 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
iPromise
Grandmaster Cheater
![]() Reputation: -1
Joined: 27 Jun 2009
Posts: 529
Location: Canada
|
 Posted: Mon Aug 16, 2010 5:45 am Post subject: memheader.h |
 |
|
This is dedicated to the users who arn't so profound with memory allocation, scanning, etc. Its a header which contains two classes named "Memory" and "Other". The "Memory" class persists five functions:
| Code: |
[i]void ScanMemory ( HANDLE hProcess, DWORD dwStartAddr, DWORD dwStopAddr, unsigned int Value, SIZE_T szScan, int Type )[/i]
|
There are 6 arguments / parameters that need to passed on to this function for it to work. The first parameter HANDLE hProcess is the targets handle, you can simply obtain this with OpenProcess(), etc. The second parameter DWORD dwStartAddr, is the beginning address of the range of memory you want to scan. The third paramter DWORD dwStopAddr is the end of the range of memory you want to scan. The fourth parameter unsigned int Value is the value of which you want to scan. The fifth paramter SIZE_T szScan is the size of the scan (ex size of BYTE, or WORD). Finally, the last paramter int Type is the type of scan, the values are predefined:
| Code: |
- 0 for BYTE ([i] 1 Byte / 8 Bits[/i])
- 1 for WORD ([i] 2 Bytes / 16 Bits[/i])
- 2 for DWORD ([i] 4 Bytes / 32 Bits[/i])
- 3 for UINT64 ([i] 8 Bytes / 64 Bits[/i])
|
The return value is a file called "Output.txt" in the C:\ drive, with the results inside from the scan.
| Code: |
bool CompareMemory ( HANDLE hProcess, DWORD dwAddr, unsigned int Value, int Type )
|
This function is used to compare memory values. The parameters needed are pretty self-explanatory. The handle to the process, the address needed to be read, the value your comparing the address with, the type of comparison ( BYTE, WORD, etc ).
The return value is boolean, meaning if the comparison succeeded the function returns [b]true. If the comparison failed, the return value is false.
| Code: |
unsigned int ReadMemory ( HANDLE hProcess, DWORD dwAddr, int Type )
|
This function is used to read memory from an address. The parameters are as follows; handle, address to be read, and the type of reading you'd prefer ( BYTE, WORD, etc ). The return value is the value of the address.
| Code: |
bool WriteMemory ( HANDLE hProcess, DWORD dwAddr, unsigned int Value, int Type )
|
The parameters are the same as the "ReadMemory" function. If the function succeeds, the return value is true, if not, false. The point of this function is to modify / render the value of a address.
| Code: |
DWORD AddrStatus ( DWORD dwAddr, string strModuleName )
|
This function is used to determine whether an address is dynamic or static. If the address is indeed static, the return value is the offset to the address, if not, NULL is returned. The parameters are as follows; address to be read, name of the target process (ex: "iexplorer.exe").
In the "Other" class, it persists of two functions:
| Code: | | DWORD ProcessID ( string strModule ) |
In order for this function to work you must turn off the Character Set in your projects properties.
This function enumerates through all the open processes in search of the parameter you pass it, if it finds the process module string you specified in the parameter the return value is the process ID.
| Code: | | HANDLE GetHandle ( DWORD ProcessID ) |
The return value is a handle with PROCESS_ALL_ACCESS rights, the parameter you need to pass on to it is the process ID of the target.
Download:
http://www.sendspace.com/file/avjs92
|
|
| Back to top |
|
 |
atom0s
Moderator
 Reputation: 204
Joined: 25 Jan 2006
Posts: 8581
Location: 127.0.0.1
|
| Posted: Mon Aug 16, 2010 6:26 am Post subject: |
|
|
Some suggestions and feedback:
- The namespaces are pointless and unneeded for this kind of thing.
- ProcessID( .. ) leaks a handle.
- GetHandle( .. ) will fail on Vista/Windows 7 due to PROCESS_ALL_ACCESS if the debug flag is not set for the process.
- ReadMemory( .. ) will return invalid results depending on the type used. (You are forcing unsigned int return.)
- WriteMemory( .. ) will not write correct values depending on the type used. (You are forcing unsigned int.)
Because you are using string, you should be passing references to the functions. The way you pass them causes copying which can be expensive and time consuming based on the strings.
Ex: | Code: |
DWORD ProcessID( cosnt std::string& strModule )
{
...
} |
Overall I would suggest looking into templates if you want to do stuff like this.
_________________
- Retired. |
|
| Back to top |
|
|
Slugsnack
Grandmaster Cheater Supreme
![]() Reputation: 71
Joined: 24 Jan 2007
Posts: 1857
|
| Posted: Mon Aug 16, 2010 7:26 am Post subject: |
|
|
| Why is there no support for tchar or Unicode ?
|
|
| Back to top |
|
|
iPromise
Grandmaster Cheater
![]() Reputation: -1
Joined: 27 Jun 2009
Posts: 529
Location: Canada
|
| Posted: Mon Aug 16, 2010 4:24 pm Post subject: |
|
|
| Thanks for the suggestions Wiccaan, I coded this in a rush so I didn't have much time to check out each function, i'll improve it based on your suggestions. I'll try to support tchar, unicode, etc, for my scans as well.
|
|
| Back to top |
|
|
justa_dude
Grandmaster Cheater
 Reputation: 23
Joined: 29 Jun 2010
Posts: 891
|
| Posted: Sun Aug 22, 2010 8:07 am Post subject: |
|
|
| Wiccaan wrote: | Some suggestions and feedback:
- The namespaces are pointless and unneeded for this kind of thing.
- ProcessID( .. ) leaks a handle.
- GetHandle( .. ) will fail on Vista/Windows 7 due to PROCESS_ALL_ACCESS if the debug flag is not set for the process.
- ReadMemory( .. ) will return invalid results depending on the type used. (You are forcing unsigned int return.)
- WriteMemory( .. ) will not write correct values depending on the type used. (You are forcing unsigned int.)
Because you are using string, you should be passing references to the functions. The way you pass them causes copying which can be expensive and time consuming based on the strings.
Ex: | Code: |
DWORD ProcessID( cosnt std::string& strModule )
{
...
} |
Overall I would suggest looking into templates if you want to do stuff like this. |
I haven't looked at his code, just your example, but which part would benefit from being templated?
|
|
| Back to top |
|
|
Flyte
Peanuts!!!!
 Reputation: 6
Joined: 19 Apr 2006
Posts: 1887
Location: Canada
|
| Posted: Sun Aug 22, 2010 11:44 am Post subject: |
|
|
| justa_dude wrote: | | Wiccaan wrote: | Some suggestions and feedback:
- The namespaces are pointless and unneeded for this kind of thing.
- ProcessID( .. ) leaks a handle.
- GetHandle( .. ) will fail on Vista/Windows 7 due to PROCESS_ALL_ACCESS if the debug flag is not set for the process.
- ReadMemory( .. ) will return invalid results depending on the type used. (You are forcing unsigned int return.)
- WriteMemory( .. ) will not write correct values depending on the type used. (You are forcing unsigned int.)
Because you are using string, you should be passing references to the functions. The way you pass them causes copying which can be expensive and time consuming based on the strings.
Ex: | Code: |
DWORD ProcessID( cosnt std::string& strModule )
{
...
} |
Overall I would suggest looking into templates if you want to do stuff like this. |
I haven't looked at his code, just your example, but which part would benefit from being templated? |
ReadMemory/WriteMemory/etc
|
|
| Back to top |
|
|
justa_dude
Grandmaster Cheater
Reputation: 23
Joined: 29 Jun 2010
Posts: 891
|
| Posted: Sun Aug 22, 2010 1:22 pm Post subject: |
|
|
| Please elaborate, my interest is piqued.
|
|
| Back to top |
|
|
Flyte
Peanuts!!!!
Reputation: 6
Joined: 19 Apr 2006
Posts: 1887
Location: Canada
|
|
| Back to top |
|
|
iPromise
Grandmaster Cheater
![]() Reputation: -1
Joined: 27 Jun 2009
Posts: 529
Location: Canada
|
| Posted: Mon Aug 23, 2010 2:43 am Post subject: |
|
|
| I guess i'll update this one. Add templates, fix functions up, fix leaks, etc.
|
|
| Back to top |
|
|
justa_dude
Grandmaster Cheater
Reputation: 23
Joined: 29 Jun 2010
Posts: 891
|
| Posted: Mon Aug 23, 2010 6:36 am Post subject: |
|
|
| I'm looking at the link you provided, Flyte, but I don't see any templated functions in the code you linked to. I still wonder how templating the ReadMemory/WriteMemory functions will benefit, since they ultimately read an array of bytes regardless of interpreted type.
|
|
| Back to top |
|
|
Flyte
Peanuts!!!!
Reputation: 6
Joined: 19 Apr 2006
Posts: 1887
Location: Canada
|
| Posted: Mon Aug 23, 2010 12:39 pm Post subject: |
|
|
| justa_dude wrote: | | I'm looking at the link you provided, Flyte, but I don't see any templated functions in the code you linked to. I still wonder how templating the ReadMemory/WriteMemory functions will benefit, since they ultimately read an array of bytes regardless of interpreted type. |
Are you sure you know what a template is? 80% of the functions in the code I linked (memory.hpp; you did look at it, right?) are templated.
Templating those functions does two things:
- You can extract the size of the type so you know how many bytes to read/write.
- In the case of reading, casting the returned value to the proper type. In the case of writing, avoiding casts everywhere.
|
|
| Back to top |
|
|
justa_dude
Grandmaster Cheater
Reputation: 23
Joined: 29 Jun 2010
Posts: 891
|
| Posted: Mon Aug 23, 2010 3:02 pm Post subject: |
|
|
| Flyte wrote: | | justa_dude wrote: | | I'm looking at the link you provided, Flyte, but I don't see any templated functions in the code you linked to. I still wonder how templating the ReadMemory/WriteMemory functions will benefit, since they ultimately read an array of bytes regardless of interpreted type. |
Are you sure you know what a template is? 80% of the functions in the code I linked (memory.hpp; you did look at it, right?) are templated.
Templating those functions does two things:
- You can extract the size of the type so you know how many bytes to read/write.
- In the case of reading, casting the returned value to the proper type. In the case of writing, avoiding casts everywhere.
|
Yeah, at university a decade ago we had to rewrite the STL in our data structures class. I'm comfortable w/ templates. In truth, I haven't followed links on either thread, I only looked at what was written in the messages. I can see why templates and/or functional objects would be useful for comparators for searches and so forth. From the context of this thread, I was looking for templated versions of the API calls (specifically, read/write/gethandle/processid). I don't see any way around (or benefit from) using some sort of cast to call the API functions, and I thought you might've been suggesting something clever.
Cheers,
adude
|
|
| Back to top |
|
|
Flyte
Peanuts!!!!
Reputation: 6
Joined: 19 Apr 2006
Posts: 1887
Location: Canada
|
| Posted: Mon Aug 23, 2010 4:30 pm Post subject: |
|
|
| justa_dude wrote: | Yeah, at university a decade ago we had to rewrite the STL in our data structures class. I'm comfortable w/ templates. In truth, I haven't followed links on either thread, I only looked at what was written in the messages. I can see why templates and/or functional objects would be useful for comparators for searches and so forth. From the context of this thread, I was looking for templated versions of the API calls (specifically, read/write/gethandle/processid). I don't see any way around (or benefit from) using some sort of cast to call the API functions, and I thought you might've been suggesting something clever.
Cheers,
adude |
Small example:
| Code: | #include <windows.h>
template <typename T, typename S>
bool WriteMemory(HANDLE handle, S addr, T const & data) {
SIZE_T junk;
return WriteProcessMemory(handle, (LPVOID)addr, (LPCVOID)&data, sizeof(data), &junk) ? true : false;
}
int main()
{
HANDLE someValidHandle;
WriteMemory<int>(someValidHandle, 0xBADF00D, 23);
WriteMemory<double>(someValidHandle, 0xBADF00D, 23);
return 0;
} |
Make sense yet?
|
|
| Back to top |
|
|
justa_dude
Grandmaster Cheater
Reputation: 23
Joined: 29 Jun 2010
Posts: 891
|
| Posted: Mon Aug 23, 2010 6:08 pm Post subject: |
|
|
| Why do you feel that this is better?
|
|
| Back to top |
|
|
Flyte
Peanuts!!!!
Reputation: 6
Joined: 19 Apr 2006
Posts: 1887
Location: Canada
|
| Posted: Mon Aug 23, 2010 8:25 pm Post subject: |
|
|
| justa_dude wrote: | | Why do you feel that this is better? |
Type safety is extremely important, and it results in cleaner code. Why wouldn't you want that?
You take this further as I did in the (experimental/untested) code I linked, and you can abstract it down to:
| Code: | int main()
{
Address addr = Memory().Reference(0xBADF00D);
int foo = (int)addr; // Read
addr = 42; // Write
addr = 2 + 5 * (int)addr; // Both
return 0;
} |
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
