 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
yonic
How do I cheat?
![]() Reputation: 0
Joined: 25 Feb 2023
Posts: 1
|
 Posted: Sat Feb 25, 2023 6:36 am Post subject: Pointerscanning with 16 bit executables |
 |
|
I'm researching on reverse engineering a Windows 3.1 program and I wanted to do some memory hacks. While I was able to find and manipulate some memory addresses, I haven't been able to find the underlying pointers to them. The program in question is a 16-bit protected mode Windows 3.1 NE-format executable.
I tried the following:
- Run the program with winevdm on my 64-bit machine and CE7. Filtering out the scanned pointers returns 0 results.
- Setup a Win98 emulated machine with PCem and run the program inside. I looked for a way to scan for the pointer in CE5, but there is no pointerscanner and I can't attach the debugger to the process (error 87, the handle is invalid).
- Running CE7 in my host machine and opening the PCem process is unable to find a reliable pointer, but at least I can attach the debugger.
Perhaps pointerscanner is unable to scan for remapped addresses due to virtualization/emulation? I have enabled searching for mapped memory, but I think that only applies to plain addresses and not pointers.
Is it possible to use the debugger to figure out where the pointers are stored?
|
|
| Back to top |
|
 |
Xx XoTiC V1 xX
Cheater
 Reputation: 1
Joined: 03 Aug 2012
Posts: 43
|
| Posted: Sat Feb 25, 2023 9:44 am Post subject: Re: Pointerscanning with 16 bit executables |
|
|
| yonic wrote: | I'm researching on reverse engineering a Windows 3.1 program and I wanted to do some memory hacks. While I was able to find and manipulate some memory addresses, I haven't been able to find the underlying pointers to them. The program in question is a 16-bit protected mode Windows 3.1 NE-format executable.
I tried the following:
- Run the program with winevdm on my 64-bit machine and CE7. Filtering out the scanned pointers returns 0 results.
- Setup a Win98 emulated machine with PCem and run the program inside. I looked for a way to scan for the pointer in CE5, but there is no pointerscanner and I can't attach the debugger to the process (error 87, the handle is invalid).
- Running CE7 in my host machine and opening the PCem process is unable to find a reliable pointer, but at least I can attach the debugger.
Perhaps pointerscanner is unable to scan for remapped addresses due to virtualization/emulation? I have enabled searching for mapped memory, but I think that only applies to plain addresses and not pointers.
Is it possible to use the debugger to figure out where the pointers are stored? |
Virtual machines are hit and miss with the pointer scanner, for example I've been able to find pointers for some emulators like with VBA (Gameboy Advance emulator) Sega Dreamcast, Saturn etc. But I also didn't use the pointer scanner for all. For some it's either really tedious or just impossible. So you'd have to resort to some scripting like AOB but I'm not familiar with how PCem or Oracle VirtualBox, any of those work so I can't say if it's a good option.
I don't really know about the debugger part, but if you can't find a reliable pointer then you may have to resort to scripting but like I said while I've used virtual machine software to use Win 98, XP to name a couple I've never really experimented with them through Cheat Engine. So keep in mind it could be more complex.
_________________
Learning as I go. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
