| View previous topic :: View next topic |
| Author |
Message |
alemuri
Newbie cheater
![]() Reputation: 0
Joined: 19 Apr 2014
Posts: 12
|
 Posted: Thu Apr 16, 2015 4:27 pm Post subject: Can Cheat Engine scan for 8 bytes caves? |
 |
|
| Hi all, probably i'm not the first one struggling with x64 games, and the 14 bytes jmp that to me keep crashing also if appearently i rebuild all the code correctly and jump back in the right continuation of the code, anyway what i want to ask is if cheat engine can search for memory caves 8 bytes to find one near my code and make a normal 5 bytes Jmp, example, i need to make a jump here 13f012431 that is 5 bytes, if i jump in a place 4 bytes long it make a jump 14 bytes long, but if i jump to a memory cave 5 bytes long the jump will be a normal jump of 5 bytes, appearently cheat engine search for caves from 00000000 to 7FFFFFFF so only 4 bytes, is there a way to do it? thx in advance!
|
|
| Back to top |
|
 |
Zanzer
I post too much
![]() Reputation: 126
Joined: 09 Jun 2013
Posts: 3278
|
| Posted: Thu Apr 16, 2015 4:38 pm Post subject: |
|
|
Why aren't you simply using the built-in templates to build the injection code for you?
Are you saying Cheat Engine fails to generate the proper code?
In Auto Assemble, select Template > Code Injection (preferably, AOB Injection)
|
|
| Back to top |
|
|
alemuri
Newbie cheater
![]() Reputation: 0
Joined: 19 Apr 2014
Posts: 12
|
| Posted: Thu Apr 16, 2015 4:45 pm Post subject: |
|
|
| Zanzer wrote: | Why aren't you simply using the built-in templates to build the injection code for you?
Are you saying Cheat Engine fails to generate the proper code?
In Auto Assemble, select Template > Code Injection (preferably, AOB Injection) |
Hi Zanzer, thx for the answer, the code injection of Cheat engine allocate automatically the memory, so if i'm building a trainer in visual basic for example, the memory that Cheat Engine allocated automatically will result unallocated, so my problem is still that i don't have a spot to jump with 5 bytes, i also tried using the API virtualalloc to allocate the memory but it work on 4 bytes address allocation but fail with more, if i'm missing some point i'm sorry i'm not so skilled, so if what i wrote is not correct please be patient 
|
|
| Back to top |
|
|
Zanzer
I post too much
![]() Reputation: 126
Joined: 09 Jun 2013
Posts: 3278
|
| Posted: Thu Apr 16, 2015 5:09 pm Post subject: |
|
|
Not sure I understand what you mean by Virtual Alloc only works on 4-bytes.
Also, are you certain that your training is injecting what you think and where you think?
Have you tried using CE to see the code you injected?
|
|
| Back to top |
|
|
alemuri
Newbie cheater
![]() Reputation: 0
Joined: 19 Apr 2014
Posts: 12
|
| Posted: Thu Apr 16, 2015 5:26 pm Post subject: |
|
|
| yes the injection work fine, infact using the memory that cheat engine autoallocated is perfect, the only problem is that if i build the trainer in visual basic that memory region is not allocated, because in the script cheat engine allocate it before, but probably i explained too much and not very clearly, sorry, making things simpler i need a memory cave 5 bytes address example(13f000000) where to inject my code, while the cave scanner of cheat engine can scan from 00000000 to 7fffffff that as you can see is a range of 4 bytes
|
|
| Back to top |
|
|
Dark Byte
Site Admin
 Reputation: 468
Joined: 09 May 2003
Posts: 25708
Location: The netherlands
|
| Posted: Thu Apr 16, 2015 7:53 pm Post subject: |
|
|
VirtualAlloc lets you specify the base address. Make sure that the base address is dividable by 65536
That way you can allocate nearby the point of origin and use that to use 5 byte jmps
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
alemuri
Newbie cheater
![]() Reputation: 0
Joined: 19 Apr 2014
Posts: 12
|
| Posted: Thu Apr 16, 2015 8:21 pm Post subject: |
|
|
| Hi Dark Byte, thx for the answer, for some reason VirtualallocEX is failing after 7FFFFFFF, but work perfectly since 7FFFFFFF, i'm struggling all the day, converted in Long for 64 bit everything in the declaration, but still no success
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 468
Joined: 09 May 2003
Posts: 25708
Location: The netherlands
|
| Posted: Thu Apr 16, 2015 9:09 pm Post subject: |
|
|
Just make sure that the address ends with 4 0's and the prefered base should be picked. (Assuming that the address isn't currently allocated)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
alemuri
Newbie cheater
![]() Reputation: 0
Joined: 19 Apr 2014
Posts: 12
|
| Posted: Thu Apr 16, 2015 9:55 pm Post subject: |
|
|
I tried, still the same problem, with alloc type MEM_TOP_DOWN (const &H100000) it fails in any case, with MEM_COMMIT (Const &H1000) it succeded untill 7fffffff but fails on everything after that, this is my visual basic code i know that it's not the best language to manage with these things but it's the only one that i know
Public Declare Function VirtualAllocEx Lib "kernel32.dll" (ByVal hProcess As Long, ByVal lpAddress As Long, ByVal dwSize As Long, ByVal flAllocationType As Long, ByVal FlProtect As Long) As Long
Const MEM_TOP_DOWN As Long = &H100000
Const PAGE_EXECUTE_READWRITE As Long = &H40
Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
Dim Address As Long
Dim p() As Process
p = Process.GetProcessesByName("GTA5")
Address = VirtualAllocEx(p(0).Handle, &H13EFF0000, 2048, MEM_TOP_DOWN, PAGE_EXECUTE_READWRITE)
MsgBox(Address)
End Sub
|
|
| Back to top |
|
|
Gniarf
Grandmaster Cheater Supreme
![]() Reputation: 43
Joined: 12 Mar 2012
Posts: 1285
|
| Posted: Thu Apr 16, 2015 10:26 pm Post subject: |
|
|
Memory regions have a size that is a multiple of 0x1000, but it's unlikely that the size of your game's code is exactly a multiple of 0x1000. As a result there is often a large cave at the end of the code.
Simplest way to locate it in an x64 application is probably to set the scan's start address to your code modification's address and scan for a bunch (32+) of 0, type array of byte, with the options writable=off and executable=on. Then pick the first result. If you see several screens of add [rax],al you're at the right place.
And since that cave is less than 2Gb away from your modification CE should use a 5 byte jump.
_________________
DO NOT PM me if you want help on making/fixing/using a hack. |
|
| Back to top |
|
|
alemuri
Newbie cheater
![]() Reputation: 0
Joined: 19 Apr 2014
Posts: 12
|
| Posted: Fri Apr 17, 2015 2:53 am Post subject: |
|
|
| Gniarf wrote: | Memory regions have a size that is a multiple of 0x1000, but it's unlikely that the size of your game's code is exactly a multiple of 0x1000. As a result there is often a large cave at the end of the code.
Simplest way to locate it in an x64 application is probably to set the scan's start address to your code modification's address and scan for a bunch (32+) of 0, type array of byte, with the options writable=off and executable=on. Then pick the first result. If you see several screens of add [rax],al you're at the right place.
And since that cave is less than 2Gb away from your modification CE should use a 5 byte jump. |
Yes, probably would be the best solution, only uncomfort is that also that empty region change everytime because the exe is in a different place everytime, so i guess i have to manage with getbase also to find the cave every time, i thought would have been simpler to make working the virtualallocEX function or to find a cave spot that doesn't change everytime, but i will try that solution with the getbase + offset for the cave, thx all for the help!
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 468
Joined: 09 May 2003
Posts: 25708
Location: The netherlands
|
| Posted: Fri Apr 17, 2015 3:30 am Post subject: |
|
|
don't use mem_top_down, only mem_reserve and mem_commit (OR'ed)
and make sure 13EFF0000 is in fact unallocated memory (so if you hardcode it like that it will only succeed one time)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
alemuri
Newbie cheater
![]() Reputation: 0
Joined: 19 Apr 2014
Posts: 12
|
| Posted: Fri Apr 17, 2015 12:37 pm Post subject: |
|
|
| Dark Byte wrote: | don't use mem_top_down, only mem_reserve and mem_commit (OR'ed)
and make sure 13EFF0000 is in fact unallocated memory (so if you hardcode it like that it will only succeed one time) |
in cheat engine when i attach the process that part of memory result with exclamation marks, is that enough or that doesn't mean that it's unallocated? thx again for help, i appreciate so much 
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 468
Joined: 09 May 2003
Posts: 25708
Location: The netherlands
|
| Posted: Fri Apr 17, 2015 12:49 pm Post subject: |
|
|
you mean question marks right?
if so, yes(assuming it's not reserved) , as long as the whole 64kb block is free the virtualalloc should work
use view->memory regions to see if it's really free (virtualqueryex api)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
alemuri
Newbie cheater
![]() Reputation: 0
Joined: 19 Apr 2014
Posts: 12
|
| Posted: Fri Apr 17, 2015 1:54 pm Post subject: |
|
|
| Solved, i was just stupid, i was going directly with MEM_COMMIT thinking that as question marks i could just use that to allocate, instead i have to use virtualallocex before with MEM_RESERVE, and after with MEM_COMMIT, and like you said on regions that ends with the 4 zero, or it doesn't work thx so much for the help
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
