View previous topic :: View next topic |
Author |
Message |
sullx Cheater Reputation: 0
Joined: 03 Jan 2013 Posts: 37
|
Posted: Mon Oct 27, 2014 12:28 am Post subject: Possible to attain the reverse behavior of auto-assemble? |
|
|
Cheat engine has a nice assembly compiler with it that allows you type instructions (opcodes) like
push 1
call 3ef800
add esp,4
and CE automatically compiles this to bytes and inserts into the code. What I am wondering is if there are any lua functions (that are exposed), that can take an array of bytes and "interpret" them, returning a string of instructions.
For example, given the byte 52, the function would return "push edx" or if given E8 0E BA FF FF the function would return "call main.exe+113E3" or at the very least "call 03ef83e3".
I am sure this function exists as it is used to in the memoryviewer so that CE users don't have to stare at hexidecimal. I am just wondering if it is exposed and therefore callable via a script.
Thank you!
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Mon Oct 27, 2014 6:16 am Post subject: |
|
|
Code: |
disassemble(address): Disassembles the given address and returns a string in the format of "address - bytes - opcode : extra"
splitDisassembledString(disassembledstring): Returns 4 strings. The address, bytes, opcode and extra field
|
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
sullx Cheater Reputation: 0
Joined: 03 Jan 2013 Posts: 37
|
Posted: Mon Oct 27, 2014 8:19 pm Post subject: |
|
|
This is excellent and exactly what I was needing. Quick follow up question, which src files are these functions defined in? If you don't know off the top of your head don't worry about it.
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Mon Oct 27, 2014 8:38 pm Post subject: |
|
|
for generic non classbased functions it's usually luahandler.pas
and luadisassembler.pas (I forgot about the disassembler class)
Code: |
Disassembler Class (Inheritance: Object)
createDisassembler() - Creates a disassembler object that can be used to disassemble an instruction and at the same time get more data
getDefaultDisassembler() - Returns the default disassembler object used by a lot of ce's disassembler routines
getVisibleDisassembler() - Returns the disassembler used by the disassemblerview. Special codes are: {H}=Hex value {R}=Register {S}=Symbol {N}=Nothing special
registerGlobalDisassembleOverride(function(sender: Disassembler, address: integer, LastDisassembleData: Table): opcode, description): Same as Disassembler.OnDisassembleOverride, but does it for all disassemblers, including newly created ones. Tip: Check the sender to see if you should use syntax highlighting codes or not
This function returns an ID you can pass on to unregisterGlobalDisassembleOverride() 6.4+
unregisterGlobalDisassembleOverride(id)
properties
LastDisassembleData : Table
OnDisassembleOverride: function(sender: Disassembler, address: integer, LastDisassembleData: Table): opcode, description
syntaxhighlighting: boolean : This property is set if the syntax highlighting codes are accepted or not
Methods
disassemble(address): Disassembles the given instruction and returns the opcode. It also fills in a LastDisassembleData record
decodeLastParametersToString() : Returns the unedited "Comments" information. Does not display userdefined comments
getLastDisassembleData() : Returns the LastDisassembleData table.
The table is build-up as follow:
address: integer - The address that was disassembled
opcode: string - The opcode without parameters
parameters: string - The parameters
description: string - The description of this opcode
bytes: table - A table containing the bytes this instruction consists of (1.. )
modrmValueType: DisAssemblerValueType - Defines the type of the modrmValue field (dvtNone=0, dvtAddress=1, dvtValue=2)
modrmValue: Integer - The value that the modrm specified. modrmValueType defines what kind of value
parameterValueType: DisAssemblerValueType
parameterValue: Integer - The value that the parameter part specified
isJump: boolean - Set to true if the disassembled instruction can change the EIP/RIP (not ret)
isCall: boolean - Set to true if it's a Call
isRet: boolean - Set to true if it's a Ret
isConditionalJump: boolean - Set to true if it's a conditional jump
|
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
|