Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Mono/.NET features of CE
Goto page 1, 2, 3  Next
 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
edliwo
Newbie cheater
Reputation: 0

Joined: 24 Oct 2014
Posts: 16

PostPosted: Fri Oct 24, 2014 12:27 pm    Post subject: Mono/.NET features of CE Reply with quote

Hi,

me:
I'm an expierenced programmer that knows his way around the internals of a compiler and assemly code, but fairly new to CE and related programs.

context:
I have a game that uses Mono (and Unity it seems) where I'm trying to make sense of the datastructures used. I found static pointers to player structures, but there are some important other game elements I need to be able to understand. I am mainly interested in reading out whats in memory, not tryign to change things for now.

The question:
I saw CE has some extra features for workign with mono/.net executables, but I can not find ANY information about this anywhere. I managed to use the dissect code feature but what I'm mainly looking for is a good way to get an overview of the main datastructures used. Can the CE mono features help me with that (and which tools exactly shoudl I use?) or are there alternative tools that can help em with this specific problem?

I have tried .net/mono decompilers like .NET reflector (doenst support mono anymore it seems) and ILSpy, but they could not handle the exe, while CE did give me a basic list of classes and methods. Any help on using this or a better way to do what I'm trying to accomplish woudl be much appreciated!


TLDR:
Where can I find documentation for figuring out the datastructures of a MONO exe using the new CE mono features? Are there better programs to do this (I'm very happy with what CE does for me, but never hurts to ask).
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Fri Oct 24, 2014 12:57 pm    Post subject: Reply with quote

If it is a proper mono app with an official mono.dll then cheat engine will show a mono menu item (the webbrowser version of unity uses a version with changed exportnames so currently won't work on those)

There you can activate it.
Once activated you can use the dissect mono menu item to get a list of all the classes and for each class get the structure layout
Another way to get the structure layout according to .net/mono is using the data dissect feature of ce. When you make a new structure based on a specific address CE will check if it's in the .net heap, and if so set the start address itself and fill in the structure for you

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
edliwo
Newbie cheater
Reputation: 0

Joined: 24 Oct 2014
Posts: 16

PostPosted: Fri Oct 24, 2014 9:03 pm    Post subject: Reply with quote

Oh my god, thanks!

The code dissecter is still slightly hard to navigate for me, using only search (its a very big application so just expanding lines is not really productive).
My problem was I was hoping for kind of a better structure and search functionality, similar to Reflector etc. Was really having trouble finding anything usefull since it is massive, so thats where my initial question about more documentation came from.


BUT

Your comment made me check out the dissect data structures again now I enabled mono fucntionaly and my jaw almost dropped to the floor. EVERYTHING I needed to know about the object I found was right there, its type, all the fields with their correct type and NAME (!!!). I was really not expecting this to be so unbelievably transparent. I was really expecting all the variable names etc would be compiled away. Its a fairly AAA game so I'm really amazed they did not obfuscate their executable more. It almost feels liek they handed us a debug build (its still in beta)

Thank you so much for taking the time to point me in the right direction, this means a lot to me. When I get my project up and going a bit further (all thanks to CE) I'll be sure to find the donate button somewhere (you are the lead dev right). Thanks again!


TLDR:
MONO functionality is magic, 1000x thanks for taking the time to answer my question!



PS: I take it the mono code dissect functionality is fairly new, is the navigation etc of this window still beign actively developped? It could use a little extra love if you dont midn me saying : )
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Sat Oct 25, 2014 4:11 am    Post subject: Reply with quote

It's a new feature yes (more a proof of concept showing off lua and dll injection)
I'll see about making the navigation easier, but do you have any suggestions?

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
edliwo
Newbie cheater
Reputation: 0

Joined: 24 Oct 2014
Posts: 16

PostPosted: Sat Oct 25, 2014 12:39 pm    Post subject: Reply with quote

Dark Byte wrote:
It's a new feature yes (more a proof of concept showing off lua and dll injection)
I'll see about making the navigation easier, but do you have any suggestions?


Well, I'd definiatly would go for a 2 column approach, the list we have now to the left, and extra info on selected items to the right. This also gives you a good spot to put an improved search. A search that lists all matches (clickable) would improve the navigation extremely much. It seems to me the search now is sort of bugged, It seems to expand a lot of things that are not wanted and usually directs me to a wrong place. I guess this is kinda to be expected with new functionality.

I'm checking out the svn atm, I'll take a look if I could possibly make some quick quality of life improvements to it. Depends on the time it will take me to get going with the CE UI, dont want to get too sidetracked here Smile

But basicly the navigation is ok for small projects, but in huge executables its really hard to work with imo.


EDIT: the approach I suggest is basicly 100% copied form .NET Reflecter (Redgate) and ILSpy (opensource)
How possible would it be to make a section that shows the assemly/IL code of a selected function? A full decompile like .net reflector does is really out of scope of CE I think, but somethign that would let us link to the memory viewer or smt would be very usefull for many people I think.
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Sat Oct 25, 2014 3:20 pm    Post subject: Reply with quote

I'll check it out. And if you're interested in the code, check out:
http://cheat-engine.googlecode.com/svn/trunk/Cheat%20Engine/MonoDataCollector/MonoDataCollector/ (injected dll responsible for calling functions inside the target)
and
http://cheat-engine.googlecode.com/svn/trunk/Cheat%20Engine/bin/autorun/monoscript.lua (responsible for the gui. As I said, it's more a proof of concept to show of lua and CE's semi-object oriented implementation of it )


Quote:

How possible would it be to make a section that shows the assemly/IL code of a selected function? A full decompile like .net reflector does is really out of scope of CE I think, but somethign that would let us link to the memory viewer or smt would be very usefull for many people I think.

If you check the mono dissector window you'll find a rightclick option on class methods where you can tell it to show the IL code.
The problem is that there is no IL assembler yet, and the added issue that mono doesn't implement rejitting. So once it has been compiled to native code, you'll have to use that instead. (That part is easy though, as it does have a method to force JIT a method)

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
edliwo
Newbie cheater
Reputation: 0

Joined: 24 Oct 2014
Posts: 16

PostPosted: Sat Oct 25, 2014 5:22 pm    Post subject: Reply with quote

Thanks,

I already checked out the MonoDayaCollector, did not find the gui yet, so know I know where it is.
I was still fiddling with lazarus to get it to compile CE took a break since it was complainign about a powerpc compiler thats missing. If there is one thign I hate its setting up toolchains, its the reason I dread Eclipse/java seems like 50% of the time you're working to get the IDE/framework/plugin functioning, and not your actual code </rant>

More to the point, the main issue I have with search is that when you run it, it will find your result and have expanded ALL the branches that come before it, so not just its parents as it should, but all members at the same level. Guess this is a bug.

As for the better search: a nice way to structure different results (types/fields/methods) by grouping/adding filters would be usefull

Now that I've used it more, I have a few more ideas for much needed features:
#1: full mthod signatures, so lsit of parameter anmes&types and return value
#2: Way to find fields of a certain datatype. Say I have a class "Player", it would be nice to be able to find all classes that use the player class as a field.


As I said, I'll try to see if I can add these improvements myself, but atm I have no good view on how logn it will take me to familiarize myself with the whole CE internals. to be continued ...
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Sun Oct 26, 2014 6:49 am    Post subject: Reply with quote

yeah, getting the compiler setup for 6.4 and the svn trunk can be tricky as I use svn snapshots of freepascal and lazarus (their official release builds do not support 64-bit windows)

Anyhow, for the mono gui there's good new and bad news.
Good news:
you don't need the CE sourcecode to change the gui.
Click table->create form.
In the form designer click file->load and open to autorun\forms\MonoDataCollector.frm

Bad news:
It's mainly pure lua and ce's implementation of it, and the CE lua editors do not provide code completion. (the lua engine window does support single stepping)

As for expanding all entries, it's a 'semi' bug. It forgets to close them, but it has to expand them first to get the data about the class.
Initially they start up as phantom nodes but only when you actually expand the node it will query the process about information about the class
That is also why it's slow.
If you know the classname you're interested in you can disable "search entire file" in find so it won't expand anything and just search for that. (search entire file off means it won't expand non-initialized nodes)

I guess I could put in something that preloads everything, like expand all nodes does, but show a progressbar to show why it's frozen (querying the process about everything can take a while) and then from there do things like full method signatures and type searches. (fetching all that from all classes and all their methods can take a while, and might need a new serverside command to send it all in bulk)

One other downside is that preloading too soon can cause you to not find what you're looking for. Some games i've seen load extra assemblies after the game has been started

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
edliwo
Newbie cheater
Reputation: 0

Joined: 24 Oct 2014
Posts: 16

PostPosted: Sun Oct 26, 2014 8:51 pm    Post subject: Reply with quote

Nice, not having to compile CE was a great tip, could start working on the thing I wanted to right away.

The lack of autocompletion does indeed mean I have to search around a bit for the things I need, but in the end I managed to find everything I think.

I edited the GUI with 2 columns and a search panel.
It lists all results matching your query.
included options for:
- Only search in selected node
- Match Name exactly
- Search types
- Search Fields
- Search Methods

I was also able to make it so that the search cleans up after itself and collapses nodes it went trough. It made searching quite a lot easier for me. The problem now is that it is a bit too tidy and if you had expanded nodes already, it will close them, which is not wanted behaviour. Is there any way to see if a node is expanded or not? At first glance i cant find anything like that.

I ran into quite the problem concerning the listview. Turned out after an hour I was supposed to use the listBOX. jsut wanted to lsit my results, but the listview would always crop the texts of every item I would put into it, but thats sorted now : )

When I get a few more things finalized and functioning I'll upload my updated monoscript and form.


Some additional questions:
- would it be possible to find out the function signatures (paramter and return types) or is that info compiled away?
- I thought about adding a progessbar because the search can indeed take a long time, but it seems that the UI becomes unresponsive during the search, so would that even work? How easy would it be to fork the searching off into a new thread? Guess it wont be worth the trouble (not sure how good lua is at that stuff, I'm guessing -not-)



Thanks for all the help so far!
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Sun Oct 26, 2014 9:29 pm    Post subject: Reply with quote

Quote:

Is there any way to see if a node is expanded or not?

No, but I've added it for next version

Quote:

would it be possible to find out the function signatures (paramter and return types) or is that info compiled away?

I think it should be possible with the mono_method_signature to get the signature and then use mono_signature_get_* to get the specific data from it (mono_signature_get_desc returns a string), but it's currently not implemented in the injected dll side.

edit:
Added it, it's updated in the svn and i've uploaded the binaries and the monoscript.lua with the "mono_method_getSignature(methodaddress)" function at http://cheatengine.org/temp/monoscript.rar

Note: The function returns 2 results. The first one is the signature format as it's used internally, and the second result is a table with the parameter names

Quote:

I thought about adding a progessbar because the search can indeed take a long time, but it seems that the UI becomes unresponsive during the search, so would that even work? How easy would it be to fork the searching off into a new thread? Guess it wont be worth the trouble (not sure how good lua is at that stuff, I'm guessing -not-)

It's quite easily done, all the mono functions are internally thread safe (they lock based on the critical section of the pipe used for talking to the dll)
Just create a thread using createNativeThread(functionname) and let it run

The problem is that the gui objects are not thread safe at all. (Even reading out something can cause weird behaviour)
So, instead of issuing commands to the gui to expand the entries, you have to call the mono functions in lua yourself and store the results.
When done tell the gui to apply the update based on the collected data (e.g synchronize call )

An alternative method that does slightly work is using the processMessages() command inside the loop which will handle all window messages, keeping the gui responsive.
But you will have to make sure some gui options are disabled during that time (else it may execute the same function inside itself)

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
edliwo
Newbie cheater
Reputation: 0

Joined: 24 Oct 2014
Posts: 16

PostPosted: Mon Nov 10, 2014 6:19 pm    Post subject: Reply with quote

UPDATE: got sidetracked with another project that is now finished. Will resume work on these featues now : )
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Tue Nov 11, 2014 6:54 am    Post subject: Reply with quote

Welcome back
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
edliwo
Newbie cheater
Reputation: 0

Joined: 24 Oct 2014
Posts: 16

PostPosted: Tue Nov 11, 2014 9:26 am    Post subject: Reply with quote

Thanks!

Where I left off last time was the realization that the data needed to be separate form the actual tree representation (for many good reasons).

Now the main question I have when deciding on how to do this is: is the information about namespaces recoverable you think? It could be very usefull in getting a clear overview of the classes, so if it is possible, I would like to take this in to account from the start instead of redesigning the datastructure afterwards.
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Tue Nov 11, 2014 10:34 am    Post subject: Reply with quote

the only thing regarding namespaces I could find is mono_class_getNamespace to get the namespace from a class, for the rest there's nothing else
So if you wish to group classes by namespace you'd first have to get a list of all the classes, call mono_class_getNamespace on every class, and then group them accordingly

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
edliwo
Newbie cheater
Reputation: 0

Joined: 24 Oct 2014
Posts: 16

PostPosted: Tue Nov 11, 2014 11:04 am    Post subject: Reply with quote

Dark Byte wrote:
the only thing regarding namespaces I could find is mono_class_getNamespace to get the namespace from a class, for the rest there's nothing else
So if you wish to group classes by namespace you'd first have to get a list of all the classes, call mono_class_getNamespace on every class, and then group them accordingly


Alright thats brilliant, thats exactly what I wanted to do, thanks!
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Goto page 1, 2, 3  Next
Page 1 of 3

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites