add a cr3 switcher for individual memoryview windows

Cheat Engine/LuaHandler.pas

@@ -7311,7 +7311,7 @@ function lua_dbvm_bp_setBrokenThreadEventFull(L: PLua_state): integer; cdecl;
         if not lua_isnil(L,-1) then state.basic.R9:=lua_tointeger(L,-1);
         lua_pop(L,1);
 
-        lua_pushstring(L,'R0');
+        lua_pushstring(L,'R10');
         lua_gettable(L,2);
         if not lua_isnil(L,-1) then state.basic.R10:=lua_tointeger(L,-1);
         lua_pop(L,1);

Cheat Engine/MainUnit2.pas

@@ -1086,6 +1086,7 @@ procedure LoadSettingsFromRegistry(skipPlugins: boolean=false);
   MemoryBrowser.Kerneltools1.visible:=false;
   {$else}
   MemoryBrowser.Kerneltools1.Enabled:={$ifdef windows}DBKLoaded or isRunningDBVM{$else}false{$endif};
+  MemoryBrowser.miCR3Switcher.visible:=MemoryBrowser.Kerneltools1.Enabled;
   {$endif}
 
 

Cheat Engine/MemoryBrowserFormUnit.lfm

@@ -1,7 +1,7 @@
 object MemoryBrowser: TMemoryBrowser
-  Left = 403
+  Left = 627
   Height = 536
-  Top = 95
+  Top = 107
   Width = 643
   HelpContext = 12
   Caption = 'Memory Viewer'
@@ -1679,6 +1679,11 @@ object MemoryBrowser: TMemoryBrowser
           OnClick = miBinutilsSelectClick
         end
       end
+      object miCR3Switcher: TMenuItem
+        Caption = 'CR3 Switcher'
+        Visible = False
+        OnClick = miCR3SwitcherClick
+      end
       object miTextPreferences: TMenuItem
         Caption = 'Preferences'
         ImageIndex = 40

Cheat Engine/MemoryBrowserFormUnit.pas

@@ -20,7 +20,8 @@ interface
   debughelper, debuggertypedefinitions,frmMemviewPreferencesUnit, registry,
   disassemblerComments, multilineinputqueryunit, frmMemoryViewExUnit,
   LastDisassembleData, ProcessHandlerUnit, commonTypeDefs, binutils,
-  fontSaveLoadRegistry, LazFileUtils, ceregistry, betterControls,ScrollBoxEx;
+  fontSaveLoadRegistry, LazFileUtils, ceregistry, frmCR3SwitcherUnit,
+  betterControls, ScrollBoxEx;
 
 
 type
@@ -48,6 +49,7 @@   TMemoryBrowser = class(TForm)
     GSlabel: TLabel;
     MenuItem4: TMenuItem;
     copyBytesAndOpcodesAndComments: TMenuItem;
+    miCR3Switcher: TMenuItem;
     miShowSectionAddresses: TMenuItem;
     miOpenInDissectData: TMenuItem;
     miCopyOpcodesOnly: TMenuItem;
@@ -342,6 +344,7 @@   TMemoryBrowser = class(TForm)
     procedure MenuItem11Click(Sender: TObject);
     procedure MenuItem12Click(Sender: TObject);
     procedure MenuItem14Click(Sender: TObject);
+    procedure miCR3SwitcherClick(Sender: TObject);
     procedure miDBVMFindoutwhataddressesthisinstructionaccessesClick(Sender: TObject);
     procedure MenuItem4Click(Sender: TObject);
     procedure miOpenInDissectDataClick(Sender: TObject);
@@ -610,6 +613,10 @@   TMemoryBrowser = class(TForm)
     preferedF5BreakpointMethod: TBreakpointMethod;
 
