Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Check my understanding of program address spaces

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Discussions
View previous topic :: View next topic  
Author Message
xconspirisist
How do I cheat?
Reputation: 0

Joined: 20 Jun 2021
Posts: 5

PostPosted: Sun Aug 01, 2021 1:32 pm    Post subject: Check my understanding of program address spaces Reply with quote

Hey folks, I'd like to check my understanding of program address spaces if someone has a moment;

When looking in CheatEngine, at a listing of instructions in the "instruction view" (opcodes with arguments), as well as the "memory view" - is this all the same "program address space"?

ie, in memory, does it look something like; instructions starting at 0x0000, then stack, then heap? Does this mean that "low address" such as 0x00400 are likely to be an address in the "instruction area", but a higher address, like 0x90000 are likely to be addresses in the programs' heap? It's not like there are two address spaces that both start at 0x0?

Does cheat engine just display two separate views because it knows a program's instructions end at say 0x89999, and after that it's "memory" / data?
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Sun Aug 01, 2021 3:10 pm    Post subject: Reply with quote

In the memory browser, the top half is called the disassembler view and the bottom half is the hex view. They're viewing the same address space, just in two different ways. Press Ctrl + Space to sync them.

Concepts like the stack and heap are abstractions over the raw bytes of memory in a program's address space. In the end it's all just bytes.

Address 0 is never mapped to anything and will segfault if it's accessed.

The executable is typically loaded near the start of the address space, the heap (if one even exists) after that, and the main thread's stack near the end of the address space.
Programs can still allocate memory wherever they want.

CE displays two different views because that's how its UI is designed. Again, it's two different ways to portray bytes. It's fine to disassemble data like integers/floats as if they were instructions, and it's fine to read instructions as if they were primitive value types. Given that it's almost certainly not what the program intended, it may not be correct to do so, but it's possible.

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
xconspirisist
How do I cheat?
Reputation: 0

Joined: 20 Jun 2021
Posts: 5

PostPosted: Mon Aug 02, 2021 5:01 am    Post subject: Reply with quote

Thank you ParkourPenguin for taking the time - I really appreciate it. That really helps.

I went on to look at Memory Regions within CheatEngine, and spent a lot of time reading up about Virtual Address Space, and looked through things like the DLL Enumeration list.

One follow-on question, is it possible to hide/ignore regions of memory in CheatEngine that are unlikely to be interesting when debugging a game? Looking at the list of Enumerated DLLS, things like wow64cpu.dll, kernel32.dll, gdi32.dll, gameoverlayrenderer.dll and many more won't contain "game bytes" that I care about. Seems like an easy way to drastically reduce the number of bytes I have to look through / use for pointerscans? I see that I can specify these as addresses start/from, but is there any way to specify it based on the names of DLLs / mapped regions of memory?
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Mon Aug 02, 2021 5:15 am    Post subject: Reply with quote

Pointerscan already excludes those regions when scanning. (Advanced options, include system modules is unchecked)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Discussions All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites