I’ve used these for years to fuck around/experiment with games I’ve played to excess (single player games with no ranking/etc/etc where my screwing around could give me any kind of advantage, to be clear), and had no problem getting it running/doing what I want…

Until recently… The only thing that changed was that my OS (Nobara, Fedora based) updated from 42 to 43, and now suddenly Cheat Engine (used via steamtinkerlaunch) and PINCE (Native linux cheat engine-alike) stopped working. Even on old games I successfully used them to screw around with in the past. Yes I select the proper process.

Memory View shows nothing but question marks, value searches that used to work fine don’t return anything anymore. Like, it can see the process, but has no access to muck around in the memory itself… Since it happened with an OS update, I can only assume that something changed in the backend thats interfering with these things running, but I’m not a Sysadmin/IT specialist, I’m just a random user, so I’ve tried to figure this out myself via internet searches and the like, but I’ve come up blank on everything I’ve tried.

Anyone else out there with a similar experience who could provide some aid on the issue?

Thank you for reading.

  • tal@lemmy.todayEnglish
    13·
    2 days ago
    $ man 2 ptrace

    /proc/sys/kernel/yama/ptrace_scope
   On  systems  with  the  Yama  Linux  Security Module (LSM) installed (i.e., the kernel was configured with CONFIG_SECU‐
   RITY_YAMA), the /proc/sys/kernel/yama/ptrace_scope file (available since Linux 3.4) can be used to restrict the ability
   to trace a process with ptrace() (and thus also the ability to use tools such as strace(1) and gdb(1)).   The  goal  of
   such  restrictions  is  to prevent attack escalation whereby a compromised process can ptrace-attach to other sensitive
   processes (e.g., a GPG agent or an SSH session) owned by the user in order to gain additional credentials that may  ex‐
   ist in memory and thus expand the scope of the attack.

   More precisely, the Yama LSM limits two types of operations:

   •  Any operation that performs a ptrace access mode PTRACE_MODE_ATTACH check—for example, ptrace() PTRACE_ATTACH.  (See
      the "Ptrace access mode checking" discussion above.)

   •  ptrace() PTRACE_TRACEME.

   A process that has the CAP_SYS_PTRACE capability can update the /proc/sys/kernel/yama/ptrace_scope file with one of the
   following values:

   0 ("classic ptrace permissions")
          No  additional  restrictions  on  operations that perform PTRACE_MODE_ATTACH checks (beyond those imposed by the
          commoncap and other LSMs).

          The use of PTRACE_TRACEME is unchanged.

   1 ("restricted ptrace") [default value]
          When performing an operation that requires a PTRACE_MODE_ATTACH check, the calling process must either have  the
          CAP_SYS_PTRACE  capability in the user namespace of the target process or it must have a predefined relationship
          with the target process.  By default, the predefined relationship is that the target process must be  a  descen‐
          dant of the caller.

          A  target  process can employ the prctl(2) PR_SET_PTRACER operation to declare an additional PID that is allowed
          to perform  PTRACE_MODE_ATTACH  operations  on  the  target.   See  the  kernel  source  file  Documentation/ad‐
          min-guide/LSM/Yama.rst (or Documentation/security/Yama.txt before Linux 4.13) for further details.

          The use of PTRACE_TRACEME is unchanged.

   2 ("admin-only attach")
          Only  processes  with  the  CAP_SYS_PTRACE  capability  in  the user namespace of the target process may perform
          PTRACE_MODE_ATTACH operations or trace children that employ PTRACE_TRACEME.

   3 ("no attach")
          No process may perform PTRACE_MODE_ATTACH operations or trace children that employ PTRACE_TRACEME.

          Once this value has been written to the file, it cannot be changed.

    $ cat /proc/sys/kernel/yama/ptrace_scope
0
$

    If you don’t have 0 there, you might try, as root, echo 0 > /proc/sys/kernel/yama/ptrace_scope and see if everything starts magically working.

    If it does, to make said setting persist, you might want to add “kernel.yama.ptrace_scope=0” to /etc/sysctl.conf to apply that setting at boot.

    Also, probably won’t address your issue alone, but I use scanmem, a Linux CLI program, for memory-modifying cheating. If there’s some failure in trying to do its ptrace thing, it might display an error message in the console. If you want, rather than changing the systemwide ability to use ptrace, you could also just run scanmem as root (you could also do the same with GUI programs, but more hassle, and honestly, I’ve never gone to look up how to make that work under Wayland, just Xorg, where # xauth merge ~/.Xauthority will do it).

    EDIT: It looks like the Fedora guys were thinking about changing their default away from 0, and if the Nobara people just did so, that might be what’s triggering that.

    EDIT2: I thought that Debian did it too, since I remember smacking into that at one point, but I don’t see anything in my sysctl.conf, and I can still happily scanmem; it’s 0 on my system. Sounds like what happened was that they changed it to 1, decided that that was a bad idea, and then put it back to 0, so I probably tried using it during that window.

    EDIT3: Just to clarify, ptrace() is the system call that most processes use to access another process’s memory, and is probably what your memory-cheat program is using to try to look at (and modify) the memory of that other process.

    • A_Random_Idiot@lemmy.worldOPEnglish
      1·
      2 days ago

      my ptrace_scope file has 0 set inside it, which i assume is the least restricted from what i’m understanding and shouldnt be causing the issue?

      but just on an off chance i tried to run the echo command, and even with sudo it says i dont have permission. so I dont know whats up with that.

      I’m an idjit and realized PINCE is a gui for a CLI command, so I quickly loaded up a game just to do a quick value search to get the results and this is the error

      [___](info: 399 suitable regions found. ......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................warn: reading region 00 failed. warn: reading region 00 failed. ..............................warn: reading region 00 failed. warn: reading region 00 failed. ................................................................................................................................................................................................................................................................................................................................warn: reading region 00 failed. ..................................................................................................................................warn: reading region 00 failed. ....................................................................................................................................................................................................................................................................................................................................................info: we currently have 14 matches. )

      I think that region 00 failed is the problem.

      • tal@lemmy.todayEnglish
        1·
        2 days ago

        my ptrace_scope file has 0 set inside it, which i assume is the least restricted from what i’m understanding and shouldnt be causing the issue?

        Yeah, then that restriction isn’t the problem. Sorry; I guessed wrong.

        but just on an off chance i tried to run the echo command, and even with sudo it says i dont have permission. so I dont know whats up with that.

        It won’t help here, but for future reference, what you likely did is this:

        $ sudo echo 0 >/proc/blah/whatever

        sudo runs a command as root. The file redirection, however, is done by the current shell, which isn’t run as root, not by echo. So echo 0 is run as root, and then bash tries to open /proc/blah/whatever and doesn’t have permission to do so, and that’s what fails.

        If you need to do this in the future, you can do this:

        $ sudo -s
# echo 0 >/proc/blah/whatever

        we currently have 14 matches

        It might be okay to hit that, as I don’t know if scanmem avoids trying to scan all regions that it can’t read. That does mean that it is able to ptrace() it and find some matches. Did you try to keep going with additional searches to see if it could actually find the value and change it?

        • A_Random_Idiot@lemmy.worldOPEnglish
          21·
          2 days ago

          Gotcha, thanks for the tips on that first part.

          As per the last part, It apparently can sometimes find the initial value, but not any changes in the value. That CL snippet I posted before was the first time it found the first value i entered, but crapped out and found nothing on any followup changes to that value.

          Its not like its a big deal, Ultimately its just me futzing around in old games for my own enjoyment, its not like I’m critically losing anything… Just weird that it suddenly stopped working when I updated, especially when you highlighted a thing it should have most likely been… and that not be it.

          I appreciate you spending your time to write these large and informational replies, Thank you, they are helpful even if not on the immediate situation :D

          • tal@lemmy.todayEnglish
            2·
            2 days ago

            As per the last part, It apparently can sometimes find the initial value, but not any changes in the value.

            Well, you’d expect to find some matches, just because some values in memory will happen to have the same value as what you’re looking for.

            Have you tried doing a “relative change” search in scanmem? Use “>” and “<” for “increased since last change” or “decreased since last change”. Some environments have nonstandard in-memory representations; for example, going from memory, there’s some environment — might be some Java VMs, though not sure…might be RPG Maker games of some sort, can’t recall — that stores values as double their actual value, uses one bit in the number for something else. A relative change search will still work there. I suppose that maybe if you updated the system and are using a newer JVM, that could impact the in-memory representation, but I can’t really think of anything else that updating the system would likely do.