     followRegister: integer;
+
+    fcr3: qword;
+    fcr3switcher: TfrmCR3Switcher;
+    procedure cr3switcherCR3Change(sender: TObject);
     procedure SetStacktraceSize(size: integer);
     procedure setShowDebugPanels(state: boolean);
     function getShowValues: boolean;
@@ -623,6 +630,12 @@   TMemoryBrowser = class(TForm)
     procedure setContextValueByTag(value: ptruint; tag: integer);
     function  getContextValueByTag(tag: integer): ptruint;
     procedure ApplyFollowRegister;
+    procedure setCR3(newcr3: qword);
+    function ReadProcessMemory(hProcess: THandle; lpBaseAddress, lpBuffer: Pointer; nSize: size_t; var lpNumberOfBytesRead: PTRUINT): BOOL;
+
+    procedure setCaption(c: string);
+    function getCaption: string;
+
   public
     { Public declarations }
     FSymbolsLoaded: Boolean;
@@ -675,6 +688,9 @@   TMemoryBrowser = class(TForm)
     procedure miStopDifferenceClick(Sender: TObject);
     procedure Scrollboxscroll(sender: TObject);
     procedure AddToDisassemblerBackList(address: pointer);
+
+    procedure createcr3switcher;
+    property cr3switcher: TfrmCR3Switcher read fcr3switcher;
   published
     //support for old scripts that reference these
     property Run1: TMenuItem read miDebugRun;
@@ -690,6 +706,8 @@   TMemoryBrowser = class(TForm)
     property Symbolhandler1: TMenuItem read miUserdefinedSymbols;
     property AccessedRegisterColor: TColor read faccessedRegisterColor write faccessedRegisterColor;
     property ChangedRegisterColor: TColor read fChangedRegisterColor write fChangedRegisterColor;
+    property CR3: QWORD read fCR3 write setCR3;
+    property Caption: string read getCaption write setCaption;
   end;
 
 var
@@ -859,9 +877,41 @@ procedure TMemoryBrowser.SetStacktraceSize(size: integer);
   reloadStacktrace;
 end;
 
+procedure TMemoryBrowser.setCaption(c: string);
+var cr3pos, cr3posend: integer;
+begin
+  cr3pos:=pos(' (CR3 ',c);
+  if (fcr3<>0) and (cr3pos=0) then //add the statement which CR3 this is
+    c:=c+' (CR3 '+inttohex(fcr3,8)+')';
+
+
+  if (fcr3=0) and (cr3pos<>0) then //delete it
+  begin
+    cr3posend:=Pos(')',c,cr3pos+1);
+    if cr3posend>0 then
+      c:=copy(c,1,cr3pos-1)+copy(c,cr3posend+1);
+  end;
+
+  inherited caption:=c;
+end;
+
+function TMemoryBrowser.getCaption: string;
+begin
+  result:=inherited caption;
+end;
+
 //^^^^
 
 
+function TMemoryBrowser.ReadProcessMemory(hProcess: THandle; lpBaseAddress, lpBuffer: Pointer; nSize: size_t; var lpNumberOfBytesRead: PTRUINT): BOOL;
+begin
+  if fcr3=0 then
+    result:=newkernelhandler.ReadProcessMemory(hProcess, lpBaseAddress, lpBuffer, nsize, lpNumberOfBytesRead)
+  else
+    result:=ReadProcessMemoryCR3(fcr3,lpBaseAddress, lpBuffer, nsize, lpNumberOfBytesRead);
+end;
+
+
 
 procedure TMemoryBrowser.Splitter1Moved(Sender: TObject);
 begin
@@ -1183,6 +1233,45 @@ procedure TMemoryBrowser.MenuItem14Click(Sender: TObject);
   EnableWindowsSymbols(true);
 end;
 
+procedure TMemorybrowser.setCR3(newcr3: qword);
+begin
+  fcr3:=newcr3;
+  disassemblerview.cr3:=fcr3;
+  hexview.cr3:=fcr3;
+
+  if newcr3<>0 then
+  begin
+    createcr3switcher;
+    fcr3switcher.addCR3ToList(newcr3);
+
+    fcr3switcher.Show;
+  end;
+
+  caption:=caption;
+end;
+
+procedure TMemoryBrowser.cr3switcherCR3Change(sender: TObject);
+begin
+  //cr3 changed, notify the disassembler and hexview
+  cr3:=cr3switcher.cr3;
+end;
+
+procedure TMemoryBrowser.createcr3switcher;
+begin
+  if fcr3switcher=nil then
+  begin
+    fcr3switcher:=TfrmCR3Switcher.Create(self);
+    fcr3switcher.OnCR3Change:=cr3switcherCR3Change;
+  end;
+end;
+
+procedure TMemoryBrowser.miCR3SwitcherClick(Sender: TObject);
+begin
+  //the cr3 switcher is unique for each memview window
+  createcr3switcher;
+  fcr3switcher.Show;
+end;
+
 procedure TMemoryBrowser.miDBVMFindoutwhataddressesthisinstructionaccessesClick(Sender: TObject);
 begin
   DBVMFindwhatThiscodeAccesses(disassemblerview.SelectedAddress);
@@ -3361,10 +3450,17 @@ procedure TMemoryBrowser.AssemblePopup(x:string);
 
         bytelength:=length(bytes);
 
-        vpe:=(SkipVirtualProtectEx=false) and VirtualProtectEx(processhandle,  pointer(Address),bytelength,PAGE_EXECUTE_READWRITE,p);
-        WriteProcessMemoryWithCloakSupport(processhandle,pointer(Address),@bytes[0],bytelength,a);
-        if vpe then
-          VirtualProtectEx(processhandle,pointer(Address),bytelength,p,p);
+        if fcr3=0 then
+        begin
+          vpe:=(SkipVirtualProtectEx=false) and VirtualProtectEx(processhandle,  pointer(Address),bytelength,PAGE_EXECUTE_READWRITE,p);
+          WriteProcessMemoryWithCloakSupport(processhandle,pointer(Address),@bytes[0],bytelength,a);
+          if vpe then
+            VirtualProtectEx(processhandle,pointer(Address),bytelength,p,p);
+        end
+        else
+        begin
+          WriteProcessMemoryCR3(fcr3, pointer(address),@bytes[0], bytelength,a);
+        end;
 
         hexview.update;
         disassemblerview.Update;
@@ -4527,7 +4623,7 @@ procedure TMemoryBrowser.Newwindow1Click(Sender: TObject);
     caption:=caption+'* ('+ns+')';
 
     Kerneltools1.enabled:=memorybrowser.Kerneltools1.enabled;
-
+    miCR3Switcher.visible:=Kerneltools1.Enabled;
     ischild:=true;
     show;
   end;

Cheat Engine/NewKernelHandler.pas

@@ -1618,7 +1618,7 @@ procedure LoadDBK32; stdcall;
     {$endif}
 
     MemoryBrowser.Kerneltools1.Enabled:=DBKLoaded or isRunningDBVM;
-
+    MemoryBrowser.miCR3Switcher.visible:=MemoryBrowser.Kerneltools1.Enabled;
   end;
 {$endif}
 end;

Cheat Engine/cheatengine.lpi

@@ -26,7 +26,7 @@
       <AutoIncrementBuild Value="True"/>
       <MajorVersionNr Value="7"/>
       <MinorVersionNr Value="2"/>
-      <BuildNr Value="6843"/>
+      <BuildNr Value="6857"/>
       <Language Value=""/>
       <CharSet Value=""/>
       <StringTable CompanyName="Cheat Engine" FileDescription="Cheat Engine" ProductVersion="7.2"/>
@@ -639,7 +639,7 @@
         <PackageName Value="LCL"/>
       </Item8>
     </RequiredPackages>
-    <Units Count="406">
+    <Units Count="407">
       <Unit0>
         <Filename Value="cheatengine.lpr"/>
         <IsPartOfProject Value="True"/>
@@ -2778,6 +2778,14 @@
         <IsPartOfProject Value="True"/>
         <UnitName Value="DBVMDebuggerInterface"/>
       </Unit405>
+      <Unit406>
+        <Filename Value="frmcr3switcherunit.pas"/>
+        <IsPartOfProject Value="True"/>
+        <ComponentName Value="frmCR3Switcher"/>
+        <HasResources Value="True"/>
+        <ResourceBaseClass Value="Form"/>
+        <UnitName Value="frmCR3SwitcherUnit"/>
+      </Unit406>
     </Units>
   </ProjectOptions>
   <CompilerOptions>

Cheat Engine/cheatengine.lpr

@@ -116,7 +116,8 @@
   frmMicrotransactionsUnit, frmSyntaxHighlighterEditor, LuaCustomImageList,
   dotnethost, rttihelper, cefreetype, LuaDotNetPipe, LuaRemoteExecutor,
   newRadioButton, newCheckbox, newbutton, autoassemblercode, CSharpCompiler,
-  newhintwindow, memrecDataStructures, LuaCECustomButton, DBVMDebuggerInterface;
+  newhintwindow, memrecDataStructures, LuaCECustomButton, DBVMDebuggerInterface,
+  frmCR3SwitcherUnit;
 
 {$R cheatengine.res}
 {$IFDEF windows}

Cheat Engine/dbk32/DBK32functions.pas

@@ -909,7 +909,7 @@ function GetCR3(hProcess:THANDLE;var CR3:system.QWORD):BOOL; stdcall;
         x:=l.processid;
         result:=deviceiocontrol(hdevice,cc,@x,4,@_cr3,8,y,nil);
 
-        outputdebugstring(pchar('GetCR3: return '+inttohex(_cr3,16)));
+       // outputdebugstring(pchar('GetCR3: return '+inttohex(_cr3,16)));
         if result then CR3:=_cr3 else cr3:=$11223344;
       end;
 
@@ -949,7 +949,7 @@ function GetCR3FromPID(pid: system.QWORD;var CR3:system.QWORD):BOOL; stdcall;
     x:=pid;
     result:=deviceiocontrol(hdevice,cc,@x,4,@_cr3,8,y,nil);
 
-    outputdebugstring(pchar('GetCR3: return '+inttohex(_cr3,16)));
+    //outputdebugstring(pchar('GetCR3: return '+inttohex(_cr3,16)));
 
     if (_cr3 and $fff)>0 then
     begin
@@ -1339,6 +1339,13 @@ type TInputstruct=record
     bufpointer2: pointer;
     towrite: dword;
 begin
+  if vmx_loaded and (dbvm_version>=$ce00000a) then
+  begin
+    NumberOfBytesWritten:=dbvm_write_physical_memory(qword(lpBaseAddress), lpBuffer, nSize);
+    exit(NumberOfBytesWritten=nSize);
+  end;
+
+
   result:=false;
   NumberOfByteswritten:=0;
   //find the hprocess in the handlelist, if it isn't use the normal method (I could of course use NtQueryProcessInformation but it's undocumented and I'm too lazy to dig it up

Cheat Engine/dbvmdebuggerinterface.pas

@@ -132,12 +132,13 @@ function TDBVMDebugInterface.setBreakEvent(var lpDebugEvent: TDebugEvent; frozen
     lpDebugEvent.Exception.ExceptionRecord.ExceptionAddress:=pointer(currentFrozenState.basic.RIP);
     lpDebugEvent.Exception.ExceptionRecord.ExceptionCode:=EXCEPTION_DBVM_BREAKPOINT;
     lpDebugEvent.Exception.ExceptionRecord.ExceptionFlags:=watchid; //-1 when stepping
-    lpDebugEvent.Exception.ExceptionRecord.NumberParameters:=5;
+    lpDebugEvent.Exception.ExceptionRecord.NumberParameters:=6;
     lpDebugEvent.Exception.ExceptionRecord.ExceptionInformation[0]:=frozenThreadID;
     lpDebugEvent.Exception.ExceptionRecord.ExceptionInformation[1]:=currentFrozenState.basic.CR3;
     lpDebugEvent.Exception.ExceptionRecord.ExceptionInformation[2]:=currentFrozenState.basic.FSBASE;
     lpDebugEvent.Exception.ExceptionRecord.ExceptionInformation[3]:=currentFrozenState.basic.GSBASE;
     lpDebugEvent.Exception.ExceptionRecord.ExceptionInformation[4]:=currentFrozenState.basic.GSBASE_KERNEL;
+    lpDebugEvent.Exception.ExceptionRecord.ExceptionInformation[5]:=ifthen<ULONG_PTR>(processCR3<>currentFrozenState.basic.CR3,1,0);
 
     if getClientIDFromDBVMBPState(currentFrozenState, clientID) then
     begin
@@ -159,6 +160,8 @@ function TDBVMDebugInterface.setBreakEvent(var lpDebugEvent: TDebugEvent; frozen
 
       lpDebugEvent.dwThreadId:=lpDebugEvent.dwThreadId and (1 shl 31);
     end;
+
+
   end;
 end;
 
@@ -404,6 +407,7 @@ function TDBVMDebugInterface.GetThreadContext(hThread: THandle; var lpContext: T
     lpContext.Rip:=currentFrozenState.basic.Rip;
 
     lpContext.P1Home:=currentFrozenState.basic.Count;
+    lpContext.P2Home:=currentFrozenState.basic.CR3;
     CopyMemory(@lpContext.FltSave, @currentFrozenState.fpudata,512);
 
     result:=true;