| View previous topic :: View next topic |
| Author |
Message |
flarn2006
Advanced Cheater
![]() Reputation: 1
Joined: 27 Nov 2012
Posts: 73
|
 Posted: Wed Nov 12, 2014 12:55 am Post subject: |
 |
|
| I can't figure out how to get this to work. Is there supposed to be a new menu item or something that appears when I select a .NET application? (I'm not using Mono; it's just the regular .NET framework.)
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 458
Joined: 09 May 2003
Posts: 25288
Location: The netherlands
|
| Posted: Wed Nov 12, 2014 6:44 am Post subject: |
|
|
When you target .net it is used automatically.
Check the symbollist and dissect data structures
edliwo, just to be sure, you know that mono_class_getNamespace is already implemented ? (Just mentioning this in case you where waiting for me to add it)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping
Last edited by Dark Byte on Thu Nov 13, 2014 5:49 am; edited 1 time in total |
|
| Back to top |
|
|
flarn2006
Advanced Cheater
![]() Reputation: 1
Joined: 27 Nov 2012
Posts: 73
|
| Posted: Thu Nov 13, 2014 3:15 am Post subject: |
|
|
| Dark Byte wrote: | When you target .net it is used automatically.
Check the symbollist and dissect data structures |
Thank you; works great! You're always so helpful. 
|
|
| Back to top |
|
|
edliwo
Newbie cheater
![]() Reputation: 0
Joined: 24 Oct 2014
Posts: 16
|
| Posted: Thu Nov 20, 2014 6:17 am Post subject: |
|
|
| Dark Byte wrote: | When you target .net it is used automatically.
Check the symbollist and dissect data structures
edliwo, just to be sure, you know that mono_class_getNamespace is already implemented ? (Just mentioning this in case you where waiting for me to add it) |
Alright, thats perfect, I wasn't sure it was already implemented, but designed the datastructures to take namespaces into account now. I should find some free hours to get the separated searche & treeview working
|
|
| Back to top |
|
|
edliwo
Newbie cheater
![]() Reputation: 0
Joined: 24 Oct 2014
Posts: 16
|
| Posted: Wed Dec 03, 2014 7:16 pm Post subject: |
|
|
Good news, I was finally able to finish this.
Well finish is maybe not the exact correct word, but I managed to integrate almost all functionality I had in mind.
So what exactly happened:
- All retrieved data is kept in a tree structure separate from the UI TreeView. All different elements like classes, field, methods, etc. have their own dedicated fields so all retrieved info is stored and searchable.
- Instead of search that takes you to the tree, search lists all matches for your search sting and filters. Once you click a match it will select the node in the tree, allowing you to see more details.
- Extensive search filters: "Search only in selected node" "Match exactly" "case sensitive" "search classes" "search field names" "search field types" "search methods"
- Support for namespaces in the tree, in my case this was a big deal in browsing trough the tree.
- clicking a class in the tree generates a small "class preview" in c# style. Comments denote the offsets of each field.
- the rightclick on methods for JIT functionality has been changed to work with the new tree and gui, but largly untested since it didnt really work all that well on my example program before
- Methods show their return type and parameter names (using the new function Dark Byte provided)
- searching seems faster now.
Some things, like selecting the node in tree after a match was found took me quite some effort and is not done in the best way since the treeview only offered a limited API to work with, but I managed to get it all in so not too worried about that.
Things I was not able to integrate:
- Good JIT support
- method parameters dont show their types, only the names. This could be usefull
- Planning to add size calculations for each field and entire classes
- Progress bars
Thansk for all the help Dark Byte and let me know what you think : )
I included the two updated files:
EDIT: cant seem to upload the forms file as attachment, so uploaded it to a fileshost (random one I found, let me know if its no good):
http://s000.tinyupload.com/?file_id=02384715221894660940
| Description: |
| cheatengine/autorun/monoscript.lua |
|
Download |
| Filename: |
monoscript.lua |
| Filesize: |
53.31 KB |
| Downloaded: |
371 Time(s) |
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 458
Joined: 09 May 2003
Posts: 25288
Location: The netherlands
|
| Posted: Wed Dec 03, 2014 7:32 pm Post subject: |
|
|
Nice, when i get home i'll check it out. But what issues did you have with JITing?
Crashes or was the code it generated not what you expected? (If it calls other methods it may put in a methodcall stub instead of a call if those methods wheren't jitted yet)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
edliwo
Newbie cheater
![]() Reputation: 0
Joined: 24 Oct 2014
Posts: 16
|
| Posted: Wed Dec 03, 2014 8:21 pm Post subject: |
|
|
| Dark Byte wrote: | Nice, when i get home i'll check it out. But what issues did you have with JITing?
Crashes or was the code it generated not what you expected? (If it calls other methods it may put in a methodcall stub instead of a call if those methods wheren't jitted yet) |
well, 1 crashes the game now (the one that usedto work before) and the other 2 give no results (like before).
I'm not exactly sure what the exact difference between the 3 jit methods are tbh, I really didnt look at it at all since i'm not really planning to need any JIT'ing anytime soon. Guess I'll just have to check them out on a better sample program.
Oh one issue I really struggled (read: frustrating as hell) was I could not get the GUI splitters to work. if you notice when you try to resize the 2 colums or the right 2 rows, it doesnt work, or as soon as you touch it, the whole slider collapses an entire column. I could not get the alignment and anchoring set up correctly to get these to work, I think i spent more than an hour fiddlign with it before I finally gave up. Not the biggest issue, but if it could be made to work, that would be awesome.
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 458
Joined: 09 May 2003
Posts: 25288
Location: The netherlands
|
| Posted: Wed Dec 03, 2014 8:30 pm Post subject: |
|
|
3 methods? As far as I know only mono_compile_method(method) will compile(jit) a method. Not sure which others you are referring to
splitters can be finicky, but it's mostly a matter to get used to them
To add a splitter first have one side set it's alignment to alTop, alLeft, alBottom or alRight, then add a splitter and align it to the same kind of alignment, and then add the other side as client alignment. (not anything else, always alClient)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 458
Joined: 09 May 2003
Posts: 25288
Location: The netherlands
|
| Posted: Wed Dec 03, 2014 9:58 pm Post subject: |
|
|
I've fixed the alignment issues:
http://s000.tinyupload.com/index.php?file_id=94261486142432555121
I did notice one small bug, the show IL code on a function I know used to work seems to crash the game now.
I'll see if I can find out why tomorrow (perhaps something else than the method is passed, which might also explain why your previous attempts at jitting failed)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
edliwo
Newbie cheater
![]() Reputation: 0
Joined: 24 Oct 2014
Posts: 16
|
| Posted: Thu Dec 04, 2014 11:31 am Post subject: |
|
|
| Dark Byte wrote: | I've fixed the alignment issues:
*notallowedtoposturls*
I did notice one small bug, the show IL code on a function I know used to work seems to crash the game now.
I'll see if I can find out why tomorrow (perhaps something else than the method is passed, which might also explain why your previous attempts at jitting failed) |
sweet thanks! I guess I have to make the search textbox scaling too, but at least the splitters work now
|
|
| Back to top |
|
|
edliwo
Newbie cheater
![]() Reputation: 0
Joined: 24 Oct 2014
Posts: 16
|
| Posted: Thu Dec 04, 2014 7:49 pm Post subject: |
|
|
Ok now that I'm actually *using* the additional functionality I added I noticed some more things that would be very nice to add:
- Class BaseType info
- Types of method parameters (currently we only read in the parameter names)
- static fields: Not sure how they are being processed atm: do they show up as regular class members, or not at all since they are essentially global. When you have a full class layout like you get from Mono Dissect I think its very easy to identify a few good static variables that can help you get good pointers quickly, depending on how easy it is to fidn them in memory from the information you get troguh the dissect.
Could you have a look Dark byte how hard it is to get this info? I can write the fucntions responsible for it in the monoscript file, but its the functions at the other side of the pipe, that live in the MonoDataCollector that I have no idea how to add.
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 458
Joined: 09 May 2003
Posts: 25288
Location: The netherlands
|
| Posted: Thu Dec 04, 2014 9:33 pm Post subject: |
|
|
| Quote: |
- Class BaseType info
|
Do you mean the parentclass/ superclass with BaseType ? (Just asking as there's also an enum basetype for classes, which is for enums only)
If so, I could add that. mono does export mono_class_get_parent(class)
| Quote: |
- Types of method parameters (currently we only read in the parameter names)
|
You've checked the first result of mono_method_getSignature(methodaddress) ? (it returns 2 results)
I believe the first one is a list of types entered into a single string (e.g (int;int;PlayerClass;int) you may have to add some parsing to split it up)
| Quote: |
- static fields: Not sure how they are being processed atm: do they show up as regular class members, or not at all since they are essentially global. When you have a full class layout like you get from Mono Dissect I think its very easy to identify a few good static variables that can help you get good pointers quickly, depending on how easy it is to fidn them in memory from the information you get troguh the dissect.
|
static fields are part of the normal field list, but their attribute will determine if it's static or not (not yet provided, and not yet clear how to get that)
If it's a static, the offset refers to an offset in the static field data of the vtable of the class.
I may be able to get that information by using mono_class_vtable and then mono_vtable_get_static_field_data
(if jitting works it's even easier to get useful pointers by just getting the method start of an often called function of a class you're interested. hook it, in and you'll get a list of all the created class instances of that specific class (ECX) )
I didn't get time today to work on this (family/holiday stuff) but if I get time tomorrow I'll check these thing out further
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
edliwo
Newbie cheater
![]() Reputation: 0
Joined: 24 Oct 2014
Posts: 16
|
| Posted: Fri Dec 05, 2014 8:45 am Post subject: |
|
|
- I indeed mean superclass
- Oh I thought this was the return type, but indeed for functions with multiple parameters it is a list,, I'll change that.
-I noticed indeed that static fields have a different offset than the other members (it start back at 0), which would then indeed be the offset in the vtable like you mentioned.
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 458
Joined: 09 May 2003
Posts: 25288
Location: The netherlands
|
| Posted: Fri Dec 05, 2014 6:48 pm Post subject: |
|
|
I've uploaded some new dll's and an adjusted script http://cheatengine.org/temp/monoscript.rar
it's still using the old form and script for SVN compatibility (I'll implement your version when I've had more time to debug it, there is certainly something going wrong with the method pointer passed )
Anyhow, the main changes and add-ons are:
| Code: |
FIELD_ATTRIBUTE_FIELD_ACCESS_MASK=0x0007
FIELD_ATTRIBUTE_COMPILER_CONTROLLED=0x0000
FIELD_ATTRIBUTE_PRIVATE=0x0001
FIELD_ATTRIBUTE_FAM_AND_ASSEM=0x0002
FIELD_ATTRIBUTE_ASSEMBLY=0x0003
FIELD_ATTRIBUTE_FAMILY=0x0004
FIELD_ATTRIBUTE_FAM_OR_ASSEM=0x0005
FIELD_ATTRIBUTE_PUBLIC=0x0006
FIELD_ATTRIBUTE_STATIC=0x0010
FIELD_ATTRIBUTE_INIT_ONLY=0x0020
FIELD_ATTRIBUTE_LITERAL=0x0040
FIELD_ATTRIBUTE_NOT_SERIALIZED=0x0080
FIELD_ATTRIBUTE_SPECIAL_NAME=0x0200
FIELD_ATTRIBUTE_PINVOKE_IMPL=0x2000
FIELD_ATTRIBUTE_RESERVED_MASK=0x9500
FIELD_ATTRIBUTE_RT_SPECIAL_NAME=0x0400
FIELD_ATTRIBUTE_HAS_FIELD_MARSHAL=0x1000
FIELD_ATTRIBUTE_HAS_DEFAULT=0x8000
FIELD_ATTRIBUTE_HAS_FIELD_RVA=0x0100
MONOCMD_GETPARENTCLASS=25
MONOCMD_GETSTATICFIELDADDRESSFROMCLASS=26
function mono_method_getSignature(method) --changed
--Gets the method 'signature', the corresponding parameter names, and the returntype
if debug_canBreak() then return nil end
local result=''
local parameternames={}
local returntype=''
monopipe.lock()
monopipe.writeByte(MONOCMD_GETMETHODSIGNATURE)
monopipe.writeQword(method)
local paramcount=monopipe.readByte()
local i
for i=1, paramcount do
local namelength=monopipe.readByte()
if namelength>0 then
parameternames[i]=monopipe.readString(namelength)
else
parameternames[i]='param'..i
end
end
local resultlength=monopipe.readWord();
result=monopipe.readString(resultlength);
local returntypelength=monopipe.readByte()
returntype=monopipe.readString(returntypelength)
monopipe.unlock()
return result, parameternames, returntype;
end
function mono_class_getParent(class) --new
if debug_canBreak() then return nil end
local result=0
monopipe.lock()
monopipe.writeByte(MONOCMD_GETPARENTCLASS)
monopipe.writeQword(class)
result=monopipe.readQword()
monopipe.unlock()
return result;
end
function mono_class_getStaticFieldAddress(domain, class) --new
if debug_canBreak() then return nil end
local result=0
monopipe.lock()
monopipe.writeByte(MONOCMD_GETSTATICFIELDADDRESSFROMCLASS)
monopipe.writeQword(domain)
monopipe.writeQword(class)
result=monopipe.readQword()
monopipe.unlock()
return result;
end
function mono_class_enumFields(class) --changed
if debug_canBreak() then return nil end
local classfield;
local index=1;
local fields={}
monopipe.lock()
monopipe.writeByte(MONOCMD_ENUMFIELDSINCLASS)
monopipe.writeQword(class)
repeat
classfield=monopipe.readQword()
if (classfield~=nil) and (classfield~=0) then
local namelength;
fields[index]={}
fields[index].field=classfield
fields[index].type=monopipe.readQword()
fields[index].monotype=monopipe.readDword()
fields[index].parent=monopipe.readQword()
fields[index].offset=monopipe.readDword()
fields[index].flags=monopipe.readDword()
fields[index].isStatic=(bAnd(fields[index].flags, bOr(FIELD_ATTRIBUTE_STATIC, FIELD_ATTRIBUTE_HAS_FIELD_RVA))) ~= 0 --check mono for other fields you'd like to test
namelength=monopipe.readWord();
fields[index].name=monopipe.readString(namelength);
namelength=monopipe.readWord();
fields[index].typename=monopipe.readString(namelength);
index=index+1
end
until (classfield==nil) or (classfield==0)
monopipe.unlock()
return fields
end
|
Note that mono_class_getStaticFieldAddress requires the domain the class is currently in
mono_method_getSignature return a 3th parameter (return type)
mono_class_enumFields now also gets the attributes, and also sets isStatic
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
edliwo
Newbie cheater
![]() Reputation: 0
Joined: 24 Oct 2014
Posts: 16
|
| Posted: Mon Dec 08, 2014 2:16 pm Post subject: |
|
|
| Dark Byte wrote: | I've uploaded some new dll's and an adjusted script
it's still using the old form and script for SVN compatibility (I'll implement your version when I've had more time to debug it, there is certainly something going wrong with the method pointer passed )
Anyhow, the main changes and add-ons are:
Note that mono_class_getStaticFieldAddress requires the domain the class is currently in
mono_method_getSignature return a 3th parameter (return type)
mono_class_enumFields now also gets the attributes, and also sets isStatic |
Brilliant! I'll add in the new functionality, and also try to debug the methods passed and compare to the values used in the previous version.
I'm also going to provide a default action when you select a method or a field like with the class, so it lists all possible info there.
At the risk of sounding stupid: What is the difference between the "show IL dissasembly" option and the "Get IL code"? What exactly is the JIT option supposed to do (I know what JIT compilation is, just not sure what we're trying to achieve here)
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
