Считаем размер инъекции в байтах

MasterGH

Можно подхватить разные моменты активации и деактивации записи в таблице CE и рассчитать размер кода между метками

1. По шаблону вставляем АА код для туториала Cheat Engine
2. Регистрируем метки-маркеры в АА коде
3. Этими метками в Lua считаем и выводим ""endCode - startCode" размер байтов

Пример, который подсчитал 15 байтов

Пример скрипта

{$lua}
  memrec.OnActivate = function (memoryrecord, before, currentstate)
    if currentstate and not before then
       print("Bytes: " .. getAddress("endCode - startCode"))
    end
    return before
  end
{$ASM}

[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
aobscanmodule(INJECT,Tutorial-i386.exe,81 BB 80 04 00 00 E8 03 00 00) // should be unique
alloc(newmem,$1000)

label(code)
label(endCode)
label(startCode)
registerSymbol(startCode)
registerSymbol(endCode)

newmem:

code:
startCode:
  cmp [ebx+00000480],000003E8
  jmp return
endCode:

INJECT:
  jmp newmem
  nop
  nop
  nop
  nop
  nop
return:
registersymbol(INJECT)

[DISABLE]
//code from here till the end of the code will be used to disable the cheat
INJECT:
  db 81 BB 80 04 00 00 E8 03 00 00
unregistersymbol(startCode)
unregistersymbol(endCode)
unregistersymbol(INJECT)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "Tutorial-i386.exe"+23FE3

"Tutorial-i386.exe"+23FD1: C9                             -  leave
"Tutorial-i386.exe"+23FD2: C3                             -  ret
"Tutorial-i386.exe"+23FD3: 00 00                          -  add [eax],al
"Tutorial-i386.exe"+23FD5: 00 00                          -  add [eax],al
"Tutorial-i386.exe"+23FD7: 00 00                          -  add [eax],al
"Tutorial-i386.exe"+23FD9: 00 00                          -  add [eax],al
"Tutorial-i386.exe"+23FDB: 00 00                          -  add [eax],al
"Tutorial-i386.exe"+23FDD: 00 00                          -  add [eax],al
"Tutorial-i386.exe"+23FDF: 00 53 89                       -  add [ebx-77],dl
"Tutorial-i386.exe"+23FE2: C3                             -  ret
// ---------- INJECTING HERE ----------
"Tutorial-i386.exe"+23FE3: 81 BB 80 04 00 00 E8 03 00 00  -  cmp [ebx+00000480],000003E8
// ---------- DONE INJECTING  ----------
"Tutorial-i386.exe"+23FED: 75 2C                          -  jne Tutorial-i386.exe+2401B
"Tutorial-i386.exe"+23FEF: 8B 83 68 04 00 00              -  mov eax,[ebx+00000468]
"Tutorial-i386.exe"+23FF5: B2 01                          -  mov dl,01
"Tutorial-i386.exe"+23FF7: 8B 8B 68 04 00 00              -  mov ecx,[ebx+00000468]
"Tutorial-i386.exe"+23FFD: 8B 09                          -  mov ecx,[ecx]
"Tutorial-i386.exe"+23FFF: FF 91 20 02 00 00              -  call dword ptr [ecx+00000220]

Документация кому интересно

MemoryRecord Class:
The memoryrecord objects are the entries you see in the addresslist

properties
ID: Integer - Unique ID
Index: Integer - The index ID for this record. 0 is top. (ReadOnly)
Description: string- The description of the memory record
Address: string - Get/set the interpretable address string. Useful for simple address settings.
AddressString: string - Get the address string shown in CE (ReadOnly)
OffsetCount: integer - The number of offsets. Set to 0 for a normal address
Offset[] : integer - Array to access each offset
OffsetText[] : string - Array to access each offset using the interpretable text style

CurrentAddress: integer - The address the memoryrecord points to
VarType: ValueType (string) - The variable type of this record. See vtByte to vtCustom
Type: ValueType (number) - The variable type of this record. See vtByte to vtCustom
If the type is vtString then the following properties are available:
String.Size: Number of characters in the string
String.Unicode: boolean
String.Codepage: boolean

If the type is vtBinary then the following properties are available
Binary.Startbit: First bit to start reading from
Binary.Size : Number of bits

If the type is vtByteArray then the following properties are available
Aob.Size : Number of bytes

CustomTypeName: String - If the type is vtCustom this will contain the name of the CustomType
Script: String - If the type is vtAutoAssembler this will contain the auto assembler script
Value: string - The value in stringform.
Selected: boolean - Set to true if selected (ReadOnly)
Active: boolean - Set to true to activate/freeze, false to deactivate/unfreeze
Color: integer
ShowAsHex: boolean - Self explanatory
ShowAsSigned: boolean - Self explanatory
AllowIncrease: boolean - Allow value increasing, unfreeze will reset it to false
AllowDecrease: boolean - Allow value decreasing, unfreeze will reset it to false
Collapsed: boolean - Set to true to collapse this record or false to expand it. Use expand/collapse methods for recursive operations.
IsGroupHeader: boolean - Set to true if the record was created as a Group Header with no address or value info. (ReadOnly)
IsReadable: boolean - Set to false if record contains an unreadable address. NOTE: This property will not be set until the value property is accessed at least once. (ReadOnly)

Options: String set - a string enclosed by square brackets filled with the options seperated by a comma. Valid options are: moHideChildren, moActivateChildrenAsWell, moDeactivateChildrenAsWell, moRecursiveSetValue, moAllowManualCollapseAndExpand, moManualExpandCollapse

DropDownLinked: boolean - if dropdown list refers to list of another memory record eg. (memrec name)
DropDownLinkedMemrec: string - Description of linked memrec or emptystring if not linked
DropDownList : StringList - list of "value:description" lines, lists are still separate objects when linked, read-write
DropDownReadOnly: boolean - true if 'Disallow manual user input' is set
DropDownDescriptionOnly: boolean - self explanatory
DisplayAsDropDownListItem: boolean - self explanatory
DropDownCount: integer - equivalent to .DropDownList.Count
DropDownValue[index] : Array to access values in DropDownList (ReadOnly)
DropDownDescription[index] : Array to access Descriptions in DropDownList (ReadOnly)

Count: Number of children
Child[index] : Array to access the child records
[index] = Child[index]
Parent: MemoryRecord - self explanatory

HotkeyCount: integer - Number of hotkeys attached to this memory record
Hotkey[] : Array to index the hotkeys

Async: Boolean - Set to true if activating this entry will be asynchronious. (only for AA/Lua scripts)
AsyncProcessing: Boolean - True when async is true and it's being processed
AsyncProcessingTime: qword - The time that it has been processing in milliseconds

OnActivate: function(memoryrecord,before,currentstate):boolean - The function to call when the memoryrecord will change (or changed) Active to true. If before is true, not returning true will cause the activation to stop.
OnDeactivate: function(memoryrecord,before,currentstate):boolean - The function to call when the memoryrecord will change (or changed) Active to false. If before is true, not returning true will cause the deactivation to stop.
OnDestroy: function() - Called when the memoryrecord is destroyed.
OnGetDisplayValue: function(memoryrecord,valuestring):boolean,string - This function gets called when rendering the value of a memory record. Return true and a new string to override the value shown
DontSave: boolean - Don't save this memoryrecord and it's children

methods
getDescription()
setDescription()
getAddress() : Returns the interpretable addressstring of this record. If it is a pointer, it returns a second result as a table filled with the offsets
setAddress(string) : Sets the interpretable address string, and if offsets are provided make it a pointer

getOffsetCount(): Returns the number of offsets for this memoryrecord
setOffsetCount(integer): Lets you set the number of offsets

getOffset(index) : Gets the offset at the given index
setOffset(index, value) : Sets the offset at the given index

getCurrentAddress(): Returns the current address as an integer (the final result of the interpretable address and pointer offsets)

appendToEntry(memrec): Appends the current memory record to the given memory record

getHotkey(index): Returns the hotkey from the hotkey array
getHotkeyByID(integer): Returns the hotkey with the given id

reinterpret()
createHotkey({keys}, action, value OPTIONAL): Returns a hotkey object

disableWithoutExecute(): Sets the entry to disabled without executing the disable section

global events
function onMemRecPreExecute(memoryrecord, newstate BOOLEAN):
If above function is defined it will be called before action* has been performed.
Active property is about to change to newState.

function onMemRecPostExecute(memoryrecord, newState BOOLEAN, succeeded BOOLEAN):
If above function is defined it will be called after action*.
Active property was supposed to change to newState.
If 'succeeded' is true it means that Active state has changed and is newState.

newState and succeeded are read only.

*action can be: running auto assembler script (ENABLE or DISABLE section), freezing and unfreezing.