Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Can Cheat Engine scan for 8 bytes caves?

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
alemuri
Newbie cheater
Reputation: 0

Joined: 19 Apr 2014
Posts: 12

PostPosted: Thu Apr 16, 2015 4:27 pm    Post subject: Can Cheat Engine scan for 8 bytes caves? Reply with quote

Hi all, probably i'm not the first one struggling with x64 games, and the 14 bytes jmp that to me keep crashing also if appearently i rebuild all the code correctly and jump back in the right continuation of the code, anyway what i want to ask is if cheat engine can search for memory caves 8 bytes to find one near my code and make a normal 5 bytes Jmp, example, i need to make a jump here 13f012431 that is 5 bytes, if i jump in a place 4 bytes long it make a jump 14 bytes long, but if i jump to a memory cave 5 bytes long the jump will be a normal jump of 5 bytes, appearently cheat engine search for caves from 00000000 to 7FFFFFFF so only 4 bytes, is there a way to do it? thx in advance!
Back to top
View user's profile Send private message
Zanzer
I post too much
Reputation: 126

Joined: 09 Jun 2013
Posts: 3278

PostPosted: Thu Apr 16, 2015 4:38 pm    Post subject: Reply with quote

Why aren't you simply using the built-in templates to build the injection code for you?
Are you saying Cheat Engine fails to generate the proper code?

In Auto Assemble, select Template > Code Injection (preferably, AOB Injection)
Back to top
View user's profile Send private message
alemuri
Newbie cheater
Reputation: 0

Joined: 19 Apr 2014
Posts: 12

PostPosted: Thu Apr 16, 2015 4:45 pm    Post subject: Reply with quote

Zanzer wrote:
Why aren't you simply using the built-in templates to build the injection code for you?
Are you saying Cheat Engine fails to generate the proper code?

In Auto Assemble, select Template > Code Injection (preferably, AOB Injection)

Hi Zanzer, thx for the answer, the code injection of Cheat engine allocate automatically the memory, so if i'm building a trainer in visual basic for example, the memory that Cheat Engine allocated automatically will result unallocated, so my problem is still that i don't have a spot to jump with 5 bytes, i also tried using the API virtualalloc to allocate the memory but it work on 4 bytes address allocation but fail with more, if i'm missing some point i'm sorry i'm not so skilled, so if what i wrote is not correct please be patient Razz
Back to top
View user's profile Send private message
Zanzer
I post too much
Reputation: 126

Joined: 09 Jun 2013
Posts: 3278

PostPosted: Thu Apr 16, 2015 5:09 pm    Post subject: Reply with quote

Not sure I understand what you mean by Virtual Alloc only works on 4-bytes.

Also, are you certain that your training is injecting what you think and where you think?

Have you tried using CE to see the code you injected?
Back to top
View user's profile Send private message
alemuri
Newbie cheater
Reputation: 0

Joined: 19 Apr 2014
Posts: 12

PostPosted: Thu Apr 16, 2015 5:26 pm    Post subject: Reply with quote

yes the injection work fine, infact using the memory that cheat engine autoallocated is perfect, the only problem is that if i build the trainer in visual basic that memory region is not allocated, because in the script cheat engine allocate it before, but probably i explained too much and not very clearly, sorry, making things simpler i need a memory cave 5 bytes address example(13f000000) where to inject my code, while the cave scanner of cheat engine can scan from 00000000 to 7fffffff that as you can see is a range of 4 bytes
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Thu Apr 16, 2015 7:53 pm    Post subject: Reply with quote

VirtualAlloc lets you specify the base address. Make sure that the base address is dividable by 65536
That way you can allocate nearby the point of origin and use that to use 5 byte jmps

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
alemuri
Newbie cheater
Reputation: 0

Joined: 19 Apr 2014
Posts: 12

PostPosted: Thu Apr 16, 2015 8:21 pm    Post subject: Reply with quote

Hi Dark Byte, thx for the answer, for some reason VirtualallocEX is failing after 7FFFFFFF, but work perfectly since 7FFFFFFF, i'm struggling all the day, converted in Long for 64 bit everything in the declaration, but still no success
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Thu Apr 16, 2015 9:09 pm    Post subject: Reply with quote

Just make sure that the address ends with 4 0's and the prefered base should be picked. (Assuming that the address isn't currently allocated)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
alemuri
Newbie cheater
Reputation: 0

Joined: 19 Apr 2014
Posts: 12

PostPosted: Thu Apr 16, 2015 9:55 pm    Post subject: Reply with quote

I tried, still the same problem, with alloc type MEM_TOP_DOWN (const &H100000) it fails in any case, with MEM_COMMIT (Const &H1000) it succeded untill 7fffffff but fails on everything after that, this is my visual basic code i know that it's not the best language to manage with these things but it's the only one that i know Razz

Public Declare Function VirtualAllocEx Lib "kernel32.dll" (ByVal hProcess As Long, ByVal lpAddress As Long, ByVal dwSize As Long, ByVal flAllocationType As Long, ByVal FlProtect As Long) As Long

Const MEM_TOP_DOWN As Long = &H100000
Const PAGE_EXECUTE_READWRITE As Long = &H40

Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
Dim Address As Long
Dim p() As Process
p = Process.GetProcessesByName("GTA5")
Address = VirtualAllocEx(p(0).Handle, &H13EFF0000, 2048, MEM_TOP_DOWN, PAGE_EXECUTE_READWRITE)
MsgBox(Address)
End Sub
Back to top
View user's profile Send private message
Gniarf
Grandmaster Cheater Supreme
Reputation: 43

Joined: 12 Mar 2012
Posts: 1285

PostPosted: Thu Apr 16, 2015 10:26 pm    Post subject: Reply with quote

Memory regions have a size that is a multiple of 0x1000, but it's unlikely that the size of your game's code is exactly a multiple of 0x1000. As a result there is often a large cave at the end of the code.

Simplest way to locate it in an x64 application is probably to set the scan's start address to your code modification's address and scan for a bunch (32+) of 0, type array of byte, with the options writable=off and executable=on. Then pick the first result. If you see several screens of add [rax],al you're at the right place.

And since that cave is less than 2Gb away from your modification CE should use a 5 byte jump.

_________________
DO NOT PM me if you want help on making/fixing/using a hack.
Back to top
View user's profile Send private message
alemuri
Newbie cheater
Reputation: 0

Joined: 19 Apr 2014
Posts: 12

PostPosted: Fri Apr 17, 2015 2:53 am    Post subject: Reply with quote

Gniarf wrote:
Memory regions have a size that is a multiple of 0x1000, but it's unlikely that the size of your game's code is exactly a multiple of 0x1000. As a result there is often a large cave at the end of the code.

Simplest way to locate it in an x64 application is probably to set the scan's start address to your code modification's address and scan for a bunch (32+) of 0, type array of byte, with the options writable=off and executable=on. Then pick the first result. If you see several screens of add [rax],al you're at the right place.

And since that cave is less than 2Gb away from your modification CE should use a 5 byte jump.

Yes, probably would be the best solution, only uncomfort is that also that empty region change everytime because the exe is in a different place everytime, so i guess i have to manage with getbase also to find the cave every time, i thought would have been simpler to make working the virtualallocEX function or to find a cave spot that doesn't change everytime, but i will try that solution with the getbase + offset for the cave, thx all for the help!
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Fri Apr 17, 2015 3:30 am    Post subject: Reply with quote

don't use mem_top_down, only mem_reserve and mem_commit (OR'ed)
and make sure 13EFF0000 is in fact unallocated memory (so if you hardcode it like that it will only succeed one time)

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
alemuri
Newbie cheater
Reputation: 0

Joined: 19 Apr 2014
Posts: 12

PostPosted: Fri Apr 17, 2015 12:37 pm    Post subject: Reply with quote

Dark Byte wrote:
don't use mem_top_down, only mem_reserve and mem_commit (OR'ed)
and make sure 13EFF0000 is in fact unallocated memory (so if you hardcode it like that it will only succeed one time)

in cheat engine when i attach the process that part of memory result with exclamation marks, is that enough or that doesn't mean that it's unallocated? thx again for help, i appreciate so much Smile
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Fri Apr 17, 2015 12:49 pm    Post subject: Reply with quote

you mean question marks right?
if so, yes(assuming it's not reserved) , as long as the whole 64kb block is free the virtualalloc should work
use view->memory regions to see if it's really free (virtualqueryex api)

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
alemuri
Newbie cheater
Reputation: 0

Joined: 19 Apr 2014
Posts: 12

PostPosted: Fri Apr 17, 2015 1:54 pm    Post subject: Reply with quote

Solved, i was just stupid, i was going directly with MEM_COMMIT thinking that as question marks i could just use that to allocate, instead i have to use virtualallocex before with MEM_RESERVE, and after with MEM_COMMIT, and like you said on regions that ends with the 4 zero, or it doesn't work thx so much for the help Razz
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites