Считаем размер инъекции в байтах
-
Можно подхватить разные моменты активации и деактивации записи в таблице CE и рассчитать размер кода между метками
- По шаблону вставляем АА код для туториала Cheat Engine
- Регистрируем метки-маркеры в АА коде
- Этими метками в Lua считаем и выводим ""endCode - startCode" размер байтов
Пример, который подсчитал 15 байтов
Пример скрипта
{$lua} memrec.OnActivate = function (memoryrecord, before, currentstate) if currentstate and not before then print("Bytes: " .. getAddress("endCode - startCode")) end return before end {$ASM} [ENABLE] //code from here to '[DISABLE]' will be used to enable the cheat aobscanmodule(INJECT,Tutorial-i386.exe,81 BB 80 04 00 00 E8 03 00 00) // should be unique alloc(newmem,$1000) label(code) label(endCode) label(startCode) registerSymbol(startCode) registerSymbol(endCode) newmem: code: startCode: cmp [ebx+00000480],000003E8 jmp return endCode: INJECT: jmp newmem nop nop nop nop nop return: registersymbol(INJECT) [DISABLE] //code from here till the end of the code will be used to disable the cheat INJECT: db 81 BB 80 04 00 00 E8 03 00 00 unregistersymbol(startCode) unregistersymbol(endCode) unregistersymbol(INJECT) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: "Tutorial-i386.exe"+23FE3 "Tutorial-i386.exe"+23FD1: C9 - leave "Tutorial-i386.exe"+23FD2: C3 - ret "Tutorial-i386.exe"+23FD3: 00 00 - add [eax],al "Tutorial-i386.exe"+23FD5: 00 00 - add [eax],al "Tutorial-i386.exe"+23FD7: 00 00 - add [eax],al "Tutorial-i386.exe"+23FD9: 00 00 - add [eax],al "Tutorial-i386.exe"+23FDB: 00 00 - add [eax],al "Tutorial-i386.exe"+23FDD: 00 00 - add [eax],al "Tutorial-i386.exe"+23FDF: 00 53 89 - add [ebx-77],dl "Tutorial-i386.exe"+23FE2: C3 - ret // ---------- INJECTING HERE ---------- "Tutorial-i386.exe"+23FE3: 81 BB 80 04 00 00 E8 03 00 00 - cmp [ebx+00000480],000003E8 // ---------- DONE INJECTING ---------- "Tutorial-i386.exe"+23FED: 75 2C - jne Tutorial-i386.exe+2401B "Tutorial-i386.exe"+23FEF: 8B 83 68 04 00 00 - mov eax,[ebx+00000468] "Tutorial-i386.exe"+23FF5: B2 01 - mov dl,01 "Tutorial-i386.exe"+23FF7: 8B 8B 68 04 00 00 - mov ecx,[ebx+00000468] "Tutorial-i386.exe"+23FFD: 8B 09 - mov ecx,[ecx] "Tutorial-i386.exe"+23FFF: FF 91 20 02 00 00 - call dword ptr [ecx+00000220]Документация кому интересно
MemoryRecord Class:
The memoryrecord objects are the entries you see in the addresslistproperties
ID: Integer - Unique ID
Index: Integer - The index ID for this record. 0 is top. (ReadOnly)
Description: string- The description of the memory record
Address: string - Get/set the interpretable address string. Useful for simple address settings.
AddressString: string - Get the address string shown in CE (ReadOnly)
OffsetCount: integer - The number of offsets. Set to 0 for a normal address
Offset[] : integer - Array to access each offset
OffsetText[] : string - Array to access each offset using the interpretable text styleCurrentAddress: integer - The address the memoryrecord points to
VarType: ValueType (string) - The variable type of this record. See vtByte to vtCustom
Type: ValueType (number) - The variable type of this record. See vtByte to vtCustom
If the type is vtString then the following properties are available:
String.Size: Number of characters in the string
String.Unicode: boolean
String.Codepage: booleanIf the type is vtBinary then the following properties are available
Binary.Startbit: First bit to start reading from
Binary.Size : Number of bitsIf the type is vtByteArray then the following properties are available
Aob.Size : Number of bytesCustomTypeName: String - If the type is vtCustom this will contain the name of the CustomType
Script: String - If the type is vtAutoAssembler this will contain the auto assembler script
Value: string - The value in stringform.
Selected: boolean - Set to true if selected (ReadOnly)
Active: boolean - Set to true to activate/freeze, false to deactivate/unfreeze
Color: integer
ShowAsHex: boolean - Self explanatory
ShowAsSigned: boolean - Self explanatory
AllowIncrease: boolean - Allow value increasing, unfreeze will reset it to false
AllowDecrease: boolean - Allow value decreasing, unfreeze will reset it to false
Collapsed: boolean - Set to true to collapse this record or false to expand it. Use expand/collapse methods for recursive operations.
IsGroupHeader: boolean - Set to true if the record was created as a Group Header with no address or value info. (ReadOnly)
IsReadable: boolean - Set to false if record contains an unreadable address. NOTE: This property will not be set until the value property is accessed at least once. (ReadOnly)Options: String set - a string enclosed by square brackets filled with the options seperated by a comma. Valid options are: moHideChildren, moActivateChildrenAsWell, moDeactivateChildrenAsWell, moRecursiveSetValue, moAllowManualCollapseAndExpand, moManualExpandCollapse
DropDownLinked: boolean - if dropdown list refers to list of another memory record eg. (memrec name)
DropDownLinkedMemrec: string - Description of linked memrec or emptystring if not linked
DropDownList : StringList - list of "value:description" lines, lists are still separate objects when linked, read-write
DropDownReadOnly: boolean - true if 'Disallow manual user input' is set
DropDownDescriptionOnly: boolean - self explanatory
DisplayAsDropDownListItem: boolean - self explanatory
DropDownCount: integer - equivalent to .DropDownList.Count
DropDownValue[index] : Array to access values in DropDownList (ReadOnly)
DropDownDescription[index] : Array to access Descriptions in DropDownList (ReadOnly)Count: Number of children
Child[index] : Array to access the child records
[index] = Child[index]
Parent: MemoryRecord - self explanatoryHotkeyCount: integer - Number of hotkeys attached to this memory record
Hotkey[] : Array to index the hotkeysAsync: Boolean - Set to true if activating this entry will be asynchronious. (only for AA/Lua scripts)
AsyncProcessing: Boolean - True when async is true and it's being processed
AsyncProcessingTime: qword - The time that it has been processing in millisecondsOnActivate: function(memoryrecord,before,currentstate):boolean - The function to call when the memoryrecord will change (or changed) Active to true. If before is true, not returning true will cause the activation to stop.
OnDeactivate: function(memoryrecord,before,currentstate):boolean - The function to call when the memoryrecord will change (or changed) Active to false. If before is true, not returning true will cause the deactivation to stop.
OnDestroy: function() - Called when the memoryrecord is destroyed.
OnGetDisplayValue: function(memoryrecord,valuestring):boolean,string - This function gets called when rendering the value of a memory record. Return true and a new string to override the value shown
DontSave: boolean - Don't save this memoryrecord and it's childrenmethods
getDescription()
setDescription()
getAddress() : Returns the interpretable addressstring of this record. If it is a pointer, it returns a second result as a table filled with the offsets
setAddress(string) : Sets the interpretable address string, and if offsets are provided make it a pointergetOffsetCount(): Returns the number of offsets for this memoryrecord
setOffsetCount(integer): Lets you set the number of offsetsgetOffset(index) : Gets the offset at the given index
setOffset(index, value) : Sets the offset at the given indexgetCurrentAddress(): Returns the current address as an integer (the final result of the interpretable address and pointer offsets)
appendToEntry(memrec): Appends the current memory record to the given memory record
getHotkey(index): Returns the hotkey from the hotkey array
getHotkeyByID(integer): Returns the hotkey with the given idreinterpret()
createHotkey({keys}, action, value OPTIONAL): Returns a hotkey objectdisableWithoutExecute(): Sets the entry to disabled without executing the disable section
global events
function onMemRecPreExecute(memoryrecord, newstate BOOLEAN):
If above function is defined it will be called before action* has been performed.
Active property is about to change to newState.function onMemRecPostExecute(memoryrecord, newState BOOLEAN, succeeded BOOLEAN):
If above function is defined it will be called after action*.
Active property was supposed to change to newState.
If 'succeeded' is true it means that Active state has changed and is newState.newState and succeeded are read only.
*action can be: running auto assembler script (ENABLE or DISABLE section), freezing and unfreezing.
