CELua[RU]
    • Категории
    • Последние
    • Метки
    • Популярные
    • Пользователи
    • Группы
    • Зарегистрироваться
    • Войти

    Считаем размер инъекции в байтах

    Запланировано Прикреплена Закрыта Перенесена Приёмы
    ce luaфишкиce aa
    1 Сообщения 1 Posters 31 Просмотры 1 Watching
    Загружаем больше сообщений
    • Сначала старые
    • Сначала новые
    • По количеству голосов
    Ответить
    • Ответить, создав новую тему
    Авторизуйтесь, чтобы ответить
    Эта тема была удалена. Только пользователи с правом управления темами могут её видеть.
    • MasterGHM Не в сети
      MasterGH Администраторы
      отредактировано

      Можно подхватить разные моменты активации и деактивации записи в таблице CE и рассчитать размер кода между метками

      1. По шаблону вставляем АА код для туториала Cheat Engine
      2. Регистрируем метки-маркеры в АА коде
      3. Этими метками в Lua считаем и выводим ""endCode - startCode" размер байтов

      Пример, который подсчитал 15 байтов
      c330e4cc-9f25-4763-88b6-ca32eb0b2817-изображение.png
      95d770a5-02ec-4fba-855c-8ed07c23180d-изображение.png

      Пример скрипта

      {$lua}
        memrec.OnActivate = function (memoryrecord, before, currentstate)
          if currentstate and not before then
             print("Bytes: " .. getAddress("endCode - startCode"))
          end
          return before
        end
      {$ASM}
      
      [ENABLE]
      //code from here to '[DISABLE]' will be used to enable the cheat
      aobscanmodule(INJECT,Tutorial-i386.exe,81 BB 80 04 00 00 E8 03 00 00) // should be unique
      alloc(newmem,$1000)
      
      label(code)
      label(endCode)
      label(startCode)
      registerSymbol(startCode)
      registerSymbol(endCode)
      
      newmem:
      
      code:
      startCode:
        cmp [ebx+00000480],000003E8
        jmp return
      endCode:
      
      INJECT:
        jmp newmem
        nop
        nop
        nop
        nop
        nop
      return:
      registersymbol(INJECT)
      
      [DISABLE]
      //code from here till the end of the code will be used to disable the cheat
      INJECT:
        db 81 BB 80 04 00 00 E8 03 00 00
      unregistersymbol(startCode)
      unregistersymbol(endCode)
      unregistersymbol(INJECT)
      dealloc(newmem)
      
      {
      // ORIGINAL CODE - INJECTION POINT: "Tutorial-i386.exe"+23FE3
      
      "Tutorial-i386.exe"+23FD1: C9                             -  leave
      "Tutorial-i386.exe"+23FD2: C3                             -  ret
      "Tutorial-i386.exe"+23FD3: 00 00                          -  add [eax],al
      "Tutorial-i386.exe"+23FD5: 00 00                          -  add [eax],al
      "Tutorial-i386.exe"+23FD7: 00 00                          -  add [eax],al
      "Tutorial-i386.exe"+23FD9: 00 00                          -  add [eax],al
      "Tutorial-i386.exe"+23FDB: 00 00                          -  add [eax],al
      "Tutorial-i386.exe"+23FDD: 00 00                          -  add [eax],al
      "Tutorial-i386.exe"+23FDF: 00 53 89                       -  add [ebx-77],dl
      "Tutorial-i386.exe"+23FE2: C3                             -  ret
      // ---------- INJECTING HERE ----------
      "Tutorial-i386.exe"+23FE3: 81 BB 80 04 00 00 E8 03 00 00  -  cmp [ebx+00000480],000003E8
      // ---------- DONE INJECTING  ----------
      "Tutorial-i386.exe"+23FED: 75 2C                          -  jne Tutorial-i386.exe+2401B
      "Tutorial-i386.exe"+23FEF: 8B 83 68 04 00 00              -  mov eax,[ebx+00000468]
      "Tutorial-i386.exe"+23FF5: B2 01                          -  mov dl,01
      "Tutorial-i386.exe"+23FF7: 8B 8B 68 04 00 00              -  mov ecx,[ebx+00000468]
      "Tutorial-i386.exe"+23FFD: 8B 09                          -  mov ecx,[ecx]
      "Tutorial-i386.exe"+23FFF: FF 91 20 02 00 00              -  call dword ptr [ecx+00000220]
      

      Документация кому интересно

      MemoryRecord Class:
      The memoryrecord objects are the entries you see in the addresslist

      properties
      ID: Integer - Unique ID
      Index: Integer - The index ID for this record. 0 is top. (ReadOnly)
      Description: string- The description of the memory record
      Address: string - Get/set the interpretable address string. Useful for simple address settings.
      AddressString: string - Get the address string shown in CE (ReadOnly)
      OffsetCount: integer - The number of offsets. Set to 0 for a normal address
      Offset[] : integer - Array to access each offset
      OffsetText[] : string - Array to access each offset using the interpretable text style

      CurrentAddress: integer - The address the memoryrecord points to
      VarType: ValueType (string) - The variable type of this record. See vtByte to vtCustom
      Type: ValueType (number) - The variable type of this record. See vtByte to vtCustom
      If the type is vtString then the following properties are available:
      String.Size: Number of characters in the string
      String.Unicode: boolean
      String.Codepage: boolean

      If the type is vtBinary then the following properties are available
      Binary.Startbit: First bit to start reading from
      Binary.Size : Number of bits

      If the type is vtByteArray then the following properties are available
      Aob.Size : Number of bytes

      CustomTypeName: String - If the type is vtCustom this will contain the name of the CustomType
      Script: String - If the type is vtAutoAssembler this will contain the auto assembler script
      Value: string - The value in stringform.
      Selected: boolean - Set to true if selected (ReadOnly)
      Active: boolean - Set to true to activate/freeze, false to deactivate/unfreeze
      Color: integer
      ShowAsHex: boolean - Self explanatory
      ShowAsSigned: boolean - Self explanatory
      AllowIncrease: boolean - Allow value increasing, unfreeze will reset it to false
      AllowDecrease: boolean - Allow value decreasing, unfreeze will reset it to false
      Collapsed: boolean - Set to true to collapse this record or false to expand it. Use expand/collapse methods for recursive operations.
      IsGroupHeader: boolean - Set to true if the record was created as a Group Header with no address or value info. (ReadOnly)
      IsReadable: boolean - Set to false if record contains an unreadable address. NOTE: This property will not be set until the value property is accessed at least once. (ReadOnly)

      Options: String set - a string enclosed by square brackets filled with the options seperated by a comma. Valid options are: moHideChildren, moActivateChildrenAsWell, moDeactivateChildrenAsWell, moRecursiveSetValue, moAllowManualCollapseAndExpand, moManualExpandCollapse

      DropDownLinked: boolean - if dropdown list refers to list of another memory record eg. (memrec name)
      DropDownLinkedMemrec: string - Description of linked memrec or emptystring if not linked
      DropDownList : StringList - list of "value:description" lines, lists are still separate objects when linked, read-write
      DropDownReadOnly: boolean - true if 'Disallow manual user input' is set
      DropDownDescriptionOnly: boolean - self explanatory
      DisplayAsDropDownListItem: boolean - self explanatory
      DropDownCount: integer - equivalent to .DropDownList.Count
      DropDownValue[index] : Array to access values in DropDownList (ReadOnly)
      DropDownDescription[index] : Array to access Descriptions in DropDownList (ReadOnly)

      Count: Number of children
      Child[index] : Array to access the child records
      [index] = Child[index]
      Parent: MemoryRecord - self explanatory

      HotkeyCount: integer - Number of hotkeys attached to this memory record
      Hotkey[] : Array to index the hotkeys

      Async: Boolean - Set to true if activating this entry will be asynchronious. (only for AA/Lua scripts)
      AsyncProcessing: Boolean - True when async is true and it's being processed
      AsyncProcessingTime: qword - The time that it has been processing in milliseconds

      OnActivate: function(memoryrecord,before,currentstate):boolean - The function to call when the memoryrecord will change (or changed) Active to true. If before is true, not returning true will cause the activation to stop.
      OnDeactivate: function(memoryrecord,before,currentstate):boolean - The function to call when the memoryrecord will change (or changed) Active to false. If before is true, not returning true will cause the deactivation to stop.
      OnDestroy: function() - Called when the memoryrecord is destroyed.
      OnGetDisplayValue: function(memoryrecord,valuestring):boolean,string - This function gets called when rendering the value of a memory record. Return true and a new string to override the value shown
      DontSave: boolean - Don't save this memoryrecord and it's children

      methods
      getDescription()
      setDescription()
      getAddress() : Returns the interpretable addressstring of this record. If it is a pointer, it returns a second result as a table filled with the offsets
      setAddress(string) : Sets the interpretable address string, and if offsets are provided make it a pointer

      getOffsetCount(): Returns the number of offsets for this memoryrecord
      setOffsetCount(integer): Lets you set the number of offsets

      getOffset(index) : Gets the offset at the given index
      setOffset(index, value) : Sets the offset at the given index

      getCurrentAddress(): Returns the current address as an integer (the final result of the interpretable address and pointer offsets)

      appendToEntry(memrec): Appends the current memory record to the given memory record

      getHotkey(index): Returns the hotkey from the hotkey array
      getHotkeyByID(integer): Returns the hotkey with the given id

      reinterpret()
      createHotkey({keys}, action, value OPTIONAL): Returns a hotkey object

      disableWithoutExecute(): Sets the entry to disabled without executing the disable section

      global events
      function onMemRecPreExecute(memoryrecord, newstate BOOLEAN):
      If above function is defined it will be called before action* has been performed.
      Active property is about to change to newState.

      function onMemRecPostExecute(memoryrecord, newState BOOLEAN, succeeded BOOLEAN):
      If above function is defined it will be called after action*.
      Active property was supposed to change to newState.
      If 'succeeded' is true it means that Active state has changed and is newState.

      newState and succeeded are read only.

      *action can be: running auto assembler script (ENABLE or DISABLE section), freezing and unfreezing.

      1 ответ Последний ответ Ответить Цитировать 0

      • 1 / 1
      • Первое сообщение
        Последнее сообщение
      Powered by NodeBB | Contributors
      СeLua[RU] 2025©