There is already article “Some things about Cheat Engine I wish I would have known earlier”, yet I will try to write OC (original content).
Dissect Code…
Basically a thing that unlocks access to Referenced functions / strings. Not everyone knowns how dissect code works. Most of people, will try initially access referenced functions and strings waiting for dissect code to complete. Yet that leaves out that, not everybody knowns how to save dissect code after tool has run.
In order to save dissect code after dissect code function has been ran, open at
memory viewer --> tools --> dissect code.
If you have used tool, you will see a numbers of calls/jumps. At the dissect code form at Main menu there is a file menu item which from there you can save dissect code data to .CDC file --- which later if CE would crash or something else would happen... data would be lost…
Yet tool practically falls there (…) static data changes over time. For example, at first launch process entry point was at process+1111 later after reboot or next app launch, process entry is at process+2222 or important process+3333 function had changed opcodes/instructions over time… and this is really will get annoying if you need in dissect code to wait more than 30 minutes just to map module/process… Point: Dissect code data doesn’t update self (although you can manually rerun function) …
Stackview/Threadlist…
Stack view has different stack view of same thread, that depends from there you are inspecting thread stack. For example, let’s say you did debug break a thread 0xAAA on example E/R/IP and you will see that has only 4/5 rets till 0. While in the thread list of thread 0xAAA shows that returns to 0 after 9 rets – that might be confusing.
There is only one stack per thread. (VEH)
Find what accesses…
Yet this does not always show correctly how many different unique addresses what accesses.(VEH)
Scan for patches…
Well this practically speaks for it self. This form can patch .exe/.dll now IF .exe / .dll is constant.
e.g. doesn’t have code that changes function opcodes/instruction of $module+NNNN
In order to patch you must make changes to module and select changes made you want to save module…
Options…
You probably want to use. This solves most of the time when app crashes when debugging aka. "what accesses..." when app doesn’t run any checks. Else you could setup breakpoints on crash points and try resolve ‘em…
(This suggest comes from RDR2, since without this crashes very often)
uncheck synchronize symbols and mark do not load.
debug strings what similarly does "dbgview",
Alternative to dbgview (basically hidden breakpoint at KERNELBASE.OutputDebugString)
which in order to work cheat engine first needs to inject into targeted app to start gathering output.
IF application uses OutputDebugString.
Memory viewer -> Debug strings
...