| View previous topic :: View next topic |
| Author |
Message |
Dr.Disrespect
Grandmaster Cheater
![]() Reputation: 3
Joined: 17 Feb 2016
Posts: 526
|
 Posted: Sun Mar 06, 2016 11:39 am Post subject: "Tools" in the "Memory Viewer". |
 |
|
I have searched the forum and couldn't find a tutorial about this. Please see the attached file. I have several questions(an answer to any of them is appreciated.):
1. what is"Allocate Memory" used for?
2. what is"Scan for code caves" used for?
3. what is "Fill Memory" used for?
4. what is "Created Thread" used for?
5. what is "Dissect PE headers" used for?
6. what is "Structure spider' used for?
7. what is "Ultimap" used for? (especially this one)
8. what is "watch memory page access" used for?
9. what is "watch memory allocations" used for?
Thanks a lot and sorry for so many questions.
| Description: |
|
| Filesize: |
40.71 KB |
| Viewed: |
14972 Time(s) |
|
|
|
| Back to top |
|
 |
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Sun Mar 06, 2016 12:18 pm Post subject: |
|
|
| Look at the help file.
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
 Reputation: 150
Joined: 06 Jul 2014
Posts: 4650
|
| Posted: Sun Mar 06, 2016 12:20 pm Post subject: |
|
|
1. Allocating memory.
2. Scanning for code caves.
3. Writing a specific byte to a block of memory.
4. Creating a thread at a specific instruction.
5. Looking at the Portable Executable header.
6. Looking through a structure. It automatically dereferences pointers and dissects their structures. Can be used to compare two structures too.
7. Scanning for code. It keeps track of all the calls that are made and how many times they're called. [1] [2]
8. If you click on this, it explicitly tells you exactly what it does.
9. I would guess this watches for and gathers information on memory allocations by the process.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
mgostIH
Expert Cheater
 Reputation: 3
Joined: 01 Jan 2016
Posts: 159
|
| Posted: Sun Mar 06, 2016 12:23 pm Post subject: Re: "Tools" in the "Memory Viewer". |
 |
|
| fmanager wrote: | I have searched the forum and couldn't find a tutorial about this. Please see the attached file. I have several questions(an answer to any of them is appreciated.):
1. what is"Allocate Memory" used for?
2. what is"Scan for code caves" used for?
3. what is "Fill Memory" used for?
4. what is "Created Thread" used for?
5. what is "Dissect PE headers" used for?
6. what is "Structure spider' used for?
7. what is "Ultimap" used for? (especially this one)
8. what is "watch memory page access" used for?
9. what is "watch memory allocations" used for?
Thanks a lot and sorry for so many questions. |
1. Allocates new dynamic memory on the target process, can't be simpler than that. There you can put your own code and make a codecave or run it with a new thread
2. Searches for patterns in executable memory that look like a codecave (example, 50 0xCC bytes one after the other)
3.Substitures an entire specified block of memory with a byte you want.
4.Create a new thread on the specified address that will start to run your code asynchronously, aka while the process main thread still runs.
5.Gives you all the info you need about the executable PE header (Still, I would suggest you using appropriate tools for that, rather than CE default)
6.The structure spider is used to improve finding patterns in structures and pointers. With the structure spider you can also check a structure against another one, to see the differences they have.
7.Ultimap is a tool strictly related to DBVM, so you'll need that running first. It check every call that the executable makes, so you can find specific functions that would be hard to find otherwise.
8.This aswell needs DBVM and returns you all the memory pages that are being accessed by the executable code.
This can be used to find better pointers, or to analyze the code even further.
9.This looks at all the memory pages being allocated in real time. I would suggest View->Memory Regions better though.
_________________
|
|
| Back to top |
|
|
Dr.Disrespect
Grandmaster Cheater
![]() Reputation: 3
Joined: 17 Feb 2016
Posts: 526
|
| Posted: Mon Mar 07, 2016 1:16 am Post subject: |
|
|
Thanks for the replies, guys.
@mgostIH,
what is "DBVM"? I have seen this word several times on the forum and some people say it causes bugs, doesn't it? Thanks.
|
|
| Back to top |
|
|
Redouane
Master Cheater
![]() Reputation: 3
Joined: 05 Sep 2013
Posts: 363
Location: Algeria
|
| Posted: Mon Mar 07, 2016 4:08 am Post subject: |
|
|
| fmanager wrote: | Thanks for the replies, guys.
@mgostIH,
what is "DBVM"? I have seen this word several times on the forum and some people say it causes bugs, doesn't it? Thanks. |
http://cheatengine.org/aboutdbvm.php
click "about" in cheat engine to check if your system supports it.
and yes, it causes BSOD sometimes.
[EDIT] a useful video that shows how to use the ultimap (requires DBVM)
https://www.youtube.com/watch?v=T5sXoEEPFBQ
|
|
| Back to top |
|
|
Dark Byte
Site Admin
 Reputation: 467
Joined: 09 May 2003
Posts: 25704
Location: The netherlands
|
| Posted: Mon Mar 07, 2016 5:13 am Post subject: Re: "Tools" in the "Memory Viewer". |
|
|
| mgostIH wrote: |
8.This aswell needs DBVM and returns you all the memory pages that are being accessed by the executable code.
This can be used to find better pointers, or to analyze the code even further.
. |
no. dbvm isn't needed for this. Just dbk (which is something everyone can use)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Dr.Disrespect
Grandmaster Cheater
![]() Reputation: 3
Joined: 17 Feb 2016
Posts: 526
|
| Posted: Mon Mar 07, 2016 8:06 pm Post subject: |
|
|
Thanks for each one of you. 
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
