Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Find class instances

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Extensions
View previous topic :: View next topic  
Author Message
Dark Byte
Site Admin
Reputation: 470

Joined: 09 May 2003
Posts: 25807
Location: The netherlands
PostPosted: Wed Mar 18, 2020 3:11 pm    Post subject: Find class instances This post has 1 review(s) Reply with quote
This code will help you find class instances based on visual studio classnames
Code:

s=createMemScan()

s.firstScan(soExactValue, vtString, rtRounded, '.?AV', '', getAddress(process) ,getAddress(process)+getAddress(getModuleSize(process)) ,"*W*X*C" ,fsmNotAligned ,'1' ,false ,true, false, true);
s.waitTillDone()

fl=createFoundList(s)

names={}
fl.initialize()

sll=createStringList()
for i=1,fl.Count do
  local a=tonumber(fl[i-1],16)
  names[i]={}
  names[i].name=readString(tonumber(fl[i-1],16)+4)
  names[i].address=a-0x10
  sll.add(names[i].name)
end

r,selstring=showSelectionList('RTTI Classes','Select the class to find instances of',sll)
if (r==-1) then return end
sll.destroy()

print("You picked "..selstring)
a=names[r+1].address
if targetIs64Bit() then
  a=a-getAddress(process)
end

fl.deinitialize()
--print(string.format("Scanning for %x", a))
s.firstScan(soExactValue, vtDword, rtRounded, string.format("%x",a), '', getAddress(process) ,getAddress(process)+getAddress(getModuleSize(process)) ,"*W*X*C" ,fsmNotAligned ,'1' ,true ,true, false, true);
s.waitTillDone()
fl.initialize()
--print("found "..fl.Count.." results")

RTTIInfo={}
for i=1,fl.Count do
  local a=tonumber(fl[i-1],16)
  a=a-12
  if readBytes(a,1)==1 then
    table.insert(RTTIInfo,a)
  end
end

--print("after checking only "..#RTTIInfo.." left")

if targetIs64Bit() then
  scantype=vtQword
  pointersize=8
else
  scantype=vtDword
  pointersize=4
end

vtables={}

for i=1,#RTTIInfo do
  a=RTTIInfo[i]
  fl.deinitialize()
  --print(string.format("Scanning for %x", a))
  s.firstScan(soExactValue, scantype, rtRounded, string.format("%x",a), '', getAddress(process) ,getAddress(process)+getAddress(getModuleSize(process)) ,"*W*X*C" ,fsmNotAligned ,'1' ,true ,true, false, true);
  s.waitTillDone()
  fl.initialize()

  for j=1,fl.Count do
    table.insert(vtables, tonumber(fl[j-1],16)+pointersize)
  end
end

--print(#vtables.." vtables found")

--scan instances

instances={}

for i=1,#vtables do
  a=vtables[i]
  fl.deinitialize()
  print(string.format("Scanning for %x", a))
  s.firstScan(soExactValue, scantype, rtRounded, string.format("%x",a), '', 0 ,0xffffffffffffffff ,"*W*X*C" ,fsmNotAligned ,'1' ,true ,true, false, true);
  s.waitTillDone()
  fl.initialize()

  for j=1,fl.Count do
    table.insert(instances, tonumber(fl[j-1],16))
  end
end

print("The following instances of the class "..selstring.." where found")
for i=1,#instances do
  print(string.format("%x",instances[i]))
end

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Dark Byte
Site Admin
Reputation: 470

Joined: 09 May 2003
Posts: 25807
Location: The netherlands
PostPosted: Thu Feb 22, 2024 5:07 pm    Post subject: Reply with quote
updated version that also scans other modules (slower at start)
Code:

s=createMemScan()

s.firstScan(soExactValue, vtString, rtRounded, '.?AV', '', 0 ,0xffffffffffffffff ,"*W*X*C" ,fsmNotAligned ,'1' ,false ,true, false, true);
s.waitTillDone()

fl=createFoundList(s)

names={}
fl.initialize()

printf("fl.count=%d",fl.count)

sll=createStringList()
for i=1,fl.Count do
  local a=tonumber(fl[i-1],16)

  if inModule(a) then
    --figure out which module
    local as=getNameFromAddress(a,true,false,false)
    local moduleend=1
    while true do
      local newend=as:find('%+',moduleend+1)
      if newend==nil then break end
      moduleend=newend
    end

    as=as:sub(1,moduleend-1)
    local ne={}
    ne={}
    ne.name=readString(tonumber(fl[i-1],16)+4)
    ne.address=a-0x10
    ne.modulename=as:sub(1,moduleend-1)
    ne.modulebase=getAddress(ne.modulename)
    ne.moduleend=ne.modulebase+getModuleSize(ne.modulename)
    table.insert(names,ne)
    sll.add(ne.name)
  end
end

r,selstring=showSelectionList('RTTI Classes','Select the class to find instances of',sll)
if (r==-1) then return end
sll.destroy()

printf("You picked %d: %s in module %s (%x-%x)", r+1,selstring, names[r+1].modulename,names[r+1].modulebase,names[r+1].moduleend)
mstart=names[r+1].modulebase
mstop=names[r+1].moduleend

a=names[r+1].address
if targetIs64Bit() then
  a=a-mstart
end



fl.deinitialize()
--print(string.format("Scanning for %x", a))
s.newScan()
s.firstScan(soExactValue, vtDword, rtRounded, string.format("%x",a), '', mstart ,mstop ,"*W*X*C" ,fsmNotAligned ,'1' ,true ,true, false, true);
s.waitTillDone()
fl.initialize()
--print("found "..fl.Count.." results")

RTTIInfo={}
for i=1,fl.Count do
  local a=tonumber(fl[i-1],16)
  a=a-12
  if readBytes(a,1)==1 then
    table.insert(RTTIInfo,a)
  end
end

--print("after checking only "..#RTTIInfo.." left")

if targetIs64Bit() then
  scantype=vtQword
  pointersize=8
else
  scantype=vtDword
  pointersize=4
end

vtables={}

for i=1,#RTTIInfo do
  a=RTTIInfo[i]
  fl.deinitialize()
  --print(string.format("Scanning for %x", a))
  s.newScan()
  s.firstScan(soExactValue, scantype, rtRounded, string.format("%x",a), '', mstart ,mstop ,"*W*X*C" ,fsmNotAligned ,'1' ,true ,true, false, true);
  s.waitTillDone()
  fl.initialize()

  for j=1,fl.Count do
    table.insert(vtables, tonumber(fl[j-1],16)+pointersize)
  end
end

--print(#vtables.." vtables found")

--scan instances

instances={}

for i=1,#vtables do
  a=vtables[i]
  fl.deinitialize()
  print(string.format("Scanning for %x", a))
  s.newScan()
  s.firstScan(soExactValue, scantype, rtRounded, string.format("%x",a), '', 0 ,0xffffffffffffffff ,"*W*X*C" ,fsmNotAligned ,'1' ,true ,true, false, true);
  s.waitTillDone()
  fl.initialize()

  for j=1,fl.Count do
    table.insert(instances, tonumber(fl[j-1],16))
  end
end

print("The following instances of the class "..selstring.." where found")
for i=1,#instances do
  print(string.format("%x",instances[i]))
end



_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Extensions All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites