Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Address relocates directly after being written to?

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
Reclaimer Shawn
Advanced Cheater
Reputation: 0

Joined: 09 Jun 2015
Posts: 77

PostPosted: Tue Aug 16, 2016 6:28 pm    Post subject: Address relocates directly after being written to? Reply with quote

So, I'm using Cheat Engine to make a mod for a game in Dolphin Emulator. The Address is always at the same location whenever it's the first game loaded. However, it isn't green, and therefore not a pointer(done several pointer scans that turned up nothing as well) It works everytime the first time I write a value. However, after that the entire region gets blanked out with question marks and it relocates somewhere else(also does this the second I freeze the address, too). What is this and how exactly do I get around it? If you need me to explain it further or post pictures, I can.
Back to top
View user's profile Send private message
predprey
Master Cheater
Reputation: 24

Joined: 08 Oct 2015
Posts: 486

PostPosted: Wed Aug 17, 2016 12:57 am    Post subject: Reply with quote

probably because the game allocated a different memory region for emulating the game. find the start of the game data and get the base address by injecting into the instruction that loads the game there.
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Wed Aug 17, 2016 5:02 am    Post subject: Reply with quote

try running this lua script right after starting CE and before targeting Dolphin

Code:

dbk_initialize()

openProcess([[cheatengine-x86_64.exe]])
reinitializeSymbolhandler()

autoAssemble([[
alloc(NewVirtualProtectEx,256, VirtualProtectEx )
alloc(OriginalVirtualProtectEx, 8, VirtualProtectEx)
registersymbol(NewVirtualProtectEx)
registersymbol(OriginalVirtualProtectEx)
label(notself)
NewVirtualProtectEx:
cmp ecx,ffffffff
jne short notself


jmp [OriginalVirtualProtectEx]


notself:
xor rax,rax
ret

]])

s=generateAPIHookScript("VirtualProtectEx", "NewVirtualProtectEx", "OriginalVirtualProtectEx")

--stupid bug in generateAPIHookScript forgets the alloc originalcall0
s=[[alloc(originalcall0, 64, VirtualProtectEx)
]]..s

autoAssemble(s)

dbk_useKernelmodeOpenProcess()
dbk_useKernelmodeProcessMemoryAccess()

--dbk_writesIgnoreWriteProtection(true)


if writing fails, remove the -- in front of dbk_writesIgnoreWriteProtection(true) and try again.(restart ce first)

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Reclaimer Shawn
Advanced Cheater
Reputation: 0

Joined: 09 Jun 2015
Posts: 77

PostPosted: Thu Aug 18, 2016 7:56 pm    Post subject: Reply with quote

Dark Byte wrote:
try running this lua script right after starting CE and before targeting Dolphin

Code:

dbk_initialize()

openProcess([[cheatengine-x86_64.exe]])
reinitializeSymbolhandler()

autoAssemble([[
alloc(NewVirtualProtectEx,256, VirtualProtectEx )
alloc(OriginalVirtualProtectEx, 8, VirtualProtectEx)
registersymbol(NewVirtualProtectEx)
registersymbol(OriginalVirtualProtectEx)
label(notself)
NewVirtualProtectEx:
cmp ecx,ffffffff
jne short notself


jmp [OriginalVirtualProtectEx]


notself:
xor rax,rax
ret

]])

s=generateAPIHookScript("VirtualProtectEx", "NewVirtualProtectEx", "OriginalVirtualProtectEx")

--stupid bug in generateAPIHookScript forgets the alloc originalcall0
s=[[alloc(originalcall0, 64, VirtualProtectEx)
]]..s

autoAssemble(s)

dbk_useKernelmodeOpenProcess()
dbk_useKernelmodeProcessMemoryAccess()

--dbk_writesIgnoreWriteProtection(true)


if writing fails, remove the -- in front of dbk_writesIgnoreWriteProtection(true) and try again.(restart ce first)


Thank you for this Dark Byte! It works without a problem! Now, I have a question or two... How would I get this to work with a CE trainer? Do I need to change any part of the script? Also, it says the driver is missing when ran standalone from Cheat Engine. What CE files do I need to include and how would I do that? Also, it pops up a Rainbow Box saying DBK enabled. For uses with the trainer, how would I prevent the user from seeing this and keep the functionality? Thanks for reading this Dark Byte, and if you will let me use it in my trainer, I'll make sure to give you credit. If not, then I won't put it in at all. Also, you might be wondering why I do this via CE rather than Dolphin's code finder... I wanted to make a program that changes specific values in the game at random to make a "randomizer" mod for a Pokemon game. Basically, the campaign will be different every time. One thing is for certain though: the script above saved me from having to make other lines of code to increment the address and after a certain action is performed several times(An AOB scan wouldn't suffice as there are literally 400+ other structures that use the same data format in the game.
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Thu Aug 18, 2016 8:31 pm    Post subject: Reply with quote

when you build the trainer, tell it it uses kernelmode.
(You may have to add the .sig files to the project as well, and name them the same as your trainer .exe )

As for the rest not sure. Sometimes ce trainers can be finicky depending on when what happenes.
Just be sure that the code runs before the trainer opens the process (try it at top)

as for hiding the DBK64 loaded message. That's not possible. The driver will show that message to inform the user that the driver is loaded. (It's a security thing so people don't get anything bad on their system using my driver, without them knowing it)

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Reclaimer Shawn
Advanced Cheater
Reputation: 0

Joined: 09 Jun 2015
Posts: 77

PostPosted: Sat Aug 20, 2016 10:46 pm    Post subject: Reply with quote

Dark Byte wrote:
when you build the trainer, tell it it uses kernelmode.
(You may have to add the .sig files to the project as well, and name them the same as your trainer .exe )

As for the rest not sure. Sometimes ce trainers can be finicky depending on when what happenes.
Just be sure that the code runs before the trainer opens the process (try it at top)

as for hiding the DBK64 loaded message. That's not possible. The driver will show that message to inform the user that the driver is loaded. (It's a security thing so people don't get anything bad on their system using my driver, without them knowing it)


I got DBK working in my trainer! I then made a button to hook the game that whenever pressed would initialize this:
Code:

getAutoAttachList().add("Dolphin.exe")


It seems that after DBK is loaded, it ignores any other requests to hook. If I use a Cheat Engine Table and get DBK up, I'll then go and execute the auto attach and it still won't attack. However, if I go to "Open Process", it works. Is there a different way other than auto attach in Lua to get it to hook, or a way to get this working on the trainer instead of a cheat table?
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Sun Aug 21, 2016 12:43 am    Post subject: Reply with quote

you could try a timer that calls OpenProcess with the processname every once in a while

or when the user clicks the button, just call OpenProcess("Dolphin.exe")

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Reclaimer Shawn
Advanced Cheater
Reputation: 0

Joined: 09 Jun 2015
Posts: 77

PostPosted: Sun Aug 21, 2016 1:43 am    Post subject: Reply with quote

Dark Byte wrote:
you could try a timer that calls OpenProcess with the processname every once in a while

or when the user clicks the button, just call OpenProcess("Dolphin.exe")


Thank you so much Dark Byte! My Trainer now works 100% Tomorrow, I'll work on it a bit more and may even have it finished by then. Right now, I have it generating random stats and random moves for Pokemon in Pokemon XD based on the OS Time Seed(if it can get any more random than that, please tell me) to make an entirely random playthrough! I'll even have the ability to scale the difficultly level accordingly as well as force everything to be catchable and force all pokemon to be shiny or not. Thanks for all of your help!
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites