CEServer for Cheat Engine7.4 to perform DMA access to Windows processes
The system in the memory dump only supports 64-bit systems, windows10, windows11
CEServer for raw memory dump file, QEMU/KVM
Usage:
ceserver-rawmem [OPTION...]
-f, --file arg Memory dump file name
--vm arg QEMU/KVM guest name
-p, --port arg CEServer port (default: 8997)
-h, --help Show help
-f parameter only supports complete linear physical memory dump, you can get it through MemProcFS
Run commond
MemProcFS.exe -device win10.core
Copy M:\memory.pmem to your workspace
Open WSL and run command
./ceserver-rawmem -f memory.pmem
Port forwarding for WSL
netsh interface portproxy add v4tov4 listenport=8997 listenaddress=0.0.0.0 connectport=8997 connectaddress=xxx.xxx.xxx.xxx
Open Cheat Engine, connect to localhost:8997
If you have a virtual machine named win10
./ceserver-rawmem --vm win10
Open Cheat Engine, connect to localhost:8997
Environment: Ubuntu22.04 x64
Require:
- CMake >= 3.2.0
- Clang >= 14
- OpenSSL >= 1.1.1
- Zlib >= 1.2.11
- Boost >= 1.74
- Fmt >= 8.1.1
sudo apt-get update
sudo apt-get install -y build-essential zlib1g-dev libssl-dev cmake clang-14 libboost-all-dev libfmt-dev
mkdir build
cd build
cmake .. -DCMAKE_C_COMPILER=clang-14 -DCMAKE_CXX_COMPILER=clang++-14
make -j12
Environment: macOS 13.4.1
brew install cmake
mkdir build
cd build
cmake .. -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++
make
-
Support qemu-kvm, pcileech
-
Write an example of dumping apex game data
-
Make a qemu-kvm cheat
-
memflow: Provides a nice way to get the base address of ntoskrnl.exe
-
query-pdb: Provides a good pdb parsing service
-
cheatengine: Cheat Engine is a development environment focused on modding games and applications for personal use.
-
cxxopts: Lightweight C++ command line option parser
-
MemProcFS: MemProcFS is an easy and convenient way of viewing physical memory as files in a virtual file system.