            If you don’t mind sharing the name of some game that previously worked and doesn’t now, I might have more-helpful suggestions, especially if it’s something that I can reproduce easily locally (and can maybe see whether the same memory range permission error shows up here…). I noticed that you didn’t post the name of the game; if it’s some game that you don’t want to post the name of publicly but don’t mind sending me, feel free to PGP/GPG-encrypt your message.

            PGP public key block 
            -----BEGIN PGP PUBLIC KEY BLOCK-----

mQGNBGf6kRMBDAD3qJIznSVVQZu092nTthUt8R8DNXS6eYNqgbpYHTY+6i+RSFMe
YDDnOz0cL3drxnWpNC37l9HouJGohua/Cjx2Iju/zd4A5mZkXchIt4lfZ3bbXx2k
p0eC1m9+B3Dc37lSLPgEpTnfPGtMfKJU4bNVBdwkFCyS9Mxc499uIrAUpjPQLmgP
1rQ2Wk1wzGfAh3VNCxg8xsHcOHWQZqSUzsLk/PeG1QtfGTVBG44tI6msGawwQct6
XVnVOk0DfEGmoru4dGuQDk+oZRVz/O4/wLOQzfAVCzsbv/RrCzywrcQM3WAoVBDI
awe9UG++Y4N6Eof46UQ1KnzA2ndkHFt35KybidaqxlWM4Sslx/Is+wCgqt+FpJRN
MPLsAet6Eg6vGB6ES3Fk/IXX5OEvtWMfKKrgSP88NwoP/VFr/BU7SsJW1Opo4Ccf
DDPuWlgMCmsVE9xsPS1oFMzxiHbJYj8gWgH7AOtl24NgYXVi/QdetYA6SZqonU0T
xnGmEw5JdcvWdmMAEQEAAbQPdGFsQGxlbW15LnRvZGF5iQHUBBMBCgA+FiEE7S76
Je3x/gWVtrNsdlwPXPfD8YIFAmf6kRMCGwMFCQWjmoAFCwkIBwIGFQoJCAsCBBYC
AwECHgECF4AACgkQdlwPXPfD8YJy+wv+JJ3MP+zZRy4pJZ+u7iiSOwVVwUboT8Pi
kX7rxLl6TF9wGuLPjl/P8Cfy0WMsZQ2Ab0S/84cE2bIVbcISwqeqkMZ1Puk6y5Nn
8uHK3qHrYb1n89uOwjgeBIC3XopdJpSPtaKBWHZn/s0AYQ3suqJt/BoJo+hTv4oJ
/8Rtcs2+YKnQtoLtM/0tKO3J4Qzvqrzi0F14R1Rv6kiFzePkEPQFSPN4uIR5CPJm
t6HuYWYcWNKhfIkKJH08GAV0jP+qrbe/yacO0tKt8gnxKBdpXLRwLePx5sDV14ch
Ay/3n1aVa7PbUGA4m51xOSl0Ro54s6K8uwJ2fz6z5fdjpOkbvDw51tPEdxQzW0JH
myyaC31j4h5YwzOAfGaK6lp3pAHStDFhDJXZPLYsDlcMGSPvV+qBMAh86t8mqIqd
tBPjNj60aIbps+mImBpRlO/xRvUWjjVsm1FKqxBq7QQR5SW0MLnkwvcnUMDCbOs/
wMN6ghyZp6RDhUXGgb9HJVSQhXLjaqf+uQGNBGf6kRMBDADFYNE00Rr2Ujm9+i7k
LsHz49xqJUNtv3b7pHWTOZNhkSFf/OieayE45lkBMQl1ZkuY56QjmcgYZWsOf7+y
kbrsQjdNE5lHl/hRAqGV13LUscTKPUCvTXnfFX+/p64Kgv1f74fAdfkQu663sGOM
xbFP9/3jOQLF9dI2M8H14TPF/JDhjXDZvvoMrMBxwFlRctvwbeS6Yar+XKxKZQvh
I63Ad2OyFc0p+pnJOnrWN3Q6iEqnAq0SA/EdsjVx3MWpqZW15YDyU0lIWrHAn/yD
PfMaAqcgXj2LLBDziYdfm1ACBceS+WAu6w7i07xMAbdypKOsPB2cL1PlX//WEiwW
55iBTJ7oRAW7Q0LRsk2k40mq61xfOLyOBT8gHJfEb7ked9KuSXQdBn9K2hT2SH+U
OT2E63ShPHL9F2F1yQSbjFbHJve2klIuqrMeJ21QtDWgz+Auzp7PPWZ59SN+XCVj
qzrueXIvzsK3Shfqf636/Buj1g5heIY3nBd3dtbq4gUBO90AEQEAAYkBtgQYAQoA
IBYhBO0u+iXt8f4FlbazbHZcD1z3w/GCBQJn+pETAhsMAAoJEHZcD1z3w/GCzXkL
/i1k5ra/YZPpiJgCOO61x6Iog5/hyL/APhHT/CMg1ZAYObfqCD0QT0f+n0qdZXhH
ALGXzCMsbFqr0oxqOFFccLGQzUxv9AkyrO94HLoL726fxi3gkF+UekHjWgcxkcXQ
PHZCOdHczxyCIGRB+mKn+tGweXpCwMNkymagdoyzOs+t+5cGUTv18ceun72Mqf1H
4vCZ4LLb94NLkSJqGKeQuzjVhopDVCJ8t/exRuk2ra2SkeChKPCpq5zJP+OpzAx3
hPNSL9v8xRD6D/NKQP/zYXvry1dfQaaOYUbw+GMgSxtVNsTyGMtDg2kE8ZSuvVKq
ZIoODdjZRZvTB90+UKFRF3st1MeBXGNskvcZJhit7K1eMGhUbjykNWrq0A8aoRAN
P0DBRg09Uumub1GNnJlHFNxAS5e0A686YHzA6AOify+lhscdrFKiv8GRFBZGK39W
vY5YDDdpY632O6w1Te1UFIhS7pIWXsm5AfffFPDc/UJd6ZaBOcnKH45R4y2qObS2
eA==
=ommg
-----END PGP PUBLIC KEY BLOCK-----
            • A_Random_Idiot@lemmy.worldOPEnglish
              2·
              2 days ago

