Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


PE EXE Dump and CE

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
paul44
Expert Cheater
Reputation: 2

Joined: 20 Jul 2017
Posts: 152

PostPosted: Sat Jun 09, 2018 7:44 am    Post subject: PE EXE Dump and CE Reply with quote

It is the 3rd time that somebody asks me to update my CE table for his/her version. Usually I get around it by instructing the gamer in question on how to chase down the AOB code. To help out, I used HIEW in the past, but it is not very successful in practise for x86 platforms (I might not use the tool in the proper way, so correct me accordingly).

That said: I got around the problem and could help out that user. But decided to have another search on possible "Dump" tools. And I did come across this one: [ github_com/glmcdona/Process-Dump ]. Extremely nifty, fast and - I'm assuming here - applicable for support purposes.

What is my request: I have no problems opening the file with CE, and do an AssemblyScan... that works just like if I'm running this on a live EXE. However, AsmScan is pretty slow; and unfortunately trying an 'Array of bytes' returns nothing or an error message, depending on how one sets the 'Writable' flag. Since CE finds the opcode via the AsmScan, my feeling is it "can" also do this via an AOB scan?!

Just to be clear: this kind of stuff is way out of my league; and I have no experience whatsoever in supporting CE table updates this way. But my feeling does tell me it is important enough to post a request here Shocked
And more importantly: I can easily ask the gamer to perform this task, since it leaves hardly any 'footprint' on his/her pc. (unlike asking them to install IDA for instance ~ not that I know how to do it there...)

If someone wants to try out this tool:
Prenote: If you run [pd64.exe -db gen] first, it will create a {clean.hashes}. With this file present on your disk, [pd] will generate less (dll) file dumps (as it ignores any files found in that hashes-db).

1. Run game
2. Open CMD (w/ Admin) and run [Tasklist] (note down game's PID)
3. Run [pd32.exe or pd64.exe] {-pid <PID> -p <Game's EXE name without extension>}
(eg: [pd64 -pid 1312] will generate a EXE dump, along with related DLL files)

Here are some prtscreens from within CE: [ imgur_com/a/2EmjmYz ]
(notice the "difference" in offset values)
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites