Cheat Engine

KryziK · Posted: Sun Dec 06, 2009 9:19 pm Post subject: Freeze address?

Hi, I was wondering how Cheat Engine freezes addresses. I have heard of VirtualProtectEx, but I am not quite sure if this is correct.

I don't really want to download the source, nor do I want to look for the function or whatever it is.

If someone knows could they please point me to it or explain it?

P.S. The reason I don't want to get the source is I don't want to install a SVN Client and I don't have anything installed at the moment to read the code (Unless it is plain text, which I doubt). I just wanted to say this because most people would think I am just being lazy, but I am not.

Thanks!

Slugsnack · Posted: Mon Dec 07, 2009 2:02 pm Post subject:

For freezing you just keep writing to the address the value you want to freeze it at

KryziK · Posted: Mon Dec 07, 2009 2:16 pm Post subject:

Ah, I didn't think it would be that easy. But then I looked in the settings and found a freeze time in ms, which made sense. Thanks

But what about nopping?

Slugsnack · Posted: Mon Dec 07, 2009 6:33 pm Post subject:

NOPing is just writing the byte encoding a NOP instruction to a certain address. That byte is 0x90.

You may need to use VirtualProtectEx to grant yourself write access to that address though.

KryziK · Posted: Mon Dec 07, 2009 7:10 pm Post subject:

Slugsnack · Posted: Tue Dec 08, 2009 5:01 pm Post subject:

each byte would be a new address. in that case the first byte is 0x8b, second byte is 0x80, etc. etc.

best way to do that. if you are doing direct memory access then you can write the dword at 0x0045ae66 to 0x90909090 and then the word at 0x0045ae6a to 0x9090

if you are using WPM then make an array of 6 bytes which are 0x90 for each byte. then write that whole array to 0x0045ae66

KryziK · Posted: Tue Dec 08, 2009 5:29 pm Post subject:

Thanks, will try it now.

Edit:

I am using the WinAPI Function WriteProcessMemory.

WriteProcessMemory(hProcess, pBaseAddress, pBuffer, iSize, ByRef iWritten)

So I have the process and, I think, the address. Would the buffer be an array of bytes like

Array[2] = ["0x90", "0x90"]
Size would be....2?
Written would be whatever variable I want it stored in?

Basically what I want to do is nop the code for step 5 outside of autoit. I have obtained a static address to the value if this helps.

Feel free to PM me if you would like, and thanks for your help so far!

And also, now when I find out what writes I get
Code :0045aecb - 89 10 - mov [eax],edx
every time (tried it about 3x closing the tutorial and re-opening)

KryziK · Posted: Wed Dec 09, 2009 3:22 pm Post subject:

Bump. Anyone know if this is correct?

Dark Byte · Posted: Wed Dec 09, 2009 3:29 pm Post subject:

why don't you just try it ?

but yes, if the code is "0045aecb - 89 10 - mov [eax],edx " then you need to write 2 nop's

KryziK · Posted: Wed Dec 09, 2009 3:39 pm Post subject:

Well, I did try it, but it wasn't exactly working. I've been trying a couple times. Will try again.

Edit:

I get an error

"OpenProcess:Standard: The operation completed successfully", but my program closes and it doesn't work. It has a little red X in the window. Same with WriteProcessMemory.

I cannot find what the error is as it closes the program before I can retrieve it.

Slugsnack · Posted: Sun Dec 13, 2009 6:49 am Post subject:

post full source here

KryziK · Posted: Sun Dec 13, 2009 11:07 am Post subject:

Oh, I posted the answer but I guess it didn't work.

I figured it out.

It wasn't working because the default type in the function was dword. I changed it to byte and wrote 0x90 to 0045aecb and 0045aecc.

Thanks for your help! Now I just need to figure out how to turn instructions into bytes.