 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
juntalis
Newbie cheater
![]() Reputation: 2
Joined: 13 Mar 2013
Posts: 12
|
 Posted: Sun Mar 27, 2016 2:12 pm Post subject: Questions about Local AutoAssembling and Code Execution |
 |
|
Questions
Edit: Found the answer to my main question, so I've added it below.
- Is there any way to register symbols or get the address of allocated memory with calls to autoAssemble when targetself is set to true?
- Answer: I'm blind and didn't notice the optional "local" parameter on getAddress. In my case, the address of my newly allocated function could be retrieved with the call: getAddress('X_Func', true)
- Just wanted to verify: The documentation for executeCodeLocal notes that it expects a stdcall function. Does this expectation also apply to 64-bit CE, or is the standard fastcall calling convention used instead?
More Info
So I'm currently working on a script requiring some thread management functionality, so I thought it'd be a good excuse to test out the executeCodeLocal function.
I had intended on using executeCodeLocal to call a procedure I autoAssembled into the CE process with the following:
| Code: |
local result = autoAssemble([[
alloc(X_NewMem,$1000)
label(X_Func)
loadlibrary(kernel32.dll)
registersymbol(X_Func)
X_Func:
....
ret
]], true)
|
The autoAssemble call returns successfully, and I've verified the newly allocated code in the CE process, but none of the symbols appears to have been registered. Since autoAssemble only returns a bool indicating its success, (and without the symbols) I'm not really sure how I'd go about finding the address of my newly allocated code for calling.
Last edited by juntalis on Tue Mar 29, 2016 11:52 am; edited 3 times in total |
|
| Back to top |
|
 |
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Sun Mar 27, 2016 2:33 pm Post subject: |
|
|
| Just curious...did you try Memory Viewer--> View/Userdefined symbols? Also, that View/Show symbols is checked.
|
|
| Back to top |
|
|
juntalis
Newbie cheater
![]() Reputation: 2
Joined: 13 Mar 2013
Posts: 12
|
| Posted: Sun Mar 27, 2016 2:58 pm Post subject: |
|
|
| ++METHOS wrote: | | Just curious...did you try Memory Viewer--> View/Userdefined symbols? Also, that View/Show symbols is checked. |
Yep - it comes up completely empty, just like it was before the call to autoAssemble. I also attempted the call both before and after attaching to a process, (restarting CE between attempts) on the off chance that the symbol handler didn't get initialized until after CE attached to a process. Same results in both attempts.
Lastly, I considered the possibility that the symbols might be registered but not visible due to their "local" registration. To test this, I ran:
| Code: |
print(getAddress('X_Func'))
|
which resulted in the following error:
| Quote: |
Error:Failure determining what X_Func means
|
Edit: Disregard, I'm dumb.
| Code: |
print(getAddress('X_Func', true))
106758152
|
Last edited by juntalis on Tue Mar 29, 2016 11:53 am; edited 1 time in total |
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Mon Mar 28, 2016 8:41 am Post subject: |
|
|
| I know the calling conventions for x64 are, indeed, different. However, I cannot speak about the requirements for executeCodeLocal.
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
