Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


CE finds AOB but my C++ finds nothing...

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
thirdfoot
Newbie cheater
Reputation: 0

Joined: 09 Feb 2019
Posts: 21
PostPosted: Sat Feb 09, 2019 8:22 pm    Post subject: CE finds AOB but my C++ finds nothing... Reply with quote
Trying to find AOB patterns in Northgard like CE does. I've found and created asm to give me food, wood, krowns and faster villager spawns with 4 small scripts that are AOB based.

When I search manually for these AOB, CE finds the areas without issues within 1-2 seconds.

When I try to search Northgard.exe (and all its modules via the process handle) myself with modBaseSize or even to lpMaximumApplicationAddress I can't find a single match. If I use the latter with virtualprotectex, it crashes the game. But won't find anything without either and no errors. If I do it with modbaseaddr+modbasesize it searches fast, but no hits. I do this externally but don't see what difference that would make.

Code works fine for other games where the offsets are exe+addr but in Northgard it seems to be dynamic. An old post by DarkByte indicated the heap is also searched with virtualqueryex, so I'm not getting why I can't find it but CE does...

Driving me nuts. Been at it the best part of this saturday. Was looking forward to make a quick trainer but the AOB pattern is eluding me.
Back to top
View user's profile Send private message
atom0s
Moderator
Reputation: 198

Joined: 25 Jan 2006
Posts: 8517
Location: 127.0.0.1
PostPosted: Sat Feb 09, 2019 10:44 pm    Post subject: Reply with quote
Use VirtualQueryEx to walk the memory pages of the process, check the flags to make sure they can be read properly before attempting otherwise it can cause crashes. While you loop each page via VirtualQueryEx just dump the full page, scan the dumped memory of that page and move on as needed.
_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
thirdfoot
Newbie cheater
Reputation: 0

Joined: 09 Feb 2019
Posts: 21
PostPosted: Sun Feb 10, 2019 6:23 am    Post subject: Reply with quote
atom0s wrote:
Use VirtualQueryEx to walk the memory pages of the process, check the flags to make sure they can be read properly before attempting otherwise it can cause crashes. While you loop each page via VirtualQueryEx just dump the full page, scan the dumped memory of that page and move on as needed.


I'm doing this via one mbi.RegionSize at a time, and now in desperation only checking state against MEM_COMMIT to read as much as possible but usually I check against noaccess and pageguard as well. This haven't seemed to make a difference.

I have searched all module memories, and lastly tried from min to max application memory limits (SysInfo.lpMaximumApplicationAddress) which takes a long time but doesn't find anything then either.

When I try to look up the address that CE dynamically finds in Olly as expression, I get sent to the main thread. But at least it finds it. I don't.
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 458

Joined: 09 May 2003
Posts: 25284
Location: The netherlands
PostPosted: Sun Feb 10, 2019 6:34 am    Post subject: Reply with quote
perhaps the aob you're scanning contains bytes from two different regions

e.g one being execute/copy_on_write and the other read/write/execute
(this often happens when you edit memory. A subsection of the memory region changes from execute/copy_on_Write to read/write/execute)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
thirdfoot
Newbie cheater
Reputation: 0

Joined: 09 Feb 2019
Posts: 21
PostPosted: Mon Feb 11, 2019 3:29 am    Post subject: Reply with quote
Dark Byte wrote:
perhaps the aob you're scanning contains bytes from two different regions

e.g one being execute/copy_on_write and the other read/write/execute
(this often happens when you edit memory. A subsection of the memory region changes from execute/copy_on_Write to read/write/execute)


Revised my scanner code and fix it, somehow. I had my pattern going through a class public std::string and sent c_str() to the memory scanning function. I removed that and sent a literal/constant string instead which now works excellent.

I have 2 followup questions if I may.

1) Would what you're saying be solved by VirtualProtectEx the area to PAGE_EXECUTE_READWRITE and back before/after RPM?

2) I started wondering (this obviously wasn't the problem though, but could it ever become one?) if MEMORY_BASIC_INFORMATION pages may split the target AOB between 2 page/regions. Because I scan a region at a time now (like most example scanners do), but I'm wondering if I should make a rotating array and perhaps scan 2 pages at a time via push/pop so one page gets scanned twice with a prev/next page, just incase the target AOB is between the pages... Or will that never happen because of some alignment I don't know about? I'd rather not though for performance reasons, but I'd highly value your opinion on this.

Thanks in advance. Your software have helped me immensly taking my C/C++ into memory exploration, and being able to easy monitor what I actually do.
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 458

Joined: 09 May 2003
Posts: 25284
Location: The netherlands
PostPosted: Mon Feb 11, 2019 5:31 am    Post subject: Reply with quote
the easiest is just group all readable memory in one
if two subsequent regions are readable merge them into one bigger region
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
thirdfoot
Newbie cheater
Reputation: 0

Joined: 09 Feb 2019
Posts: 21
PostPosted: Mon Feb 11, 2019 6:01 am    Post subject: Reply with quote
Was concerned about memory usage doing that, but I'll experiment with it. Thanks.
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 458

Joined: 09 May 2003
Posts: 25284
Location: The netherlands
PostPosted: Mon Feb 11, 2019 6:16 am    Post subject: Reply with quote
You can of course split that up again into smaller sections, but implement some overlap then

when you split up a region increment the first half with the size of the AOB
So when it overlaps you do find that result as well
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites