Программы для читов в играх под GNU/Linux
В Windows есть такие программы, например Artmoney, CheatEngine, TCheat и так далее — скажем пишешь значение жизней, ищешь в памяти, потом изменилось — отсеиваешь, повторяешь поиск и так далее, а когда нашел конкретный адрес, можно себе поставить бесконечные жизни. Некоторые из этих программ умеют кроме того ещё и дизассемблировать код в памяти, ставить брейкпоинты и так далее.
А вот про что-то такое под GNU/Linux я не слышал ни разу. Стало интересно, есть или нет?
Пользоваться не собираюсь, впрочем скорее всего, так как поправить код в исходнике вероятно проще.
Пока нет, но благодаря лёгкой доступности данных в /proc ждать недолго. Возможно, придётся пересобрать ядро для отключения жёсткой безопасности данных в памяти
регистранты выше «не в теме» походу
вот то, что тебе нужно:
Ну если когда-нибудь игры под linux появятся, то наверное и читы напишут.
ОК, как с помощью GDB делать поиск с отсеиванием? Скажем ты знаешь что у тебя в игре четыре жизни, ищешь все ячейки где есть int 4 (04 00 00 00), далее, тебя убивают, у тебя только три, из сформированного списка ячеек выбираешь те, где сейчас 03 00 00 00, потом ещё раз убивают — отсеиваешь те где стало int 2, а потом взял скажем жизнь, ищешь опять int 3. На каждом шаге количество возможностей уменьшается и в конце остаётся только несколько, а если повезёт одна. А там можно искусственно записать скажем 01 в первую, 02 во вторую и тд и смотришь сколько жизней стало в игре, соответственно, адрес запоминаешь/записываешь, а потом замораживаешь (то есть чтобы отладчик при каждом изменении записывал туда старое значение или просто ставил бряк на память и команды mov [lives],* просто пропускал) или ставишь на int 9001 и играешь дальше
Это одна и та же программа, только вторая — фронтенд к первой. А вообще да, я именно про что-то такое спрашивал.
А другие какие-то есть или всем одной этой хватает?
Это одна и та же программа, только вторая — фронтенд к первой.
я знаю это. Просто ВДРУГ тебе одного scanmem хватит?) Мало ли.
есть более толстые средства типа gdb и/или прямая работа (поиск/замена) в /proc
в любом случае, если тебя scanmem не устраивает — без программирования и/или велосипедирования не обойтись
Я знаю, что в CE есть ускоритель/замедлитель процессов, мне его лишь не хватает. Как другим — не знаю.
в любом случае, если тебя scanmem не устраивает — без программирования и/или велосипедирования не обойтись
Из мана мне показалось, что он float искать не умеет и не позволяет задать тип переменной при поиске. А так, я ещё не пробовал, может хватит и этого.
есть более толстые средства типа gdb и/или прямая работа (поиск/замена) в /proc
А через gdb можно так делать или нет?
А так, я ещё не пробовал, может хватит и этого
установить геймконкверрор — дело 20 секунд, а запустить и посмотреть поддерживаемые типы данных для поиска — еще 40
А через gdb можно так делать или нет?
понятия не имею, я его юзал только пару раз когда вскрывал core файлы. Думаю, любой отладчик с чем-то подобным типа «browse memory region» подойдет.
Источник
Game Conqueror – Cheat Engine for Linux
by Gamecheetah.org · Published May 3, 2017 · Updated May 3, 2017
Don’t you hate all those who use Cheat Engine to cheat Windows games, and you can’t do the same on Linux? For the long time, there wasn’t good alternative for Cheat Engine on Linux. Today, it is different story. Now there is very good memory scanner/editor available for Linux. It is called Scanmem. It is like Cheat Engine for Linux. This guide will show you how to do basic setup of scanmem, and lead you to install graphic user interface for this program. Graphic user interface is called Game Conquerer.
Game Conqueror – Cheat Engine for Linux
In this tutorial we will only go trough installing required software, practical example of using the Game Conqueror will be made later.
First step you will need to do is to install scanmem on your system. For this tut, we will use Ubuntu Mate (Ubuntu variant), and used commands will work on all Ubuntu based systems. On other distors, you can use your favorite package manager to install it, or do it through terminal.
On Ubuntu Mate, we have to run following command:
If you don’t have package manager, you can find scanmem on Github (LINK), so it can be compiled manually.
With this step done, you can do basic memory scanning and/or editing through commandline interface.
First, find the ID of the wanted process, and open that process in scanmem.
You can see IDs of all running processes with the following command.
If you want to narrow down the list, you can use the following command:
This command will only show process IDs of the processes that contains word “gamecheetah” in it.
After wanted process ID is found, in the terminal run
and continue with scanning.
For non-masochistic readers
If you don’t want to play hackerman in the terminal, run the following command:
It will install Game Conqueror and all dependencies automatically. If everything finished smoothly, type:
GUI that will show up will be familiar if you ever used Cheat Engine.
Congratulations, you are ready to cheat some Linux games. 
Источник
Cheat engine для линукс
cheat-engine released this Dec 31, 2015
Fixes:
Fixed page exception breakpoints from not working
Fixed the save as button in the lua script assigned to the table
Fixed the dotnetdatacollector from not fetching parent fields
Fixed disassembling of some instructions
Fixed assembling some instructions
Fixed assembling instructions that referenced address 80000000 to ffffffff in 64-bit targets
Fixed dealing with unexpected breakpoints
Fixed several issues with the network scanner. (symbols, scanspeed, threads, etc. )
Fixed «going to» 64-bit registers.
Fixed pointerstrings for 64-bit
Fixed the addressparser in memview’s hexview not handing static 64-bit addresses
Fixed r8 and r9 looking broken in the memoryview window
Fixed hotkeys that set a value as hexadecimal and the value is smaller than 0x10
Fixed multiline string editing for memory records
Fixed dragging cheat tables into CE
Fixed VEH debug for ‘Modern’ apps
Fixed several translation issues
lua:
fixed getStructureCount, writeRegionToFile, readRegionFromFile, readInteger, ListColum.GetCount
fixed memoryleak in MemoryStream
Several fixes to DBVM:
added support for Windows 10
support for more than 8 cpu’s
support for newer cpu’s
fixed issue where calling CPUID right after setting the TF flag wouldn’t trigger a breakpoint after it
Additions and changes:
Array of Byte’s can now deal with nibble’s. (e.g: 9* *0 90 is now a valid input- and scanstring)
The auto assembler can now deal with some mistakes like forgetting to declare a label
Added support to use binutils as assembler and disassembler, and a special scripting language for it
Added support for 64-bit mono, and script support for cases where mono.dll isn’t called mono.dll
Added an option to get a list of all recently accessed memory regions. This is useful for the pointerscanner
The pointerscanner can now use multiple snapshots (pointermaps) to do a scan. This basically lets you do a rescan during the first scan, saving your harddisk
Made the pointerscan network scanner a bit easier to use. You can now join and leave a pointerscan session
You can now stop pointerscans and resume them at a later time
Pointerscan files can get converted to and from sqlite database files
The pointerscan configuration window now has an advanced and basic mode display
The all type now has a setting that lets you define what under «all» falls
Custom types now also have access to the address they’re being used on
Split up the «(de)activating this (de)activates children» into two seperate options (one for activate, one for deactivate)
Added some basic Thumb disassembling
The xmplayer has been replaced with mikmod which supports many different module types (in lua you still call it xmplayer)
Rightlicking on «your system supports dbvm» will let you manually load DBVM for each cpu. This is usefull if for some reason your system crashes when it’s done too quickly
In «Find what addresses this instruction accesses» you can now open the structure dissect window of your choice in case there are others. It will also fill in the base address, so no need to recalculate yourself
AA command GlobalAlloc now has an optional 3th parameter that lets you specify the prefered region
Added an option to record and undo writes. (Off by default, can be enabled in settings. Memview ctrl+z will undo the last edit)
Added aobscanregion(name,startaddress,stopaddress,aob)
lua:
switched from Lua 5.1 to 5.3
debug_setBreakpoint can now take an OnBreakpoint parameter that lets you set a specific function just for that breakpoint
added dbk_getPhysicalAddress(int)
added dbk_writesIgnoreWriteProtection(bool)
added getWindowList()
And a bunch of other lua functions. (check out main.lua)
Post release fixes (max 7 days after initial release *or 30 if a HUGE bug):
Fixed structure dissect from crashing when autodestroy is on
Fixed window position loading on multi monitor systems
Fixed the lua customtype and
Several minor gui fixes
1/10/2015: Fixed functions that take integers failing when a number was provided
cheat-engine released this Jun 17, 2015
Fixes:
Network: Network server can now handle multiple incoming connections at the same time
Gui: Fixed a crash when using multiple scan tabs
Assembler/Disassembler: Fixed several assembler/disassembler bugs
Debug: Fixed issues where deleting a breakpoint wouldn’t actually remove it, causing a crash
Debug: Fixed a problem where deleting a breakpoint that was marked for deletion would never happen if the game was constantly triggering the debugger
Lua: Fixed the 6.2 and earlier version of opendialog_execute
Lua: Fixed memscan.waitTillDone() when using it on the gui memscan
Lua: Fixed speedhack_setSpeed() not taking more than 3 digits
D3D Hook: Direct3D9 objects now support transparency
D3D Hook: Fix detection of which directx version is actually used for rendering
Dissect Data: Fixed the column click detection when scrolled
Auto Assembler: Fixed some commands not highlighting properly
Ultimap: Fixed ultimap so it now works in windows 8
Ultimap: Fixed the hotkeys
Ultimap: Fixed the hint popup for pre-emptive flushing
Symbols: Fixed a problem where 32-bit modules where detected as 64-bit
Memory Scan: Fixed next scan causing a buffer overflow in some rare situations
Form Designer: Fixed a problem where deleting a non visible object failed (press the delete key in the object inspector tree)
Trainer Designer: Fixed the go back to generated form from functioning and related issues
PE-Info: Fixed a possibility where a bad PE header could cause an read error
Memory view: Hexview: Fix 8-byte value editing
Syntax Highlighters LUA/AA: Fixed UTF8 encoded text
Syntax Highlighters AA: Added xmm registers
Additions and changes:
Address List: Added a group option that shows a +/- sign in front of group entries
Address List: Pressing enter on a single entry now goes into value edit mode
Address List: Added an option so certain entries in the address list show a groupbox the user can pick from
Auto Assembler: New auto assembler templates that focus on Array of Byte scans(thanks to jgoemat)
Auto Assembler: The auto assembler can now handle <$LUA>and <$ASM>preprocessors for multiline lua scripts
Break And Trace: Added a donottrace.txt file in the base directory which holds a list of modules that should not be traced but stepped over instead
Pointerscan: Improved performance of the pointer scanner
Pointerscan: The pointerscan now has the option to generate a lot smaller .PTR files
Pointerscan: Added the ability to do a distributed pointerscan and pointer rescan
ProcessList: You can now type in the processlist to filter for the specific process
Network: Added a basic ARM assembler/disasembler
Network: The linux/android network version can now use basic debugging (find what access/writes)
Network: Added speedhack to the network version
Network: The network version now compresses read/write process memory before sending to the client. The compression level can be changed at runtime
Network: Added module injection for linux/android
Symbols: Added better support for .PDB debug files so parameters and local variable references show when that data is available
Symbols: Added support for .Net
Symbols: Added support for Java (proof-of-concept showing off the extendabilty of CE)
Symbols: Added support for Mono (^)
Memory view: Hexview: Added decimal display modes for the other types
Memory View: Added shift-scrollng to the hexview and disassembler so you can scroll by 1 byte changes instead of the default calculated sizes
Stack View: Added a search option
D3D Hook: you can now reattach the D3D hook to a process that previously had been hooked
Lua engine window: Added a search and replace option to the editor
Lua engine window: Added the ability to set breakpoints, inspect variables and step over lines
Lua engine window: Enabled tab indentation of blocks
Lua engine window: Some extra customization options
Trainer Generator: Replaced the beepOnAction with playSoundOnAction and added 2 build in activate/deativate sounds. (You can override them)
Trainer Generator: The XM file field now has a play button
Lua/Trainer Generator/Designer: Added several new components , propertes and methods.
Lua: Added a dll search path to cedir\clibs32 or cedir\clibs64 depending on which cheat engine version is used. Use it for lua extentions
Lua: Made it more forgiving about method and property names
Lua: Added some threading helper functions
Lua: You can now override the disassembler/assembler
Lua: Lots of other new features. Check out main.lua
again, big thanks to SER[G]ANT for providing us with the latest translation files for the Russian language
Post release fixes (max 7 days after initial release *or 30 if a HUGE bug):
20-06-2014: Fixed an issue with the driver not responding to Cheat Engine even if it has a proper signature
26-06-2014: Fixed custom types in data dissect, fixed the Visible property of forms, and changed the way unreadable addresses are handled
Ignore the sourcefiles below. I tried to mark it as a release for commit 758d3fc but it didn’t let me
Источник
