panraven Grandmaster Cheater Reputation: 55
Joined: 01 Oct 2008 Posts: 942
|
Posted: Wed Apr 08, 2015 3:11 am Post subject: aob manipulating lua function |
|
|
Some home-made aob manipulating lua function:
Code: | --
function byte2aob(b) return type(b)=='number' and b<256 and b>=0 and string.format('%02X',b) or '??' end
function aob2byte(a) a = tonumber(a,16) return type(a)=='number' and a <256 and a>=0 and a or -1 end
function imap(t,f) local s={} for i=1,#t do s[i]=f(t[i]) end return s end
function n2bt(n,t) t=type(t)=='string' and t or 'dword' return rawget(_G,t..'ToByteTable')(n) end
function t2aob(t,sep) return table.concat(imap(t,byte2aob),type(sep)=='string' and sep or ' ') end
function n2aob(n,t) return t2aob(n2bt(n,t)) end
function s1aob(s) return t2aob(n2bt(s,'string')) end
function s2aob(s) return t2aob(n2bt(s,'wideString')) end
function aob2bt(a)
local s = a:gsub('%S+',function(r) -- check parts
local t,l = {},string.len(r)
assert(string.len(r) % 2 == 0, 'some aob part has odds number of hex digits:'..l..'-'..r)
for i=1,l/2 do t[i] = byte2aob(aob2byte(string.sub(r,i*2-1,i*2))) end-- extract byte from each 2 hex digits
return table.concat(t)
end):gsub('%s+','') -- trim all spaces
local t,l = {},string.len(s)
assert(l % 2 == 0, 'the aob has odds number of hex digits:'..l..'-'..s)
for i=1,l/2 do t[i] = aob2byte(string.sub(s,i*2-1,i*2)) end-- extract byte from each 2 hex digits
return t
end
function normalize(a,sep) return t2aob(aob2bt(a),type(sep)=='string' and sep or '') end -- check even hex digits, default no space form
function replaceBytes(a,p,r,m)
assert(p>0,'replace position must be positive')
local t = aob2bt(a)
local isTable = type(r)=='table'
local l = isTable and #r or r
assert(type(l)=='number','replace table or length not valid')
l = math.min(l,type(m)=='number' and m or l)
for i=#t+1,p+l-1 do t[i]=0 end
for i=1,l do t[p+i-1] = isTable and r[i] or -1 end
return t2aob(t)
end
function join(sep,...) return table.concat(imap({...},tostring),type(sep)=='string' and sep or " ") end
function ajoin(...)
return join(" ",unpack(imap({...},function(a)
if type(a) == 'number' then a = byte2aob(a) end
if type(a) == 'table' then a = t2aob(a) end
return a
end)))
end
-- application
function unityString(s,wide)
local stoaob = wide == true and s2aob or s1aob
return ajoin(n2aob(string.len(s)),stoaob(s))
end
-- test
print(n2aob(999,'double'))
local u = unityString('Hello CheatEngine')
local w = unityString('Hello CheatEngine',true)
print(u)
print(normalize(w))
-- r = aobscan(u) --
local r = 0x451200 - 8 -- unity string struct address at -8 offset of pattern [str-len:4bytes][str-chars]
local c = ajoin(0x68,n2aob(r),'50 ?? ?? e8') -- push [string addr] ; push some-eax ; call some-where
print(c)
local d,e = replaceBytes(c,2,4),replaceBytes(c,10,n2bt(1000000),2)
print(d) -- replace with how many wildcard, here 4, at position 2
print(e) -- replace/insert 1st 2 bytes of aob(1000000):0f4240 after e8, give ... e8 40 42
--[[ output
00 00 00 00 00 38 8F 40
11 00 00 00 48 65 6C 6C 6F 20 43 68 65 61 74 45 6E 67 69 6E 65
11000000480065006C006C006F0020004300680065006100740045006E00670069006E006500
68 F8 11 45 00 50 ?? ?? e8
68 ?? ?? ?? ?? 50 ?? ?? E8
68 F8 11 45 00 50 ?? ?? E8 40 42
--]] |
ADDED:
acceptable 2nd parameter for n2aob & n2bt is string 'word','dword'...etc. from these ce function:
Code: | wordToByteTable(number),
dwordToByteTable(number),
qwordToByteTable(number),
floatToByteTable(number),
doubleToByteTable(number),
stringToByteTable(string),
wideStringToByteTable(string) |
default 'dword' |
|