|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
RandName Newbie cheater Reputation: 0
Joined: 19 Jun 2015 Posts: 22
|
Posted: Mon Aug 10, 2015 11:50 am Post subject: Get start address and size of (.text) section |
|
|
Hi,
I want to create a copy of the .text section so I can cross-reference calls to the .text section to my copy.
How can I archive this with Lua or AA?
I know that there is a method by reading the PE Header but again, I don't know how to do this with Lua / AA.
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25287 Location: The netherlands
|
Posted: Mon Aug 10, 2015 11:57 am Post subject: |
|
|
Not .text only, but you can get the full size, both .text .data (and other sections) using getModuleSize("modulename")
If you want .text only you'll have to read the PE header.
For start, use getAddress("Modulename") to get the address of the MZ header
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
RandName Newbie cheater Reputation: 0
Joined: 19 Jun 2015 Posts: 22
|
Posted: Mon Aug 10, 2015 11:59 am Post subject: |
|
|
Dark Byte wrote: | Not .text only, but you can get the full size, both .text .data (and other sections) using getModuleSize("modulename")
If you want .text only you'll have to read the PE header.
For start, use getAddress("Modulename") to get the address of the MZ header |
Code: | getAddress("Modulename") |
This would give me the base address of the module if I am correct?
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25287 Location: The netherlands
|
Posted: Mon Aug 10, 2015 12:05 pm Post subject: |
|
|
yes
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
RandName Newbie cheater Reputation: 0
Joined: 19 Jun 2015 Posts: 22
|
Posted: Mon Aug 10, 2015 12:47 pm Post subject: |
|
|
I wrote following function which dissects the PE Header for you.
As argument you have to enter your desired module to be dissected.
Code: |
function dissectPEHeader(module)
local base = getAddress(module)
local msdosSize = byteTableToDword(readBytes(base + 0x3C, 2, true))
local headerBase = base + msdosSize
local numOfSections = byteTableToDword(readBytes(headerBase + 6, 2, true))
local optionalHeaderSize = byteTableToDword(readBytes(headerBase + 20, 2, true))
local sectionArrayBase = headerBase + 24 + optionalHeaderSize
local pe_header = {
base = base;
msdosSize = msdosSize;
headerBase = headerBase;
numOfSections = numOfSections;
optionalHeaderSize = optionalHeaderSize;
sectionArrayBase = sectionArrayBase;
};
for i = 0, numOfSections - 1 do
local sectionBase = sectionArrayBase + i * 40
local sectionName = readString(sectionBase, 8)
pe_header[sectionName] = {
name = sectionName;
base = sectionBase;
size = byteTableToDword(readBytes(sectionBase + 8, 4, true));
address = byteTableToDword(readBytes(sectionBase + 12, 4, true));
sizeOfRawData = byteTableToDword(readBytes(sectionBase + 16, 4, true));
pointerToRawData = byteTableToDword(readBytes(sectionBase + 20, 4, true));
pointerToRawRelocations = byteTableToDword(readBytes(sectionBase + 24, 4, true));
pointerToLineNumbers = byteTableToDword(readBytes(sectionBase + 28, 4, true));
numOfRelocations = byteTableToDword(readBytes(sectionBase + 32, 2, true));
numOfLineNumbers = byteTableToDword(readBytes(sectionBase + 34, 2, true));
characteristics = byteTableToDword(readBytes(sectionBase + 36, 4, true));
};
end
return pe_header
end
|
The code may not be perfect but it does its job well.
The function returns a table with the dissected data.
For example:
Code: |
header = dissectPEHeader("Skype.exe") -- Enter your module here!
moduleBase = header.base -- moduleBase now contains the base address of the module
numberOfSections = header.numOfSections -- Number of sections in your module
-- For getting information about specific sections, just do it like below
textSectionSize = header['.text'].size -- Virtual Size of the section
textSectionAddress = header['.text'].address -- Virtual Address
dataSectionSize = header['.data'].size -- Virtual Size of the section
dataSectionAddress = header['.data'].address -- Virtual Address
print(string.format("0x%x", moduleBase))
print(numberOfSections)
print("")
print(string.format("%x", textSectionSize))
print(string.format("0x%x", textSectionAddress))
print("")
print(string.format("%x", dataSectionSize))
print(string.format("0x%x", dataSectionAddress))
|
Output for Skype:
Code: |
0x400000
10
1b37b6c
0x1000
36da0
0x1b3f000
|
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|