Cheat Engine :: View topic - GetKnownFolder Implementation

Cheat Engine
The Official Site of Cheat Engine

FAQ

Memberlist

Usergroups

Profile

GetKnownFolder Implementation

Cheat Engine Forum Index -> Cheat Engine Tutorials -> LUA Tutorials

View previous topic :: View next topic

Author

Message

juntalis
Newbie cheater

Reputation: 2

Joined: 13 Mar 2013
Posts: 12

Posted: Mon Feb 14, 2022 8:07 am Post subject: GetKnownFolder Implementation

Figured I'd share this snippet in case it's useful to anyone:

Code:

local unpack = _G.unpack or table.unpack

local function len(x)
return #x
end

local function isString(value)
return type(value) == "string"
end

local function isTable(value)
return type(value) == "table"
end

KNOWNFOLDERID = {
-- %USERPROFILE%
["Profile"] = { 0x8F, 0x85, 0x6C, 0x5E, 0x22, 0x0E, 0x60, 0x47, 0x9A, 0xFE, 0xEA, 0x33, 0x17, 0xB6, 0x71, 0x73 },
-- %USERPROFILE%\Documents
["Documents"] = { 0xD0, 0x9A, 0xD3, 0xFD, 0x8F, 0x23, 0xAF, 0x46, 0xAD, 0xB4, 0x6C, 0x85, 0x48, 0x03, 0x69, 0xC7 },
-- %USERPROFILE%\AppData\Roaming
["RoamingAppData"] = { 0xDB, 0x85, 0xB6, 0x3E, 0xF9, 0x65, 0xF6, 0x4C, 0xA0, 0x3A, 0xE3, 0xEF, 0x65, 0x72, 0x9F, 0x3D },
-- %USERPROFILE%\AppData\Local
["LocalAppData"] = { 0x85, 0x27, 0xB3, 0xF1, 0xBA, 0x6F, 0xCF, 0x4F, 0x9D, 0x55, 0x7B, 0x8E, 0x7F, 0x15, 0x70, 0x91 },
-- %USERPROFILE%\AppData\LocalLow
["LocalAppDataLow"] = { 0xA4, 0xA1, 0x20, 0xA5, 0x80, 0x17, 0xF6, 0x4F, 0xBD, 0x18, 0x16, 0x73, 0x43, 0xC5, 0xAF, 0x16 },
-- %USERPROFILE%\AppData\Local\Programs
["UserProgramFiles"] = { 0xE2, 0xAE, 0xD7, 0x5C, 0x19, 0x22, 0x67, 0x4A, 0xB8, 0x5D, 0x6C, 0x9C, 0xE1, 0x56, 0x60, 0xCB },
-- %ProgramData%
["ProgramData"] = { 0x82, 0x5D, 0xAB, 0x62, 0xC1, 0xFD, 0xC3, 0x4D, 0xA9, 0xDD, 0x07, 0x0D, 0x1D, 0x49, 0x5D, 0x97 },
-- %ProgramFiles%
["ProgramFiles"] = { 0xB6, 0x63, 0x5E, 0x90, 0xBF, 0xC1, 0x4E, 0x49, 0xB2, 0x9C, 0x65, 0xB7, 0x32, 0xD3, 0xD2, 0x1A },
-- %ProgramFiles%
["ProgramFilesX64"] = { 0x77, 0x93, 0x80, 0x6D, 0xF0, 0x6A, 0x4B, 0x44, 0x89, 0x57, 0xA3, 0x77, 0x3F, 0x02, 0x20, 0x0E },
-- %ProgramFiles(x86)%
["ProgramFilesX86"] = { 0xEF, 0x40, 0x5A, 0x7C, 0xFB, 0xA0, 0xFC, 0x4B, 0x87, 0x4A, 0xC0, 0xF2, 0xE0, 0xB9, 0xFA, 0x8E }
}

autoAssemble([==[
define(KF_FLAG_CREATE,00008000)

loadlibrary(ole32.dll)
loadlibrary(shell32.dll)

alloc(GetKnownFolder_Memory,$1000)

label(GetKnownFolder)
label(GetKnownFolder_ret)
label(KnownFolderID)
label(KnownFolderBuffer)

GetKnownFolder_Memory:
GetKnownFolder:

[32-bit]
push ecx
push #1024
push KnownFolderBuffer
mov [esp+8], 0
[/32-bit]
[64-bit]
sub rsp, 28
mov edx, #1024
mov [rsp+30], 00
lea rcx, [KnownFolderBuffer]
[/64-bit]

call kernel32.RtlZeroMemory

[32-bit]
add esp,8
lea eax, [esp]
push eax
push 0
push KF_FLAG_CREATE
push KnownFolderID
[/32-bit]
[64-bit]
lea r9, [rsp+30]
xor r8d, r8d
mov edx, KF_FLAG_CREATE
lea rcx, [KnownFolderID]
[/64-bit]

call shell32.SHGetKnownFolderPath
test eax, eax
js GetKnownFolder_ret

[32-bit]
push [esp]
call kernel32.lstrlenW
inc eax
push eax
push [esp+4]
push KnownFolderBuffer
call kernel32.lstrcpynW
push [esp]
[/32-bit]
[64-bit]
mov rcx, [rsp+30]
call kernel32.lstrlenW
mov rdx, [rsp+30]
lea rcx, [KnownFolderBuffer]
lea r8d, [rax+01]
call kernel32.lstrcpynW
mov rcx, [rsp+30]
[/64-bit]

call CoTaskMemFree
mov eax, 1

[32-bit]
pop ecx
[/32-bit]
[64-bit]
add rsp, 28
[/64-bit]

ret
GetKnownFolder_ret:
xor eax, eax

[32-bit]
pop ecx
[/32-bit]
[64-bit]
add rsp, 28
[/64-bit]

ret

KnownFolderID:
dq 0, 0

KnownFolderBuffer:
dq 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
dq 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
dq 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
dq 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0

registersymbol(GetKnownFolder)
registersymbol(KnownFolderID)
registersymbol(KnownFolderBuffer)
]==], true)

function GetKnownFolder(folderId)
local pKnownFolderID = getAddressSafe("KnownFolderID", true)
local pKnownFolderBuffer = getAddressSafe("KnownFolderBuffer", true)
if not pKnownFolderID or not pKnownFolderBuffer then
   error("Failed to lookup KnownFolderBuffer or KnownFolderID")
end
if isString(folderId) then
   folderId = KNOWNFOLDERID[folderId]
end
if not isTable(folderId) or len(folderId) < 16 then
   error("Invalid value for folderId - expected GUID")
end
writeBytesLocal(pKnownFolderID, unpack(folderId))
executeCodeLocal("GetKnownFolder")
return readStringLocal(pKnownFolderBuffer, 511, true)
end

Used with:

Code:

local appData = GetKnownFolder(KNOWNFOLDERID.RoamingAppData)

atom0s
Moderator

Reputation: 204

Joined: 25 Jan 2006
Posts: 8579
Location: 127.0.0.1

Posted: Mon Feb 14, 2022 11:47 pm Post subject:

You can do this with Lua's os.getenv function as well to reduce the amount of code and not require any additional overhead/COM usage like this:

Code:

print(string.format('%%USERPROFILE%%: %s', os.getenv('USERPROFILE')));
print(string.format('Documents: %s', os.getenv('USERPROFILE') .. '\\Documents'));
print(string.format('%%APPDATA%%: %s', os.getenv('APPDATA')));
print(string.format('%%LOCALAPPDATA%%: %s', os.getenv('LOCALAPPDATA')));
print(string.format('AppData - LocalLow: %s', os.getenv('LOCALAPPDATA') .. 'Low'));
print(string.format('UserProgramFiles: %s', os.getenv('LOCALAPPDATA') .. '\\Programs'));
print(string.format('%%PROGRAMDATA%%: %s', os.getenv('PROGRAMDATA')));
print(string.format('%%PROGRAMFILES%%: %s', os.getenv('PROGRAMFILES')));
print(string.format('%%ProgramFiles(x86)%%: %s', os.getenv('ProgramFiles(x86)')));
print(string.format('%%ProgramW6432%%: %s', os.getenv('ProgramW6432')));

_________________

- Retired.

Display posts from previous:

	Cheat Engine Forum Index -> Cheat Engine Tutorials -> LUA Tutorials	All times are GMT - 6 Hours
Page 1 of 1

Jump to:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum