Cheat Engine

Emski · How do I cheat? Reputation: 0 Joined: 12 Jul 2015 Posts: 2

First of all, thank you for your amazing work on Cheat Engine. It's an invaluable tool for me on Windows and when I found out I could use it on Linux with ceserver I was thrilled. Unfortunately I've ran into some issues which I just can't seem to get past.

Since I can't post links yet I'll just put the ID of the paste, go to pastebin dot com slash [id] to view it.

Testing system OS is Arch Linux x64 with kernel v4.0.7, ceserver is always run as root. Client version is always v6.4 run from Windows 8.1 x64 although I've had the same results when trying with Wine 1.7.47.
I have also tried with other distros such as Xubuntu and Linux Mint to no avail.

First I cloned the repository from GitHub and ran the binary in "ceserver/Release-linux", connected over the network and tried to open a process. Opening a process works fine here but an error ("Scan error:controller:No readable memory found") is shown immediately when trying to scan.

Pastebin ID: uKC3cdkV

(The ptrace attach failing PID matches the ceserver PID.)

Then I started Steam on my Linux machine, restarted the server and tried again. This time the process list is not shown in the client due to an "Access violation" error. When connecting with the 32-bit client the program will hang on the empty process list then terminate without showing the error.

Pastebin ID: WsgSZNF7

I ran a diff on the process list from when the server opened a process succesfully and when it failed on requesting the process list. The cause may be due to one of these processes in the link below, assuming from similar previous reports most likely due to the length.

Pastebin ID: J3HCbPw3

As I couldn't get the latest server code to compile from source with the Makefile in ./Debug-linux I tried the same tests with the binary available from the download page. (ceserver-linux-x86_64.zip)

I started the server and connected over the network. The process list is shown and I can open a process without error. Here I can memory scan, attach the debugger, pointer scan, etc without any issue.

Server log of a test scan: Pastebin ID: Kug4uye5

Again I restarted the server, started Steam and tried to connect. As expected from the previous bug report on this topic (thread ID: 574358) this causes a fault.

Pastebin ID: j3vSA5CM

Since this version seems to be mostly functional I tried to start the server while Steam is closed, connect over the network, open Steam and then try to open the process through it's PID. This does not work either but I noticed the PID I entered in the client (3201) was different from the one the server printed in stdout (12801) which might be another issue entirely.

Pastebin ID: 4v69eBqR

I've tried every server binary from the git repo history with similar results that I'll only go into briefly since the tests are the same as written above.

fb22049444: scanning works, server faults when steam is running.
96ebf70518: scanning fails with error: "Scan error:controller:No readable memory found", access violation when steam is running.
49e9fc765c: scanning fails with error: "Scan error:controller:No readable memory found", access violation when steam is running.
eb5f4b9853: scanning fails with error: "Scan error:controller:No readable memory found", access violation when steam is running.

At this point I'm totally stuck so any help would be greatly appreciated.

Dark Byte · Posted: Sun Jul 12, 2015 6:30 pm Post subject:

the current git version of ceserver requires the git version of cheat engine. (The protocol for memory query has changed)

Emski · How do I cheat? Reputation: 0 Joined: 12 Jul 2015 Posts: 2

Dark Byte · Posted: Mon Jul 13, 2015 1:55 am Post subject:

I haven't tested that yet, so it's possible it won't work

See if you get any results if you deselect the option that the base must be a static (just as a temporary test. A full scan will more than likely result in you running out of disk space)

Edit: Just tested it and it seems to work (I also don't get an error with the processlist so could be it's a modulename issue)

vityav · Newbie cheater Reputation: 0 Joined: 24 Oct 2014 Posts: 15

I found this after also getting access violation errors but have since gotten past them. I'm using the latest ceserver from svn in linux and the latest Cheat Engine source from svn in a windows XP virtual machine built with Lazarus as outlined here:
viewtopic.php?t=549357&sid=36e28ef51a311ce255a7da5645f752fd
and here:
viewtopic.php?p=5536858#5536858

However, now I have one process that causes the Cheat Engine client to segfault, I assume because of string length?

This is the process as seen in linux:

Dark Byte · Posted: Sun Jul 19, 2015 7:01 pm Post subject:

it's fixed

In networkinterface.pas in the function TCEConnection.Process32Next at line 311 change

vityav · Newbie cheater Reputation: 0 Joined: 24 Oct 2014 Posts: 15

That fixed it, thanks.

Follow up question, since the OP also had issues with pointer scans: is there a known problem with AoB scans using this method? I tried using pointer scans and everything filtered down to libc+offset, which didn't work, so I tried using AoB scans instead and those also don't seem to work. The same game and same method work in a windows-only environment just fine though. I can find the regions I want and change the opcode manually, but doing an Array of Bytes search for any particular add/sub command returns no results in linux+windows where it successfully finds that array in just windows.

Dark Byte · Posted: Mon Jul 20, 2015 2:31 am Post subject:

pointerscan: have you tried a deeper level and or width?
And how did you filter it? restarted the game a few times or does it also fail without restarting (to see if it's a modulename lookup error or not)
Also, if the game uses Java, there won't be any valid pointerpaths. (unless you launch java with the option to not use compressed pointers, and even then it's tricky)

for aob: Did you set it to scan all memory? By default it skips readonly memory (make all 3 checkboxes gray to scan all)
it's also possible they used a different compiler for the linux build

Edit:
Can you guys post the contents of the /proc/#processid/maps file (without censoring the paths, or at least place an equal amount of characters and don't mess the spaces)

vityav · Newbie cheater Reputation: 0 Joined: 24 Oct 2014 Posts: 15

For the pointerscan, I'll try deeper/wider, but it failed whether exiting the game entirely, or just starting a new instance within the game (i.e. start a new game, change the money, find pointers, go back to the main menu, start a new game, find the new money value or new pointer, update scan). It's also supposedly in C++ (definitely not java, regardless)

For AoB, I set writable, executable, and copyonwrite to all be optional. But really, I'm searching for something very simple, and I'm taking the bytes directly from the disassembler window so I can see that that particular array exists. It just doesn't find it when searching in linux. Screenshot:
i.imgur Fgq8gxC.png
Also doesn't work with fast scan off, or looking for either of the moves after the highlighted line. If I search for something even more simple, like just '44 89', I get a lot of results, but they're listed by static address in the disassembler instead of the game+offset that shows up when you find it via "what writes here".

And I don't know if you wanted the game maps or the ceserver maps, so here are both:
Game:
pastebin jJQiuYYk
Server:
pastebin eR2tCNT8

Dark Byte · Posted: Mon Jul 20, 2015 12:53 pm Post subject:

Thanks, I'll do some tests with that map file and paths. (probably spaces. Linux apparently hates spaces)

Also, I did a small patch for max modulelength in ceserver and CE itself which might fix it already (the modulepath also was being written beyond the max allowed size)

for the aob:
go to network and disable the "Scan changed regions only"
I apparently forgot to make ce disable that when the option to scan writable memory only is disabled

vityav · Newbie cheater Reputation: 0 Joined: 24 Oct 2014 Posts: 15

You mention a patch, but is there some more up-to-date repository that I don't see? The latest commit on the google code svn is from April.

For the AoB scan, disabling "Scan changed regions only" didn't have any noticeable effect, nor did a separate test where I also disabled "Scan paged memory only". Both still fail to find a short series of bytes that I can see in the disassembler.

I tried messing around with scan settings and enabling scanning of MEM_MAPPED regions, but that turns everything already found or in the disassembler into question marks and every attempt to scan thereafter (even if I re-disable scanning MEM_MAPPED) results in something like

Dark Byte · Posted: Sat Aug 01, 2015 10:22 am Post subject:

oh, ce's sourcecode was moved to git: https://github.com/cheat-engine/cheat-engine
it has the patches I mentioned

vityav · Newbie cheater Reputation: 0 Joined: 24 Oct 2014 Posts: 15

Well now I feel silly. Though the website still points to google code. In any case, using the git version makes everything work Smile

I now have AoB scripts and pointers that persist between game restarts and behave as expected.

Thanks for all your help and hard work, Dark Byte!