Deploy site
Lonami Exo totufals@hotmail.com
Sun, 21 Feb 2021 15:43:42 +0100
7 files changed,
641 insertions(+),
68 deletions(-)
M
blog/atom.xml
→
blog/atom.xml
@@ -4,18 +4,372 @@ <title>Lonami's Site - My Blog</title>
<link href="https://lonami.dev/blog/atom.xml" rel="self" type="application/atom+xml"/> <link href="https://lonami.dev/blog/"/> <generator uri="https://www.getzola.org/">Zola</generator> - <updated>2021-02-16T00:00:00+00:00</updated> + <updated>2021-02-19T00:00:00+00:00</updated> <id>https://lonami.dev/blog/atom.xml</id> <entry xml:lang="en"> + <title>Writing our own Cheat Engine: Unknown initial value</title> + <published>2021-02-19T00:00:00+00:00</published> + <updated>2021-02-19T00:00:00+00:00</updated> + <link href="https://lonami.dev/blog/woce-3/" type="text/html"/> + <id>https://lonami.dev/blog/woce-3/</id> + <content type="html"><p>This is part 3 on the <em>Writing our own Cheat Engine</em> series:</p> +<ul> +<li><a href="/blog/woce-1">Part 1: Introduction</a> (start here if you're new to the series!)</li> +<li><a href="/blog/woce-2">Part 2: Exact Value scanning</a></li> +<li>Part 3: Unknown initial value</li> +</ul> +<p>In part 2 we left off with a bit of a cliff-hanger. Our little program is now able to scan for an exact value, remember the couple hundred addresses pointing to said value, and perform subsequent scans to narrow the list of addresses down until we're left with a handful of them.</p> +<p>However, it is not always the case that you have an exact value to work with. The best you can do in these cases is guess what the software might be storing. For example, it could be a floating point for your current movement speed in a game, or an integer for your current health.</p> +<p>The problem with this is that there are far too many possible locations storing our desired value. If you count misaligned locations, this means there is a different location to address every single byte in memory. A program with one megabyte of memory already has a <em>million</em> of addresses. Clearly, we need to do better than performing one million memory reads<sup class="footnote-reference"><a href="#1">1</a></sup>.</p> +<p>This post will shift focus a bit from using <code>winapi</code> to possible techniques to perform the various scans.</p> +<h2 id="unknown-initial-value">Unknown initial value</h2> +<details open><summary>Cheat Engine Tutorial: Step 3</summary> +<blockquote> +<p>Ok, seeing that you've figured out how to find a value using exact value let's move on to the next step.</p> +<p>First things first though. Since you are doing a new scan, you have to click on New Scan first, to start a new scan. (You may think this is straighforward, but you'd be surprised how many people get stuck on that step) I won't be explaining this step again, so keep this in mind +Now that you've started a new scan, let's continue</p> +<p>In the previous test we knew the initial value so we could do a exact value, but now we have a status bar where we don't know the starting value. +We only know that the value is between 0 and 500. And each time you click 'hit me' you lose some health. The amount you lose each time is shown above the status bar.</p> +<p>Again there are several different ways to find the value. (like doing a decreased value by... scan), but I'll only explain the easiest. &quot;Unknown initial value&quot;, and decreased value. +Because you don't know the value it is right now, a exact value wont do any good, so choose as scantype 'Unknown initial value', again, the value type is 4-bytes. (most windows apps use 4-bytes)click first scan and wait till it's done.</p> +<p>When it is done click 'hit me'. You'll lose some of your health. (the amount you lost shows for a few seconds and then disappears, but you don't need that) +Now go to Cheat Engine, and choose 'Decreased Value' and click 'Next Scan' +When that scan is done, click hit me again, and repeat the above till you only find a few.</p> +<p>We know the value is between 0 and 500, so pick the one that is most likely the address we need, and add it to the list. +Now change the health to 5000, to proceed to the next step.</p> +</blockquote> +</details> +<h2 id="dense-memory-locations">Dense memory locations</h2> +<p>The key thing to notice here is that, when we read memory from another process, we do so over <em>entire regions</em>. A memory region is represented by a starting offset, a size, and a bunch of other things like protection level.</p> +<p>When running the first scan for an unknown value, all we need to remember is the starting offset and size for every single region. All the candidate locations that could point to our value fall within this range, so it is enough for us to store the range definition, and not every location within it.</p> +<p>To gain a better understanding of what this means, let's come up with a more specific scenario. With our current approach of doing things, we store an address (<code>usize</code>) for every location pointing to our desired value. In the case of unknown values, all locations are equally valid, since we don't know what value they should point to yet, and any value they point to is good. With this representation, we would end up with a very large vector:</p> +<pre><code class="language-rust" data-lang="rust">let locations = vec![0x2000, 0x2001, ..., 0x20ff, 0x2100]; +</code></pre> +<p>This representation is dense. Every single number in the range <code>0x2000..=0x2100</code> is present. So why bother storing the values individually when the range is enough?:</p> +<pre><code class="language-rust" data-lang="rust">let locations = EntireRegion { range: 0x2000..=0x2100 }; +</code></pre> +<p>Much better! With two <code>usize</code>, one for the starting location and another for the end, we can indicate that we care about all the locations falling in that range.</p> +<p>In fact, some accessible memory regions immediately follow eachother, so we could even compact this further and merge regions which are together. But due to their potential differences with regards to protection levels, we will not attempt to merge regions.</p> +<p>We don't want to get rid of the old way of storing locations, because once we start narrowing them down, we will want to go back to storing just a few candidates. To keep things tidy, let's introduce a new <code>enum</code> representing either possibility:</p> +<pre><code class="language-rust" data-lang="rust">use std::ops::Range; + +pub enum CandidateLocations { + Discrete { + locations: Vec&lt;usize&gt;, + }, + Dense { + range: Range&lt;usize&gt;, + } +} +</code></pre> +<p>Let's also introduce another <code>enum</code> to perform the different scan types. For the time being, we will only worry about looking for <code>i32</code> in memory:</p> +<pre><code class="language-rust" data-lang="rust">pub enum Scan { + Exact(i32), + Unknown, +} +</code></pre> +<h2 id="storing-scanned-values">Storing scanned values</h2> +<p>When scanning for exact values, it's not necessary to store the value found. We already know they're all the same, for example, value <code>42</code>. However, if the value is unknown, we do need to store it so that we can compare it in a subsequent scan to see if the value is the same or it changed. This means the value can be &quot;any within&quot; the read memory chunk:</p> +<pre><code class="language-rust" data-lang="rust">pub enum Value { + Exact(i32), + AnyWithin(Vec&lt;u8&gt;), +} +</code></pre> +<p>For every region in memory, there will be some candidate locations and a value (or value range) we need to compare against in subsequent scans:</p> +<pre><code class="language-rust" data-lang="rust">pub struct Region { + pub info: winapi::um::winnt::MEMORY_BASIC_INFORMATION, + pub locations: CandidateLocations, + pub value: Value, +} +</code></pre> +<p>With all the data structures needed setup, we can finally refactor our old scanning code into a new method capable of dealing with all these cases. For brevity, I will omit the exact scan, as it remains mostly unchanged:</p> +<pre><code class="language-rust" data-lang="rust">use winapi::um::winnt::MEMORY_BASIC_INFORMATION; + +... + +// inside `impl Process` +pub fn scan_regions(&amp;self, regions: &amp;[MEMORY_BASIC_INFORMATION], scan: Scan) -&gt; Vec&lt;Region&gt; { + regions + .iter() + .flat_map(|region| match scan { + Scan::Exact(n) =&gt; todo!(&quot;old scan implementation&quot;), + Scan::Unknown =&gt; { + let base = region.BaseAddress as usize; + match self.read_memory(region.BaseAddress as _, region.RegionSize) { + Ok(memory) =&gt; Some(Region { + info: region.clone(), + locations: CandidateLocations::Dense { + range: base..base + region.RegionSize, + }, + value: Value::AnyWithin(memory), + }), + Err(_) =&gt; None, + } + } + }) + .collect() +} +</code></pre> +<p>Time to try it out!</p> +<pre><code class="language-rust" data-lang="rust">impl CandidateLocations { + pub fn len(&amp;self) -&gt; usize { + match self { + CandidateLocations::Discrete { locations } =&gt; locations.len(), + CandidateLocations::Dense { range } =&gt; range.len(), + } + } +} + +... + +fn main() { + // -snip- + + println!(&quot;Scanning {} memory regions&quot;, regions.len()); + let last_scan = process.scan_regions(&amp;regions, Scan::Unknown); + println!( + &quot;Found {} locations&quot;, + last_scan.iter().map(|r| r.locations.len()).sum::&lt;usize&gt;() + ); +} +</code></pre> +<pre><code>Scanning 88 memory regions +Found 3014656 locations +</code></pre> +<p>If we consider misaligned locations, there is a lot of potential addresses where we could look for. Running the same scan on Cheat Engine yields <code>2,449,408</code> addresses, which is pretty close. It's probably skipping some additional regions that we are considering. Emulating Cheat Engine to perfection is not a concern for us at the moment, so I'm not going to investigate what regions it actually uses.</p> +<h2 id="comparing-scanned-values">Comparing scanned values</h2> +<p>Now that we have performed the initial scan and have stored all the <code>CandidateLocations</code> and <code>Value</code>, we can re-implement the &quot;next scan&quot; step to handle any variant of our <code>Scan</code> enum. This enables us to mix-and-match any <code>Scan</code> mode in any order. For example, one could perform an exact scan, then one for decreased values, or start with unknown scan and scan for unchanged values.</p> +<p>The tutorial suggests using &quot;decreased value&quot; scan, so let's start with that:</p> +<pre><code class="language-rust" data-lang="rust">pub enum Scan { + Exact(i32), + Unknown, + Decreased, // new! +} +</code></pre> +<p>Other scanning modes, such as decreased by a known amount rather than any decrease, increased, unchanged, changed and so on, are not very different from the &quot;decreased&quot; scan, so I won't bore you with the details.</p> +<p>I will use a different method to perform a &quot;rescan&quot;, since the first one is a bit more special in that it doesn't start with any previous values:</p> +<pre><code class="language-rust" data-lang="rust">pub fn rescan_regions(&amp;self, regions: &amp;[Region], scan: Scan) -&gt; Vec&lt;Region&gt; { + regions + .iter() + .flat_map(|region| match scan { + Scan::Decreased =&gt; { + let mut locations = Vec::new(); + match region.locations { + CandidateLocations::Dense { range } =&gt; { + match self.read_memory(range.start, range.end - range.start) { + Ok(memory) =&gt; match region.value { + Value::AnyWithin(previous) =&gt; { + memory + .windows(4) + .zip(previous.windows(4)) + .enumerate() + .step_by(4) + .for_each(|(offset, (new, old))| { + let new = i32::from_ne_bytes([ + new[0], new[1], new[2], new[3], + ]); + let old = i32::from_ne_bytes([ + old[0], old[1], old[2], old[3], + ]); + if new &lt; old { + locations.push(range.start + offset); + } + }); + + Some(Region { + info: region.info.clone(), + locations: CandidateLocations::Discrete { locations }, + value: Value::AnyWithin(memory), + }) + } + _ =&gt; todo!(), + }, + _ =&gt; todo!(), + } + } + _ =&gt; todo!(), + } + } + _ =&gt; todo!(), + }) + .collect() +} +</code></pre> +<p>If you've skimmed over that, I do not blame you. Here's the summary: for every existing region, when executing the scan mode &quot;decreased&quot;, if the previous locations were dense, read the entire memory region. On success, if the previous values were a chunk of memory, iterate over the current and old memory at the same time, and for every aligned <code>i32</code>, if the new value is less, store it.</p> +<p>It's also making me ill. Before I leave a mess on the floor, does it work?</p> +<pre><code class="language-rust" data-lang="rust">std::thread::sleep(std::time::Duration::from_secs(10)); +let last_scan = process.rescan_regions(&amp;last_scan, Scan::Decreased); +println!( + &quot;Found {} locations&quot;, + last_scan.iter().map(|r| r.locations.len()).sum::&lt;usize&gt;() +); +</code></pre> +<pre><code class="language-rust" data-lang="rust">Found 3014656 locations +Found 177 locations +</code></pre> +<p>Okay, great, let's clean up this mess…</p> +<h2 id="refactoring">Refactoring</h2> +<p>Does it also make you uncomfortable to be writing something that you know will end up <em>huge</em> unless you begin refactoring other parts right now? I definitely feel that way. But I think it's good discipline to push through with something that works first, even if it's nasty, before going on a tangent. Now that we have the basic implementation working, let's take on this monster before it eats us alive.</p> +<p>First things first, that method is inside an <code>impl</code> block. The deepest nesting level is 13. I almost have to turn around my chair to read the entire thing out!</p> +<p>Second, we're nesting four matches. Three of them we care about: scan, candidate location, and value. If each of these <code>enum</code> has <code>S</code>, <code>C</code> and <code>V</code> variants respectively, writing each of these by hand will require <code>S * C * V</code> different implementations! Cheat Engine offers 10 different scans, I can think of at least 3 different ways to store candidate locations, and another 3 ways to store the values found. That's <code>10 * 3 * 3 = 90</code> different combinations. I am not willing to write out all these<sup class="footnote-reference"><a href="#2">2</a></sup>, so we need to start introducing some abstractions. Just imagine what a monster function you would end with! The horror!</p> +<p>Third, why is the scan being executed in the process? This is something that should be done in the <code>impl Scan</code> instead!</p> +<p>Let's begin the cleanup:</p> +<pre><code class="language-rust" data-lang="rust">pub fn rescan_regions(&amp;self, regions: &amp;[Region], scan: Scan) -&gt; Vec&lt;Region&gt; { + todo!() +} +</code></pre> +<p>I already feel ten times better.</p> +<p>Now, this method will unconditionally read the entire memory region, even if the scan or the previous candidate locations don't need it<sup class="footnote-reference"><a href="#3">3</a></sup>. In the worst case with a single discrete candidate location, we will be reading a very large chunk of memory when we could have read just the 4 bytes needed for the <code>i32</code>. On the bright side, if there <em>are</em> more locations in this memory region, we will get read of them at the same time<sup class="footnote-reference"><a href="#4">4</a></sup>. So even if we're moving more memory around all the time, it isn't <em>too</em> bad.</p> +<pre><code class="language-rust" data-lang="rust">regions + .iter() + .flat_map( + |region| match self.read_memory(region.info.BaseAddress as _, region.info.RegionSize) { + Ok(memory) =&gt; todo!(), + Err(err) =&gt; { + eprintln!( + &quot;Failed to read {} bytes at {:?}: {}&quot;, + region.info.RegionSize, region.info.BaseAddress, err, + ); + None + } + }, + ) + .collect() +</code></pre> +<p>Great! If reading memory succeeds, we want to rerun the scan:</p> +<pre><code class="language-rust" data-lang="rust">Ok(memory) =&gt; Some(scan.rerun(region, memory)), +</code></pre> +<p>The rerun will live inside <code>impl Scan</code>:</p> +<pre><code class="language-rust" data-lang="rust">pub fn rerun(&amp;self, region: &amp;Region, memory: Vec&lt;u8&gt;) -&gt; Region { + match self { + Scan::Exact(_) =&gt; self.run(region.info.clone(), memory), + Scan::Unknown =&gt; region.clone(), + Scan::Decreased =&gt; todo!(), + } +} +</code></pre> +<p>An exact scan doesn't care about any previous values, so it behaves like a first scan. The first scan is done by the <code>run</code> function (it contains the implementation factored out of the <code>Process::scan_regions</code> method), which only needs the region information and the current memory chunk we just read.</p> +<p>The unknown scan leaves the region unchanged: any value stored is still valid, because it is unknown what we're looking for.</p> +<p>The decreased scan will have to iterate over all the candidate locations, and compare them with the current memory chunk. But this time, we'll abstract this iteration too:</p> +<pre><code class="language-rust" data-lang="rust">impl Region { + fn iter_locations&lt;'a&gt;( + &amp;'a self, + new_memory: &amp;'a [u8], + ) -&gt; impl Iterator&lt;Item = (usize, i32, i32)&gt; + 'a { + match &amp;self.locations { + CandidateLocations::Dense { range } =&gt; range.clone().step_by(4).map(move |addr| { + let old = self.value_at(addr); + let new = i32::from_ne_bytes([ + new_memory[0], + new_memory[1], + new_memory[2], + new_memory[3], + ]); + (addr, old, new) + }), + _ =&gt; todo!(), + } + } +} +</code></pre> +<p>For a dense candidate location, we iterate over all the 4-aligned addresses (fast scan for <code>i32</code> values), and yield <code>(current address, old value, new value)</code>. This way, the <code>Scan</code> can do anything it wants with the old and new values, and if it finds a match, it can use the address.</p> +<p>The <code>value_at</code> method will deal with all the <code>Value</code> variants:</p> +<pre><code class="language-rust" data-lang="rust">fn value_at(&amp;self, addr: usize) -&gt; i32 { + match &amp;self.value { + Value::AnyWithin(chunk) =&gt; { + let base = addr - self.info.BaseAddress as usize; + let bytes = &amp;chunk[base..base + 4]; + i32::from_ne_bytes([bytes[0], bytes[1], bytes[2], bytes[3]]) + } + _ =&gt; todo!(), + } +} +</code></pre> +<p>This way, <code>iter_locations</code> can easily use any value type. With this, we have all <code>enum</code> covered: <code>Scan</code> in <code>rerun</code>, <code>CandidateLocation</code> in <code>iter_locations</code>, and <code>Value</code> in <code>value_at</code>. Now we can add as many variants as we want, and we will only need to update a single <code>match</code> arm for each of them. Let's implement <code>Scan::Decreased</code> and try it out:</p> +<pre><code class="language-rust" data-lang="rust">pub fn rerun(&amp;self, region: &amp;Region, memory: Vec&lt;u8&gt;) -&gt; Region { + match self { + Scan::Decreased =&gt; Region { + info: region.info.clone(), + locations: CandidateLocations::Discrete { + locations: region + .iter_locations(&amp;memory) + .flat_map(|(addr, old, new)| if new &lt; old { Some(addr) } else { None }) + .collect(), + }, + value: Value::AnyWithin(memory), + },, + } +} +</code></pre> +<pre><code>Found 3014656 locations +Found 223791 locations +</code></pre> +<p>Hmm… before we went down from <code>3014656</code> to <code>177</code> locations, and now we went down to <code>223791</code>. Where did we go wrong?</p> +<p>After spending several hours on this, I can tell you where we went wrong. <code>iter_locations</code> is always accessing the memory range <code>0..4</code>, and not the right address. Here's the fix:</p> +<pre><code class="language-rust" data-lang="rust">CandidateLocations::Dense { range } =&gt; range.clone().step_by(4).map(move |addr| { + let old = self.value_at(addr); + let base = addr - self.info.BaseAddress as usize; + let bytes = &amp;new_memory[base..base + 4]; + let new = i32::from_ne_bytes([bytes[0], bytes[1], bytes[2], bytes[3]]); + (addr, old, new) +}), +</code></pre> +<h2 id="going-beyond">Going beyond</h2> +<p>Let's take a look at other possible <code>Scan</code> types. Cheat Engine supports the following initial scan types:</p> +<ul> +<li>Exact Value</li> +<li>Bigger than…</li> +<li>Smaller than…</li> +<li>Value between…</li> +<li>Unknown initial value</li> +</ul> +<p>&quot;Bigger than&quot; and &quot;Smaller than&quot; can both be represented by &quot;Value between&quot;, so it's pretty much just three.</p> +<p>For subsequent scans, in addition to the scan types described above, we find:</p> +<ul> +<li>Increased value</li> +<li>Increased value by…</li> +<li>Decreased value</li> +<li>Decreased value by…</li> +<li>Changed value</li> +<li>Unchanged value</li> +</ul> +<p>Not only does Cheat Engine provide all of these scans, but all of them can also be negated. For example, &quot;find values that were not increased by 7&quot;. One could imagine to also support things like &quot;increased value by range&quot;. For the increased and decreased scans, Cheat Engine also supports &quot;at least xx%&quot;, so that if the value changed within the specified percentage interval, it will be considered.</p> +<p>What about <code>CandidateLocations</code>? I can't tell you how Cheat Engine stores these, but I can tell you that <code>CandidateLocations::Discrete</code> can still be quite inefficient. Imagine you've started with a scan for unknown values and then ran a scan for unchanged valueus. Most values in memory will have been unchanged, but with our current implementation, we are now storing an entire <code>usize</code> address for each of these. One option would be to introduce <code>CandidateLocations::Sparse</code>, which would be a middle ground. You could implement it like <code>Dense</code> and include a vector of booleans telling you which values to consider, or go smaller and use a bitstring or bit vector. You could use a sparse vector data structure.</p> +<p><code>Value</code> is very much like <code>CandidateLocations</code>, except that it stores a value to compare against and not an address. Here we can either have an exact value, or an older copy of the memory. Again, keeping a copy of the entire memory chunk when all we need is a handful of values is inefficient. You could keep a mapping from addresses to values if you don't have too many. Or you could shrink and fragment the copied memory in a more optimal way. There's a lot of room for improvement!</p> +<p>What if, despite all of the efforts above, we still don't have enough RAM to store all this information? The Cheat Engine Tutorial doesn't use a lot of memory, but as soon as you try scanning bigger programs, like games, you may find yourself needing several gigabytes worth of memory to remember all the found values in order to compare them in subsequent scans. You may even need to consider dumping all the regions to a file and read from it to run the comparisons. For example, running a scan for &quot;unknown value&quot; in Cheat Engine brings its memory up by the same amount of memory used by the process scanned (which makes sense), but as soon as I ran a scan for &quot;unchanged value&quot; over the misaligned values, Cheat Engine's disk usage skyrocketed to 1GB/s (!) for several seconds on my SSD. After it finished, memory usage went down to normal. It was very likely writing out all candidate locations to disk.</p> +<h2 id="finale">Finale</h2> +<p>There is a lot of things to learn from Cheat Engine just by observing its behaviour, and we're only scratching its surface.</p> +<p>In the next post, we'll tackle the fourth step of the tutorial: Floating points. So far, we have only been working with <code>i32</code> for simplicity. We will need to update our code to be able to account for different data types, which will make it easy to support other types like <code>i16</code>, <code>i64</code>, or even strings, represented as an arbitrary sequence of bytes.</p> +<p>As usual, you can <a href="https://github.com/lonami/memo">obtain the code for this post</a> over at my GitHub. You can run <code>git checkout step3</code> after cloning the repository to get the right version of the code. This version is a bit cleaner than the one presented in the blog, and contains some of the things described in the <a href="https://lonami.dev/blog/woce-3/#going-beyond">Going beyond</a> section. Until next time!</p> +<h3 id="footnotes">Footnotes</h3> +<div class="footnote-definition" id="1"><sup class="footnote-definition-label">1</sup> +<p>Well, technically, we will perform a million memory reads<sup class="footnote-reference"><a href="#5">5</a></sup>. The issue here is the million calls to <code>ReadProcessMemory</code>, not reading memory per se.</p> +</div> +<div class="footnote-definition" id="2"><sup class="footnote-definition-label">2</sup> +<p>Not currently. After a basic implementation works, writing each implementation by hand and fine-tuning them by treating each of them as a special case could yield significant speed improvements. So although it would be a lot of work, this option shouldn't be ruled out completely.</p> +</div> +<div class="footnote-definition" id="3"><sup class="footnote-definition-label">3</sup> +<p>You could ask the candidate locations where one should read, which would still keep the code reasonably simple.</p> +</div> +<div class="footnote-definition" id="4"><sup class="footnote-definition-label">4</sup> +<p>You could also optimize for this case by determining both the smallest and largest address, and reading enough to cover them both. Or apply additional heuristics to only do so if the ratio of the size you're reading compared to the size you need isn't too large and abort the joint read otherwise. There is a lot of room for optimization here.</p> +</div> +<div class="footnote-definition" id="5"><sup class="footnote-definition-label">5</sup> +<p>(A footnote in a footnote?) The machine registers, memory cache and compiler will all help lower this cost, so the generated executable might not actually need that many reads from RAM. But that's getting way too deep into the details now.</p> +</div> +</content> + </entry> + <entry xml:lang="en"> <title>Writing our own Cheat Engine: Exact Value scanning</title> <published>2021-02-12T00:00:00+00:00</published> - <updated>2021-02-16T00:00:00+00:00</updated> + <updated>2021-02-19T00:00:00+00:00</updated> <link href="https://lonami.dev/blog/woce-2/" type="text/html"/> <id>https://lonami.dev/blog/woce-2/</id> <content type="html"><p>This is part 2 on the <em>Writing our own Cheat Engine</em> series:</p> <ul> <li><a href="/blog/woce-1">Part 1: Introduction</a> (start here if you're new to the series!)</li> <li>Part 2: Exact Value scanning</li> +<li><a href="/blog/woce-3">Part 3: Unknown initial value</a></li> </ul> <p>In the introduction, we spent a good deal of time enumerating all running processes just so we could find out the pid we cared about. With the pid now in our hands, we can do pretty much anything to its corresponding process.</p> <p>It's now time to read the process' memory and write to it. If our process was a single-player game, this would enable us to do things like setting a very high value on the player's current health pool, making us invincible. This technique will often not work for multi-player games, because the server likely knows your true current health (the most you could probably do is make the client render an incorrect value). However, if the server is crappy and it trusts the client, then you're still free to mess around with your current health.</p>@@ -334,7 +688,7 @@ locations.retain(...);
} </code></pre> <h2 id="modifying-memory">Modifying memory</h2> -<p>Now that we have very likely locations pointing to our current health in memory, all that's left is writing our new desired value to gain infinite health<sup class="footnote-reference"><a href="#9">9</a></sup>. Much like there's a call to <code>ReadProcessMemory</code>, there's a different one to <a href="https://docs.microsoft.com/en-us/windows/win32/api/memoryapi/nf-memoryapi-writeprocessmemory"><code>WriteProcessMemory</code></a>. Its usage is straightforward:</p> +<p>Now that we have very likely locations pointing to our current health in memory, all that's left is writing our new desired value to gain infinite health<sup class="footnote-reference"><a href="#9">9</a></sup>. Much like how we're able to read memory with <code>ReadProcessMemory</code>, we can write to it with <a href="https://docs.microsoft.com/en-us/windows/win32/api/memoryapi/nf-memoryapi-writeprocessmemory"><code>WriteProcessMemory</code></a>. Its usage is straightforward:</p> <pre><code class="language-rust" data-lang="rust">pub fn write_memory(&amp;self, addr: usize, value: &amp;[u8]) -&gt; io::Result&lt;usize&gt; { let mut written = 0;@@ -428,13 +782,14 @@ </entry>
<entry xml:lang="en"> <title>Writing our own Cheat Engine: Introduction</title> <published>2021-02-07T00:00:00+00:00</published> - <updated>2021-02-16T00:00:00+00:00</updated> + <updated>2021-02-19T00:00:00+00:00</updated> <link href="https://lonami.dev/blog/woce-1/" type="text/html"/> <id>https://lonami.dev/blog/woce-1/</id> <content type="html"><p>This is part 1 on the <em>Writing our own Cheat Engine</em> series:</p> <ul> <li>Part 1: Introduction</li> <li><a href="/blog/woce-2">Part 2: Exact Value scanning</a></li> +<li><a href="/blog/woce-3">Part 3: Unknown initial value</a></li> </ul> <p><a href="https://cheatengine.org/">Cheat Engine</a> is a tool designed to modify single player games and contains other useful tools within itself that enable its users to debug games or other applications. It comes with a memory scanner, (dis)assembler, inspection tools and a handful other things. In this series, we will be writing our own tiny Cheat Engine capable of solving all steps of the tutorial, and diving into how it all works underneath.</p> <p>Needless to say, we're doing this for private and educational purposes only. One has to make sure to not violate the EULA or ToS of the specific application we're attaching to. This series, much like cheatengine.org, does not condone the illegal use of the code shared.</p>@@ -1984,94 +2339,95 @@ </entry>
<entry xml:lang="en"> <title>Atemporal Blog Posts</title> <published>2018-02-03T00:00:00+00:00</published> - <updated>2018-02-03T00:00:00+00:00</updated> + <updated>2021-02-19T00:00:00+00:00</updated> <link href="https://lonami.dev/blog/posts/" type="text/html"/> <id>https://lonami.dev/blog/posts/</id> <content type="html"><p>These are some interesting posts and links I've found around the web. I believe they are quite interesting and nice reads, so if you have the time, I encourage you to check some out.</p> <h2 id="algorithms">Algorithms</h2> <ul> -<li>http://www.tannerhelland.com/4660/dithering-eleven-algorithms-source-code/. Image Dithering: Eleven Algorithms and Source Code. What does it mean and how to achieve it?</li> -<li>https://cristian.io/post/bloom-filters/. Idempotence layer on bloom filters. What are they and how can they help?</li> -<li>https://en.wikipedia.org/wiki/Huffman_coding. Huffman coding. This encoding is a simple yet interesting way of compressing information.</li> -<li>https://github.com/mxgmn/WaveFunctionCollapse. Wave Function Collapse. Bitmap &amp; tilemap generation from a single example with the help of ideas from quantum mechanics.</li> -<li>https://blog.nelhage.com/2015/02/regular-expression-search-with-suffix-arrays/. Regular Expression Search with Suffix Arrays. A way to efficiently search large amounts of text.</li> +<li><a href="http://www.tannerhelland.com/4660/dithering-eleven-algorithms-source-code/">Image Dithering: Eleven Algorithms and Source Code</a>. What does it mean and how to achieve it?</li> +<li><a href="https://cristian.io/post/bloom-filters/">Idempotence layer on bloom filters</a>. What are they and how can they help?</li> +<li><a href="https://en.wikipedia.org/wiki/Huffman_coding">Huffman coding</a>. This encoding is a simple yet interesting way of compressing information.</li> +<li><a href="https://github.com/mxgmn/WaveFunctionCollapse">Wave Function Collapse</a>. Bitmap &amp; tilemap generation from a single example with the help of ideas from quantum mechanics.</li> +<li><a href="https://blog.nelhage.com/2015/02/regular-expression-search-with-suffix-arrays/">Regular Expression Search with Suffix Arrays</a>. A way to efficiently search large amounts of text.</li> </ul> <h2 id="culture">Culture</h2> <ul> -<li>https://www.wired.com/story/ideas-joi-ito-robot-overlords/. Why Westerners Fear Robots and the Japanese Do Not. Explains some possible reasons for this case.</li> -<li>http://catb.org/~esr/faqs/smart-questions.html. How To Ask Questions The Smart Way. Some bits of hacker culture and amazing tips on how to ask a question.</li> -<li>http://apenwarr.ca/log/?m=201809#14. XML, blockchains, and the strange shapes of progress. Some of history about XML and blockchain.</li> -<li>https://czep.net/17/legion-of-lobotomized-unices.html. Legion of lobotomized unices. A time where computers are treated a lot more nicely.</li> -<li>https://eli.thegreenplace.net/2016/the-expression-problem-and-its-solutions/. The Expression Problem and its solutions. What is it and what can we do to solve it?</li> -<li>http://allendowney.blogspot.com/2015/08/the-inspection-paradox-is-everywhere.html. The Inspection Paradox is Everywhere. Interesting and very common phenomena.</li> -<li>https://github.com/ChrisKnott/Algojammer. An experimental code editor for writing algorithms. Contains several links to different tools for reverse debugging.</li> -<li>http://habitatchronicles.com/2017/05/what-are-capabilities/. What Are Capabilities? Good ideas with great security implications.</li> -<li>https://blog.aurynn.com/2015/12/16-contempt-culture. Contempt Culture. Or why you should not speak crap about your non-favourite programming languages.</li> -<li>https://www.lesswrong.com/posts/tscc3e5eujrsEeFN4/well-kept-gardens-die-by-pacifism. Well-Kept Gardens Die By Pacifism. Risks any online community can run into.</li> -<li>https://ncase.me/. It's Nicky Case! They make some cool things worth checking out, I really like &quot;we become what we behold&quot;.</li> +<li><a href="https://www.wired.com/story/ideas-joi-ito-robot-overlords/">Why Westerners Fear Robots and the Japanese Do Not</a>. Explains some possible reasons for this case.</li> +<li><a href="http://catb.org/%7Eesr/faqs/smart-questions.html">How To Ask Questions The Smart Way</a>. Some bits of hacker culture and amazing tips on how to ask a question.</li> +<li><a href="http://apenwarr.ca/log/?m=201809#14">XML, blockchains, and the strange shapes of progress</a>. Some of history about XML and blockchain.</li> +<li><a href="https://czep.net/17/legion-of-lobotomized-unices.html">Legion of lobotomized unices</a>. A time where computers are treated a lot more nicely.</li> +<li><a href="https://eli.thegreenplace.net/2016/the-expression-problem-and-its-solutions/">The Expression Problem and its solutions</a>. What is it and what can we do to solve it?</li> +<li><a href="http://allendowney.blogspot.com/2015/08/the-inspection-paradox-is-everywhere.html">The Inspection Paradox is Everywhere</a>. Interesting and very common phenomena.</li> +<li><a href="https://github.com/ChrisKnott/Algojammer">An experimental code editor for writing algorithms</a>. Contains several links to different tools for reverse debugging.</li> +<li><a href="http://habitatchronicles.com/2017/05/what-are-capabilities/">What Are Capabilities?</a> Good ideas with great security implications.</li> +<li><a href="https://blog.aurynn.com/2015/12/16-contempt-culture">Contempt Culture</a>. Or why you should not speak crap about your non-favourite programming languages.</li> +<li><a href="https://www.lesswrong.com/posts/tscc3e5eujrsEeFN4/well-kept-gardens-die-by-pacifism">Well-Kept Gardens Die By Pacifism</a>. Risks any online community can run into.</li> +<li><a href="https://ncase.me/">It's Nicky Case!</a> They make some cool things worth checking out, I really like &quot;we become what we behold&quot;.</li> </ul> <h2 id="debate">Debate</h2> <ul> -<li>https://steemit.com/opensource/@crell/open-source-is-awful. Open Source is awful. Has some points about why is it bad and how it could improve.</li> -<li>http://www.mondo2000.com/2018/01/17/pink-lexical-goop-dark-side-autocorrect/. Pink Lexical Goop: The Dark Side of Autocorrect. It can shape how you think.</li> -<li>http://blog.ploeh.dk/2015/08/03/idiomatic-or-idiosyncratic/. Idiomatic or idiosyncratic? Can porting code constructs from other languages have a positive effect?</li> -<li>https://gamasutra.com/view/news/169296/Indepth_Functional_programming_in_C.php. In-depth: Functional programming in C++. Is it useful to bother with functional concepts in a language like C++?</li> -<li>https://vorpus.org/blog/notes-on-structured-concurrency-or-go-statement-considered-harmful/. Notes on structured concurrency, or: Go statement considered harmful.</li> -<li>https://queue.acm.org/detail.cfm?id=3212479. C Is Not a Low-level Language. Could there be alternative programming models designed for more specialized CPUs?</li> +<li><a href="https://steemit.com/opensource/@crell/open-source-is-awful">Open Source is awful</a>. Has some points about why is it bad and how it could improve.</li> +<li><a href="http://www.mondo2000.com/2018/01/17/pink-lexical-goop-dark-side-autocorrect/">Pink Lexical Goop: The Dark Side of Autocorrect</a>. It can shape how you think.</li> +<li><a href="http://blog.ploeh.dk/2015/08/03/idiomatic-or-idiosyncratic/">Idiomatic or idiosyncratic?</a> Can porting code constructs from other languages have a positive effect?</li> +<li><a href="https://gamasutra.com/view/news/169296/Indepth_Functional_programming_in_C.php">In-depth: Functional programming in C++</a>. Is it useful to bother with functional concepts in a language like C++?</li> +<li><a href="https://vorpus.org/blog/notes-on-structured-concurrency-or-go-statement-considered-harmful/">Notes on structured concurrency, or: Go statement considered harmful</a>.</li> +<li><a href="https://queue.acm.org/detail.cfm?id=3212479">C Is Not a Low-level Language</a>. Could there be alternative programming models designed for more specialized CPUs?</li> </ul> <h2 id="food-for-thought">Food for Thought</h2> <ul> -<li>https://www.hillelwayne.com/post/divide-by-zero/. 1/0 = 0. Explores why it makes sense to redefine mathemathics under some circumstances, and why it is possible to do so.</li> -<li>https://jeremykun.com/2018/04/13/for-mathematicians-does-not-mean-equality/. For mathematicians, = does not mean equality. What other definitions does the equal sign have?</li> -<li>https://www.lesswrong.com/posts/2MD3NMLBPCqPfnfre/cached-thoughts. Cached Thoughts. How is it possible that our brains work at all?</li> -<li>http://tonsky.me/blog/disenchantment/. Software disenchantment. Faster hardware and slower software is a trend. +<li><a href="https://www.hillelwayne.com/post/divide-by-zero/">1/0 = 0</a>. Explores why it makes sense to redefine mathemathics under some circumstances, and why it is possible to do so.</li> +<li><a href="https://jeremykun.com/2018/04/13/for-mathematicians-does-not-mean-equality/">For mathematicians, = does not mean equality</a>. What other definitions does the equal sign have?</li> +<li><a href="https://www.lesswrong.com/posts/2MD3NMLBPCqPfnfre/cached-thoughts">Cached Thoughts</a>. How is it possible that our brains work at all?</li> +<li><a href="http://tonsky.me/blog/disenchantment/">Software disenchantment</a>. Faster hardware and slower software is a trend. <ul> -<li>https://blackhole12.com/blog/software-engineering-is-bad-but-it-s-not-that-bad/. Software Engineering Is Bad, But That's Not Why. This post has some good counterpoints to Software disenchantment.</li> +<li><a href="https://blackhole12.com/blog/software-engineering-is-bad-but-it-s-not-that-bad/">Software Engineering Is Bad, But That's Not Why</a>. This post has some good counterpoints to Software disenchantment.</li> </ul> </li> -<li>http://journal.stuffwithstuff.com/2015/02/01/what-color-is-your-function/. What Color is Your Function? Spoiler: can we approach asynchronous IO better?</li> -<li>https://hackernoon.com/im-harvesting-credit-card-numbers-and-passwords-from-your-site-here-s-how-9a8cb347c5b5. I'm harvesting credit card numbers and passwords from your site. A word of warning when mindlessly adding dependencies.</li> -<li>https://medium.com/message/everything-is-broken-81e5f33a24e1. Everything Is Broken. Some of the (probable) truths about our world.</li> +<li><a href="http://journal.stuffwithstuff.com/2015/02/01/what-color-is-your-function/">What Color is Your Function?</a>. Spoiler: can we approach asynchronous IO better?</li> +<li><a href="https://hackernoon.com/im-harvesting-credit-card-numbers-and-passwords-from-your-site-here-s-how-9a8cb347c5b5">I'm harvesting credit card numbers and passwords from your site</a>. A word of warning when mindlessly adding dependencies.</li> +<li><a href="https://medium.com/message/everything-is-broken-81e5f33a24e1">Everything Is Broken</a>. Some of the (probable) truths about our world.</li> +<li><a href="http://johnsalvatier.org/blog/2017/reality-has-a-surprising-amount-of-detail">Reality has a surprising amount of detail</a>.</li> </ul> <h2 id="funny">Funny</h2> <ul> -<li>http://thedailywtf.com/articles/We-Use-BobX. We Use BobX. BobX.</li> -<li>http://thedailywtf.com/articles/the-inner-json-effect. The Inner JSON Effect. For some reason, custom languages are in.</li> -<li>https://thedailywtf.com/articles/exponential-backup. Exponential Backup. Far better than git.</li> -<li>https://thedailywtf.com/articles/ITAPPMONROBOT. ITAPPMONROBOT. Solving software problems with hardware.</li> -<li>https://thedailywtf.com/articles/a-tapestry-of-threads. A Tapestry of Threads.More threads must mean faster code, right?</li> -<li>https://medium.com/commitlog/a-brief-totally-accurate-history-of-programming-languages-cd93ec806124. A Brief Totally Accurate History Of Programming Languages. Don't take offense for it!</li> +<li><a href="http://thedailywtf.com/articles/We-Use-BobX">We Use BobX</a>. BobX.</li> +<li><a href="http://thedailywtf.com/articles/the-inner-json-effect">The Inner JSON Effect</a>. For some reason, custom languages are in.</li> +<li><a href="https://thedailywtf.com/articles/exponential-backup">Exponential Backup</a>. Far better than git.</li> +<li><a href="https://thedailywtf.com/articles/ITAPPMONROBOT">ITAPPMONROBOT</a>. Solving software problems with hardware.</li> +<li><a href="https://thedailywtf.com/articles/a-tapestry-of-threads">A Tapestry of Threads</a>. More threads must mean faster code, right?</li> +<li><a href="https://medium.com/commitlog/a-brief-totally-accurate-history-of-programming-languages-cd93ec806124">A Brief Totally Accurate History Of Programming Languages</a>. Don't take offense for it!</li> </ul> <h2 id="graphics">Graphics</h2> <ul> -<li>http://shaunlebron.github.io/visualizing-projections/. Visualizing Projections. Small post about different projection methods.</li> -<li>http://www.iquilezles.org/www/index.htm. A <em>lot</em> of useful and quality articles regarding computer graphics.</li> +<li><a href="http://shaunlebron.github.io/visualizing-projections/">Visualizing Projections</a>. Small post about different projection methods.</li> +<li><a href="http://www.iquilezles.org/www/index.htm">Inigo Quilez :: fractals, computer graphics, mathematics, shaders, demoscene and more</a> A <em>lot</em> of useful and quality articles regarding computer graphics.</li> </ul> <h2 id="history">History</h2> <ul> -<li>https://twobithistory.org/2018/08/18/ada-lovelace-note-g.html. What Did Ada Lovelace's Program Actually Do?. And other characters that took part in the beginning's of programming.</li> -<li>https://chrisdown.name/2018/01/02/in-defence-of-swap.html. In defence of swap: common misconceptions. Swap is still an useful concept.</li> -<li>https://www.pacifict.com/Story/. The Graphing Calculator Story. A great classic Apple tale.</li> -<li>https://twobithistory.org/2018/10/14/lisp.html. How Lisp Became God's Own Programming Language. Lisp as a foundational programming language.</li> +<li><a href="https://twobithistory.org/2018/08/18/ada-lovelace-note-g.html">What Did Ada Lovelace's Program Actually Do?</a>. And other characters that took part in the beginning's of programming.</li> +<li><a href="https://chrisdown.name/2018/01/02/in-defence-of-swap.html">In defence of swap: common misconceptions</a>. Swap is still an useful concept.</li> +<li><a href="https://www.pacifict.com/Story/">The Graphing Calculator Story</a>. A great classic Apple tale.</li> +<li><a href="https://twobithistory.org/2018/10/14/lisp.html">How Lisp Became God's Own Programming Language</a>. Lisp as a foundational programming language.</li> </ul> <h2 id="motivational">Motivational</h2> <ul> -<li>https://www.joelonsoftware.com/2002/01/06/fire-and-motion/. Fire And Motion. What does actually take to get things done?</li> -<li>https://realmensch.org/2017/08/25/the-parable-of-the-two-programmers/. The Parable of the Two Programmers. This tale is about two different types of programmer and their respective endings in a company, illustrating how the one you wouldn't expect to actually ends in a better situation.</li> -<li>https://byorgey.wordpress.com/2018/05/06/conversations-with-a-six-year-old-on-functional-programming/. Conversations with a six-year-old on functional programming. Little kids today can be really interested in technological topics.</li> -<li>https://bulletproofmusician.com/how-many-hours-a-day-should-you-practice/. How Many Hours a Day Should You Practice?. While the article is about music, it applies to any other areas.</li> -<li>http://nathanmarz.com/blog/suffering-oriented-programming.html. Suffering-oriented programming. A possibly new approach on how you could tackle your new projects.</li> -<li>https://www.joelonsoftware.com/2000/04/06/things-you-should-never-do-part-i/. Things You Should Never Do, Part I. There is no need to rewrite your code.</li> +<li><a href="https://www.joelonsoftware.com/2002/01/06/fire-and-motion/">Fire And Motion</a>. What does actually take to get things done?</li> +<li><a href="https://realmensch.org/2017/08/25/the-parable-of-the-two-programmers/">The Parable of the Two Programmers</a>. This tale is about two different types of programmer and their respective endings in a company, illustrating how the one you wouldn't expect to actually ends in a better situation.</li> +<li><a href="https://byorgey.wordpress.com/2018/05/06/conversations-with-a-six-year-old-on-functional-programming/">Conversations with a six-year-old on functional programming</a>. Little kids today can be really interested in technological topics.</li> +<li><a href="https://bulletproofmusician.com/how-many-hours-a-day-should-you-practice/">How Many Hours a Day Should You Practice?</a>. While the article is about music, it applies to any other areas.</li> +<li><a href="http://nathanmarz.com/blog/suffering-oriented-programming.html">Suffering-oriented programming</a>. A possibly new approach on how you could tackle your new projects.</li> +<li><a href="https://www.joelonsoftware.com/2000/04/06/things-you-should-never-do-part-i/">Things You Should Never Do, Part I</a>. There is no need to rewrite your code.</li> </ul> <h2 id="optimization">Optimization</h2> <ul> -<li>http://blog.llvm.org/2011/05/what-every-c-programmer-should-know.html. What Every C Programmer Should Know About Undefined Behavior #1/3. Explains what undefined behaviour is and why it makes sense.</li> -<li>http://ridiculousfish.com/blog/posts/labor-of-division-episode-i.html. Labor of Division (Episode I). Some tricks to divide without division.</li> -<li>http://blog.moertel.com/posts/2013-12-14-great-old-timey-game-programming-hack.html. A Great Old-Timey Game-Programming Hack. Abusing instructions to make games playable even on the slowest hardware.</li> -<li>https://web.archive.org/web/20191213224640/https://people.eecs.berkeley.edu/~sangjin/2012/12/21/epoll-vs-kqueue.html. Scalable Event Multiplexing: epoll vs kqueue. How good OS primitives can really help performance and scability.</li> -<li>https://adamdrake.com/command-line-tools-can-be-235x-faster-than-your-hadoop-cluster.html. Command-line Tools can be 235x Faster than your Hadoop Cluster. Or how to use the right tool for the right job.</li> -<li>https://nullprogram.com/blog/2018/05/27/. When FFI Function Calls Beat Native C. How lua beat C at it and the explanation behind it.</li> -<li>http://igoro.com/archive/gallery-of-processor-cache-effects/. Gallery of Processor Cache Effects. Knowing a few things about the cache can make a big difference.</li> +<li><a href="http://blog.llvm.org/2011/05/what-every-c-programmer-should-know.html">What Every C Programmer Should Know About Undefined Behavior #1/3</a>. Explains what undefined behaviour is and why it makes sense.</li> +<li><a href="http://ridiculousfish.com/blog/posts/labor-of-division-episode-i.html">Labor of Division (Episode I)</a>. Some tricks to divide without division.</li> +<li><a href="http://blog.moertel.com/posts/2013-12-14-great-old-timey-game-programming-hack.html">A Great Old-Timey Game-Programming Hack</a>. Abusing instructions to make games playable even on the slowest hardware.</li> +<li><a href="https://web.archive.org/web/20191213224640/https://people.eecs.berkeley.edu/%7Esangjin/2012/12/21/epoll-vs-kqueue.html">Scalable Event Multiplexing: epoll vs kqueue</a>. How good OS primitives can really help performance and scability.</li> +<li><a href="https://adamdrake.com/command-line-tools-can-be-235x-faster-than-your-hadoop-cluster.html">Command-line Tools can be 235x Faster than your Hadoop Cluster</a>. Or how to use the right tool for the right job.</li> +<li><a href="https://nullprogram.com/blog/2018/05/27/">When FFI Function Calls Beat Native C</a>. How lua beat C at it and the explanation behind it.</li> +<li><a href="http://igoro.com/archive/gallery-of-processor-cache-effects/">Gallery of Processor Cache Effects</a>. Knowing a few things about the cache can make a big difference.</li> </ul> </content> </entry>
M
blog/index.html
→
blog/index.html
@@ -1,4 +1,4 @@
-<!DOCTYPE html><html lang=en><head><meta charset=utf-8><meta name=description content="Official Lonami's website"><meta name=viewport content="width=device-width, initial-scale=1.0, user-scalable=yes"><title> Lonami's Blog </title><link rel=stylesheet href=/style.css><body><article><nav class=sections><ul class=left><li><a href=/>lonami's site</a><li><a href=/blog class=selected>blog</a><li><a href=/golb>golb</a></ul><div class=right><a href=https://github.com/LonamiWebs><img src=/img/github.svg alt=github></a><a href=/blog/atom.xml><img src=/img/rss.svg alt=rss></a></div></nav><main><h1 class=title>My Blog</h1><p id=welcome onclick=pls_stop()>Welcome to my blog!<p>Here I occasionally post new entries, mostly tech related. Perhaps it's tips for a new game I'm playing, perhaps it has something to do with FFI, or perhaps I'm fighting the borrow checker (just kidding, I'm over that. Mostly).<hr><ul><li><a href=https://lonami.dev/blog/woce-2/>Writing our own Cheat Engine: Exact Value scanning</a><span class=dim> [mod sw; 'windows, 'rust, 'hacking] </span><li><a href=https://lonami.dev/blog/woce-1/>Writing our own Cheat Engine: Introduction</a><span class=dim> [mod sw; 'windows, 'rust, 'hacking] </span><li><a href=https://lonami.dev/blog/university/>Data Mining, Warehousing and Information Retrieval</a><span class=dim> [mod algos; 'series, 'bigdata, 'databases] </span><li><a href=https://lonami.dev/blog/new-computer/>My new computer</a><span class=dim> [mod hw; 'showoff] </span><li><a href=https://lonami.dev/blog/tips-outpost/>Tips for Outpost</a><span class=dim> [mod games; 'tips] </span><li><a href=https://lonami.dev/blog/ctypes-and-windows/>Python ctypes and Windows</a><span class=dim> [mod sw; 'python, 'ffi, 'windows] </span><li><a href=https://lonami.dev/blog/pixel-dungeon/>Shattered Pixel Dungeon</a><span class=dim> [mod games; 'tips] </span><li><a href=https://lonami.dev/blog/installing-nixos-2/>Installing NixOS, Take 2</a><span class=dim> [mod sw; 'os, 'nixos] </span><li><a href=https://lonami.dev/blog/breaking-ror/>Breaking Risk of Rain</a><span class=dim> [mod games; 'tips] </span><li><a href=https://lonami.dev/blog/world-edit/>WorldEdit Commands</a><span class=dim> [mod games; 'minecraft, 'worldedit, 'tips] </span><li><a href=https://lonami.dev/blog/asyncio/>An Introduction to Asyncio</a><span class=dim> [mod sw; 'python, 'asyncio] </span><li><a href=https://lonami.dev/blog/posts/>Atemporal Blog Posts</a><span class=dim> [mod algos; 'algorithms, 'culture, 'debate, 'foodforthought, 'graphics, 'optimization] </span><li><a href=https://lonami.dev/blog/graphs/>Graphs</a><span class=dim> [mod algos; 'graphs] </span><li><a href=https://lonami.dev/blog/installing-nixos/>Installing NixOS</a><span class=dim> [mod sw; 'os, 'nixos] </span></ul><script> +<!DOCTYPE html><html lang=en><head><meta charset=utf-8><meta name=description content="Official Lonami's website"><meta name=viewport content="width=device-width, initial-scale=1.0, user-scalable=yes"><title> Lonami's Blog </title><link rel=stylesheet href=/style.css><body><article><nav class=sections><ul class=left><li><a href=/>lonami's site</a><li><a href=/blog class=selected>blog</a><li><a href=/golb>golb</a></ul><div class=right><a href=https://github.com/LonamiWebs><img src=/img/github.svg alt=github></a><a href=/blog/atom.xml><img src=/img/rss.svg alt=rss></a></div></nav><main><h1 class=title>My Blog</h1><p id=welcome onclick=pls_stop()>Welcome to my blog!<p>Here I occasionally post new entries, mostly tech related. Perhaps it's tips for a new game I'm playing, perhaps it has something to do with FFI, or perhaps I'm fighting the borrow checker (just kidding, I'm over that. Mostly).<hr><ul><li><a href=https://lonami.dev/blog/woce-3/>Writing our own Cheat Engine: Unknown initial value</a><span class=dim> [mod sw; 'windows, 'rust, 'hacking] </span><li><a href=https://lonami.dev/blog/woce-2/>Writing our own Cheat Engine: Exact Value scanning</a><span class=dim> [mod sw; 'windows, 'rust, 'hacking] </span><li><a href=https://lonami.dev/blog/woce-1/>Writing our own Cheat Engine: Introduction</a><span class=dim> [mod sw; 'windows, 'rust, 'hacking] </span><li><a href=https://lonami.dev/blog/university/>Data Mining, Warehousing and Information Retrieval</a><span class=dim> [mod algos; 'series, 'bigdata, 'databases] </span><li><a href=https://lonami.dev/blog/new-computer/>My new computer</a><span class=dim> [mod hw; 'showoff] </span><li><a href=https://lonami.dev/blog/tips-outpost/>Tips for Outpost</a><span class=dim> [mod games; 'tips] </span><li><a href=https://lonami.dev/blog/ctypes-and-windows/>Python ctypes and Windows</a><span class=dim> [mod sw; 'python, 'ffi, 'windows] </span><li><a href=https://lonami.dev/blog/pixel-dungeon/>Shattered Pixel Dungeon</a><span class=dim> [mod games; 'tips] </span><li><a href=https://lonami.dev/blog/installing-nixos-2/>Installing NixOS, Take 2</a><span class=dim> [mod sw; 'os, 'nixos] </span><li><a href=https://lonami.dev/blog/breaking-ror/>Breaking Risk of Rain</a><span class=dim> [mod games; 'tips] </span><li><a href=https://lonami.dev/blog/world-edit/>WorldEdit Commands</a><span class=dim> [mod games; 'minecraft, 'worldedit, 'tips] </span><li><a href=https://lonami.dev/blog/asyncio/>An Introduction to Asyncio</a><span class=dim> [mod sw; 'python, 'asyncio] </span><li><a href=https://lonami.dev/blog/posts/>Atemporal Blog Posts</a><span class=dim> [mod algos; 'algorithms, 'culture, 'debate, 'foodforthought, 'graphics, 'optimization] </span><li><a href=https://lonami.dev/blog/graphs/>Graphs</a><span class=dim> [mod algos; 'graphs] </span><li><a href=https://lonami.dev/blog/installing-nixos/>Installing NixOS</a><span class=dim> [mod sw; 'os, 'nixos] </span></ul><script> const WELCOME_EN = 'Welcome to my blog!' const WELCOME_ES = '¡Bienvenido a mi blog!' const APOLOGIES = "ok sorry i'll stop"
M
blog/posts/index.html
→
blog/posts/index.html
@@ -1,1 +1,1 @@
-<!DOCTYPE html><html lang=en><head><meta charset=utf-8><meta name=description content="Official Lonami's website"><meta name=viewport content="width=device-width, initial-scale=1.0, user-scalable=yes"><title> Atemporal Blog Posts | Lonami's Blog </title><link rel=stylesheet href=/style.css><body><article><nav class=sections><ul class=left><li><a href=/>lonami's site</a><li><a href=/blog class=selected>blog</a><li><a href=/golb>golb</a></ul><div class=right><a href=https://github.com/LonamiWebs><img src=/img/github.svg alt=github></a><a href=/blog/atom.xml><img src=/img/rss.svg alt=rss></a></div></nav><main><h1 class=title>Atemporal Blog Posts</h1><div class=time><p>2018-02-03</div><p>These are some interesting posts and links I've found around the web. I believe they are quite interesting and nice reads, so if you have the time, I encourage you to check some out.<h2 id=algorithms>Algorithms</h2><ul><li>http://www.tannerhelland.com/4660/dithering-eleven-algorithms-source-code/. Image Dithering: Eleven Algorithms and Source Code. What does it mean and how to achieve it?<li>https://cristian.io/post/bloom-filters/. Idempotence layer on bloom filters. What are they and how can they help?<li>https://en.wikipedia.org/wiki/Huffman_coding. Huffman coding. This encoding is a simple yet interesting way of compressing information.<li>https://github.com/mxgmn/WaveFunctionCollapse. Wave Function Collapse. Bitmap & tilemap generation from a single example with the help of ideas from quantum mechanics.<li>https://blog.nelhage.com/2015/02/regular-expression-search-with-suffix-arrays/. Regular Expression Search with Suffix Arrays. A way to efficiently search large amounts of text.</ul><h2 id=culture>Culture</h2><ul><li>https://www.wired.com/story/ideas-joi-ito-robot-overlords/. Why Westerners Fear Robots and the Japanese Do Not. Explains some possible reasons for this case.<li>http://catb.org/~esr/faqs/smart-questions.html. How To Ask Questions The Smart Way. Some bits of hacker culture and amazing tips on how to ask a question.<li>http://apenwarr.ca/log/?m=201809#14. XML, blockchains, and the strange shapes of progress. Some of history about XML and blockchain.<li>https://czep.net/17/legion-of-lobotomized-unices.html. Legion of lobotomized unices. A time where computers are treated a lot more nicely.<li>https://eli.thegreenplace.net/2016/the-expression-problem-and-its-solutions/. The Expression Problem and its solutions. What is it and what can we do to solve it?<li>http://allendowney.blogspot.com/2015/08/the-inspection-paradox-is-everywhere.html. The Inspection Paradox is Everywhere. Interesting and very common phenomena.<li>https://github.com/ChrisKnott/Algojammer. An experimental code editor for writing algorithms. Contains several links to different tools for reverse debugging.<li>http://habitatchronicles.com/2017/05/what-are-capabilities/. What Are Capabilities? Good ideas with great security implications.<li>https://blog.aurynn.com/2015/12/16-contempt-culture. Contempt Culture. Or why you should not speak crap about your non-favourite programming languages.<li>https://www.lesswrong.com/posts/tscc3e5eujrsEeFN4/well-kept-gardens-die-by-pacifism. Well-Kept Gardens Die By Pacifism. Risks any online community can run into.<li>https://ncase.me/. It's Nicky Case! They make some cool things worth checking out, I really like "we become what we behold".</ul><h2 id=debate>Debate</h2><ul><li>https://steemit.com/opensource/@crell/open-source-is-awful. Open Source is awful. Has some points about why is it bad and how it could improve.<li>http://www.mondo2000.com/2018/01/17/pink-lexical-goop-dark-side-autocorrect/. Pink Lexical Goop: The Dark Side of Autocorrect. It can shape how you think.<li>http://blog.ploeh.dk/2015/08/03/idiomatic-or-idiosyncratic/. Idiomatic or idiosyncratic? Can porting code constructs from other languages have a positive effect?<li>https://gamasutra.com/view/news/169296/Indepth_Functional_programming_in_C.php. In-depth: Functional programming in C++. Is it useful to bother with functional concepts in a language like C++?<li>https://vorpus.org/blog/notes-on-structured-concurrency-or-go-statement-considered-harmful/. Notes on structured concurrency, or: Go statement considered harmful.<li>https://queue.acm.org/detail.cfm?id=3212479. C Is Not a Low-level Language. Could there be alternative programming models designed for more specialized CPUs?</ul><h2 id=food-for-thought>Food for Thought</h2><ul><li>https://www.hillelwayne.com/post/divide-by-zero/. 1/0 = 0. Explores why it makes sense to redefine mathemathics under some circumstances, and why it is possible to do so.<li>https://jeremykun.com/2018/04/13/for-mathematicians-does-not-mean-equality/. For mathematicians, = does not mean equality. What other definitions does the equal sign have?<li>https://www.lesswrong.com/posts/2MD3NMLBPCqPfnfre/cached-thoughts. Cached Thoughts. How is it possible that our brains work at all?<li>http://tonsky.me/blog/disenchantment/. Software disenchantment. Faster hardware and slower software is a trend. <ul><li>https://blackhole12.com/blog/software-engineering-is-bad-but-it-s-not-that-bad/. Software Engineering Is Bad, But That's Not Why. This post has some good counterpoints to Software disenchantment.</ul><li>http://journal.stuffwithstuff.com/2015/02/01/what-color-is-your-function/. What Color is Your Function? Spoiler: can we approach asynchronous IO better?<li>https://hackernoon.com/im-harvesting-credit-card-numbers-and-passwords-from-your-site-here-s-how-9a8cb347c5b5. I'm harvesting credit card numbers and passwords from your site. A word of warning when mindlessly adding dependencies.<li>https://medium.com/message/everything-is-broken-81e5f33a24e1. Everything Is Broken. Some of the (probable) truths about our world.</ul><h2 id=funny>Funny</h2><ul><li>http://thedailywtf.com/articles/We-Use-BobX. We Use BobX. BobX.<li>http://thedailywtf.com/articles/the-inner-json-effect. The Inner JSON Effect. For some reason, custom languages are in.<li>https://thedailywtf.com/articles/exponential-backup. Exponential Backup. Far better than git.<li>https://thedailywtf.com/articles/ITAPPMONROBOT. ITAPPMONROBOT. Solving software problems with hardware.<li>https://thedailywtf.com/articles/a-tapestry-of-threads. A Tapestry of Threads.More threads must mean faster code, right?<li>https://medium.com/commitlog/a-brief-totally-accurate-history-of-programming-languages-cd93ec806124. A Brief Totally Accurate History Of Programming Languages. Don't take offense for it!</ul><h2 id=graphics>Graphics</h2><ul><li>http://shaunlebron.github.io/visualizing-projections/. Visualizing Projections. Small post about different projection methods.<li>http://www.iquilezles.org/www/index.htm. A <em>lot</em> of useful and quality articles regarding computer graphics.</ul><h2 id=history>History</h2><ul><li>https://twobithistory.org/2018/08/18/ada-lovelace-note-g.html. What Did Ada Lovelace's Program Actually Do?. And other characters that took part in the beginning's of programming.<li>https://chrisdown.name/2018/01/02/in-defence-of-swap.html. In defence of swap: common misconceptions. Swap is still an useful concept.<li>https://www.pacifict.com/Story/. The Graphing Calculator Story. A great classic Apple tale.<li>https://twobithistory.org/2018/10/14/lisp.html. How Lisp Became God's Own Programming Language. Lisp as a foundational programming language.</ul><h2 id=motivational>Motivational</h2><ul><li>https://www.joelonsoftware.com/2002/01/06/fire-and-motion/. Fire And Motion. What does actually take to get things done?<li>https://realmensch.org/2017/08/25/the-parable-of-the-two-programmers/. The Parable of the Two Programmers. This tale is about two different types of programmer and their respective endings in a company, illustrating how the one you wouldn't expect to actually ends in a better situation.<li>https://byorgey.wordpress.com/2018/05/06/conversations-with-a-six-year-old-on-functional-programming/. Conversations with a six-year-old on functional programming. Little kids today can be really interested in technological topics.<li>https://bulletproofmusician.com/how-many-hours-a-day-should-you-practice/. How Many Hours a Day Should You Practice?. While the article is about music, it applies to any other areas.<li>http://nathanmarz.com/blog/suffering-oriented-programming.html. Suffering-oriented programming. A possibly new approach on how you could tackle your new projects.<li>https://www.joelonsoftware.com/2000/04/06/things-you-should-never-do-part-i/. Things You Should Never Do, Part I. There is no need to rewrite your code.</ul><h2 id=optimization>Optimization</h2><ul><li>http://blog.llvm.org/2011/05/what-every-c-programmer-should-know.html. What Every C Programmer Should Know About Undefined Behavior #1/3. Explains what undefined behaviour is and why it makes sense.<li>http://ridiculousfish.com/blog/posts/labor-of-division-episode-i.html. Labor of Division (Episode I). Some tricks to divide without division.<li>http://blog.moertel.com/posts/2013-12-14-great-old-timey-game-programming-hack.html. A Great Old-Timey Game-Programming Hack. Abusing instructions to make games playable even on the slowest hardware.<li>https://web.archive.org/web/20191213224640/https://people.eecs.berkeley.edu/~sangjin/2012/12/21/epoll-vs-kqueue.html. Scalable Event Multiplexing: epoll vs kqueue. How good OS primitives can really help performance and scability.<li>https://adamdrake.com/command-line-tools-can-be-235x-faster-than-your-hadoop-cluster.html. Command-line Tools can be 235x Faster than your Hadoop Cluster. Or how to use the right tool for the right job.<li>https://nullprogram.com/blog/2018/05/27/. When FFI Function Calls Beat Native C. How lua beat C at it and the explanation behind it.<li>http://igoro.com/archive/gallery-of-processor-cache-effects/. Gallery of Processor Cache Effects. Knowing a few things about the cache can make a big difference.</ul></main><footer><div><p>Share your thoughts, or simply come hang with me <a href=https://t.me/LonamiWebs><img src=/img/telegram.svg alt=Telegram></a> <a href=mailto:totufals@hotmail.com><img src=/img/mail.svg alt=Mail></a></div></footer></article><p class=abyss>Glaze into the abyss… Oh hi there!+<!DOCTYPE html><html lang=en><head><meta charset=utf-8><meta name=description content="Official Lonami's website"><meta name=viewport content="width=device-width, initial-scale=1.0, user-scalable=yes"><title> Atemporal Blog Posts | Lonami's Blog </title><link rel=stylesheet href=/style.css><body><article><nav class=sections><ul class=left><li><a href=/>lonami's site</a><li><a href=/blog class=selected>blog</a><li><a href=/golb>golb</a></ul><div class=right><a href=https://github.com/LonamiWebs><img src=/img/github.svg alt=github></a><a href=/blog/atom.xml><img src=/img/rss.svg alt=rss></a></div></nav><main><h1 class=title>Atemporal Blog Posts</h1><div class=time><p>2018-02-03<p>last updated 2021-02-19</div><p>These are some interesting posts and links I've found around the web. I believe they are quite interesting and nice reads, so if you have the time, I encourage you to check some out.<h2 id=algorithms>Algorithms</h2><ul><li><a href=http://www.tannerhelland.com/4660/dithering-eleven-algorithms-source-code/>Image Dithering: Eleven Algorithms and Source Code</a>. What does it mean and how to achieve it?<li><a href=https://cristian.io/post/bloom-filters/>Idempotence layer on bloom filters</a>. What are they and how can they help?<li><a href=https://en.wikipedia.org/wiki/Huffman_coding>Huffman coding</a>. This encoding is a simple yet interesting way of compressing information.<li><a href=https://github.com/mxgmn/WaveFunctionCollapse>Wave Function Collapse</a>. Bitmap & tilemap generation from a single example with the help of ideas from quantum mechanics.<li><a href=https://blog.nelhage.com/2015/02/regular-expression-search-with-suffix-arrays/>Regular Expression Search with Suffix Arrays</a>. A way to efficiently search large amounts of text.</ul><h2 id=culture>Culture</h2><ul><li><a href=https://www.wired.com/story/ideas-joi-ito-robot-overlords/>Why Westerners Fear Robots and the Japanese Do Not</a>. Explains some possible reasons for this case.<li><a href=http://catb.org/%7Eesr/faqs/smart-questions.html>How To Ask Questions The Smart Way</a>. Some bits of hacker culture and amazing tips on how to ask a question.<li><a href=http://apenwarr.ca/log/?m=201809#14>XML, blockchains, and the strange shapes of progress</a>. Some of history about XML and blockchain.<li><a href=https://czep.net/17/legion-of-lobotomized-unices.html>Legion of lobotomized unices</a>. A time where computers are treated a lot more nicely.<li><a href=https://eli.thegreenplace.net/2016/the-expression-problem-and-its-solutions/>The Expression Problem and its solutions</a>. What is it and what can we do to solve it?<li><a href=http://allendowney.blogspot.com/2015/08/the-inspection-paradox-is-everywhere.html>The Inspection Paradox is Everywhere</a>. Interesting and very common phenomena.<li><a href=https://github.com/ChrisKnott/Algojammer>An experimental code editor for writing algorithms</a>. Contains several links to different tools for reverse debugging.<li><a href=http://habitatchronicles.com/2017/05/what-are-capabilities/>What Are Capabilities?</a> Good ideas with great security implications.<li><a href=https://blog.aurynn.com/2015/12/16-contempt-culture>Contempt Culture</a>. Or why you should not speak crap about your non-favourite programming languages.<li><a href=https://www.lesswrong.com/posts/tscc3e5eujrsEeFN4/well-kept-gardens-die-by-pacifism>Well-Kept Gardens Die By Pacifism</a>. Risks any online community can run into.<li><a href=https://ncase.me/>It's Nicky Case!</a> They make some cool things worth checking out, I really like "we become what we behold".</ul><h2 id=debate>Debate</h2><ul><li><a href=https://steemit.com/opensource/@crell/open-source-is-awful>Open Source is awful</a>. Has some points about why is it bad and how it could improve.<li><a href=http://www.mondo2000.com/2018/01/17/pink-lexical-goop-dark-side-autocorrect/>Pink Lexical Goop: The Dark Side of Autocorrect</a>. It can shape how you think.<li><a href=http://blog.ploeh.dk/2015/08/03/idiomatic-or-idiosyncratic/>Idiomatic or idiosyncratic?</a> Can porting code constructs from other languages have a positive effect?<li><a href=https://gamasutra.com/view/news/169296/Indepth_Functional_programming_in_C.php>In-depth: Functional programming in C++</a>. Is it useful to bother with functional concepts in a language like C++?<li><a href=https://vorpus.org/blog/notes-on-structured-concurrency-or-go-statement-considered-harmful/>Notes on structured concurrency, or: Go statement considered harmful</a>.<li><a href=https://queue.acm.org/detail.cfm?id=3212479>C Is Not a Low-level Language</a>. Could there be alternative programming models designed for more specialized CPUs?</ul><h2 id=food-for-thought>Food for Thought</h2><ul><li><a href=https://www.hillelwayne.com/post/divide-by-zero/>1/0 = 0</a>. Explores why it makes sense to redefine mathemathics under some circumstances, and why it is possible to do so.<li><a href=https://jeremykun.com/2018/04/13/for-mathematicians-does-not-mean-equality/>For mathematicians, = does not mean equality</a>. What other definitions does the equal sign have?<li><a href=https://www.lesswrong.com/posts/2MD3NMLBPCqPfnfre/cached-thoughts>Cached Thoughts</a>. How is it possible that our brains work at all?<li><a href=http://tonsky.me/blog/disenchantment/>Software disenchantment</a>. Faster hardware and slower software is a trend. <ul><li><a href=https://blackhole12.com/blog/software-engineering-is-bad-but-it-s-not-that-bad/>Software Engineering Is Bad, But That's Not Why</a>. This post has some good counterpoints to Software disenchantment.</ul><li><a href=http://journal.stuffwithstuff.com/2015/02/01/what-color-is-your-function/>What Color is Your Function?</a>. Spoiler: can we approach asynchronous IO better?<li><a href=https://hackernoon.com/im-harvesting-credit-card-numbers-and-passwords-from-your-site-here-s-how-9a8cb347c5b5>I'm harvesting credit card numbers and passwords from your site</a>. A word of warning when mindlessly adding dependencies.<li><a href=https://medium.com/message/everything-is-broken-81e5f33a24e1>Everything Is Broken</a>. Some of the (probable) truths about our world.<li><a href=http://johnsalvatier.org/blog/2017/reality-has-a-surprising-amount-of-detail>Reality has a surprising amount of detail</a>.</ul><h2 id=funny>Funny</h2><ul><li><a href=http://thedailywtf.com/articles/We-Use-BobX>We Use BobX</a>. BobX.<li><a href=http://thedailywtf.com/articles/the-inner-json-effect>The Inner JSON Effect</a>. For some reason, custom languages are in.<li><a href=https://thedailywtf.com/articles/exponential-backup>Exponential Backup</a>. Far better than git.<li><a href=https://thedailywtf.com/articles/ITAPPMONROBOT>ITAPPMONROBOT</a>. Solving software problems with hardware.<li><a href=https://thedailywtf.com/articles/a-tapestry-of-threads>A Tapestry of Threads</a>. More threads must mean faster code, right?<li><a href=https://medium.com/commitlog/a-brief-totally-accurate-history-of-programming-languages-cd93ec806124>A Brief Totally Accurate History Of Programming Languages</a>. Don't take offense for it!</ul><h2 id=graphics>Graphics</h2><ul><li><a href=http://shaunlebron.github.io/visualizing-projections/>Visualizing Projections</a>. Small post about different projection methods.<li><a href=http://www.iquilezles.org/www/index.htm>Inigo Quilez :: fractals, computer graphics, mathematics, shaders, demoscene and more</a> A <em>lot</em> of useful and quality articles regarding computer graphics.</ul><h2 id=history>History</h2><ul><li><a href=https://twobithistory.org/2018/08/18/ada-lovelace-note-g.html>What Did Ada Lovelace's Program Actually Do?</a>. And other characters that took part in the beginning's of programming.<li><a href=https://chrisdown.name/2018/01/02/in-defence-of-swap.html>In defence of swap: common misconceptions</a>. Swap is still an useful concept.<li><a href=https://www.pacifict.com/Story/>The Graphing Calculator Story</a>. A great classic Apple tale.<li><a href=https://twobithistory.org/2018/10/14/lisp.html>How Lisp Became God's Own Programming Language</a>. Lisp as a foundational programming language.</ul><h2 id=motivational>Motivational</h2><ul><li><a href=https://www.joelonsoftware.com/2002/01/06/fire-and-motion/>Fire And Motion</a>. What does actually take to get things done?<li><a href=https://realmensch.org/2017/08/25/the-parable-of-the-two-programmers/>The Parable of the Two Programmers</a>. This tale is about two different types of programmer and their respective endings in a company, illustrating how the one you wouldn't expect to actually ends in a better situation.<li><a href=https://byorgey.wordpress.com/2018/05/06/conversations-with-a-six-year-old-on-functional-programming/>Conversations with a six-year-old on functional programming</a>. Little kids today can be really interested in technological topics.<li><a href=https://bulletproofmusician.com/how-many-hours-a-day-should-you-practice/>How Many Hours a Day Should You Practice?</a>. While the article is about music, it applies to any other areas.<li><a href=http://nathanmarz.com/blog/suffering-oriented-programming.html>Suffering-oriented programming</a>. A possibly new approach on how you could tackle your new projects.<li><a href=https://www.joelonsoftware.com/2000/04/06/things-you-should-never-do-part-i/>Things You Should Never Do, Part I</a>. There is no need to rewrite your code.</ul><h2 id=optimization>Optimization</h2><ul><li><a href=http://blog.llvm.org/2011/05/what-every-c-programmer-should-know.html>What Every C Programmer Should Know About Undefined Behavior #1/3</a>. Explains what undefined behaviour is and why it makes sense.<li><a href=http://ridiculousfish.com/blog/posts/labor-of-division-episode-i.html>Labor of Division (Episode I)</a>. Some tricks to divide without division.<li><a href=http://blog.moertel.com/posts/2013-12-14-great-old-timey-game-programming-hack.html>A Great Old-Timey Game-Programming Hack</a>. Abusing instructions to make games playable even on the slowest hardware.<li><a href=https://web.archive.org/web/20191213224640/https://people.eecs.berkeley.edu/%7Esangjin/2012/12/21/epoll-vs-kqueue.html>Scalable Event Multiplexing: epoll vs kqueue</a>. How good OS primitives can really help performance and scability.<li><a href=https://adamdrake.com/command-line-tools-can-be-235x-faster-than-your-hadoop-cluster.html>Command-line Tools can be 235x Faster than your Hadoop Cluster</a>. Or how to use the right tool for the right job.<li><a href=https://nullprogram.com/blog/2018/05/27/>When FFI Function Calls Beat Native C</a>. How lua beat C at it and the explanation behind it.<li><a href=http://igoro.com/archive/gallery-of-processor-cache-effects/>Gallery of Processor Cache Effects</a>. Knowing a few things about the cache can make a big difference.</ul></main><footer><div><p>Share your thoughts, or simply come hang with me <a href=https://t.me/LonamiWebs><img src=/img/telegram.svg alt=Telegram></a> <a href=mailto:totufals@hotmail.com><img src=/img/mail.svg alt=Mail></a></div></footer></article><p class=abyss>Glaze into the abyss… Oh hi there!
M
blog/woce-1/index.html
→
blog/woce-1/index.html
@@ -1,4 +1,4 @@
-<!DOCTYPE html><html lang=en><head><meta charset=utf-8><meta name=description content="Official Lonami's website"><meta name=viewport content="width=device-width, initial-scale=1.0, user-scalable=yes"><title> Writing our own Cheat Engine: Introduction | Lonami's Blog </title><link rel=stylesheet href=/style.css><body><article><nav class=sections><ul class=left><li><a href=/>lonami's site</a><li><a href=/blog class=selected>blog</a><li><a href=/golb>golb</a></ul><div class=right><a href=https://github.com/LonamiWebs><img src=/img/github.svg alt=github></a><a href=/blog/atom.xml><img src=/img/rss.svg alt=rss></a></div></nav><main><h1 class=title>Writing our own Cheat Engine: Introduction</h1><div class=time><p>2021-02-07<p>last updated 2021-02-16</div><p>This is part 1 on the <em>Writing our own Cheat Engine</em> series:<ul><li>Part 1: Introduction<li><a href=/blog/woce-2>Part 2: Exact Value scanning</a></ul><p><a href=https://cheatengine.org/>Cheat Engine</a> is a tool designed to modify single player games and contains other useful tools within itself that enable its users to debug games or other applications. It comes with a memory scanner, (dis)assembler, inspection tools and a handful other things. In this series, we will be writing our own tiny Cheat Engine capable of solving all steps of the tutorial, and diving into how it all works underneath.<p>Needless to say, we're doing this for private and educational purposes only. One has to make sure to not violate the EULA or ToS of the specific application we're attaching to. This series, much like cheatengine.org, does not condone the illegal use of the code shared.<p>Cheat Engine is a tool for Windows, so we will be developing for Windows as well. However, you can also <a href=https://stackoverflow.com/q/12977179/4759433>read memory from Linux-like systems</a>. <a href=https://github.com/scanmem/scanmem>GameConqueror</a> is a popular alternative to Cheat Engine on Linux systems, so if you feel adventurous, you could definitely follow along too! The techniques shown in this series apply regardless of how we read memory from a process. You will learn a fair bit about doing FFI in Rust too.<p>We will be developing the application in Rust, because it enables us to interface with the Windows API easily, is memory safe (as long as we're careful with <code>unsafe</code>!), and is speedy (we will need this for later steps in the Cheat Engine tutorial). You could use any language of your choice though. For example, <a href=https://lonami.dev/blog/ctypes-and-windows/>Python also makes it relatively easy to use the Windows API</a>. You don't need to be a Rust expert to follow along, but this series assumes some familiarity with C-family languages. Slightly advanced concepts like the use of <code>unsafe</code> or the <code>MaybeUninit</code> type will be briefly explained. What a <code>fn</code> is or what <code>let</code> does will not be explained.<p><a href=https://github.com/cheat-engine/cheat-engine/>Cheat Engine's source code</a> is mostly written in Pascal and C. And it's <em>a lot</em> of code, with a very flat project structure, and files ranging in the thousand lines of code each. It's daunting<sup class=footnote-reference><a href=#1>1</a></sup>. It's a mature project, with a lot of knowledge encoded in the code base, and a lot of features like distributed scanning or an entire disassembler. Unfortunately, there's not a lot of comments. For these reasons, I'll do some guesswork when possible as to how it's working underneath, rather than actually digging into what Cheat Engine is actually doing.<p>With that out of the way, let's get started!<h2 id=welcome-to-the-cheat-engine-tutorial>Welcome to the Cheat Engine Tutorial</h2><details open><summary>Cheat Engine Tutorial: Step 1</summary> <blockquote><p>This tutorial will teach you the basics of cheating in video games. It will also show you foundational aspects of using Cheat Engine (or CE for short). Follow the steps below to get started.<ol><li>Open Cheat Engine if it currently isn't running.<li>Click on the "Open Process" icon (it's the top-left icon with the computer on it, below "File".).<li>With the Process List window now open, look for this tutorial's process in the list. It will look something like > "00001F98-Tutorial-x86_64.exe" or "0000047C-Tutorial-i386.exe". (The first 8 numbers/letters will probably be different.)<li>Once you've found the process, click on it to select it, then click the "Open" button. (Don't worry about all the > other buttons right now. You can learn about them later if you're interested.)</ol><p>Congratulations! If you did everything correctly, the process window should be gone with Cheat Engine now attached to the > tutorial (you will see the process name towards the top-center of CE).<p>Click the "Next" button below to continue, or fill in the password and click the "OK" button to proceed to that step.)<p>If you're having problems, simply head over to forum.cheatengine.org, then click on "Tutorials" to view beginner-friendly > guides!</blockquote></details><h2 id=enumerating-processes>Enumerating processes</h2><p>Our first step is attaching to the process we want to work with. But we need a way to find that process in the first place! Having to open the task manager, look for the process we care about, noting down the process ID (PID), and slapping it in the source code is not satisfying at all. Instead, let's enumerate all the processes from within the program, and let the user select one by typing its name.<p>From a quick <a href=https://ddg.gg/winapi%20enumerate%20all%20processes>DuckDuckGo search</a>, we find an official tutorial for <a href=https://docs.microsoft.com/en-us/windows/win32/psapi/enumerating-all-processes>Enumerating All Processes</a>, which leads to the <a href=https://docs.microsoft.com/en-us/windows/win32/api/psapi/nf-psapi-enumprocesses><code>EnumProcesses</code></a> call. Cool! Let's slap in the <a href=https://crates.io/crates/winapi><code>winapi</code></a> crate on <code>Cargo.toml</code>, because I don't want to write all the definitions by myself:<pre><code class=language-toml data-lang=toml>[dependencies] +<!DOCTYPE html><html lang=en><head><meta charset=utf-8><meta name=description content="Official Lonami's website"><meta name=viewport content="width=device-width, initial-scale=1.0, user-scalable=yes"><title> Writing our own Cheat Engine: Introduction | Lonami's Blog </title><link rel=stylesheet href=/style.css><body><article><nav class=sections><ul class=left><li><a href=/>lonami's site</a><li><a href=/blog class=selected>blog</a><li><a href=/golb>golb</a></ul><div class=right><a href=https://github.com/LonamiWebs><img src=/img/github.svg alt=github></a><a href=/blog/atom.xml><img src=/img/rss.svg alt=rss></a></div></nav><main><h1 class=title>Writing our own Cheat Engine: Introduction</h1><div class=time><p>2021-02-07<p>last updated 2021-02-19</div><p>This is part 1 on the <em>Writing our own Cheat Engine</em> series:<ul><li>Part 1: Introduction<li><a href=/blog/woce-2>Part 2: Exact Value scanning</a><li><a href=/blog/woce-3>Part 3: Unknown initial value</a></ul><p><a href=https://cheatengine.org/>Cheat Engine</a> is a tool designed to modify single player games and contains other useful tools within itself that enable its users to debug games or other applications. It comes with a memory scanner, (dis)assembler, inspection tools and a handful other things. In this series, we will be writing our own tiny Cheat Engine capable of solving all steps of the tutorial, and diving into how it all works underneath.<p>Needless to say, we're doing this for private and educational purposes only. One has to make sure to not violate the EULA or ToS of the specific application we're attaching to. This series, much like cheatengine.org, does not condone the illegal use of the code shared.<p>Cheat Engine is a tool for Windows, so we will be developing for Windows as well. However, you can also <a href=https://stackoverflow.com/q/12977179/4759433>read memory from Linux-like systems</a>. <a href=https://github.com/scanmem/scanmem>GameConqueror</a> is a popular alternative to Cheat Engine on Linux systems, so if you feel adventurous, you could definitely follow along too! The techniques shown in this series apply regardless of how we read memory from a process. You will learn a fair bit about doing FFI in Rust too.<p>We will be developing the application in Rust, because it enables us to interface with the Windows API easily, is memory safe (as long as we're careful with <code>unsafe</code>!), and is speedy (we will need this for later steps in the Cheat Engine tutorial). You could use any language of your choice though. For example, <a href=https://lonami.dev/blog/ctypes-and-windows/>Python also makes it relatively easy to use the Windows API</a>. You don't need to be a Rust expert to follow along, but this series assumes some familiarity with C-family languages. Slightly advanced concepts like the use of <code>unsafe</code> or the <code>MaybeUninit</code> type will be briefly explained. What a <code>fn</code> is or what <code>let</code> does will not be explained.<p><a href=https://github.com/cheat-engine/cheat-engine/>Cheat Engine's source code</a> is mostly written in Pascal and C. And it's <em>a lot</em> of code, with a very flat project structure, and files ranging in the thousand lines of code each. It's daunting<sup class=footnote-reference><a href=#1>1</a></sup>. It's a mature project, with a lot of knowledge encoded in the code base, and a lot of features like distributed scanning or an entire disassembler. Unfortunately, there's not a lot of comments. For these reasons, I'll do some guesswork when possible as to how it's working underneath, rather than actually digging into what Cheat Engine is actually doing.<p>With that out of the way, let's get started!<h2 id=welcome-to-the-cheat-engine-tutorial>Welcome to the Cheat Engine Tutorial</h2><details open><summary>Cheat Engine Tutorial: Step 1</summary> <blockquote><p>This tutorial will teach you the basics of cheating in video games. It will also show you foundational aspects of using Cheat Engine (or CE for short). Follow the steps below to get started.<ol><li>Open Cheat Engine if it currently isn't running.<li>Click on the "Open Process" icon (it's the top-left icon with the computer on it, below "File".).<li>With the Process List window now open, look for this tutorial's process in the list. It will look something like > "00001F98-Tutorial-x86_64.exe" or "0000047C-Tutorial-i386.exe". (The first 8 numbers/letters will probably be different.)<li>Once you've found the process, click on it to select it, then click the "Open" button. (Don't worry about all the > other buttons right now. You can learn about them later if you're interested.)</ol><p>Congratulations! If you did everything correctly, the process window should be gone with Cheat Engine now attached to the > tutorial (you will see the process name towards the top-center of CE).<p>Click the "Next" button below to continue, or fill in the password and click the "OK" button to proceed to that step.)<p>If you're having problems, simply head over to forum.cheatengine.org, then click on "Tutorials" to view beginner-friendly > guides!</blockquote></details><h2 id=enumerating-processes>Enumerating processes</h2><p>Our first step is attaching to the process we want to work with. But we need a way to find that process in the first place! Having to open the task manager, look for the process we care about, noting down the process ID (PID), and slapping it in the source code is not satisfying at all. Instead, let's enumerate all the processes from within the program, and let the user select one by typing its name.<p>From a quick <a href=https://ddg.gg/winapi%20enumerate%20all%20processes>DuckDuckGo search</a>, we find an official tutorial for <a href=https://docs.microsoft.com/en-us/windows/win32/psapi/enumerating-all-processes>Enumerating All Processes</a>, which leads to the <a href=https://docs.microsoft.com/en-us/windows/win32/api/psapi/nf-psapi-enumprocesses><code>EnumProcesses</code></a> call. Cool! Let's slap in the <a href=https://crates.io/crates/winapi><code>winapi</code></a> crate on <code>Cargo.toml</code>, because I don't want to write all the definitions by myself:<pre><code class=language-toml data-lang=toml>[dependencies] winapi = { version = "0.3.9", features = ["psapi"] } </code></pre><p>Because <a href=https://docs.microsoft.com/en-us/windows/win32/api/psapi/nf-psapi-enumprocesses><code>EnumProcesses</code></a> is in <code>Psapi.h</code> (you can see this in the online page of its documentation), we know we'll need the <code>psapi</code> crate feature. Another option is to search for it in the <a href=https://docs.rs/winapi/><code>winapi</code> documentation</a> and noting down the parent module where its stored.<p>The documentation for the method has the following remark:<blockquote><p>It is a good idea to use a large array, because it is hard to predict how many processes there will be at the time you call <strong>EnumProcesses</strong>.</blockquote><p><em>Sidenote: reading the documentation for the methods we'll use from the Windows API is extremely important. There's a lot of gotchas involved, so we need to make sure we're extra careful.</em><p>1024 is a pretty big number, so let's go with that:<pre><code class=language-rust data-lang=rust>use std::io; use std::mem;
M
blog/woce-2/index.html
→
blog/woce-2/index.html
@@ -1,4 +1,4 @@
-<!DOCTYPE html><html lang=en><head><meta charset=utf-8><meta name=description content="Official Lonami's website"><meta name=viewport content="width=device-width, initial-scale=1.0, user-scalable=yes"><title> Writing our own Cheat Engine: Exact Value scanning | Lonami's Blog </title><link rel=stylesheet href=/style.css><body><article><nav class=sections><ul class=left><li><a href=/>lonami's site</a><li><a href=/blog class=selected>blog</a><li><a href=/golb>golb</a></ul><div class=right><a href=https://github.com/LonamiWebs><img src=/img/github.svg alt=github></a><a href=/blog/atom.xml><img src=/img/rss.svg alt=rss></a></div></nav><main><h1 class=title>Writing our own Cheat Engine: Exact Value scanning</h1><div class=time><p>2021-02-12<p>last updated 2021-02-16</div><p>This is part 2 on the <em>Writing our own Cheat Engine</em> series:<ul><li><a href=/blog/woce-1>Part 1: Introduction</a> (start here if you're new to the series!)<li>Part 2: Exact Value scanning</ul><p>In the introduction, we spent a good deal of time enumerating all running processes just so we could find out the pid we cared about. With the pid now in our hands, we can do pretty much anything to its corresponding process.<p>It's now time to read the process' memory and write to it. If our process was a single-player game, this would enable us to do things like setting a very high value on the player's current health pool, making us invincible. This technique will often not work for multi-player games, because the server likely knows your true current health (the most you could probably do is make the client render an incorrect value). However, if the server is crappy and it trusts the client, then you're still free to mess around with your current health.<p>Even if we don't want to write to the process' memory, reading is still very useful. Maybe you could enhance your experience by making a custom overlay that displays useful information, or something that makes noise if it detects the life is too low, or even simulating a keyboard event to automatically recover some mana when you're running low.<p>Be warned about anti-cheat systems. Anything beyond a basic game is likely to have some protection measures in place, making the analysis more difficult (perhaps the values are scrambled in memory), or even pinging the server if it detects something fishy.<p><strong>I am not responsible for any bans!</strong> Use your brain before messing with online games, and don't ruin the fun for everyone else. If you get caught for cheating, I don't want to know about it.<p>Now that all <a href=https://www.urbandictionary.com/define.php?term=script%20kiddie>script kiddies</a> have left the room, let's proceed with the post.<h2 id=exact-value-scanning>Exact Value scanning</h2><details open><summary>Cheat Engine Tutorial: Step 2</summary> <blockquote><p>Now that you have opened the tutorial with Cheat Engine let's get on with the next step.<p>You can see at the bottom of this window is the text Health: xxx. Each time you click 'Hit me' your health gets decreased.<p>To get to the next step you have to find this value and change it to 1000<p>To find the value there are different ways, but I'll tell you about the easiest, 'Exact Value': First make sure value type is set to at least 2-bytes or 4-bytes. 1-byte will also work, but you'll run into an easy to fix problem when you've found the address and want to change it. The 8-byte may perhaps works if the bytes after the address are 0, but I wouldn't take the bet. Single, double, and the other scans just don't work, because they store the value in a different way.<p>When the value type is set correctly, make sure the scantype is set to 'Exact Value'. Then fill in the number your health is in the value box. And click 'First Scan'. After a while (if you have a extremely slow pc) the scan is done and the results are shown in the list on the left<p>If you find more than 1 address and you don't know for sure which address it is, click 'Hit me', fill in the new health value into the value box, and click 'Next Scan'. Repeat this until you're sure you've found it. (that includes that there's only 1 address in the list.....)<p>Now double click the address in the list on the left. This makes the address pop-up in the list at the bottom, showing you the current value. Double click the value, (or select it and press enter), and change the value to 1000.<p>If everything went ok the next button should become enabled, and you're ready for the next step.<p>Note: If you did anything wrong while scanning, click "New Scan" and repeat the scanning again. Also, try playing around with the value and click 'hit me'</blockquote></details><h2 id=our-first-scan>Our First Scan</h2><p>The Cheat Engine tutorial talks about "value types" and "scan types" like "exact value".<p>The <strong>value types</strong> will help us narrow down <em>what</em> we're looking for. For example, the integer type <code>i32</code> is represented in memory as 32 bits, or 4 bytes. However, <code>f32</code> is <em>also</em> represented by 4 bytes, and so is <code>u32</code>. Or perhaps the 4 bytes represent RGBA values of a color! So any 4 bytes in memory can be interpreted in many ways, and it's up to us to decide which way we interpret the bytes in.<p>When programming, numbers which are 32-bit wide are common, as they're a good (and fast) size to work with. Scanning for this type is often a good bet. For positive numbers, <code>i32</code> is represented the same as <code>u32</code> in memory, so even if the value turns out to not be signed, the scan is likely to work. Focusing on <code>i32</code> will save us from scanning for <code>f32</code> or even other types, like interpreting 8 bytes for <code>i64</code>, <code>f64</code>, or less bytes like <code>i16</code>.<p>The <strong>scan types</strong> will help us narrow down <em>how</em> we're looking for a value. Scanning for an exact value means what you think it does: interpret all 4 bytes in the process' memory as our value type, and check if they exactly match our value. This will often yield a lot of candidates, but it will be enough to get us started. Variations of the exact scan include checking for all values below a threshold, above, in between, or even just… unknown.<p>What's the point of scanning for unknown values if <em>everything</em> in memory is unknown? Sometimes you don't have a concrete value. Maybe your health pool is a bar and it nevers tell you how much health you actually have, just a visual indicator of your percentage left, even if the health is not stored as a percentage. As we will find later on, scanning for unknown values is more useful than it might appear at first.<p>We can access the memory of our own program by guessing random pointers and trying to read from them. But Windows isolates the memory of each program, so no pointer we could ever guess will let us read from the memory of another process. Luckily for us, searching for "read process memory winapi" leads us to the <a href=https://docs.microsoft.com/en-us/windows/win32/api/memoryapi/nf-memoryapi-readprocessmemory><code>ReadProcessMemory</code></a> function. Spot on.<pre><code class=language-rust data-lang=rust>pub fn read_memory(&self, addr: usize, n: usize) -> io::Result<Vec<u8>> { +<!DOCTYPE html><html lang=en><head><meta charset=utf-8><meta name=description content="Official Lonami's website"><meta name=viewport content="width=device-width, initial-scale=1.0, user-scalable=yes"><title> Writing our own Cheat Engine: Exact Value scanning | Lonami's Blog </title><link rel=stylesheet href=/style.css><body><article><nav class=sections><ul class=left><li><a href=/>lonami's site</a><li><a href=/blog class=selected>blog</a><li><a href=/golb>golb</a></ul><div class=right><a href=https://github.com/LonamiWebs><img src=/img/github.svg alt=github></a><a href=/blog/atom.xml><img src=/img/rss.svg alt=rss></a></div></nav><main><h1 class=title>Writing our own Cheat Engine: Exact Value scanning</h1><div class=time><p>2021-02-12<p>last updated 2021-02-19</div><p>This is part 2 on the <em>Writing our own Cheat Engine</em> series:<ul><li><a href=/blog/woce-1>Part 1: Introduction</a> (start here if you're new to the series!)<li>Part 2: Exact Value scanning<li><a href=/blog/woce-3>Part 3: Unknown initial value</a></ul><p>In the introduction, we spent a good deal of time enumerating all running processes just so we could find out the pid we cared about. With the pid now in our hands, we can do pretty much anything to its corresponding process.<p>It's now time to read the process' memory and write to it. If our process was a single-player game, this would enable us to do things like setting a very high value on the player's current health pool, making us invincible. This technique will often not work for multi-player games, because the server likely knows your true current health (the most you could probably do is make the client render an incorrect value). However, if the server is crappy and it trusts the client, then you're still free to mess around with your current health.<p>Even if we don't want to write to the process' memory, reading is still very useful. Maybe you could enhance your experience by making a custom overlay that displays useful information, or something that makes noise if it detects the life is too low, or even simulating a keyboard event to automatically recover some mana when you're running low.<p>Be warned about anti-cheat systems. Anything beyond a basic game is likely to have some protection measures in place, making the analysis more difficult (perhaps the values are scrambled in memory), or even pinging the server if it detects something fishy.<p><strong>I am not responsible for any bans!</strong> Use your brain before messing with online games, and don't ruin the fun for everyone else. If you get caught for cheating, I don't want to know about it.<p>Now that all <a href=https://www.urbandictionary.com/define.php?term=script%20kiddie>script kiddies</a> have left the room, let's proceed with the post.<h2 id=exact-value-scanning>Exact Value scanning</h2><details open><summary>Cheat Engine Tutorial: Step 2</summary> <blockquote><p>Now that you have opened the tutorial with Cheat Engine let's get on with the next step.<p>You can see at the bottom of this window is the text Health: xxx. Each time you click 'Hit me' your health gets decreased.<p>To get to the next step you have to find this value and change it to 1000<p>To find the value there are different ways, but I'll tell you about the easiest, 'Exact Value': First make sure value type is set to at least 2-bytes or 4-bytes. 1-byte will also work, but you'll run into an easy to fix problem when you've found the address and want to change it. The 8-byte may perhaps works if the bytes after the address are 0, but I wouldn't take the bet. Single, double, and the other scans just don't work, because they store the value in a different way.<p>When the value type is set correctly, make sure the scantype is set to 'Exact Value'. Then fill in the number your health is in the value box. And click 'First Scan'. After a while (if you have a extremely slow pc) the scan is done and the results are shown in the list on the left<p>If you find more than 1 address and you don't know for sure which address it is, click 'Hit me', fill in the new health value into the value box, and click 'Next Scan'. Repeat this until you're sure you've found it. (that includes that there's only 1 address in the list.....)<p>Now double click the address in the list on the left. This makes the address pop-up in the list at the bottom, showing you the current value. Double click the value, (or select it and press enter), and change the value to 1000.<p>If everything went ok the next button should become enabled, and you're ready for the next step.<p>Note: If you did anything wrong while scanning, click "New Scan" and repeat the scanning again. Also, try playing around with the value and click 'hit me'</blockquote></details><h2 id=our-first-scan>Our First Scan</h2><p>The Cheat Engine tutorial talks about "value types" and "scan types" like "exact value".<p>The <strong>value types</strong> will help us narrow down <em>what</em> we're looking for. For example, the integer type <code>i32</code> is represented in memory as 32 bits, or 4 bytes. However, <code>f32</code> is <em>also</em> represented by 4 bytes, and so is <code>u32</code>. Or perhaps the 4 bytes represent RGBA values of a color! So any 4 bytes in memory can be interpreted in many ways, and it's up to us to decide which way we interpret the bytes in.<p>When programming, numbers which are 32-bit wide are common, as they're a good (and fast) size to work with. Scanning for this type is often a good bet. For positive numbers, <code>i32</code> is represented the same as <code>u32</code> in memory, so even if the value turns out to not be signed, the scan is likely to work. Focusing on <code>i32</code> will save us from scanning for <code>f32</code> or even other types, like interpreting 8 bytes for <code>i64</code>, <code>f64</code>, or less bytes like <code>i16</code>.<p>The <strong>scan types</strong> will help us narrow down <em>how</em> we're looking for a value. Scanning for an exact value means what you think it does: interpret all 4 bytes in the process' memory as our value type, and check if they exactly match our value. This will often yield a lot of candidates, but it will be enough to get us started. Variations of the exact scan include checking for all values below a threshold, above, in between, or even just… unknown.<p>What's the point of scanning for unknown values if <em>everything</em> in memory is unknown? Sometimes you don't have a concrete value. Maybe your health pool is a bar and it nevers tell you how much health you actually have, just a visual indicator of your percentage left, even if the health is not stored as a percentage. As we will find later on, scanning for unknown values is more useful than it might appear at first.<p>We can access the memory of our own program by guessing random pointers and trying to read from them. But Windows isolates the memory of each program, so no pointer we could ever guess will let us read from the memory of another process. Luckily for us, searching for "read process memory winapi" leads us to the <a href=https://docs.microsoft.com/en-us/windows/win32/api/memoryapi/nf-memoryapi-readprocessmemory><code>ReadProcessMemory</code></a> function. Spot on.<pre><code class=language-rust data-lang=rust>pub fn read_memory(&self, addr: usize, n: usize) -> io::Result<Vec<u8>> { todo!() } </code></pre><p>Much like trying to dereference a pointer pointing to released memory or even null, reading from an arbitrary address can fail for the same reasons (and more). We will want to signal this with <code>io::Result</code>. It's funny to note that, even though we're doing something that seems wildly unsafe (reading arbitrary memory, even if the other process is mutating it at the same time), the function is perfectly safe. If we cannot read something, it will return <code>Err</code>, but if it succeeds, it has taken a snapshot of the memory of the process, and the returned value will be correctly initialized.<p>The function will be defined inside our <code>impl Process</code>, since it conveniently holds an open handle to the process in question. It takes <code>&self</code>, because we do not need to mutate anything in the <code>Process</code> instance. After adding the <code>memoryapi</code> feature to <code>Cargo.toml</code>, we can perform the call:<pre><code class=language-rust data-lang=rust>let mut buffer = Vec::<u8>::with_capacity(n);@@ -216,7 +216,7 @@ let target: i32 = ...;
let target = target.to_ne_bytes(); locations.retain(...); } -</code></pre><h2 id=modifying-memory>Modifying memory</h2><p>Now that we have very likely locations pointing to our current health in memory, all that's left is writing our new desired value to gain infinite health<sup class=footnote-reference><a href=#9>9</a></sup>. Much like there's a call to <code>ReadProcessMemory</code>, there's a different one to <a href=https://docs.microsoft.com/en-us/windows/win32/api/memoryapi/nf-memoryapi-writeprocessmemory><code>WriteProcessMemory</code></a>. Its usage is straightforward:<pre><code class=language-rust data-lang=rust>pub fn write_memory(&self, addr: usize, value: &[u8]) -> io::Result<usize> { +</code></pre><h2 id=modifying-memory>Modifying memory</h2><p>Now that we have very likely locations pointing to our current health in memory, all that's left is writing our new desired value to gain infinite health<sup class=footnote-reference><a href=#9>9</a></sup>. Much like how we're able to read memory with <code>ReadProcessMemory</code>, we can write to it with <a href=https://docs.microsoft.com/en-us/windows/win32/api/memoryapi/nf-memoryapi-writeprocessmemory><code>WriteProcessMemory</code></a>. Its usage is straightforward:<pre><code class=language-rust data-lang=rust>pub fn write_memory(&self, addr: usize, value: &[u8]) -> io::Result<usize> { let mut written = 0; // SAFETY: the input value buffer points to valid memory.
A
blog/woce-3/index.html
@@ -0,0 +1,213 @@
+<!DOCTYPE html><html lang=en><head><meta charset=utf-8><meta name=description content="Official Lonami's website"><meta name=viewport content="width=device-width, initial-scale=1.0, user-scalable=yes"><title> Writing our own Cheat Engine: Unknown initial value | Lonami's Blog </title><link rel=stylesheet href=/style.css><body><article><nav class=sections><ul class=left><li><a href=/>lonami's site</a><li><a href=/blog class=selected>blog</a><li><a href=/golb>golb</a></ul><div class=right><a href=https://github.com/LonamiWebs><img src=/img/github.svg alt=github></a><a href=/blog/atom.xml><img src=/img/rss.svg alt=rss></a></div></nav><main><h1 class=title>Writing our own Cheat Engine: Unknown initial value</h1><div class=time><p>2021-02-19</div><p>This is part 3 on the <em>Writing our own Cheat Engine</em> series:<ul><li><a href=/blog/woce-1>Part 1: Introduction</a> (start here if you're new to the series!)<li><a href=/blog/woce-2>Part 2: Exact Value scanning</a><li>Part 3: Unknown initial value</ul><p>In part 2 we left off with a bit of a cliff-hanger. Our little program is now able to scan for an exact value, remember the couple hundred addresses pointing to said value, and perform subsequent scans to narrow the list of addresses down until we're left with a handful of them.<p>However, it is not always the case that you have an exact value to work with. The best you can do in these cases is guess what the software might be storing. For example, it could be a floating point for your current movement speed in a game, or an integer for your current health.<p>The problem with this is that there are far too many possible locations storing our desired value. If you count misaligned locations, this means there is a different location to address every single byte in memory. A program with one megabyte of memory already has a <em>million</em> of addresses. Clearly, we need to do better than performing one million memory reads<sup class=footnote-reference><a href=#1>1</a></sup>.<p>This post will shift focus a bit from using <code>winapi</code> to possible techniques to perform the various scans.<h2 id=unknown-initial-value>Unknown initial value</h2><details open><summary>Cheat Engine Tutorial: Step 3</summary> <blockquote><p>Ok, seeing that you've figured out how to find a value using exact value let's move on to the next step.<p>First things first though. Since you are doing a new scan, you have to click on New Scan first, to start a new scan. (You may think this is straighforward, but you'd be surprised how many people get stuck on that step) I won't be explaining this step again, so keep this in mind Now that you've started a new scan, let's continue<p>In the previous test we knew the initial value so we could do a exact value, but now we have a status bar where we don't know the starting value. We only know that the value is between 0 and 500. And each time you click 'hit me' you lose some health. The amount you lose each time is shown above the status bar.<p>Again there are several different ways to find the value. (like doing a decreased value by... scan), but I'll only explain the easiest. "Unknown initial value", and decreased value. Because you don't know the value it is right now, a exact value wont do any good, so choose as scantype 'Unknown initial value', again, the value type is 4-bytes. (most windows apps use 4-bytes)click first scan and wait till it's done.<p>When it is done click 'hit me'. You'll lose some of your health. (the amount you lost shows for a few seconds and then disappears, but you don't need that) Now go to Cheat Engine, and choose 'Decreased Value' and click 'Next Scan' When that scan is done, click hit me again, and repeat the above till you only find a few.<p>We know the value is between 0 and 500, so pick the one that is most likely the address we need, and add it to the list. Now change the health to 5000, to proceed to the next step.</blockquote></details><h2 id=dense-memory-locations>Dense memory locations</h2><p>The key thing to notice here is that, when we read memory from another process, we do so over <em>entire regions</em>. A memory region is represented by a starting offset, a size, and a bunch of other things like protection level.<p>When running the first scan for an unknown value, all we need to remember is the starting offset and size for every single region. All the candidate locations that could point to our value fall within this range, so it is enough for us to store the range definition, and not every location within it.<p>To gain a better understanding of what this means, let's come up with a more specific scenario. With our current approach of doing things, we store an address (<code>usize</code>) for every location pointing to our desired value. In the case of unknown values, all locations are equally valid, since we don't know what value they should point to yet, and any value they point to is good. With this representation, we would end up with a very large vector:<pre><code class=language-rust data-lang=rust>let locations = vec![0x2000, 0x2001, ..., 0x20ff, 0x2100]; +</code></pre><p>This representation is dense. Every single number in the range <code>0x2000..=0x2100</code> is present. So why bother storing the values individually when the range is enough?:<pre><code class=language-rust data-lang=rust>let locations = EntireRegion { range: 0x2000..=0x2100 }; +</code></pre><p>Much better! With two <code>usize</code>, one for the starting location and another for the end, we can indicate that we care about all the locations falling in that range.<p>In fact, some accessible memory regions immediately follow eachother, so we could even compact this further and merge regions which are together. But due to their potential differences with regards to protection levels, we will not attempt to merge regions.<p>We don't want to get rid of the old way of storing locations, because once we start narrowing them down, we will want to go back to storing just a few candidates. To keep things tidy, let's introduce a new <code>enum</code> representing either possibility:<pre><code class=language-rust data-lang=rust>use std::ops::Range; + +pub enum CandidateLocations { + Discrete { + locations: Vec<usize>, + }, + Dense { + range: Range<usize>, + } +} +</code></pre><p>Let's also introduce another <code>enum</code> to perform the different scan types. For the time being, we will only worry about looking for <code>i32</code> in memory:<pre><code class=language-rust data-lang=rust>pub enum Scan { + Exact(i32), + Unknown, +} +</code></pre><h2 id=storing-scanned-values>Storing scanned values</h2><p>When scanning for exact values, it's not necessary to store the value found. We already know they're all the same, for example, value <code>42</code>. However, if the value is unknown, we do need to store it so that we can compare it in a subsequent scan to see if the value is the same or it changed. This means the value can be "any within" the read memory chunk:<pre><code class=language-rust data-lang=rust>pub enum Value { + Exact(i32), + AnyWithin(Vec<u8>), +} +</code></pre><p>For every region in memory, there will be some candidate locations and a value (or value range) we need to compare against in subsequent scans:<pre><code class=language-rust data-lang=rust>pub struct Region { + pub info: winapi::um::winnt::MEMORY_BASIC_INFORMATION, + pub locations: CandidateLocations, + pub value: Value, +} +</code></pre><p>With all the data structures needed setup, we can finally refactor our old scanning code into a new method capable of dealing with all these cases. For brevity, I will omit the exact scan, as it remains mostly unchanged:<pre><code class=language-rust data-lang=rust>use winapi::um::winnt::MEMORY_BASIC_INFORMATION; + +... + +// inside `impl Process` +pub fn scan_regions(&self, regions: &[MEMORY_BASIC_INFORMATION], scan: Scan) -> Vec<Region> { + regions + .iter() + .flat_map(|region| match scan { + Scan::Exact(n) => todo!("old scan implementation"), + Scan::Unknown => { + let base = region.BaseAddress as usize; + match self.read_memory(region.BaseAddress as _, region.RegionSize) { + Ok(memory) => Some(Region { + info: region.clone(), + locations: CandidateLocations::Dense { + range: base..base + region.RegionSize, + }, + value: Value::AnyWithin(memory), + }), + Err(_) => None, + } + } + }) + .collect() +} +</code></pre><p>Time to try it out!<pre><code class=language-rust data-lang=rust>impl CandidateLocations { + pub fn len(&self) -> usize { + match self { + CandidateLocations::Discrete { locations } => locations.len(), + CandidateLocations::Dense { range } => range.len(), + } + } +} + +... + +fn main() { + // -snip- + + println!("Scanning {} memory regions", regions.len()); + let last_scan = process.scan_regions(&regions, Scan::Unknown); + println!( + "Found {} locations", + last_scan.iter().map(|r| r.locations.len()).sum::<usize>() + ); +} +</code></pre><pre><code>Scanning 88 memory regions +Found 3014656 locations +</code></pre><p>If we consider misaligned locations, there is a lot of potential addresses where we could look for. Running the same scan on Cheat Engine yields <code>2,449,408</code> addresses, which is pretty close. It's probably skipping some additional regions that we are considering. Emulating Cheat Engine to perfection is not a concern for us at the moment, so I'm not going to investigate what regions it actually uses.<h2 id=comparing-scanned-values>Comparing scanned values</h2><p>Now that we have performed the initial scan and have stored all the <code>CandidateLocations</code> and <code>Value</code>, we can re-implement the "next scan" step to handle any variant of our <code>Scan</code> enum. This enables us to mix-and-match any <code>Scan</code> mode in any order. For example, one could perform an exact scan, then one for decreased values, or start with unknown scan and scan for unchanged values.<p>The tutorial suggests using "decreased value" scan, so let's start with that:<pre><code class=language-rust data-lang=rust>pub enum Scan { + Exact(i32), + Unknown, + Decreased, // new! +} +</code></pre><p>Other scanning modes, such as decreased by a known amount rather than any decrease, increased, unchanged, changed and so on, are not very different from the "decreased" scan, so I won't bore you with the details.<p>I will use a different method to perform a "rescan", since the first one is a bit more special in that it doesn't start with any previous values:<pre><code class=language-rust data-lang=rust>pub fn rescan_regions(&self, regions: &[Region], scan: Scan) -> Vec<Region> { + regions + .iter() + .flat_map(|region| match scan { + Scan::Decreased => { + let mut locations = Vec::new(); + match region.locations { + CandidateLocations::Dense { range } => { + match self.read_memory(range.start, range.end - range.start) { + Ok(memory) => match region.value { + Value::AnyWithin(previous) => { + memory + .windows(4) + .zip(previous.windows(4)) + .enumerate() + .step_by(4) + .for_each(|(offset, (new, old))| { + let new = i32::from_ne_bytes([ + new[0], new[1], new[2], new[3], + ]); + let old = i32::from_ne_bytes([ + old[0], old[1], old[2], old[3], + ]); + if new < old { + locations.push(range.start + offset); + } + }); + + Some(Region { + info: region.info.clone(), + locations: CandidateLocations::Discrete { locations }, + value: Value::AnyWithin(memory), + }) + } + _ => todo!(), + }, + _ => todo!(), + } + } + _ => todo!(), + } + } + _ => todo!(), + }) + .collect() +} +</code></pre><p>If you've skimmed over that, I do not blame you. Here's the summary: for every existing region, when executing the scan mode "decreased", if the previous locations were dense, read the entire memory region. On success, if the previous values were a chunk of memory, iterate over the current and old memory at the same time, and for every aligned <code>i32</code>, if the new value is less, store it.<p>It's also making me ill. Before I leave a mess on the floor, does it work?<pre><code class=language-rust data-lang=rust>std::thread::sleep(std::time::Duration::from_secs(10)); +let last_scan = process.rescan_regions(&last_scan, Scan::Decreased); +println!( + "Found {} locations", + last_scan.iter().map(|r| r.locations.len()).sum::<usize>() +); +</code></pre><pre><code class=language-rust data-lang=rust>Found 3014656 locations +Found 177 locations +</code></pre><p>Okay, great, let's clean up this mess…<h2 id=refactoring>Refactoring</h2><p>Does it also make you uncomfortable to be writing something that you know will end up <em>huge</em> unless you begin refactoring other parts right now? I definitely feel that way. But I think it's good discipline to push through with something that works first, even if it's nasty, before going on a tangent. Now that we have the basic implementation working, let's take on this monster before it eats us alive.<p>First things first, that method is inside an <code>impl</code> block. The deepest nesting level is 13. I almost have to turn around my chair to read the entire thing out!<p>Second, we're nesting four matches. Three of them we care about: scan, candidate location, and value. If each of these <code>enum</code> has <code>S</code>, <code>C</code> and <code>V</code> variants respectively, writing each of these by hand will require <code>S * C * V</code> different implementations! Cheat Engine offers 10 different scans, I can think of at least 3 different ways to store candidate locations, and another 3 ways to store the values found. That's <code>10 * 3 * 3 = 90</code> different combinations. I am not willing to write out all these<sup class=footnote-reference><a href=#2>2</a></sup>, so we need to start introducing some abstractions. Just imagine what a monster function you would end with! The horror!<p>Third, why is the scan being executed in the process? This is something that should be done in the <code>impl Scan</code> instead!<p>Let's begin the cleanup:<pre><code class=language-rust data-lang=rust>pub fn rescan_regions(&self, regions: &[Region], scan: Scan) -> Vec<Region> { + todo!() +} +</code></pre><p>I already feel ten times better.<p>Now, this method will unconditionally read the entire memory region, even if the scan or the previous candidate locations don't need it<sup class=footnote-reference><a href=#3>3</a></sup>. In the worst case with a single discrete candidate location, we will be reading a very large chunk of memory when we could have read just the 4 bytes needed for the <code>i32</code>. On the bright side, if there <em>are</em> more locations in this memory region, we will get read of them at the same time<sup class=footnote-reference><a href=#4>4</a></sup>. So even if we're moving more memory around all the time, it isn't <em>too</em> bad.<pre><code class=language-rust data-lang=rust>regions + .iter() + .flat_map( + |region| match self.read_memory(region.info.BaseAddress as _, region.info.RegionSize) { + Ok(memory) => todo!(), + Err(err) => { + eprintln!( + "Failed to read {} bytes at {:?}: {}", + region.info.RegionSize, region.info.BaseAddress, err, + ); + None + } + }, + ) + .collect() +</code></pre><p>Great! If reading memory succeeds, we want to rerun the scan:<pre><code class=language-rust data-lang=rust>Ok(memory) => Some(scan.rerun(region, memory)), +</code></pre><p>The rerun will live inside <code>impl Scan</code>:<pre><code class=language-rust data-lang=rust>pub fn rerun(&self, region: &Region, memory: Vec<u8>) -> Region { + match self { + Scan::Exact(_) => self.run(region.info.clone(), memory), + Scan::Unknown => region.clone(), + Scan::Decreased => todo!(), + } +} +</code></pre><p>An exact scan doesn't care about any previous values, so it behaves like a first scan. The first scan is done by the <code>run</code> function (it contains the implementation factored out of the <code>Process::scan_regions</code> method), which only needs the region information and the current memory chunk we just read.<p>The unknown scan leaves the region unchanged: any value stored is still valid, because it is unknown what we're looking for.<p>The decreased scan will have to iterate over all the candidate locations, and compare them with the current memory chunk. But this time, we'll abstract this iteration too:<pre><code class=language-rust data-lang=rust>impl Region { + fn iter_locations<'a>( + &'a self, + new_memory: &'a [u8], + ) -> impl Iterator<Item = (usize, i32, i32)> + 'a { + match &self.locations { + CandidateLocations::Dense { range } => range.clone().step_by(4).map(move |addr| { + let old = self.value_at(addr); + let new = i32::from_ne_bytes([ + new_memory[0], + new_memory[1], + new_memory[2], + new_memory[3], + ]); + (addr, old, new) + }), + _ => todo!(), + } + } +} +</code></pre><p>For a dense candidate location, we iterate over all the 4-aligned addresses (fast scan for <code>i32</code> values), and yield <code>(current address, old value, new value)</code>. This way, the <code>Scan</code> can do anything it wants with the old and new values, and if it finds a match, it can use the address.<p>The <code>value_at</code> method will deal with all the <code>Value</code> variants:<pre><code class=language-rust data-lang=rust>fn value_at(&self, addr: usize) -> i32 { + match &self.value { + Value::AnyWithin(chunk) => { + let base = addr - self.info.BaseAddress as usize; + let bytes = &chunk[base..base + 4]; + i32::from_ne_bytes([bytes[0], bytes[1], bytes[2], bytes[3]]) + } + _ => todo!(), + } +} +</code></pre><p>This way, <code>iter_locations</code> can easily use any value type. With this, we have all <code>enum</code> covered: <code>Scan</code> in <code>rerun</code>, <code>CandidateLocation</code> in <code>iter_locations</code>, and <code>Value</code> in <code>value_at</code>. Now we can add as many variants as we want, and we will only need to update a single <code>match</code> arm for each of them. Let's implement <code>Scan::Decreased</code> and try it out:<pre><code class=language-rust data-lang=rust>pub fn rerun(&self, region: &Region, memory: Vec<u8>) -> Region { + match self { + Scan::Decreased => Region { + info: region.info.clone(), + locations: CandidateLocations::Discrete { + locations: region + .iter_locations(&memory) + .flat_map(|(addr, old, new)| if new < old { Some(addr) } else { None }) + .collect(), + }, + value: Value::AnyWithin(memory), + },, + } +} +</code></pre><pre><code>Found 3014656 locations +Found 223791 locations +</code></pre><p>Hmm… before we went down from <code>3014656</code> to <code>177</code> locations, and now we went down to <code>223791</code>. Where did we go wrong?<p>After spending several hours on this, I can tell you where we went wrong. <code>iter_locations</code> is always accessing the memory range <code>0..4</code>, and not the right address. Here's the fix:<pre><code class=language-rust data-lang=rust>CandidateLocations::Dense { range } => range.clone().step_by(4).map(move |addr| { + let old = self.value_at(addr); + let base = addr - self.info.BaseAddress as usize; + let bytes = &new_memory[base..base + 4]; + let new = i32::from_ne_bytes([bytes[0], bytes[1], bytes[2], bytes[3]]); + (addr, old, new) +}), +</code></pre><h2 id=going-beyond>Going beyond</h2><p>Let's take a look at other possible <code>Scan</code> types. Cheat Engine supports the following initial scan types:<ul><li>Exact Value<li>Bigger than…<li>Smaller than…<li>Value between…<li>Unknown initial value</ul><p>"Bigger than" and "Smaller than" can both be represented by "Value between", so it's pretty much just three.<p>For subsequent scans, in addition to the scan types described above, we find:<ul><li>Increased value<li>Increased value by…<li>Decreased value<li>Decreased value by…<li>Changed value<li>Unchanged value</ul><p>Not only does Cheat Engine provide all of these scans, but all of them can also be negated. For example, "find values that were not increased by 7". One could imagine to also support things like "increased value by range". For the increased and decreased scans, Cheat Engine also supports "at least xx%", so that if the value changed within the specified percentage interval, it will be considered.<p>What about <code>CandidateLocations</code>? I can't tell you how Cheat Engine stores these, but I can tell you that <code>CandidateLocations::Discrete</code> can still be quite inefficient. Imagine you've started with a scan for unknown values and then ran a scan for unchanged valueus. Most values in memory will have been unchanged, but with our current implementation, we are now storing an entire <code>usize</code> address for each of these. One option would be to introduce <code>CandidateLocations::Sparse</code>, which would be a middle ground. You could implement it like <code>Dense</code> and include a vector of booleans telling you which values to consider, or go smaller and use a bitstring or bit vector. You could use a sparse vector data structure.<p><code>Value</code> is very much like <code>CandidateLocations</code>, except that it stores a value to compare against and not an address. Here we can either have an exact value, or an older copy of the memory. Again, keeping a copy of the entire memory chunk when all we need is a handful of values is inefficient. You could keep a mapping from addresses to values if you don't have too many. Or you could shrink and fragment the copied memory in a more optimal way. There's a lot of room for improvement!<p>What if, despite all of the efforts above, we still don't have enough RAM to store all this information? The Cheat Engine Tutorial doesn't use a lot of memory, but as soon as you try scanning bigger programs, like games, you may find yourself needing several gigabytes worth of memory to remember all the found values in order to compare them in subsequent scans. You may even need to consider dumping all the regions to a file and read from it to run the comparisons. For example, running a scan for "unknown value" in Cheat Engine brings its memory up by the same amount of memory used by the process scanned (which makes sense), but as soon as I ran a scan for "unchanged value" over the misaligned values, Cheat Engine's disk usage skyrocketed to 1GB/s (!) for several seconds on my SSD. After it finished, memory usage went down to normal. It was very likely writing out all candidate locations to disk.<h2 id=finale>Finale</h2><p>There is a lot of things to learn from Cheat Engine just by observing its behaviour, and we're only scratching its surface.<p>In the next post, we'll tackle the fourth step of the tutorial: Floating points. So far, we have only been working with <code>i32</code> for simplicity. We will need to update our code to be able to account for different data types, which will make it easy to support other types like <code>i16</code>, <code>i64</code>, or even strings, represented as an arbitrary sequence of bytes.<p>As usual, you can <a href=https://github.com/lonami/memo>obtain the code for this post</a> over at my GitHub. You can run <code>git checkout step3</code> after cloning the repository to get the right version of the code. This version is a bit cleaner than the one presented in the blog, and contains some of the things described in the <a href=https://lonami.dev/blog/woce-3/#going-beyond>Going beyond</a> section. Until next time!<h3 id=footnotes>Footnotes</h3><div class=footnote-definition id=1><sup class=footnote-definition-label>1</sup><p>Well, technically, we will perform a million memory reads<sup class=footnote-reference><a href=#5>5</a></sup>. The issue here is the million calls to <code>ReadProcessMemory</code>, not reading memory per se.</div><div class=footnote-definition id=2><sup class=footnote-definition-label>2</sup><p>Not currently. After a basic implementation works, writing each implementation by hand and fine-tuning them by treating each of them as a special case could yield significant speed improvements. So although it would be a lot of work, this option shouldn't be ruled out completely.</div><div class=footnote-definition id=3><sup class=footnote-definition-label>3</sup><p>You could ask the candidate locations where one should read, which would still keep the code reasonably simple.</div><div class=footnote-definition id=4><sup class=footnote-definition-label>4</sup><p>You could also optimize for this case by determining both the smallest and largest address, and reading enough to cover them both. Or apply additional heuristics to only do so if the ratio of the size you're reading compared to the size you need isn't too large and abort the joint read otherwise. There is a lot of room for optimization here.</div><div class=footnote-definition id=5><sup class=footnote-definition-label>5</sup><p>(A footnote in a footnote?) The machine registers, memory cache and compiler will all help lower this cost, so the generated executable might not actually need that many reads from RAM. But that's getting way too deep into the details now.</div></main><footer><div><p>Share your thoughts, or simply come hang with me <a href=https://t.me/LonamiWebs><img src=/img/telegram.svg alt=Telegram></a> <a href=mailto:totufals@hotmail.com><img src=/img/mail.svg alt=Mail></a></div></footer></article><p class=abyss>Glaze into the abyss… Oh hi there!
M
sitemap.xml
→
sitemap.xml
@@ -103,7 +103,7 @@ <lastmod>2019-06-03</lastmod>
</url> <url> <loc>https://lonami.dev/blog/posts/</loc> - <lastmod>2018-02-03</lastmod> + <lastmod>2021-02-19</lastmod> </url> <url> <loc>https://lonami.dev/blog/ribw/</loc>@@ -194,11 +194,15 @@ <lastmod>2020-07-03</lastmod>
</url> <url> <loc>https://lonami.dev/blog/woce-1/</loc> - <lastmod>2021-02-16</lastmod> + <lastmod>2021-02-19</lastmod> </url> <url> <loc>https://lonami.dev/blog/woce-2/</loc> - <lastmod>2021-02-16</lastmod> + <lastmod>2021-02-19</lastmod> + </url> + <url> + <loc>https://lonami.dev/blog/woce-3/</loc> + <lastmod>2021-02-19</lastmod> </url> <url> <loc>https://lonami.dev/blog/world-edit/</loc>