              Ah, sorry, not mentioning the games was just a silly oversight on my part, Focused on the trees so couldnt see the forest. I’ve given a passing try to a few others, but these are the ones that I’ve given a serious try to since the update.

              Proton

              • Cyberpunk 2077
              • Kingdom Hearts
              • Stalker 2
              • Pioneers of Olive Town

              Natively:

              • ETS
              • Pillars of Eternity.

              I mucked around in all these easily and without headache until the OS update.

              I spent several hours trying to wrap my head around scanmem’s CLI last night to try some stuff with it since you mentioned it, but the command line just would not click in my brain, and anytime i tried to find info it was usually about cheat engine on windows… but then i found out Game Conqueror was just a GUI for scanmem so I installed that and mucked with that, I dont know what I did but I did manage to get it to work once and edit a value in PoE. but that was just from mashing random buttons and settings in a frustration after hours of trying so I have no idea what caused it to work, and havent been able to replicate it this morning.

              and, again, thank you for your continuing generousity with your aid and help.

              • tal@lemmy.todayEnglish
                2·
                2 days ago

                I have Pillars of Eternity and Cyberpunk 2077. Let me go see if I can run scanmem on them successfully. Actually, I thought that Cyberpunk 2077 was a Linux-native build.

                goes to look

                Well, neither one is presently downloaded. This may take a bit.

                And yeah, you’re right, Cyberpunk 2077 is a Windows binary. Huh.

                thank you for your continuing generousity with your aid and help.

                Yeah, no sweat. I’m kind of curious as to what could be disrupting it. Can’t promise that I can reproduce the same behavior locally on Debian, though.

                • A_Random_Idiot@lemmy.worldOPEnglish
                  2·
                  2 days ago

                  I don’t blame you for thinking it was native, with how well it ran since launch day.

                  Well, well as in no proton related issues, game related issues is a whole nother matter, lol.

                  I think it was the first time I got a AAA gam day 1 and played it without having to wait for proton patches or Proton GE to make it usable.

                  • tal@lemmy.todayEnglish
                    2·
                    2 days ago

                    finishes installing Pillars of Eternity

                    Nah, scanmem seems to work here on it. I can search for, find, and modify the value for “Resolve” during character creation using exact value searches. It doesn’t print any errors about ranges of memory or anything, assuming that that was a relevant factor.

                    shrugs

                    Sorry; whatever you’re running into isn’t something that repros here. I hope that you can get it worked out, though.