "cname" or "gameWindowCaption" instead of "gname".


At the end is there any actual reason to close the console and phandle, other than cause a tiny amount of delay between telling the program to close and it actually doing so? Won't windows simply do that for you "in the background" after you exit the process?


I don't actually have much asm/winapi experience however.
Back to top
View user's profile Send private message
OldCheatEngineUser
Whateven rank
Reputation: 9

Joined: 01 Feb 2016
Posts: 867

PostPosted: Tue Feb 06, 2018 7:37 am    Post subject: Reply with quote

FreeER wrote:
Won't windows simply do that for you "in the background" after you exit the process?

no, not in assembly.
so you have to close them manually, unless its compiler generated assembly.

_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
patched cheat engine tutorials
Memory Hacker
Back to top
View user's profile Send private message Visit poster's website
FreeER
Grandmaster Cheater
Reputation: 30

Joined: 09 Aug 2013
Posts: 717

PostPosted: Tue Feb 06, 2018 7:41 am    Post subject: Reply with quote

why would the compiler be any different? We're not talking C++ RAII where you coded the destructor to release handles. Pretty certain basic C will do that too and there's no way the compiler is keeping track of everything opened at runtime.

Might want to double/triple check that Smile

I mean, it wouldn't entirely surprise me if some part of the C standard library is setting some boolean for Windows to keep track/close things but I wouldn't expect it to.
Back to top
View user's profile Send private message
OldCheatEngineUser
Whateven rank
Reputation: 9

Joined: 01 Feb 2016
Posts: 867

PostPosted: Tue Feb 06, 2018 7:47 am    Post subject: Reply with quote

my answer remains no, in higher programming languages the compiler will control and manage that.

which means the system is not responsible for closing handles opened by you, so you have to close whatever handles you opened. (also not every handle need to be closed)

_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
patched cheat engine tutorials
Memory Hacker
Back to top
View user's profile Send private message Visit poster's website
FreeER
Grandmaster Cheater
Reputation: 30

Joined: 09 Aug 2013
Posts: 717

PostPosted: Tue Feb 06, 2018 7:57 am    Post subject: Reply with quote

The compiler can't manage that for you when so much of it is done at run time or with multi-threading etc. It may be magical but it's not that magical or you wouldn't need things like RAII in C++ at all.

Yeah, if you look at ExitProcess you'll see
Quote:
6. All of the object handles opened by the process are closed.


edit: And if it's done by the compiler that assumes the compiler is taking on the job of doing it for whatever OS you are compiling for... which is about 9000% unlikely Smile
Back to top
View user's profile Send private message
OldCheatEngineUser
Whateven rank
Reputation: 9

Joined: 01 Feb 2016
Posts: 867

PostPosted: Tue Feb 06, 2018 8:13 am    Post subject: Reply with quote

FreeER wrote:
And if it's done by the compiler that assumes the compiler is taking on the job of doing it for whatever OS you are compiling for

i didnt mean that, i meant the compiler will add CloseHandle function and put it into your code automatically.

about msdn, that doesnt mean opened handles for other processes. (like process handle)

_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
patched cheat engine tutorials
Memory Hacker
Back to top
View user's profile Send private message Visit poster's website
FreeER
Grandmaster Cheater
Reputation: 30

Joined: 09 Aug 2013
Posts: 717

PostPosted: Tue Feb 06, 2018 8:21 am    Post subject: Reply with quote

BS. Show me the source and disassembly for that Very Happy

As for process handles, a trivial way to test should be to have it open a bunch without closing and then have CE list all the opened handles with lua's getHandeList. I find it inconceivable that windows would go to the effort of closing file handles for a dead process but won't close process handles for that same dead process. Certainly it won't kill a started process but that's not what CloseHandle does.
Back to top
View user's profile Send private message
OldCheatEngineUser
Whateven rank
Reputation: 9

Joined: 01 Feb 2016
Posts: 867

PostPosted: Tue Feb 06, 2018 8:27 am    Post subject: Reply with quote

https://docs.microsoft.com/en-us/sysinternals/downloads/handle

run the tests yourself, the handle remains opened. (unitl both are closed) so far that what i got.

_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
patched cheat engine tutorials
Memory Hacker
Back to top
View user's profile Send private message Visit poster's website
FreeER
Grandmaster Cheater
Reputation: 30

Joined: 09 Aug 2013
Posts: 717

PostPosted: Tue Feb 06, 2018 10:04 am    Post subject: Reply with quote

I ran https://pastebin.com/ME0du7Hj which just sits in a loop calling OpenProcess on what was the PID for notepad and in CE called return #getHandleList(2)

here's the results

Code:

-- before opened
:6
return #getHandleList(2)

-- after opened
:19
return #getHandleList(2)

:24
return #getHandleList(2)

:31
...

:65
return #getHandleList(2)

:67
return #getHandleList(2)

:68
return #getHandleList(2)

:70
-- after closed
return #getHandleList(2)

:6


OS: Windows 10, and it just did the fall creators update, who knows if that matters lol Laughing
Back to top
View user's profile Send private message
OldCheatEngineUser
Whateven rank
Reputation: 9

Joined: 01 Feb 2016
Posts: 867

PostPosted: Wed Feb 07, 2018 12:51 am    Post subject: Reply with quote

quick update:

- ok i was able to change page rights (i.e. read/write execute) using VirtualProtectEx

now i can nop instructions, ill see what else i can put into this.

edit: note:
i didnt upload the file. (files uploaded now)

...
previous post
...

ok im done with it, any ideas? or what else i can put into this dirt? idk.

