Ceserver for cheatengine7.0 to analyze memorydump
The system in the memory dump only supports 64-bit systems, windows10, windows11
ceserver for raw memory dump file
Usage:
ceserver-rawmem [OPTION...]
-f, c arg Raw memory dump file path
-p, --port arg CEServer using port (default: 8997)
-f/--file parameter only supports complete linear physical memory dump, you can get it through MemProcFS
Run commond
MemProcFS.exe -device win10.core
Copy M:\memory.pmem to your workspace
Open WSL and run command
./ceserver-rawmem -f memory.pmem
Port forwarding for WSL
netsh interface portproxy add v4tov4 listenport=8997 listenaddress=0.0.0.0 connectport=8997 connectaddress=xxx.xxx.xxx.xxx
Open cheatengine, connect to localhost:8997
Environment: Ubuntu22.04 x64
Require:
- CMake >= 3.20
- OpenSSL >= 1.1.1
- Clang >= 14
sudo apt-get update
sudo apt-get install build-essential
sudo apt-get install zlib1g-dev
sudo apt-get install libssl-dev
sudo apt-get install cmake
sudo apt-get install clang-14
mkdir build
cd build
cmake .. -DCMAKE_C_COMPILER=clang-14 -DCMAKE_CXX_COMPILER=clang++-14
make
Environment: macOS 13.4.1
brew install cmake
mkdir build
cd build
cmake .. -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++
make
- [ ] Support qemu-kvm, pcileech
- [ ] Write an example of dumping apex game data
- [ ] Make a qemu-kvm cheat
-
memflow: Provides a nice way to get the base address of ntoskrnl.exe
-
query-pdb: Provides a good pdb parsing service
-
cheatengine: Cheat Engine is a development environment focused on modding games and applications for personal use.
-
cxxopts: Lightweight C++ command line option parser
-
MemProcFS: MemProcFS is an easy and convenient way of viewing physical memory as files in a virtual file system.