View previous topic :: View next topic |
Author |
Message |
thirdfoot Newbie cheater Reputation: 0
Joined: 09 Feb 2019 Posts: 21
|
Posted: Sat Feb 09, 2019 8:22 pm Post subject: CE finds AOB but my C++ finds nothing... |
|
|
Trying to find AOB patterns in Northgard like CE does. I've found and created asm to give me food, wood, krowns and faster villager spawns with 4 small scripts that are AOB based.
When I search manually for these AOB, CE finds the areas without issues within 1-2 seconds.
When I try to search Northgard.exe (and all its modules via the process handle) myself with modBaseSize or even to lpMaximumApplicationAddress I can't find a single match. If I use the latter with virtualprotectex, it crashes the game. But won't find anything without either and no errors. If I do it with modbaseaddr+modbasesize it searches fast, but no hits. I do this externally but don't see what difference that would make.
Code works fine for other games where the offsets are exe+addr but in Northgard it seems to be dynamic. An old post by DarkByte indicated the heap is also searched with virtualqueryex, so I'm not getting why I can't find it but CE does...
Driving me nuts. Been at it the best part of this saturday. Was looking forward to make a quick trainer but the AOB pattern is eluding me.
|
|
Back to top |
|
|
atom0s Moderator Reputation: 198
Joined: 25 Jan 2006 Posts: 8517 Location: 127.0.0.1
|
Posted: Sat Feb 09, 2019 10:44 pm Post subject: |
|
|
Use VirtualQueryEx to walk the memory pages of the process, check the flags to make sure they can be read properly before attempting otherwise it can cause crashes. While you loop each page via VirtualQueryEx just dump the full page, scan the dumped memory of that page and move on as needed.
_________________
- Retired. |
|
Back to top |
|
|
thirdfoot Newbie cheater Reputation: 0
Joined: 09 Feb 2019 Posts: 21
|
Posted: Sun Feb 10, 2019 6:23 am Post subject: |
|
|
atom0s wrote: | Use VirtualQueryEx to walk the memory pages of the process, check the flags to make sure they can be read properly before attempting otherwise it can cause crashes. While you loop each page via VirtualQueryEx just dump the full page, scan the dumped memory of that page and move on as needed. |
I'm doing this via one mbi.RegionSize at a time, and now in desperation only checking state against MEM_COMMIT to read as much as possible but usually I check against noaccess and pageguard as well. This haven't seemed to make a difference.
I have searched all module memories, and lastly tried from min to max application memory limits (SysInfo.lpMaximumApplicationAddress) which takes a long time but doesn't find anything then either.
When I try to look up the address that CE dynamically finds in Olly as expression, I get sent to the main thread. But at least it finds it. I don't.
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25296 Location: The netherlands
|
Posted: Sun Feb 10, 2019 6:34 am Post subject: |
|
|
perhaps the aob you're scanning contains bytes from two different regions
e.g one being execute/copy_on_write and the other read/write/execute
(this often happens when you edit memory. A subsection of the memory region changes from execute/copy_on_Write to read/write/execute)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
thirdfoot Newbie cheater Reputation: 0
Joined: 09 Feb 2019 Posts: 21
|
Posted: Mon Feb 11, 2019 3:29 am Post subject: |
|
|
Dark Byte wrote: | perhaps the aob you're scanning contains bytes from two different regions
e.g one being execute/copy_on_write and the other read/write/execute
(this often happens when you edit memory. A subsection of the memory region changes from execute/copy_on_Write to read/write/execute) |
Revised my scanner code and fix it, somehow. I had my pattern going through a class public std::string and sent c_str() to the memory scanning function. I removed that and sent a literal/constant string instead which now works excellent.
I have 2 followup questions if I may.
1) Would what you're saying be solved by VirtualProtectEx the area to PAGE_EXECUTE_READWRITE and back before/after RPM?
2) I started wondering (this obviously wasn't the problem though, but could it ever become one?) if MEMORY_BASIC_INFORMATION pages may split the target AOB between 2 page/regions. Because I scan a region at a time now (like most example scanners do), but I'm wondering if I should make a rotating array and perhaps scan 2 pages at a time via push/pop so one page gets scanned twice with a prev/next page, just incase the target AOB is between the pages... Or will that never happen because of some alignment I don't know about? I'd rather not though for performance reasons, but I'd highly value your opinion on this.
Thanks in advance. Your software have helped me immensly taking my C/C++ into memory exploration, and being able to easy monitor what I actually do.
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25296 Location: The netherlands
|
Posted: Mon Feb 11, 2019 5:31 am Post subject: |
|
|
the easiest is just group all readable memory in one
if two subsequent regions are readable merge them into one bigger region
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
thirdfoot Newbie cheater Reputation: 0
Joined: 09 Feb 2019 Posts: 21
|
Posted: Mon Feb 11, 2019 6:01 am Post subject: |
|
|
Was concerned about memory usage doing that, but I'll experiment with it. Thanks.
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25296 Location: The netherlands
|
Posted: Mon Feb 11, 2019 6:16 am Post subject: |
|
|
You can of course split that up again into smaller sections, but implement some overlap then
when you split up a region increment the first half with the size of the AOB
So when it overlaps you do find that result as well
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
|