_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
patched cheat engine tutorials
Memory Hacker
Back to top
View user's profile Send private message Visit poster's website
FreeER
Grandmaster Cheater
Reputation: 30

Joined: 09 Aug 2013
Posts: 717

PostPosted: Wed Feb 07, 2018 6:44 am    Post subject: Reply with quote

As for ideas,

1. read from a file (possibly "resource files" ie. put the file in the exe)

That way when developing the trainer you can just use a text file rather than recompiling, also makes it a bit more of a cheat tool like CE than a trainer since you could share it with other people and they could create new text files to work on different games.

2. have multiple options and offer a menu to let the user select one, do whatever (increase, decrease, toggle) and then go back to the selection menu and repeat
2.1 hotkeys

3. allocate memory? VirtualAllocEx

4. list modules/symbols?

5. createThread?

6. display values?, for games that have hidden stats. And I just mean print to console not a game overlay Smile

7. breakpoints/change register on breakpoint?, Probably overkill
Back to top
View user's profile Send private message
OldCheatEngineUser
Whateven rank
Reputation: 9

Joined: 01 Feb 2016
Posts: 867

PostPosted: Wed Feb 07, 2018 7:09 am    Post subject: Reply with quote

1. ill work on this (i think a .ini file to store stupid configurations, and a simple .txt for other user stuff i also might create a .dll for other purpose)

2. im not good with user interaction

3. im done with virtualallocex and virtualfreeex (but not yet updated)

4. i have no idea about these or how to get them

5. im working on CreateRemoteThreadEx, and it takes many parameters which i dont understand

6. the required console apis arent easy to use, i tried couple times and failed (that doesnt mean ill stop trying but ill keep it for other time)

7. debugging is much more away and above my current knowledge level



thats not everything, since i succeeded on allocating and deallocating memory.
then i need to figure out a way to write couple instructions there and create a thread to execute them, this part requires more time to work on but it worth.

_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
patched cheat engine tutorials
Memory Hacker
Back to top
View user's profile Send private message Visit poster's website
TheyCallMeTim13
Wiki Contributor
Reputation: 14

Joined: 24 Feb 2017
Posts: 438
Location: 'Merica

PostPosted: Wed Feb 07, 2018 7:29 am    Post subject: Reply with quote

It might be better for a separate tool, but you could recreate the pointer scanner, I have considered it just to better understand exactly how it works. Not sure how easy it would be is ASM.
_________________
Back to top
View user's profile Send private message
FreeER
Grandmaster Cheater
Reputation: 30

Joined: 09 Aug 2013
Posts: 717

PostPosted: Wed Feb 07, 2018 7:30 am    Post subject: Reply with quote

Hm, are you not good with UI or asm just makes it difficult? I could understand the latter but the backspace code didn't look too bad... you could always look at something like https://www.youtube.com/watch?v=pyEAgx1hhiU for ideas (just the first I googled lol)

As for modules ToolHelp32Snapshot or something like that I believe, possibly paired with another call to get more info if it doesn't give the name.... ah,yeah that seems right, see: https://msdn.microsoft.com/en-us/library/windows/desktop/ms684218(v=vs.85).aspx as for other symbols like pdb files... I assume it'd just parsing a file format but that might be a little overkill for handwritten asm Very Happy

CreateRemoteThreadEx hm, seems simple enough...
Code:
HANDLE CreateRemoteThreadEx(
  _In_      HANDLE                       hProcess,
  _In_opt_  LPSECURITY_ATTRIBUTES        lpThreadAttributes,
  _In_      SIZE_T                       dwStackSize,
  _In_      LPTHREAD_START_ROUTINE       lpStartAddress,
  _In_opt_  LPVOID                       lpParameter,
  _In_      DWORD                        dwCreationFlags,
  _In_opt_  LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList,
  _Out_opt_ LPDWORD                      lpThreadId
);
aka
Code:
// assuming process was opened with permission to create threads
DWORD threadID;
HANDLE threadHandle =  CreateRemoteThreadEx(
  processHandleToSpawnThreadIn,
  NULL,                                      // security stuff we don't care about
  0,                                         // thread stack size, use default for executable
  pointer to function to start executing,    // stdcall, void pointer, returns DWORD
  pointer arg to pass to above function,
  0,                                         // just start, don't need to suspend or only reserve the stack
  NULL,                                      // more random crap we don't care about
  &threadID
);


if you're curious about the attribute list see https://msdn.microsoft.com/en-us/library/windows/desktop/ms686880(v=vs.85).aspx

6. fair enough Very Happy

7. also fair, I don't really know much about it either Smile though to be clear I wasn't suggesting a disassembler or being able to step through the code. Just being able to set a breakpoint and do pre-defined actions before continuing, though I suppose if you got that far stepping wouldn't take much more (it'd just be blind without a disassembly lol)

edit:
@Tim hm, I assume the basic logic is loop through all the (readable) memory by the size of a pointer, if the value is within the +-offset range then add it to the list of possible pointers, repeat for as many levels as there are with each result in the list. Then for usability you'd want to determine if the base is static or not lol
Not sure how pointer maps work unless it's just recording every value (and it's address) that points to a possible address in the process...


Last edited by FreeER on Wed Feb 07, 2018 7:54 am; edited 5 times in total
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming -> Binaries All times are GMT - 6 Hours
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites