Something like the prompt function in javascript.

Would be useful for something like "How many lives do you want?" or if the script is a general script for all processes: "Which address would you like to do X?".

Hey

Can you provide the source for http://dl.dropbox.com/u/10108199/FindPointerTest.zip? I'm interested in modifying it a bit and watching what happens with Bit Slicer.

Ps., done translating soon

Thanks

The NSTableViews need to be updated to Cocoa's View based ones before cell-based views really becomes deprecated. This applies to search documents, watching variables read/write accesses, and debugger window (including disassembly table, backtrace table, and registers table).

We also want to preserve expected behavior (e.g.: double clicking a NSTextField should bring up the editable field). Indicating that a value is frozen in a search document or a target is halted at a particular instruction in the debugger is done by changing the text color to red. This is probably not a very good idea; it would be nicer if we could display a graphic in one of the row items instead.

How hard would it be to implement a feature to search by symbol name in the debugger ?

If I were interested in implementing such a feature, where should I start ?

Is it possible to have feature like Cheat Engine/GameHack that can search for unknown value type and then search for changes (is bigger than unknown & is less than unknown)?

I was looking at the float menu, trying to search for a floating point value, but the epsilon and value box is confusing, why are there two inputs?

now i can mod most games with this but when it comes to a health bar or a bar type value. no one knows the exact value.

now is there a current method to search for an unknown value meaning do an initial scan for every single value in the memory on the attached process.

then do a scan based on these:
Value has increased
Value has decreased
Value is unchanged (like you haven't done anything in the game yet to change the value good for cleaning out constant changing values)

i want to be able to do the same thing here: https://youtu.be/r1V7RQKPuIs?t=134
but with BitSlicer

It seems like Bit Slicer (1123) may be being denied access to view Chrome's memory in my OS X El Capitan (10.11.3). When I search--even 1s or 0s--my results are empty. Memory viewer for Chrome processes is empty too. I am able to access the memory for FindPointerTest.

My console gives this message repeatedly:
2/16/16 2:52:25.000 PM kernel[0]: Sandbox: Bit Slicer(9036) System Policy: deny(1) mach-priv-task-port 9063

A quick google suggests that there may be something wrong with the kext signing?

Hi,
Thanks for this awesome program, but a quick question,
I wonder why you do not have the binary release?
I have managed to compile it myself, but for average user, seems it is going to be a bit difficult for them.

Thank you, cheers.

Hi,
I am learning about the scripting capabilities of Bit-Slicer, I wondered if you might be able to help with a few questions

1. Can you use the import bitslicer independently of Bit Slicer - i.e can you write standalone python apps that use the bitslicer library?
2. I am hacking away at Doom (the 90s shooter), I have found the function that fires the pistol usint Bit-Slicer, and the address where its at, and therefore the assembly code. In a script I now want the gun to continously fire:

    def execute(self, deltaTime):
        #fire gun continuously by calling the function in memory

I have extracted both the assembly code, and the HEX directly from the memory viewer. What would be cool is to take that hex code and drop it into a function in python, inside the execute function. Is there a way to do that, or is there a way in Python to call a function at a memory address?

P.S My hex code from the memory viewer of the fire_pistol function looks like:

CC 89 E5 56 53 83 EC 10 8B 75 08 E8 00

and the assembly code I extracted from the debugger looks like:

push ebp    55
mov ebp, esp    89 E5
push esi    56
push ebx    53
sub esp, 0x10   83 EC 10
...
pop ebx 5B
pop esi 5E
leave   C9
jmp 0x3d320 E9 EC FE FF FF

Just for kicks, I tried to inject the assembly code as a hook when the gun was actually fired, to see if it fired twice. The hook failed as the assembly code apparently had a syntax error. My knowledge of assembly is very small.....

Thanks!

I am using this feature using lldb:

breakpoint set -a addr
(lldb) br com add
Enter your debugger command(s). Type 'DONE' to end.
register write pc new_addr
continue
DONE

How do I do that in bit slicer?

HI all,

I'm running OS X 10.10.5, so this isn't a duplicate of #32. However, the symptoms are very similar: cannot search or view the memory of VirtualBox's process (VBoxHeadless).

Can anyone maybe suggest a workaround?

Nothing to see here, mad a mistake!

When I tried to compile the .xcodeproj (Version 9.1 (9B55) — High Sierra 10.13.2 (17C205)) I'm getting the following build error:

/Users/alexander/Desktop/Bit-Slicer/Bit Slicer/ZGMemoryWindowController.m:561:6: Multiple methods named 'processID' found with mismatched result, parameter type or attributes

To me it seems like ZGProcess.processID is conflicting with Core Data?

Would be nice to have a saved variables panel like in Cheat Engine.

Search memory, find variable, save it -> variable pops up in panel and memory value is constantly updated there. Future searches don't affect the saved variables panel, only the (existing) search panel.

Is there some dependency that require 10.8?

For single player games, would be really nice to control the speed. There are games with strategies that involve waiting, and a speedhack would save you the boredom.

Currently, Bit Slicer can search by "greater than" and "less than", but does not allow the user to specify both bounds simultaneously. This makes searching for floating point values unnecessarily time consuming, since a value in the interval [100, 101] is going to be hard to find if you search the whole address space for things "above 100" or "below 101" (the zeros!).

Hi,

It would be nice to allow the description column to expand larger so I can make better use of full-screen real-estate. I cannot expand it further than this:

If it doesn’t... It would be really cool to make one. :)

if possible add support for search for all Data Types, Floats, DWORDS, Integers, Strings Etc Option.

I need help "Any scripts"

Currently you'd have to launch Bit Slicer as root which is not very desirable.

Exploring how HexFiend includes a privileged helper tool might be the best direction to take. Hopefully separating all the VM access will not bring down performance.

I'm not exactly how Freezing a value is supposed to work. If it's supposed to monitor a value and if it gets changed, it quickly changes it back to its original value then it doesn't work I think. Although I've "frozen" a player's health when he gets shot the program changes the frozen value.

Some of Apple's applications on 10.11 are 'rootless' meaning that attaching to them is not feasibly possible. We need to figure out how to detect these non-attachable processes and remove them from the process target list. Sorting Apple's processes/applications to the bottom of the target list would also be logical because the common case is attaching to a third party video game.

Related: #2

I'm curious how I can set addresses relevant to some base address. i.e. I find two values whose addresses are 8 bytes apart from each other. Every time the program starts I have to search for the "base" address, but as soon as I've found it then I want the remaining values in the set to be immediately mapped relevant to that one. Is that possible?

Especially when watching strings, you will get access from std::assign. The problem is, that you cannot set a breakpoint on std::assign as it is used very often. Conditional breakpoints e.g. eax == string address are crashing the watched software.

It would be nice if the watch window could show a backtrace, so you know which functions set the string.

Hei

A feature I'm missing is the ability to add a pointer to the Memory Viewer, as you can add int and floats. You need to be able to define what to read at the address the pointer resolves to.

Right now, I manually select 8 bytes from the Memory Viewer, add a new pointer to Bit Slicer, add a new variable (eg. 8 bit string) with the pointer's address in []'s and that shows me the value.

This would be awesome to have in the Memory Viewer itself; quickly be able to read what's at the other end.

Not all games support minimizing. It would be nice to be able ssh into a machine and run the scanner from the terminal.

This is an extremely useful tool.

However, if it had this feature, using it would be a hundred times easier.

Regards.

Running Chrome 50.0.2661.94 64-bit on OSX El Capitan version 10.11.3.

I am trying to slice "Cave Heroes" running in Flash. No matter which Chrome process I select, every search completes almost instantly with no result. I used to be able to do this with no problem as recently as 3 months ago. I have used Chrome Task Manager to find the correct processes for the tab I'm running AND for the Flash plugin - but from the app's response time, it doesn't look as though a search is happening at all.

A search for the 32 bit int "1" should almost always return a result in any app. But this search returns nothing.

When I search for a very specific value I might want to change all occurrences of that value, but I've noticed a lot of the time there will be random results where the value doesn't appear. I can post an example if that helps, but basically I'm just asking for sorting by the column or a find and replace. Also, not sure why I'm getting results that don't match my search query. (I'm at work right now so I'll need to take some time to post a screenie)

This is an issue that happens when I search by Byte Array but it doesn't seem to happen for other data types. Come to think of it this might be an issue with my particular game where the value is what I search for when Bit Slicer gets the results but then it changes after the results populate. I'm not sure.

Is sorting by the column something we could potentially have in Bit Slicer?

Just a small suggestion would be to have a fixed width font used there.

movzx eax, byte [eax]
...
Float/Vector Registers
fcw = 7F 03
fsw = 20 00
ftw = 00
fop = 5D 01
ip = 05 06 5E 98
cs = 1B 00
dp = 18 CE FF BF
ds = 23 00
mxcsr = A7 1F 00 00
mxcsrmask = FF FF 00 00
stmm0 = 0E 22 AB 7B 34 79 03 14 FF FF 00 00 00 00 00 00
stmm1 = A9 2A 53 D1 00 00 00 00 FF FF 00 00 00 00 00 00
stmm2 = A8 51 DB 9B E0 37 E0 37 FF FF 00 00 00 00 00 00
stmm3 = 00 00 00 43 00 00 00 FA FF FF 00 00 00 00 00 00

looks nicer than:

movzx eax, byte [eax]
...
Float/Vector Registers
fcw = 7F 03
fsw = 20 00
ftw = 00
fop = 5D 01
ip = 05 06 5E 98
cs = 1B 00
dp = 18 CE FF BF
ds = 23 00
mxcsr = A7 1F 00 00
mxcsrmask = FF FF 00 00
stmm0 = 0E 22 AB 7B 34 79 03 14 FF FF 00 00 00 00 00 00
stmm1 = A9 2A 53 D1 00 00 00 00 FF FF 00 00 00 00 00 00
stmm2 = A8 51 DB 9B E0 37 E0 37 FF FF 00 00 00 00 00 00
stmm3 = 00 00 00 43 00 00 00 FA FF FF 00 00 00 00 00 00

BTW - love the new version! you've done a great job on it :)

In Version 1.7.4 (1093) the "Relativize Variable" menu option does nothing when selected.

1 - In Debug register hotkeys documentation, function
isRegisteredHotkey
is documented with a different spelling:
isHotkeyRegistered

2 - On same page, example section makes use of keymod.FUNCTION which is not listed as a key modifiers constant. It doesn't seem to refer to the 'Fn' key required to access F1-F12 on 100+ keys keyboards.

Very inventive topic name.

Here are the dupes in comments. No duplicate variable names. Behold the power of PHP (sigh).

(vim) Dagobah:~ php a.php 
key = /* Undo action name for changing a register type */ for file [Code] Debugger Registers.strings > 1
key = /* Labels 'Back' menu item in View menu when using debugger or memory viewer */ for file [Code] Memory Navigation.strings > 1

<?php
$files = glob('/Applications/Bit\ Slicer\ \(Localized\).app/Contents/Resources/da.lproj/*.strings');
$files = array_map('trim', $files);

foreach ($files as $file)
{
    $buffer = array();
    $lines = file($file);
    $lines = array_map('trim', $lines);

    foreach ($lines as $line)
    {   
        if (empty($line)) continue;

        if ('/' == $line[0] && (strlen($line) > 2 /* no copyright */))
            @$buffer[$line] += 1; // throws notice, we don't care
    }   

    foreach ($buffer as $key => $val)
    {   
        if ($val > 1)
            printf("key = %s for file %s > 1\n", $key, basename($file));
    }   

    $buffer = array();
}

Somehow I messed up using Auto Layout, maybe it's because the window's content view is being swapped rather than a custom view. I can't reproduce this on my 10.11 machines; the bug has been tested to occur on 10.8 and 10.9 however.

I'm very new to this, and coming from a beginner perspective, it would be awesome to have a user-friendly variable library which you could store access to variables you want to manipulate.

Basically, it would be nice if you could search for a variable, and when you found the one you wanted, be able to save it to a list, and give it a name, so you could manually edit it as much as you want without having to re-search for it. This would also allow the user to compile a list of all the variables they want to change manually, so they would have access to all of them simultaneously.

Users could also create lots of libraries with different names, so they could open one, and have all the variables they need immediately accessible. Ideally, these libraries could also be saved as documents, which would contain the addresses of each variable, so BitSlicer can locate them automatically upon reopening. Obviously it wouldn't be possible to save variables with dynamic addresses, unless BitSlicer could search by some other criteria to locate them, but for consistent addresses this would be very helpful.

I'm sure there's already a way to set something similar up manually, but it's not particularly intuitive, and I know that new users would greatly appreciate a feature like this.

It would be nice to refer to the address of another variable in the search table, such that a variable2's address could be variable1's address + 0x4. This is suitable for structures, and may or may not require a UI change in the table view if we want to display variables in a "tree" sort of fashion (like in an outline view). If this requires UI changes, this issue would probably be blocked by issue #15.

[Reported by XxUnkn0wnxX]

if possible like in Cheat Engine allow for customisable keyboard shortcuts based on events or search parameters. EG: For BitSlicer, Set "Command+" shortcut to search for grater then the previous value or stored value & then auto store the new results.

and EG "Command-" to search for less then the previous searched/stored value and auto store the new results once search is done.

would make life a lot easier then constantly clicking... and hitting the enter Key for search.

e.g. for 16 bits signed values, 0xffff is displayed as 65535 instead of -1

I wonder if it is worth collaborating with Cheat Engine since it is effectively not going to be actively developed from what the developer last said here well over a year ago: http://forum.cheatengine.org/viewtopic.php?p=5592901#5592901

It would seem quite useful to be able to leverage some of the community efforts that exist for Cheat Engine in Bit Slicer.

Bit Slicer's current application and user document icons don't scale very well with small sizes, and isn't up to date with the "post-Yosemite appearance."

The current application icon conveys slicing bits, which is analogous to messing around with a game or application, I guess. The idea could stay the same, but it doesn't have to.

Relevant must-reads:
OS X Human Interface Guidelines - Icon and Image Design

Having a script with an execute function active, and activating a second one without an execute function but with a debug.prompt in the init, causes the debug.prompt to malfunction.

Having an execute function in the second script variable that has the debug.prompt fixes the issue.

So it's mostly weird behaviour. Took me a while to figure out.

I have the most recent build 1.7.6 (1123) of bitslicer, and os x 10.11.3 (15D21) and bit slicer no longer asks for permission to start and will not read memory anymore. i do not know of any updates to either since the last time it worked but it will not work anymore for any program.

I'm using Bit Slicer 1.6.2, as I can't run the new versions, but I've seen the new versions and this a problem there too.
You end up getting very cluttered, is it possible we could get a smaller interface to choose between searches, so you can find variables, assign some sort of label seperate from the "name" value added by bit slicer, and maybe even have a target value, when the value, say your health, is changed, by getting damaged, you'll have a different value. Whenever the cheat is clicked on in the searches menu, the value is changed to the target. This can be timed as well, and maybe even scripted in the future, if that is added.

Please add feature for searching value in between (combined greater than & less than).

Will need two search inputs.
Input 1(greater than or equal) >= x =< Input 2 (less than or equal).

Thanks.

I get a reproducible Kernel Panic when using Bit Slicer on some games (for some others it works flawlessly).

panic(cpu 0 caller 0xffffff800bb0c725): "vm_page_insert_internal: (page=0xffffff80164be968,obj=0xffffff80446b1300,off=0xfffffffffffff000,size=0x0) inserted at offset past object bounds"@/BuildRoot/Library/Caches/com.apple.xbs/Sources/xnu/xnu-4570.41.2/osfmk/vm/vm_resident.c:1490

BSD process name corresponding to current thread: Bit Slicer

Mac OS version: 17D102

Kernel version:
Darwin Kernel Version 17.4.0: Sun Dec 17 09:19:54 PST 2017; root:xnu-4570.41.2~1/RELEASE_X86_64
Kernel UUID: 18D901F1-4A03-3FF1-AE34-C26B2732F13C
Kernel slide: 0x000000000b600000
Kernel text base: 0xffffff800b800000
__HIB text base: 0xffffff800b700000
System model name: MacBookPro11,3

I am not sure how to investigate the issue to find a work-around.