Cheat Engine

++METHOS

Maybe this is a stupid question.

How difficult would it be to create an auto assembly template that uses the current breakpoint data that would allow the user to automatically create a script that calls that particular function, with the correct calling convention requirements and all of the necessary parameters, that will continue to work with future sessions?

Would this be possible, or is this something that has to be manually done?

Thanks.

ParkourPenguin · Posted: Thu Feb 03, 2022 3:07 am Post subject:

Practically impossible.

The biggest problem is automatically detecting the calling convention. Even detecting common conventions would be mildly difficult, esoteric conventions next to impossible (e.g. no general way to give any order to parameters).

You can make templates for common conventions, but that would assume the user knows what they're doing. This would make the template pretty much useless since someone who could identify a calling convention themselves should surely be able to write the few lines of assembly faster and more accurately than using a template.

And even if you did get something working, there's no way to give meaningful semantics to the parameters. You might be able to tell if a parameter is an integer, a pointer, etc., but what does it do? Only the user of the template could figure that out.
Also, impure functions (something that accesses mutable global state) might not work regardless of how well you make the template.

predprey · Posted: Thu Feb 03, 2022 4:10 am Post subject:

Maybe you could elaborate more on the use case? I would think it would depend on where your breakpoint is. If the breakpoint is on a call to the function that you want to call with your script, you could probably parse the few instructions before the call to detect the common conventions and have the template extract out the lines involved with parameter passing.

But if what you want is to generate the template from anywhere within the function code itself and detect which registers it uses and which of these had their values passed in, that would probably be harder.

Then as ParkourPenguin said, there is still the semantics, so the template would only detect which registers are used for passing values and where these values are to be taken from, but you have to rename or comment on what these values are, similar to decompilation.

++METHOS · Posted: Thu Feb 03, 2022 5:42 am Post subject:

Thank you, everyone, for responding. I really appreciate it.

I suppose that it may not be overly practical, now thinking about it. Maybe something basic might be worth considering, just to save time.

atom0s · Posted: Fri Feb 04, 2022 4:02 am Post subject:

Along with what ParkourPenguin mentioned, each compiler has varying levels of optimizing that can be performed which will alter how the assembly is generated for everything. There are a lot of edge cases where those optimizations can lead to handling params 'automatically' in an invalid manner.

For example, some compilers may push things onto the stack between the actual call they are for, and for minor-sub calls. So unless you design something to analyze all paths in the flow of what is being checked, there isn't really a clean way to pull the actual argument list.

Another issue-case would be functions that take VARARGS. It'd be basically impossible to tell what is/isn't a parameter automatically.

++METHOS · Posted: Fri Feb 04, 2022 4:42 am Post subject:

Thanks, atom0s.

Getting back into things, and it is frustrating not knowing more about some things, so I think I will start expanding on what I know. Probably going to start with C++.

Thanks, everyone.