Cheat Engine

[Hokibukisa]

Hello. My goal is to create an app to hook onto a game process (Torchlight 1 for now), scan its memory for a string of a certain value that I define in script (Game is moddable with torchscript), and then use something like cheatengine to content inject string variable. The idea is inter-process communication with an application that doesn't technically support it, but due to scripting mods, might technically achieve it unwittingly.

So I was thinking, create a huge static buffer string in script for which to work with, and pass commands back and forth through that string buffer + ignore padding. Possibly using certain positions in the string for required parameters.


I've been looking at different ways to inject a DLL.
www(dot)codeproject(dot)com/KB/threads/winspy.aspx
(Note: I am NOT trying to keylog, just using this as a guide to read and write memory of another process)
One of the tricks is quite simple, hook it with low level keyboard hook, loadlibrary to increment the dll's load count, then de-hook, and your in.

The pitfall to this, as I've read in a few places, is that even if the dll is mapped to a process, that it still needs hefty permissions in order to read and write to memory addresses of other processes.
I've read that you need to get debugger permissions in order to do so, and then searching for references on how to do that, a deadend. Supposedly even system administrator isn't even high enough to attach a debugger to a process.

So CheatEngine, this marvelous application which I've used and love, can attach to a process and gayfully edit its memory without even attaching a debugger. And I'm dying to know whats special with CE that allows it to do this?

Also I am wondering, is there a CE lite API/dll that performs low level wizardry that is easily adaptable?

Some things that CE does that are beyond my realm of comprehension:
-Scan address space of only a desired process, returning results or whatever CE does, it does it damn well.
-CE's search capabilities
-CE's memory writing capabilities

I plan to *ATTEMPT* to make something like this despite never written a single line of pascal in my life, just wanted to ask if something like this already exists.


Any tips or advice would be much appreciated! Possibly leading to a large paypal donation! I know that time is money, friend!

[Dark Byte]

Cheat Engine acquires SeDebugPrivilege. It can then open the process without a problem. And if that fails it can always fall back on a kernelmode driver bypassing windows security mechanism altogether

For that you need admin rights, but with a proper manifest embedded in the exe you can make it pop up a window asking admin rights

As for the rest it's just basic windows api. ReadProcessMemory, VirtualQueryEx, CreateRemoteThread, etc...