Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Cheat Engine Forum Index
PostGo back to topic
mgostIH
Expert Cheater
Reputation: 3
Joined: 01 Jan 2016
Posts: 159
PostPosted: Sun Mar 06, 2016 12:23 pm    Post subject: Re: "Tools" in the "Memory Viewer".
fmanager wrote:
I have searched the forum and couldn't find a tutorial about this. Please see the attached file. I have several questions(an answer to any of them is appreciated.):
1. what is"Allocate Memory" used for?
2. what is"Scan for code caves" used for?
3. what is "Fill Memory" used for?
4. what is "Created Thread" used for?
5. what is "Dissect PE headers" used for?
6. what is "Structure spider' used for?
7. what is "Ultimap" used for? (especially this one)
8. what is "watch memory page access" used for?
9. what is "watch memory allocations" used for?

Thanks a lot and sorry for so many questions.


1. Allocates new dynamic memory on the target process, can't be simpler than that. There you can put your own code and make a codecave or run it with a new thread

2. Searches for patterns in executable memory that look like a codecave (example, 50 0xCC bytes one after the other)

3.Substitures an entire specified block of memory with a byte you want.

4.Create a new thread on the specified address that will start to run your code asynchronously, aka while the process main thread still runs.

5.Gives you all the info you need about the executable PE header (Still, I would suggest you using appropriate tools for that, rather than CE default)

6.The structure spider is used to improve finding patterns in structures and pointers. With the structure spider you can also check a structure against another one, to see the differences they have.

7.Ultimap is a tool strictly related to DBVM, so you'll need that running first. It check every call that the executable makes, so you can find specific functions that would be hard to find otherwise.

8.This aswell needs DBVM and returns you all the memory pages that are being accessed by the executable code.
This can be used to find better pointers, or to analyze the code even further.

9.This looks at all the memory pages being allocated in real time. I would suggest View->Memory Regions better though.
_________________
Do you need to ask me something? Feel free to join my discord server at: https://discord.gg/At4VZXA or ask me something in my YouTube channel: https://www.youtube.com/c/mgostIH
Back to top
View user's profile Send private message
Post reviews:   Approve 1
Author Review
akumakuja28
Review: Approve
Post reference:
ReviewPosted: Sun Mar 06, 2016 9:22 pm
Great Explanation.
Back to top
View user's profile Send private message
Display:  
Cheat Engine Forum Index


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites