Geek Answers Handbook

How can there be static addresses in C / C ++ programs?

I distorted the Cheat Engine a bit, which allows you to control and process the memory of running processes in Windows: you look at the variables based on their value, then you can change them, for example, cheat in the game.

To write a bot or something similar, you need to find the static address for the variable you want to change, i.e. one that stays the same if the process restarts. The method for doing this is something like this:

  • Find the address of the variable you are interested in by searching by value
  • Find the code using this address, for example. find the address of the structure to which it belongs (since structural offsets are fixed)
  • Look at another pointer pointing to that pointer until you find one with a static address (displayed as green in the Cheat Engine).

This seems to be just fine, judging by the textbooks I was looking at, but it's hard for me to understand why they work.

Not all variables, including global static ones, get a rather random address at run time?

Bonus questions:

  • How can the Cheat Engine determine if the address is static (that is, it will remain on reboot)?
  • The textbook said that many old and some modern games (for example, Call of Duty 4) use only static addresses. How is this possible?
+7
memory-management windows memory operating-system
source share
2 answers

First, I will answer bonus questions, because they introduce some concepts that you might need to understand the answer to the main question.

The answer to the first question about the bonus is easy if you know how the executable works: all global / static variables are inside the .data section, in which .exe stores the address offset for the section, so the Cheat Engine just checks if the variable is in this address range (from this section to the next).

In the second question, you can use only static addresses, but this is almost impossible for the game. Even the elders. What the creator of the textbook probably tried to say is that all the variables he wants actually point to them with a pointer to statics. But just because you create a local variable or even pass an argument to a function, their values ​​are stored on the stack. This is why it is almost impossible to have a “static” program. Even if you compile a program that actually does nothing, it will probably store some things on the stack.

For the whole question, not all dynamic address variables are indicated by a global variable. It depends entirely on the programmer. I can create a local variable and never assign its address to a global / static pointer in a C program, for example. The only way to find this address in this case is to really know the code when the variable was first assigned a value on the stack.

Some variables have a dynamic address because they are only local variables that are stored on the stack when they have a value assigned to them.

Some other variables have a static address, because they are declared as a global or static variable to the compiler. These variables have a fixed address offset, which is part of the .data section in the executable.

The executable file has a fixed offset address for each section within it, and the .data section is no exception.

But it is worth noting that the offset within the executable itself is fixed. In the operating system, everything can be different (all random addresses), but this is the task of the OS, abstracting this kind of thing for you (creating in this case an executable virtual address space). Therefore, it just looks like static variables, actually static, but only inside the executable memory space. In RAM, anything can be anywhere.

Finally, it’s hard to try to explain this to you because you need to understand how executables work. A good start would be to find some explanations regarding low-level programming, for example, the stack frame, calling conventions, assembly language itself and how compilers use some well-known methods of controlling functions (areas in general), global / static / local / constant variables and the memory system (partitions, stack, etc.) and perhaps some research on PE files (and even ELF).

+10
source share

As I understand it, variables declared static have a constant bias in the program data. This means that when the program is loaded into RAM, the variable offset will always be the same. Since the starting address of the program is known worldwide, finding a static variable based on the offset, as you mentioned, should be a trivial task. Therefore, although a pointer to a static variable may be random in the scheme of things, its shift to the beginning of program memory should remain unchanged regardless of when the program starts. Thus, the Cheat Engine (although I do not know the software) most likely saves the offset of the static variable, and then, when the software starts, applies this logic to find this variable.

As for how this can be said, this is a static variable in the first place ... well, this is partly a guess, but when you declare a static variable in C, I assume that the compiler / linker sets some kind of flag, so the OS knows that This is a static variable. It may also be that all static variables are stored in a specific way or with a specific address offset for all programs compiled for a specific target system. Again, not too sure about this, but from what I understand about memory management, this seems to make the most sense. Under these assumptions, it is entirely possible that the program contains only static variables. The difference is that memory is allocated statically during program execution, as opposed to dynamic (as when calling malloc () or similar). If the variables were saved dynamically, I’m sure they can be easily found, so I don’t think it matters to the Cheat Engine whether the variable is static or not. However, since I assume that the Cheat Engine wants to change the game at startup (just like the old GameSharks used for ... ahh, skip those days), it is probably more reliable to modify variables that are static, instead of look for pointers and parse code, etc. etc.

If you are interested in learning more, I would recommend checking out something like this tutorial in OSDev !

+2
source share

More articles:


All Articles