|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
GH*master Expert Cheater Reputation: 8
Joined: 10 Jan 2008 Posts: 159
|
Posted: Sun May 31, 2015 1:11 am Post subject: How get DissectCode table? |
|
|
Hello!
I found DissectCode class from
http://code.google.com/p/cheat-engine/source/browse/trunk/Cheat%20Engine/bin/main.lua
https://code.google.com/p/cheat-engine/source/browse/trunk/Cheat+Engine/LuaDissectCode.pas
Code: | DissectCode class: (Inheritance: Object)
getDissectCode() : Creates or returns the current code DissectCode object
properties:
methods:
dissect(modulename) : Dissects the memory of a module
dissect(base,size) : Dissect the specified memory region
getReferences(address) : Returns a table containing the addresses that reference this address and the type
getReferencedStrings(): Returns a table of addresses and their strings that have been referenced. Use getReferences to find out which addresses that are |
I have disasm code from test.exe
Code: | 004556ED - 8B 00 - mov eax,[eax]
004556EF - E8 4CD4FFFF - call 00452B40
004556F4 - 8B 0D 74774500 - mov ecx,[00457774] : [0045B5A0]
;...
00452B40 - 53 - push ebx
00452B41 - A1 C8784500 - mov eax,[004578C8] : [00458040]
00452B46 - 83 38 00 - cmp dword ptr [eax],00
00452B49 - 74 0A - je 00452B55
00452B4B - 8B 1D C8784500 - mov ebx,[004578C8] : [00458040]
00452B51 - 8B 1B - mov ebx,[ebx]
00452B53 - FF D3 - call ebx |
I tried :
Code: | dissectCode = getDissectCode()
dissectCode.clear()
dissectCode.dissect('test.exe')
tableData = dissectCode.getReferences(0x00452B40) -- is working any address?
print(#tableData) -- output "0"
tableData = dissectCode.getReferences('00452B40') -- is working any address?
print(#tableData) -- output "0" |
1. How to print table from "getReferences"?
2. How to print table from "getReferencedStrings"?
---
I used CE6.4+ "revision 15.04.26 pure" (http://forum.cheatengine.org/viewtopic.php?p=5590889#5590889) |
|
Back to top |
|
|
mgr.inz.Player I post too much Reputation: 218
Joined: 07 Nov 2008 Posts: 4438 Location: W kraju nad Wisla. UTC+01:00
|
Posted: Sun May 31, 2015 5:04 am Post subject: |
|
|
You have to convert them:
Code: | function getReferences2(dc,address)
local tmp=dc.getReferences(address)
local tmp2={}
for k,v in pairs(tmp) do tmp2[#tmp2+1]=k end
table.sort(tmp2,function (a,b) return a<b end)
return tmp2,tmp
end
dissectCode = getDissectCode()
tableDataConv, tableData = getReferences2(dissectCode,0x00452B40) |
tableDataConv - this table contains list of all addresses,
tableData - this original table returned by getReferences
Code: | getReferencedStrings(): Returns a table of addresses and their strings that have been referenced. Use getReferences to find out which addresses that are |
looks like it is broken, it sets empty strings.
EDIT:
Code: | function convert(T)
local tmp={}
for k,v in pairs(T) do tmp[#tmp+1]={k,v} end
table.sort(tmp,function (a,b) return a[1]<b[1] end)
return tmp
end
function fixReferencedStrings(T)
for k,v in pairs(T) do
T[k]=readString(k,500)
end
end
function tohex(v)
return string.format('%X',v)
end
dissectCode = getDissectCode()
references = dissectCode.getReferences(0x408B80)
referencesConv = convert(references) -- convert
referencedStrings = dissectCode.getReferencedStrings()
fixReferencedStrings(referencedStrings) -- fix
referencedStringsConv = convert(referencedStrings) -- convert
--print all refences to 0x408B80
for i=1,#referencesConv do
local ref = referencesConv[i][1]
local refhex = tohex(ref)
local type=referencesConv[i][2]
print('reference: '..refhex, ' , type of reference: '..type)
end |
_________________
|
|
Back to top |
|
|
GH*master Expert Cheater Reputation: 8
Joined: 10 Jan 2008 Posts: 159
|
Posted: Sun May 31, 2015 8:31 am Post subject: |
|
|
Thank you! It's working for me.
Sorry for my English. I found the variables (https://cheat-engine.googlecode.com/svn/trunk/Cheat%20Engine/DissectCodeThread.pas)
calllist: TMap;
unconditionaljumplist: TMap;
conditionaljumplist: TMap;
memorylist: TMap; //e.g strings
3. Can I read adresses from "calllist: TMap" with DissectCode class or local pointer to "calllist: TMap"?
I need replase all calls with autoassembler, but I can not get a table all calls or local pointers to them
Unfortunately this is the best my solution code about replace some calls (not all calls from DissectCode class), but not into all calls from the module
--startAddress = experimentally determine
--endAddress = experimentally determine
--maxCalls = experimentally determine
LogCalls(startAddress, endAddress, maxCalls)
Code: | allocMememoryCount = 0
sizeInstructions = 0
function SetMemoryScanOptions(startAddress, endAddress)
local mainFrm = getMainForm()
mainFrm.FromAddress.Lines.Text = string.format('%X', startAddress)
mainFrm.ToAddress.Lines.Text = string.format('%X', endAddress)
end
function AllocMemory(maxCalls)
allocMememoryCount = allocMememoryCount + 1
strNameCode = 'MemoCallCount'..allocMememoryCount
strNameData = 'MemoDataCount'..allocMememoryCount
autoAssemble(string.format([[alloc(%s,%s)
registersymbol(%s)
]],strNameCode,maxCalls * 200,strNameCode))
autoAssemble(string.format([[alloc(%s,%s)
registersymbol(%s)
]],strNameData,maxCalls * 4,strNameData))
adressCodeMem = getAddress(strNameCode)
addressDataMem = getAddress(strNameData)
return adressCodeMem, addressDataMem
end
-- startAddress = experimentally determine
-- endAddress = experimentally determine
-- endAddress = experimentally determine
function LogCalls(startAddress, endAddress, maxCalls)
pause()
lastClock = os.clock()
currentAddress = startAddress
disassembler = getDefaultDisassembler()
adressCodeMem, addressDataMem = AllocMemory(maxCalls)
countCall = 0
while currentAddress < endAddress and countCall < maxCalls do
line = disassembler.disassemble(currentAddress)
local data = disassembler.getLastDisassembleData()
sizeCurrentInstruction = getInstructionSize(currentAddress)
if(data["isCall"]) then
if(sizeCurrentInstruction < 5) then
--print(string.format('Пропущенна инструкция %s',line))
else
adressCodeCount = adressCodeMem + sizeInstructions
adressDataCount = countCall*4 + addressDataMem
if(sizeCurrentInstruction > 5) then
--print(line)
aaCode = string.format([[%x:
inc [%x]
jmp %s
%x:
call %x
db%s]], adressCodeCount, adressDataCount, data["parameters"], currentAddress, adressCodeCount, string.rep(' 90', sizeCurrentInstruction - 5))
else
aaCode = string.format([[%x:
inc [%x]
jmp %s
%x:
call %x]], adressCodeCount, adressDataCount, data["parameters"], currentAddress, adressCodeCount)
end
autoAssemble(aaCode)
sizeJmp = getInstructionSize(adressCodeCount + 6) -- PushF=2, Inc=6, Popf = 2
sizeInstructions = sizeInstructions + 6 + sizeJmp
countCall = countCall + 1
--print(string.format('Инъекция %s',line))
end
end
currentAddress = currentAddress + sizeCurrentInstruction
end
print('Last log call at '..line)
--print(string.format('Last address code from region 0x%08X',currentAddress))
print(string.format("Start region : 0x%08X, End region : 0x%08X", startAddress,endAddress))
print(string.format("Call injections : %s", countCall))
print(string.format("End address from region: 0x%08X", currentAddress))
print(string.format("Scan addresses %s", endAddress - startAddress))
print(string.format("Finish time %.2f sec", os.clock() - lastClock))
print(string.format("Mem count region : 0x%08X, End region : 0x%08X", addressDataMem, addressDataMem + maxCalls * 4))
print("Injections complete!!")
SetMemoryScanOptions(addressDataMem, addressDataMem + maxCalls * 4)
unpause()
end |
|
|
Back to top |
|
|
mgr.inz.Player I post too much Reputation: 218
Joined: 07 Nov 2008 Posts: 4438 Location: W kraju nad Wisla. UTC+01:00
|
Posted: Sun May 31, 2015 2:27 pm Post subject: |
|
|
CE6.4+ compiled on 15.05.31, custom release
changes compared to SVN:
- added getCallList method to DissectCode class
Download:
https://googledrive.com/host/0BwMAnE6mjogMNXNjdHgxY1NqcEU/customRelease+getCallList%2015.05.31.7z
Installation:
Overwrite all files in folder where you have "revision 15.04.26 pure".
Example:
Code: | function convert(T)
local tmp={}
for k,v in pairs(T) do tmp[#tmp+1]={k,v} end
table.sort(tmp,function (a,b) return a[1]<b[1] end)
return tmp
end
dissectCode = getDissectCode()
callList = dissectCode.getCallList()
table.sort(callList)
print('#callList: '..#callList)
--examples:
--get only addresses of functions which are between 0x400500 and 0x40A500
-- ("tutorial-i386.exe" has 184 such addresses)
filtered={}
for i=1,#callList do
if callList[i]>=0x400500 and callList[i]<=0x40A500 then
filtered[#filtered+1]=callList[i]
end
end
print('#filtered (should be 184 for tutorial-i386.exe): '..#filtered)
--get only addresses of functions which are between 0x42C37F and 0x42C381
-- ("tutorial-i386.exe" has 1 such address - 0x42C380)
-- and it has 136 refcount
filtered={}
for i=1,#callList do
if callList[i]>=0x42C37F and callList[i]<=0x42C381 then
filtered[#filtered+1]=callList[i]
end
end
print('#filtered: '..#filtered)
references = dissectCode.getReferences(filtered[1])
referencesConv = convert(references) -- convert
print('#referencesConv: ',#referencesConv) |
_________________
|
|
Back to top |
|
|
GH*master Expert Cheater Reputation: 8
Joined: 10 Jan 2008 Posts: 159
|
Posted: Mon Jun 01, 2015 12:24 pm Post subject: |
|
|
Thanks! |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|