Dark Byte
Site Admin
 Reputation: 467
Joined: 09 May 2003
Posts: 25700
Location: The netherlands
|
 Posted: Wed Mar 18, 2020 3:11 pm Post subject: Find class instances |
|
|
This code will help you find class instances based on visual studio classnames
| Code: |
s=createMemScan()
s.firstScan(soExactValue, vtString, rtRounded, '.?AV', '', getAddress(process) ,getAddress(process)+getAddress(getModuleSize(process)) ,"*W*X*C" ,fsmNotAligned ,'1' ,false ,true, false, true);
s.waitTillDone()
fl=createFoundList(s)
names={}
fl.initialize()
sll=createStringList()
for i=1,fl.Count do
local a=tonumber(fl[i-1],16)
names[i]={}
names[i].name=readString(tonumber(fl[i-1],16)+4)
names[i].address=a-0x10
sll.add(names[i].name)
end
r,selstring=showSelectionList('RTTI Classes','Select the class to find instances of',sll)
if (r==-1) then return end
sll.destroy()
print("You picked "..selstring)
a=names[r+1].address
if targetIs64Bit() then
a=a-getAddress(process)
end
fl.deinitialize()
--print(string.format("Scanning for %x", a))
s.firstScan(soExactValue, vtDword, rtRounded, string.format("%x",a), '', getAddress(process) ,getAddress(process)+getAddress(getModuleSize(process)) ,"*W*X*C" ,fsmNotAligned ,'1' ,true ,true, false, true);
s.waitTillDone()
fl.initialize()
--print("found "..fl.Count.." results")
RTTIInfo={}
for i=1,fl.Count do
local a=tonumber(fl[i-1],16)
a=a-12
if readBytes(a,1)==1 then
table.insert(RTTIInfo,a)
end
end
--print("after checking only "..#RTTIInfo.." left")
if targetIs64Bit() then
scantype=vtQword
pointersize=8
else
scantype=vtDword
pointersize=4
end
vtables={}
for i=1,#RTTIInfo do
a=RTTIInfo[i]
fl.deinitialize()
--print(string.format("Scanning for %x", a))
s.firstScan(soExactValue, scantype, rtRounded, string.format("%x",a), '', getAddress(process) ,getAddress(process)+getAddress(getModuleSize(process)) ,"*W*X*C" ,fsmNotAligned ,'1' ,true ,true, false, true);
s.waitTillDone()
fl.initialize()
for j=1,fl.Count do
table.insert(vtables, tonumber(fl[j-1],16)+pointersize)
end
end
--print(#vtables.." vtables found")
--scan instances
instances={}
for i=1,#vtables do
a=vtables[i]
fl.deinitialize()
print(string.format("Scanning for %x", a))
s.firstScan(soExactValue, scantype, rtRounded, string.format("%x",a), '', 0 ,0xffffffffffffffff ,"*W*X*C" ,fsmNotAligned ,'1' ,true ,true, false, true);
s.waitTillDone()
fl.initialize()
for j=1,fl.Count do
table.insert(instances, tonumber(fl[j-1],16))
end
end
print("The following instances of the class "..selstring.." where found")
for i=1,#instances do
print(string.format("%x",instances[i]))
end
|
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
