|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
usernotfound Expert Cheater Reputation: 0
Joined: 21 Feb 2016 Posts: 115
|
Posted: Thu Jan 26, 2017 9:29 pm Post subject: 4 Byte Scan, and how to disassemble an address with Lua? |
|
|
As title says, would anyone mind providing a simple example to 4 byte scan an address and also how to disassemble a result from an aobscan with Lua? (so that I could get the call or poiner/offset from the instructions in memview) |
|
Back to top |
|
|
Zanzer I post too much Reputation: 126
Joined: 09 Jun 2013 Posts: 3278
|
Posted: Thu Jan 26, 2017 9:45 pm Post subject: |
|
|
Code: | local memscan = createMemScan()
local foundlist = createFoundList(memscan)
memscan.firstScan(
soValueBetween, vtDword, rtRounded,
"19791800", "19791900", 0, 0xffffffffffffffff, "+W-C",
fsmAligned, "4", false, false, false, false)
memscan.waitTillDone()
foundlist.initialize()
local values = {}
local value = foundlist.Value
for i = 0, foundlist.Count - 1 do
values[value[i]] = true
end
foundlist.destroy()
memscan.destroy()
for i in pairs(values) do
print(i)
end |
|
|
Back to top |
|
|
usernotfound Expert Cheater Reputation: 0
Joined: 21 Feb 2016 Posts: 115
|
Posted: Fri Jan 27, 2017 12:13 am Post subject: |
|
|
Thanks Zanzer always appreciate the help! |
|
Back to top |
|
|
Corroder Grandmaster Cheater Supreme Reputation: 75
Joined: 10 Apr 2015 Posts: 1667
|
Posted: Fri Jan 27, 2017 3:24 am Post subject: |
|
|
Is print out value as a Hex ?. if not how to outputting values as Hex ?
Thank you and regards |
|
Back to top |
|
|
Zanzer I post too much Reputation: 126
Joined: 09 Jun 2013 Posts: 3278
|
Posted: Fri Jan 27, 2017 7:38 pm Post subject: |
|
|
Code: | string.format("%X", value) |
|
|
Back to top |
|
|
usernotfound Expert Cheater Reputation: 0
Joined: 21 Feb 2016 Posts: 115
|
Posted: Sun Jan 29, 2017 12:41 pm Post subject: |
|
|
Hey guys sorry to bump the thread again, how can I print just the call address from instructions at this address opcode?
Code: | function getCall()
autoAssemble([[
aobscan(calladdr,E8 ?? ?? ?? ?? 8B ?? 89 ?? ?? ?? 85 ?? 0F 8E)
label(_calladdr)
registersymbol(_calladdr)
calladdr:
_calladdr:
]])
print(disassemble("_calladdr"))
end
createNativeThread(getCall) |
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4289
|
Posted: Sun Jan 29, 2017 1:24 pm Post subject: |
|
|
How I would do it:
Code: | local res = assert(AOBScan('E8 ?? ?? ?? ?? 8B ?? 89 ?? ?? ?? 85 ?? 0F 8E','+X*C*W'), 'AoB pattern not found')
local addressOfCaller = tonumber(res[0],16)
local rel32 = readInteger(addressOfCaller + 1)
local addressOfCallee = addressOfCaller + 5 + rel32 - ((rel32 & 1 << 31) << 1)
print(string.format('Address of caller:\t%08X\r\nAddress of callee:\t%08X',
addressOfCaller, addressOfCallee))
res.destroy() |
You can use string manipulation too.
Code: | local res = assert(AOBScan('E8 ?? ?? ?? ?? 8B ?? 89 ?? ?? ?? 85 ?? 0F 8E','+X*C*W'), 'AoB pattern not found')
local extra, asm, bytes, addressOfCaller = splitDisassembledString(disassemble(res[0]))
local addressOfCallee = asm:match('%x+$')
print(string.format('Address of caller:\t%s\r\nAddress of callee:\t%s',
addressOfCaller, addressOfCallee))
res.destroy() |
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
usernotfound Expert Cheater Reputation: 0
Joined: 21 Feb 2016 Posts: 115
|
Posted: Sun Jan 29, 2017 1:37 pm Post subject: |
|
|
Works perfectly thanks for the examples Parkour |
|
Back to top |
|
|
Corroder Grandmaster Cheater Supreme Reputation: 75
Joined: 10 Apr 2015 Posts: 1667
|
Posted: Fri Feb 03, 2017 3:46 am Post subject: |
|
|
Zanzer wrote: | Code: | local memscan = createMemScan()
local foundlist = createFoundList(memscan)
memscan.firstScan(
soValueBetween, vtDword, rtRounded,
"19791800", "19791900", 0, 0xffffffffffffffff, "+W-C",
fsmAligned, "4", false, false, false, false)
memscan.waitTillDone()
foundlist.initialize()
local values = {}
local value = foundlist.Value
for i = 0, foundlist.Count - 1 do
values[value[i]] = true
end
foundlist.destroy()
memscan.destroy()
for i in pairs(values) do
print(i)
end |
|
How to print Addresses + Values ? sir
EDIT :
nvm, it's solved..
Code: | UDF1.show()
function findDoubleValue(findValue)
memscan = createMemScan()
foundlist = createFoundList(memscan)
protectionflags = "-W*X-C"
memscan.firstScan(soExactValue, vtDouble, rtTruncated, findValue, nil,
"0","7fffffff",protectionflags,
fsmAligned,"4",
false, false, false, false)
memscan.waitTillDone()
foundlist.initialize()
if foundlist ~=nil then
local addresses = {}
local address = foundlist.Address
local values = {}
local value = foundlist.Value
cnt = 1
for i = 0, foundlist.Count - 1 do
addresses[address[i]] = true
values[value[i]] = true
print(cnt.." Address : "..address[i].." - Value : "..value[i])
cnt = cnt + 1
end
foundlist.destroy()
memscan.destroy()
else
showMessage("No results found");end
------------------------------------------------- replace section
-- for i=0,foundlist.Count-1 do
-- fullAccess( getAddress(foundlist.Address[i]) , 8)
-- writeDouble( foundlist.Address[i], replaceWith)
-- end
-- sleep(50)
-- foundlist.destroy()
-- sleep(50)
-- memscan.destroy()
end
a = UDF1.CEEdit1.Text
a = tonumber(a)
function doit()
findDoubleValue(a)
end
function CEButton1Click(sender)
doit()
end
--- test and result for a = 0.0111
1 Address : 03515770 - Value : 0.0111846967146935
2 Address : 035C7598 - Value : 0.011120067472051
3 Address : 614317B0 - Value : 0.0111853429375859
4 Address : 61495080 - Value : 0.011185340707987
5 Address : 61D2C5E0 - Value : 0.0111854241358034
6 Address : 61EC07A0 - Value : 0.0111865997317778
7 Address : 620FCDBC - Value : 0.0111390396059483
8 Address : 67DF07B4 - Value : 0.011119937655508
9 Address : 67F43280 - Value : 0.0111850574416326
10 Address : 71756130 - Value : 0.0111848148807303
11 Address : 74D31A0C - Value : 0.0111869014373342
12 Address : 75E7709C - Value : 0.0111866000922322
13 Address : 76418E9C - Value : 0.0111206591761947
14 Address : 764CA7B0 - Value : 0.0111146506508888
15 Address : 7681CE7C - Value : 0.0111694410443306
16 Address : 76ACEFC4 - Value : 0.0111332947147291
|
regards |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|