Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


GetKnownFolder Implementation

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Tutorials -> LUA Tutorials
View previous topic :: View next topic  
Author Message
juntalis
Newbie cheater
Reputation: 2

Joined: 13 Mar 2013
Posts: 12

PostPosted: Mon Feb 14, 2022 8:07 am    Post subject: GetKnownFolder Implementation Reply with quote

Figured I'd share this snippet in case it's useful to anyone:

Code:

local unpack = _G.unpack or table.unpack

local function len(x)
   return #x
end

local function isString(value)
   return type(value) == "string"
end

local function isTable(value)
   return type(value) == "table"
end

KNOWNFOLDERID = {
   -- %USERPROFILE%
   ["Profile"] = { 0x8F, 0x85, 0x6C, 0x5E, 0x22, 0x0E, 0x60, 0x47, 0x9A, 0xFE, 0xEA, 0x33, 0x17, 0xB6, 0x71, 0x73 },
   -- %USERPROFILE%\Documents
   ["Documents"] = { 0xD0, 0x9A, 0xD3, 0xFD, 0x8F, 0x23, 0xAF, 0x46, 0xAD, 0xB4, 0x6C, 0x85, 0x48, 0x03, 0x69, 0xC7 },
   -- %USERPROFILE%\AppData\Roaming
   ["RoamingAppData"] = { 0xDB, 0x85, 0xB6, 0x3E, 0xF9, 0x65, 0xF6, 0x4C, 0xA0, 0x3A, 0xE3, 0xEF, 0x65, 0x72, 0x9F, 0x3D },
   -- %USERPROFILE%\AppData\Local
   ["LocalAppData"] = { 0x85, 0x27, 0xB3, 0xF1, 0xBA, 0x6F, 0xCF, 0x4F, 0x9D, 0x55, 0x7B, 0x8E, 0x7F, 0x15, 0x70, 0x91 },
   -- %USERPROFILE%\AppData\LocalLow
   ["LocalAppDataLow"] = { 0xA4, 0xA1, 0x20, 0xA5, 0x80, 0x17, 0xF6, 0x4F, 0xBD, 0x18, 0x16, 0x73, 0x43, 0xC5, 0xAF, 0x16 },
   -- %USERPROFILE%\AppData\Local\Programs
   ["UserProgramFiles"] = { 0xE2, 0xAE, 0xD7, 0x5C, 0x19, 0x22, 0x67, 0x4A, 0xB8, 0x5D, 0x6C, 0x9C, 0xE1, 0x56, 0x60, 0xCB },
   -- %ProgramData%
   ["ProgramData"] = { 0x82, 0x5D, 0xAB, 0x62, 0xC1, 0xFD, 0xC3, 0x4D, 0xA9, 0xDD, 0x07, 0x0D, 0x1D, 0x49, 0x5D, 0x97 },
   -- %ProgramFiles%
   ["ProgramFiles"] = { 0xB6, 0x63, 0x5E, 0x90, 0xBF, 0xC1, 0x4E, 0x49, 0xB2, 0x9C, 0x65, 0xB7, 0x32, 0xD3, 0xD2, 0x1A },
   -- %ProgramFiles%
   ["ProgramFilesX64"] = { 0x77, 0x93, 0x80, 0x6D, 0xF0, 0x6A, 0x4B, 0x44, 0x89, 0x57, 0xA3, 0x77, 0x3F, 0x02, 0x20, 0x0E },
   -- %ProgramFiles(x86)%
   ["ProgramFilesX86"] = { 0xEF, 0x40, 0x5A, 0x7C, 0xFB, 0xA0, 0xFC, 0x4B, 0x87, 0x4A, 0xC0, 0xF2, 0xE0, 0xB9, 0xFA, 0x8E }
}

autoAssemble([==[
define(KF_FLAG_CREATE,00008000)

loadlibrary(ole32.dll)
loadlibrary(shell32.dll)

alloc(GetKnownFolder_Memory,$1000)

label(GetKnownFolder)
label(GetKnownFolder_ret)
label(KnownFolderID)
label(KnownFolderBuffer)

GetKnownFolder_Memory:
GetKnownFolder:

[32-bit]
  push ecx
  push #1024
  push KnownFolderBuffer
  mov [esp+8], 0
[/32-bit]
[64-bit]
  sub rsp, 28
  mov edx, #1024
  mov [rsp+30], 00
  lea rcx, [KnownFolderBuffer]
[/64-bit]

  call kernel32.RtlZeroMemory

[32-bit]
  add esp,8
  lea eax, [esp]
  push eax
  push 0
  push KF_FLAG_CREATE
  push KnownFolderID
[/32-bit]
[64-bit]
  lea r9, [rsp+30]
  xor r8d, r8d
  mov edx, KF_FLAG_CREATE
  lea rcx, [KnownFolderID]
[/64-bit]

  call shell32.SHGetKnownFolderPath
  test eax, eax
  js GetKnownFolder_ret

[32-bit]
  push [esp]
  call kernel32.lstrlenW
  inc eax
  push eax
  push [esp+4]
  push KnownFolderBuffer
  call kernel32.lstrcpynW
  push [esp]
[/32-bit]
[64-bit]
  mov rcx, [rsp+30]
  call kernel32.lstrlenW
  mov rdx, [rsp+30]
  lea rcx, [KnownFolderBuffer]
  lea r8d, [rax+01]
  call kernel32.lstrcpynW
  mov rcx, [rsp+30]
[/64-bit]

  call CoTaskMemFree
  mov eax, 1

[32-bit]
  pop ecx
[/32-bit]
[64-bit]
  add rsp, 28
[/64-bit]

  ret
GetKnownFolder_ret:
  xor eax, eax

[32-bit]
  pop ecx
[/32-bit]
[64-bit]
  add rsp, 28
[/64-bit]

  ret

KnownFolderID:
  dq 0, 0

KnownFolderBuffer:
  dq 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
  dq 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
  dq 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
  dq 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0

registersymbol(GetKnownFolder)
registersymbol(KnownFolderID)
registersymbol(KnownFolderBuffer)
]==], true)

function GetKnownFolder(folderId)
   local pKnownFolderID = getAddressSafe("KnownFolderID", true)
   local pKnownFolderBuffer = getAddressSafe("KnownFolderBuffer", true)
   if not pKnownFolderID or not pKnownFolderBuffer then
      error("Failed to lookup KnownFolderBuffer or KnownFolderID")
   end
   if isString(folderId) then
      folderId = KNOWNFOLDERID[folderId]
   end
   if not isTable(folderId) or len(folderId) < 16 then
      error("Invalid value for folderId - expected GUID")
   end
   writeBytesLocal(pKnownFolderID, unpack(folderId))
   executeCodeLocal("GetKnownFolder")
   return readStringLocal(pKnownFolderBuffer, 511, true)
end


Used with:

Code:

local appData = GetKnownFolder(KNOWNFOLDERID.RoamingAppData)
Back to top
View user's profile Send private message
atom0s
Moderator
Reputation: 198

Joined: 25 Jan 2006
Posts: 8516
Location: 127.0.0.1

PostPosted: Mon Feb 14, 2022 11:47 pm    Post subject: Reply with quote

You can do this with Lua's os.getenv function as well to reduce the amount of code and not require any additional overhead/COM usage like this:

Code:

print(string.format('%%USERPROFILE%%: %s', os.getenv('USERPROFILE')));
print(string.format('Documents: %s', os.getenv('USERPROFILE') .. '\\Documents'));
print(string.format('%%APPDATA%%: %s', os.getenv('APPDATA')));
print(string.format('%%LOCALAPPDATA%%: %s', os.getenv('LOCALAPPDATA')));
print(string.format('AppData - LocalLow: %s', os.getenv('LOCALAPPDATA') .. 'Low'));
print(string.format('UserProgramFiles: %s', os.getenv('LOCALAPPDATA') .. '\\Programs'));
print(string.format('%%PROGRAMDATA%%: %s', os.getenv('PROGRAMDATA')));
print(string.format('%%PROGRAMFILES%%: %s', os.getenv('PROGRAMFILES')));
print(string.format('%%ProgramFiles(x86)%%: %s', os.getenv('ProgramFiles(x86)')));
print(string.format('%%ProgramW6432%%: %s', os.getenv('ProgramW6432')));

_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Tutorials -> LUA Tutorials All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites