Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Strange alloc behavior ....

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
Reaper79
Advanced Cheater
Reputation: 2

Joined: 21 Nov 2013
Posts: 68
Location: Germany
PostPosted: Sat Nov 14, 2020 1:08 pm    Post subject: Strange alloc behavior .... Reply with quote
Hi there,

just dug out Final Fantasy 15 (steam) to try some things out and somethings strange happened....

I use following "aob" Script; it does not much, just alloc some new mem and copy the "original function":

Code:

aobscanmodule(INJECT,ffxv_s.exe,48 89 91 08 58 00 00 C3 0F) // should be unique
registersymbol(INJECT)
alloc(newmem,$1000,INJECT)

newmem:
  mov [rcx+00005808],rdx //original
  ret //original

INJECT:
  jmp newmem
  nop 3

[DISABLE]

INJECT:
  db 48 89 91 08 58 00 00 C3

unregistersymbol(INJECT)
dealloc(newmem)


When i activate the script in the "MAIN MENU", it works like a charm:




But if you are in the game (loaded / new game) and activate the script, the magic happens:



Same code, same script but alloc does not find near memory....

Tested with Cheat Engine 7.1 / 7.2....

PS: No Kernel things are activated in CE, just standard setup.

PPS: AMD Ryzen 7 / Windows 10 Pro (20H2)
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 470

Joined: 09 May 2003
Posts: 25791
Location: The netherlands
PostPosted: Sat Nov 14, 2020 6:36 pm    Post subject: Reply with quote
That's weird. 7.2 should not have activated this (looks like a bug in the safety check there)

anyhow, this happens when the game has allocated more than 2GB within that region and there is no free space. Check the memory region view and confirm it's all committed or reserved.

In this case you can either use a trampoline inside the code in unused memory, or adjust your hook so it assumes a 14 byte jmp
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Reaper79
Advanced Cheater
Reputation: 2

Joined: 21 Nov 2013
Posts: 68
Location: Germany
PostPosted: Mon Nov 16, 2020 1:12 pm    Post subject: Reply with quote
Thanks for the answer,

don't know if it matters:

Game Module "ffxv_s.exe"
start: 0x140000000
size: 0xFC81000
end: 0x14FC81000

View at the main menu:



View after the game starts (new game, loading):





What I noticed now, sometimes there are no 14byte jmps after loading the game. At the moment it is quite arbitrary.

How do you check something like that ?


Can't double Post, so this:


Now I made a LUA Code-Cave Scanner Script to work around this problem. It's not the best solution and the code is fucked up. But it works ^^

I am open for improvements Smile


Code:
{$lua}
if syntaxcheck then return end

--Credits to mgr.inz.Player
if oldRegisterSymbol==nil then oldRegisterSymbol = registerSymbol end
registerSymbol = function (a,b,c) unregisterSymbol(a); oldRegisterSymbol(a,b,c) end
------

{$asm}
[ENABLE]
{$lua}
local module = "ffxv_s.exe"
local addressStart = getAddress(module)
local addressEnd = addressStart + getModuleSize(module)
local iBtR = 1024 --size codecave in bytes
local found = false
local increment = 4 --inc 4 bytes default
local result = nil

if targetIs64Bit() then increment = 8 end

for i = addressStart,addressEnd,increment
do
  if i > addressEnd then break end

  local bt = readBytes(i,iBtR,true)
  for p, v in ipairs(bt) do
      found = true
      if string.byte(v) ~= string.byte(0xCC) then found = false break end
  end

  if found == true then result = i break end
end

assert(result, 'codeCave failed') --idea from FreeER
registerSymbol('codeCave',result)

{$asm}
aobscanmodule(aobGetPlayedTime,ffxv_s.exe,48 89 91 08 58 00 00 C3 0F) // should be unique
registersymbol(aobGetPlayedTime)

label(aobGetPlayedTime_code)

codeCave:
aobGetPlayedTime_code:
  mov [rcx+00005808],rdx
  ret

aobGetPlayedTime:
  jmp aobGetPlayedTime_code
  nop 3

[DISABLE]
codeCave:
  db CC CC CC CC CC CC CC CC

aobGetPlayedTime:
  db 48 89 91 08 58 00 00 C3

unregistersymbol(aobGetPlayedTime)
unregisterSymbol(codeCave)
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites