 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Unbr0ken
Advanced Cheater
![]() Reputation: 2
Joined: 10 Aug 2011
Posts: 67
|
 Posted: Thu Nov 24, 2011 2:01 am Post subject: What kind of addresses exist in the memory of a process? |
 |
|
I've been learning some things about memory in Windows, but now i have a question that i can't solve.
When we "point" an address in a game, we are just looking for a static address that points to a dynamic address (random address) which contains, a value that we want to modify in the game, right?...
Therefore, i deduce that there are only two types of addresses in memory, right? or am i wrong?. I mean, there is only static and dynamic address, or are there other types?...
So... that's the question, can somebody explain me that? thanks in advance, see ya.
|
|
| Back to top |
|
 |
lampuiho
Expert Cheater
![]() Reputation: 6
Joined: 16 Jan 2010
Posts: 122
|
| Posted: Thu Nov 24, 2011 9:55 pm Post subject: Re: What kind of addresses exist in the memory of a process? |
|
|
| Unbr0ken wrote: | I've been learning some things about memory in Windows, but now i have a question that i can't solve.
When we "point" an address in a game, we are just looking for a static address that points to a dynamic address (random address) which contains, a value that we want to modify in the game, right?...
Therefore, i deduce that there are only two types of addresses in memory, right? or am i wrong?. I mean, there is only static and dynamic address, or are there other types?...
So... that's the question, can somebody explain me that? thanks in advance, see ya. |
Some memory is always allocated to the same space. That's why the addresses are static. Some memory is dynamically allocated by the program. So they go to different addresses based on an offset which is always the same because it's in the code.
Some memory is part of the program, the assembly code. They are usually static because of the way compiler works. Some memory is just storage for other data or stack.
I'm really not sure what you're asking. If they are not dynamic, they are static. Just like if a number is not positive, then it's negative, or it doesn't even exist, that is, null, 0.
|
|
| Back to top |
|
|
Unbr0ken
Advanced Cheater
![]() Reputation: 2
Joined: 10 Aug 2011
Posts: 67
|
| Posted: Fri Nov 25, 2011 2:45 am Post subject: |
|
|
My doubt was not clear, i will explain better.
What is the basis of the CE to set the colors green and black to addresses in the memory region window? (See the attachments)
I mean, how the CE knows when an address is static and when is it dynamic?... is there an API for it?
Having understood this, i wonder if there are other types of addresses, since there are static and dynamic addresses, i wonder if there are other types.
I hope you understand now... thanks for reading.
| Description: |
| Dynamic Memory Region (Black!) |
|
| Filesize: |
85.27 KB |
| Viewed: |
9015 Time(s) |
|
| Description: |
| Static Memory Region (Green!) |
|
| Filesize: |
76.24 KB |
| Viewed: |
9025 Time(s) |
|
|
|
| Back to top |
|
|
kot1990
Expert Cheater
 Reputation: 1
Joined: 06 Sep 2009
Posts: 131
Location: Greece
|
| Posted: Fri Nov 25, 2011 8:03 am Post subject: |
 |
|
| Unbr0ken wrote: |
I mean, how the CE knows when an address is static and when is it dynamic?... is there an API for it?
|
| Code: | | mov byte ptr [009D5020],00 |
This one is a 7 byte instruction and what is does is that it just copies a byte of zeros 0x00 to location 0x009D5020. This address is static because of the
bytecode hardcoded in the executable. Hardcoded means that when the compliler was creating the executable, it wrote this instruction inside the file. See it yourself...
C6 05 20509D00 00
and as you see the 20509D00 is the address to which the the zero byte will be copied, and it never changes. So everytime you execute this program, the same code will be produced and everytime this instruction runs, it will copy a 0 byte at 0x009D5020.
With the dynamic memory I'm not sure about how it is done because I haven't searched that but I guess it is something like that:
| Code: |
assume that malloc function is at address 0x07F2349A
call 07F2349A <-- the call to malloc, and it returns an address to which the allocation was made
mov byte ptr [eax],00 <-- assume that malloc saved the allocation address at eax
|
So, what happens here is that eax is variable, and the address that malloc will procude may be different everytime the call is made, so eax will always change. This happens because of some memory regions beign allocated by previous calls to VirtualAlloc or malloc or whatever reserves memory and forcing our call to allocate its memory in a different region.
EDIT: forgot about the colors. Greens are what is inside the mapped files and is most times static data. Yours at 0x07F2B760 and on, is black because your are out of region of the executable. Get a PE editor tool and find out the virtual size of the executable in bytes. It is the size it will take in memory. Most executables are mapped at 0x00400000 , so the first byte will start from that address the base address, and you can find the last by adding the virtual size you find in the PE editor to 0x00400000 and you will find where the module ends in memory. When you find the result go to that address and see that the next byte after the last is black of even ?? that means this area is not commited.
|
|
| Back to top |
|
|
Unbr0ken
Advanced Cheater
![]() Reputation: 2
Joined: 10 Aug 2011
Posts: 67
|
| Posted: Tue Dec 06, 2011 1:13 am Post subject: |
|
|
| Amazing answer, thank you very much!
|
|
| Back to top |
|
|
STN
I post too much
 Reputation: 43
Joined: 09 Nov 2005
Posts: 2676
|
| Posted: Tue Dec 06, 2011 3:33 am Post subject: |
|
|
Just a small warning: Keep in mind even though you may see static/hardcoded address like this
mov byte ptr [009D5020],00
it won't be static if its inside a DLL. If you check CE's show module addresses option then you'd see the instruction as [modulename+offset]. It isn't enabled by default so you could get fooled by the hardcoded address.
With normal exes, it doesn't matter most of the time and its like kot1990 said.
_________________
|
|
| Back to top |
|
|
Unbr0ken
Advanced Cheater
![]() Reputation: 2
Joined: 10 Aug 2011
Posts: 67
|
| Posted: Tue Dec 06, 2011 3:55 am Post subject: |
|
|
| Good to know!, Thank you man.
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
