 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Estx
Expert Cheater
 Reputation: 0
Joined: 04 Mar 2008
Posts: 172
|
 Posted: Fri Mar 21, 2008 6:29 am Post subject: [Solved] What causes this memory read violation in CS:S? |
 |
|
Fixed. Cheers for the help - problem was that I wrote too many bytes to the memory address ... lol, I'm sorry for wasting people's time. I just finally noticed in the disassembler what was happening on the bytes after the one I was writing to. =\ I learned some useful code and gained a bit of knowledge figuring this out though (how to NOP with API's - which is how I found the error, the VPEx API, and a few other small things  )
So yeah, thanks again for the help. 
| Quote: | Hey, I was wondering if someone could help me out here.
I come upon this error every time I use my code to modify the sv_cheats variable in CS:S. (the error occurs when-ever I try to access the console or options, otherwise it's fine)
| Error wrote: | | The instruction at "0x0d86b423" referenced memory at "0x00000038". The memory could not be "read". |
The address is dynamic in the error message, the address for the sv_cheats variable isn't.
I'm using this code to open, write and close the process (which generally work fine):
| Code: | [DllImport("kernel32.dll")]
private static extern IntPtr OpenProcess(UInt32 dwDesiredAccess, bool bInheritHandle, UInt32 dwProcessId);
[DllImport("kernel32.dll")]
private static extern Int32 CloseHandle(IntPtr hObject);
[DllImport("kernel32.dll")]
private static extern Int32 WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [In, Out] byte[] buffer, UInt32 size, out IntPtr lpNumberOfBytesWritten); |
This code writes to the memory (which also generally works fine):
| Code: | bBuff = BitConverter.GetBytes(data);
return WriteProcessMemory(hProc, (IntPtr)address, bBuff, 4, out bytesRW); |
Finally, I'm using All_Access (have tried write+operation) to open the process (tried both inheriting the handle and not inheriting).
Any help would be appreciated, if there's something I missed: please point it out. |
Last edited by Estx on Sun Mar 23, 2008 6:10 am; edited 2 times in total |
|
| Back to top |
|
 |
samuri25404
Grandmaster Cheater
 Reputation: 7
Joined: 04 May 2007
Posts: 955
Location: Why do you care?
|
| Posted: Fri Mar 21, 2008 7:38 am Post subject: |
|
|
It might be that the pages are protected, or maybe you've just got the wrong address.
I forget which, but there's an API to change the property of a page; you should look for it on MSDN.
_________________
|
|
| Back to top |
|
|
Estx
Expert Cheater
Reputation: 0
Joined: 04 Mar 2008
Posts: 172
|
| Posted: Fri Mar 21, 2008 8:39 am Post subject: |
|
|
I've got the right address, I know that much.
Will check for the page properties or w/e it's called API on MSDN.
Thanks for the reply.
Edit: Oh, by the way. When I modify the address with Cheat Engine - access is fine. So I know I am definitely missing some API calls or have written something incorrect.
|
|
| Back to top |
|
|
Noz3001
I'm a spammer
 Reputation: 26
Joined: 29 May 2006
Posts: 6220
Location: /dev/null
|
| Posted: Fri Mar 21, 2008 9:09 am Post subject: |
|
|
| samuri25404 wrote: | It might be that the pages are protected, or maybe you've just got the wrong address.
I forget which, but there's an API to change the property of a page; you should look for it on MSDN. |
VirtualProtectEx
|
|
| Back to top |
|
|
Estx
Expert Cheater
Reputation: 0
Joined: 04 Mar 2008
Posts: 172
|
| Posted: Fri Mar 21, 2008 10:17 am Post subject: |
|
|
I still fail, lol. It hasn't change anything, perhaps I'm making a mistake with the API call. (called after WriteProcessMemory)
| Code: | [DllImport("kernel32.dll")]
static extern bool VirtualProtectEx(IntPtr hProcess, IntPtr lpAddress, UIntPtr dwSize, uint flNewProtect, out uint lpflOldProtect);
public bool RemoveProtection()
{
uint tUInt = 0;
return VirtualProtectEx(hProc, (IntPtr)0x00000000, (UIntPtr)0xFFFFFFFF, 0x04, out tUInt);
} |
The code above returns false, I've tried 'PAGE_READWRITE' and 'PAGE_EXECUTE_READWRITE', both resulting in the former mentioned.
