| View previous topic :: View next topic |
| Author |
Message |
crtzrms
Newbie cheater
![]() Reputation: 0
Joined: 26 Apr 2020
Posts: 13
|
 Posted: Wed Apr 29, 2020 7:57 am Post subject: Bug regarding memory viewer |
 |
|
Greetings,
I've been playing around with a game to hack its camera and cheat engine has had some weird behavior all around; while trying to find "what writes to this address" it reports finding a jmp writing data, like in the picture:
https://imgur.com/a/tw0tqxQ
Working with ghidra (or any other debugger) it gives the correct code:
https://imgur.com/a/D1ktwkr
Manually inputting the proper address in cheat engine corrects the issue temporarily:
https://imgur.com/a/5gUTV7F
I'm sorry if this is the right place to report this kind of issue but i dodn't see a bug report area or anything.
Also, it seems weird that CE reports off by -1 byte what is writing to the address; if i recall correctly, CE changes the page protection and handles the exception to detect whenever the address is being written to, i can't think of any reason for it to grab the wrong EIP.
Oh and i cant post url's yet, thats why the messed up links to images, a moderator could make it look pretty 
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25778
Location: The netherlands
|
| Posted: Wed Apr 29, 2020 10:24 am Post subject: |
|
|
calculating the previous opcode is not always correct.
anyhow, the left and right arrow keys can reallign the disassembler
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
ParkourPenguin
I post too much
 Reputation: 152
Joined: 06 Jul 2014
Posts: 4695
|
| Posted: Wed Apr 29, 2020 10:40 am Post subject: |
|
|
Break-on-access / break-on-write breakpoints trigger after the instruction has executed. EIP/RIP is set to the instruction after the access/write, which means CE has to guess what the previous instruction is. That problem is actually pretty hard to solve correctly in ISAs with variable-length instructions, and in this very specific case, the bytes are laid out in such a way that CE happens to guess it wrong.
Posting more bytes around there (especially before the access) might help fix this.
| crtzrms wrote: | | CE changes the page protection and handles the exception to detect whenever the address is being written to |
If you use page exceptions, yes, but that's a terrible way of doing it in general. Hardware breakpoints are used by default.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
crtzrms
Newbie cheater
![]() Reputation: 0
Joined: 26 Apr 2020
Posts: 13
|
| Posted: Wed Apr 29, 2020 11:06 am Post subject: |
|
|
| ParkourPenguin wrote: | Break-on-access / break-on-write breakpoints trigger after the instruction has executed. EIP/RIP is set to the instruction after the access/write, which means CE has to guess what the previous instruction is. That problem is actually pretty hard to solve correctly in ISAs with variable-length instructions, and in this very specific case, the bytes are laid out in such a way that CE happens to guess it wrong.
Posting more bytes around there (especially before the access) might help fix this.
| crtzrms wrote: | | CE changes the page protection and handles the exception to detect whenever the address is being written to |
If you use page exceptions, yes, but that's a terrible way of doing it in general. Hardware breakpoints are used by default. |
Oh, i didn't know that, makes much more sense.
Also good to know the arrow keys can fix the issue 
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
