| View previous topic :: View next topic |
| Author |
Message |
predprey
Master Cheater
![]() Reputation: 24
Joined: 08 Oct 2015
Posts: 486
|
 Posted: Sun Jul 28, 2019 2:57 am Post subject: Any tips for using the Code Filter feature? |
 |
|
Branch mapper causes the attached process to lag until it does not respond at all until toggled off so the mappers can't be used for finding calls that get executed when performing some action. Loading address list from disassembler is unreliable and causes exception errors in the attached process. Not sure how to load addresses from a trace if I have no idea where the function I want is and so no where to trace from.
So what do people who use Code Filter usually use it for and you use it?
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25806
Location: The netherlands
|
| Posted: Sun Jul 28, 2019 3:27 am Post subject: |
|
|
Enable break on unexpected breakpoints and do a disassembler list and save that list to a textfile
The first few times it'll crash on an invalid bp location, but just edit the list (look at the crash EIP/RIP and look for a 0xcc near here) and load that back (sometimes you can do a continue handled after removing the broken bp address)
After a few times you'll have a list of call's all valid
Or use the tracer, but that's less useful as that usually means you already know where to look
The map also works, but as you have guessed, it's very slow and may take a day or two
And perhaps save the list as a textfile, and then let lua parse over it and make it detect some disassembler mistakes that aren't actually calls (but will require you to add in some extra checks.
e.g:
surrounded by 0's will show as
| Code: |
add [rdi],cl
scasb
call Tutorial-x86_64.exe+33EA
|
so that's one of those things that should be checked
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
predprey
Master Cheater
![]() Reputation: 24
Joined: 08 Oct 2015
Posts: 486
|
| Posted: Sun Jul 28, 2019 4:20 am Post subject: |
|
|
| Dark Byte wrote: | Enable break on unexpected breakpoints and do a disassembler list and save that list to a textfile
The first few times it'll crash on an invalid bp location, but just edit the list (look at the crash EIP/RIP and look for a 0xcc near here) and load that back (sometimes you can do a continue handled after removing the broken bp address)
After a few times you'll have a list of call's all valid
|
This is a list of all valid calls in the executable? Do we need to first cut the list down to less then 100 addresses as you said here, and if so how should we narrow it down to the ones that might contain the one we want?
https://www.cheatengine.org/forum/viewtopic.php?t=609196&sid=f32d6d1a3c39624e0006682b32dcf840
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25806
Location: The netherlands
|
| Posted: Sun Jul 28, 2019 4:25 am Post subject: |
|
|
nah, that was just for a theoretical hitcounter
But that idea was scrapped
the list can be as long as you wish
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