The address that most frequently appears referenced to is: 0x00000038, if it isn't that, then it's a random address with the same reference as that random address.
|
|
| Back to top |
|
|
samuri25404
Grandmaster Cheater
Reputation: 7
Joined: 04 May 2007
Posts: 955
Location: Why do you care?
|
| Posted: Fri Mar 21, 2008 7:15 pm Post subject: |
|
|
| Estx wrote: | I still fail, lol. It hasn't change anything, perhaps I'm making a mistake with the API call. (called after WriteProcessMemory)
| Code: | [DllImport("kernel32.dll")]
static extern bool VirtualProtectEx(IntPtr hProcess, IntPtr lpAddress, UIntPtr dwSize, uint flNewProtect, out uint lpflOldProtect);
public bool RemoveProtection()
{
uint tUInt = 0;
return VirtualProtectEx(hProc, (IntPtr)0x00000000, (UIntPtr)0xFFFFFFFF, 0x04, out tUInt);
} |
The code above returns false, I've tried 'PAGE_READWRITE' and 'PAGE_EXECUTE_READWRITE', both resulting in the former mentioned.
The address that most frequently appears referenced to is: 0x00000038, if it isn't that, then it's a random address with the same reference as that random address. |
It's been a while since I've used VPEX, but try just using your addy as the address.
_________________
|
|
| Back to top |
|
|
Estx
Expert Cheater
Reputation: 0
Joined: 04 Mar 2008
Posts: 172
|
| Posted: Sat Mar 22, 2008 4:31 am Post subject: |
|
|
VirtualProtectEx returns true when I allow read/write/exec to all the addresses involved.
Tried using several addresses (including the sv_cheats address) with multiple lengths, still to no avail.
The main error that occurs comes from this area of memory:
| Code: | Error Signature
Address: 0000b423
Module: datacache.dll
Image Base: 0x0d860000, size: 0x0 |
Which is where 0x0d86b423 comes from, this references 0x00000038. (assuming that's in the same module, the address returns 0x0)
I've googled around for ages as well, still having no luck. Spent about 3 hours on this (tonight alone lol), but I'm just not experienced enough with ASM & Memory editing to figure it out from that. I am teaching my self ASM at the moment, but I feel it will be some time before I completely understand what's happening here lol.
If there's anything else you guys can suggest, I would really appreciate it. For now, I'll just keep trying different approaches. =\
|
|
| Back to top |
|
|
samuri25404
Grandmaster Cheater
Reputation: 7
Joined: 04 May 2007
Posts: 955
Location: Why do you care?
|
| Posted: Sat Mar 22, 2008 7:14 am Post subject: |
|
|
Try this:
Change your import signature to this:
| Code: |
[DllImport("whatever", SetLastError = True)]
...
|
Then, after you call, say VPEx, do this:
| Code: |
MessageBox.Show(Marshal.GetLastWin32Error.ToString());
|
You should get a MessageBox with a number in it. Go to Tools -> Error Lookup (assuming that you're using Visual Studio), and punch in that number. Click "Look up" and check out the error. See if you can resolve it from there.
_________________
|
|
| Back to top |
|
|
Estx
Expert Cheater
Reputation: 0
Joined: 04 Mar 2008
Posts: 172
|
| Posted: Sat Mar 22, 2008 7:48 am Post subject: |
|
|
Returns zero on all API calls that are made, which means there's no error via the calls.. man what a mission this is lol.
If it returned non-zero I would've been very happy lol (makes it a whole lot easier when you know what the problem is).
Added to your reputation for helping out this far. Cheers man.
|
|
| Back to top |
|
|
HolyBlah
Master Cheater
![]() Reputation: 2
Joined: 24 Aug 2007
Posts: 446
|
| Posted: Sat Mar 22, 2008 11:06 am Post subject: |
|
|
You cant read/write memory that not exists(Not allocated).
So try Alloc the address before you read/write the memory.
|
|
| Back to top |
|
|
Estx
Expert Cheater
Reputation: 0
Joined: 04 Mar 2008
Posts: 172
|
| Posted: Sat Mar 22, 2008 11:30 pm Post subject: |
|
|
I have no problems with reading / writing to the actual memory. I can modify all the variables easily (used cheat-engine / visual perception to determine that lol)
The addresses seem to be all already allocated, unless I need to use HeapAlloc or something? I did an API hook on C.E. and browsed through all of it's calls, but nothing stood out..
0x0da27e13 references: 0x00000038, but holds the bytes (used 64 for length just in case it isn't just 4 bytes that display the ASM):
| Code: | FF 52 38 5E C2 04 00 CC
CC CC CC CC CC 56 8B 74
24 08 85 F6 7C 05 3B 71
08 7C 06 32 C0 5E C2 04
00 56 E8 A6 AF FF FF 3B
C6 0F 95 C0 5E C2 04 00
CC CC CC CC CC CC CC CC
CC CC CC CC CC 8B 44 24 |
That any help..?
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
