 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
paul44
Expert Cheater
![]() Reputation: 2
Joined: 20 Jul 2017
Posts: 152
|
 Posted: Wed May 01, 2019 9:12 am Post subject: Obtaining data structure addresses without code cave |
 |
|
I've been experimenting with 'debugprocess()' to collect data structure adddresses without using a code cave. If successfull, plan to use this approach in AC Unity (and evt Syndicate...). (I'm now using AC BF as testcase)
See info here: [ https://imgur.com/a/r9HhjbK ].
a. I first started with an addresslist script (pt 1.). This seems to work fine, as long as I do not "remove" the BP (started doing this at some point, because of game lagging ~ not reproduced yet). Also: as long as the BP is present, addres_value keeps getting updated.
So I figured perharps to work with a timer...
b. pt2 PrtScrns explains it all. Bottomline: game crashes due to 'int3' (BP?) insertion. And I have no idea why this happens or how to solve this?
Qs:
1. Main goal is to collect those addresses without a cave: is this a good approach? Other ways to do this? (I've also looked at 'MemScan()' examples, but none pointed me in that direction ~ basically collecting registry info)
2. How to "dynamically" dis/enable the BP? Possible conflicts with other scripts using this approach? (my feeling tells me this - removing BP - will give a more stable situation/game experience)
3. How to avoid the BP insertion at all? (situation 2)
4. Using this approach, are BPs limited to 4?
5. Avoid crashing upon relauching CE/loading table? (based on posts I've read, one can not detach the debugger ?)
If you need more info/test_table, just ask...
ps: sorry for the exe_name; my table supports 4 different v107 exes
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 458
Joined: 09 May 2003
Posts: 25288
Location: The netherlands
|
| Posted: Wed May 01, 2019 9:55 am Post subject: |
|
|
1: You are limited to max 4 breakpoints before memory editing will occur to place software breakpoints
2:Depends on the other scripts. Perhaps write a function that says "CanDisable()" which then checks the other scripts if they need it or not
3: Try DBVM and cloaked memory editing/cloaked int3 bps
4: yes
5: You can detach the debugger, but do make sure all breakpoints are disabled first
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
paul44
Expert Cheater
![]() Reputation: 2
Joined: 20 Jul 2017
Posts: 152
|
| Posted: Sun May 05, 2019 2:01 am Post subject: Status: In progress... |
|
|
I will report as I go, but in general I only really "can" spend time on this during weekends, so... 1st: I will concentrate on using the VEH Debugger.
a) crashing when enabling 'debugProcess()': I've picked up this technique/function from #Sunbeam's table btw. As soon as one reloads the table/CE, the game crashes upon (attempt of) "reloading" 'debugProcess()' again. I've done some experimenting with 'detachIfPossible()' yesterday (while checking [Memory view ~ View ~ Breakpointlist]) with "mediocre" success: let's say one has 50% chance that the game "survives"... (happens with my/Sunbeam table)
(also checked with [ProcExplorer] to see what happens there ~ in short: no idea what to look for; or what info could be helpful)
ACU has changed its data structure, which seems to have moved certain flags I've been using in the past: so I'll be concentrating on that now..
Note: not sure how you see implementing pt 2) here? Basically: any given script will need a BP to collect a certain registry value (and some of these scripts might need multiple on their own ~ hence my (re)search to somehow manage these BPs). So yeah, DBVM does interest me, but if this also means extensive memory mgmt knowledge, then I'm afraid it'll be over my head...
b) DBVM and cloaked memory editing/cloaked int3 bps: any info (posts, articles, tables you know of (<- preferred),...) I've done some quick searchng/reading of CE articles; can't say these were helpful. Same for 'celua.txt': way too cryptic for me at the moment (you guys do realize that there also live normal folks on this rock, right ?  )
Note: The kernel_debugger is new to me: a) I've done some tests with it for Unity, and it crashed on me a couple of times b) If I recall well from posts - I've read in the past - not everybody can run/enable this on their configuration... (? ~ I'm probably talking some years back, so this might not be the case anymore) c) In 'celua.txt' there is mentioning of certain fn not working in Vista and later (also: there is mentioning of possible update ~ not ignoring the fact that these fn are/will not be needed in my situation anyhow)
ps: and to reiterate, can createMemScan() "lead to" collecting registry values. #Translu made a ACU table (Gear unlocker ~ FearlessRev) using this fn (but he seems to collect the base addresses via "inline code references" ~ fyi: no idea what he is doing here, or how he found that kind of info). Bu the reason I ask is that there are plenty of tables out there now using those code/objects; which obviously will/would help me greatly in figuring out the correct code...
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
