Cheat Engine

[VikFreeze]

Can i ask some things about how the debuggerthread works?

Am i correct in guessing that SetWriteBreakpoint places a trigger for a write event, SetReadBreakpoint places a trigger for a read event and SetReadWriteBreakpoint places a trigger for a both read and write events on a given address?

If so, then is calling SetWriteBreakpoint, SetReadBreakpoint the same as calling just SetReadWriteBreakpoint?

I want to make modifications so that i can see multiple aspects of a address at the same time, i was thinking of adding a extra listbox to the foundcodedialog and modify the foundone procedure so i have a reader and writer textbox for a given address, but i don't know what will happen if call both SetReadBreakpoint and SetWriteBreakpoint on the same address or SetReadBreakpoint and SetWriteBreakpoint on different addresses.

To make a long story short, if i call SetReadBreakpoint for multiple addresses will that monitor the read events on all these addresses or is the debugger made to monitor a single address at a time?

Ive been experimenting with these procedures and the seem to work just how i need them to, but when monitoring a address for read access all the values in CE become unreadable ( they show '??') and they flicker between '??' and the value, when i close the opcode monitoring window the values return to normal, i think the memory is fine, but the call to SetReadBreakpoint i doing something to mess up the code that refreshes the values.
Is there a way to fix this?

[Dark Byte]

This is pretty old code and will be rewritten to the way the kerneldebugger is build up (kinda)

anyhow, SetReadBreakpoint is a completly different function from SetWrite and SetReadWrite breakpoint.

Instead of debug registers it just marks the memory region as unreadable and when it tries to read from it, it'll raise an access violation with the read reason. (thats why the memory shows up as ?? and only shows as a value during the times the application is using that memory )

It's not very fast and tends to crash when used with multithreaded games

It also has been removed from ce 5.4 and later as there's no use for it alone.

[VikFreeze]

Dark Byte

It looks like the only way to monitor multiple addresses is the access violations way since the debug regs can only take 4 addresses of 4 bites length each and that is nowhere near to what i need to watch, anyway i need to modify this condition in the debugger:

[Dark Byte]

yes, devent.Exception.ExceptionRecord.ExceptionInformation[1]contains the address that is being accessed
and it'll return anything between 00400000 and 00400fff (you make a whole page inaccessible, not just the bytes you want)


but really, I recommend you first try to figure out what you want to look for. You're giving the impression that you want to watch all the memory changes, which is just not going to happen. (it'll be so slow that every pixel being changed on the screen will take 20 seconds each)

[VikFreeze]

I know im making an entire page inaccessible but the question was what is in devent.Exception.ExceptionRecord.ExceptionInformation[1] when the opcode im looking for accessed the address im interested in (ie the exact address: 00400000 or anything from the address 00400000 to the address + address size 00400004 in this example)

I cant think of any othere way to continue tracing the pointer i need after level 3 when the scan for the address witch made the change returns 25-30 addresses, i don't intend to watch the whole memory becaz i know it wouled slow down terribly but i'm aiming to watch those 25-30 ones

[Dark Byte]

it contains the address that is causing the exception

so if 00400000 is made unreadable then a 4 byte read at 003ffffd, it will return 003ffffd

But why not check them one by one? And have you tried the pointerscan ?

[VikFreeze]

The pointer scanner wouled be really usefull is i knew what level the pointer is all im 100% sure of right now is the first(or last) offset is 110 the next is probably 78 and the next is probably 8.

It starts out simple, my target address is written to by a single address (i set up the code window to filter down the opcodes by the address witch i need to search for), anyway, scanning for the first address returns 4 results 3 of witch are dead so this mean address #4 is the right one, correct? now it is beeing written to by 2 addresses boght of witch have an offset of 78 but heres the deal the opcodes pop up imedeately after the code window opens (not when i modify the score, like the first level) so one of these two addresses lead into a dead end, the othere returns about 28 results (actualy 100 but after several rescans it narrous down to about 25-30) now one of them is accessed by a opcode witch pops up when i modify the score and hase a offset of 8, once more the scan returns about 25-30 results but this time no opcode pops up when i modify the score on any of these so im asuming its "hidden" in the opcodes witch pop up imediately when the code window opens or im doing something wrong.

Is there any othere way to bypass this problem?

[Dark Byte]

to use the pointerscanner you don't need to know the level of the pointer, just make sure the level is at least equal or bigger than the actual pointer (the bigger, the better, but each level increases the diskspace and time requirements exponentially)

And since you know the last 2 offsets, you can already fill that in and do a level 7 scan with the speed of a level 5 (I wouldn't take that offset 8 one since it's the one you're stuck on)


anyhow, using the debugger method:

[VikFreeze]

[Dark Byte]

use a flash editor,decompiler or other tool. then edit the game specifically to your likings and play that.

You can not use pointers in webbrowsers. The way they build up their content is too dynamic. Even having your mouse cursor at the wrong spot while typing in the url or selecting the bookmark can already cause an extra data object to be generated before the page is generated.

causing the data object to be the first item in the list instead of the page.

Also, lag can cause pointers to not work. If an image finished loading just before the flash object it's placed in front of it, causing the index (offset) of the flash object to load further. (increased offset)

And there are million of other occasions that the dynamic array that holds the page's objects aren't always in the same order.

and not to mention that everyone is running just slightly different versions of their browser. (flash version, browser version, browser language, etc...)


You might have more success if you ran the .swf inside a standalone swf player though, as long as it isn't inside a webbrowser, and the swf itself doesn't download anything from the net

[VikFreeze]