memoryreverse-engineeringcomputer-forensics

How to automate finding data in a memory of another running process?


How to automate finding data in a memory of another running process? Because of dynamic memory allocation every time memory addresses are different. Currently I search for needed values by Cheat Engine. But I'm curious how game trainers every time finding correct values? Maybe you can recommend some articles or books on this task.


Solution

  • It's a complicated question, basically game trainers works with a lot of attemps, they find an offset that is constantly allocated at the same memory address and from it they deduce the corresponding meaning of the value.

    If you want to automate this task you can build your own monitor with ptrace() or equivalent function and iterate n times you want, but you cannot have the assurance of what are that addresses, so you can try to change all and see if something change(with the risk of program crash)