Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


[?] developing a c++ plugin

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Extensions
View previous topic :: View next topic  
Author Message
reverser69
Expert Cheater
Reputation: 0

Joined: 03 Sep 2014
Posts: 112
PostPosted: Tue Apr 16, 2024 1:30 am    Post subject: [?] developing a c++ plugin Reply with quote
hi all

im trying to make a simple veh hook plugin.
there's a problem i encountered. to avoid fps drop i decided to copy a whole page and then jump to it by veh. now what should i do if the page does not start with a valid instruction? i.e an instruction is at boundary of two pages.
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 467

Joined: 09 May 2003
Posts: 25669
Location: The netherlands
PostPosted: Tue Apr 16, 2024 4:14 am    Post subject: Reply with quote
copy the surrounding pages as well and adapt them so all their logic jumps back to the original code (e.g int3's in all instructions except the boundary instructions and on int3 make it jump to the corresponding page)

also adjust all rip relative instructions in case you haven't done that yet
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
reverser69
Expert Cheater
Reputation: 0

Joined: 03 Sep 2014
Posts: 112
PostPosted: Tue Apr 16, 2024 8:05 pm    Post subject: Reply with quote
Dark Byte wrote:
copy the surrounding pages as well and adapt them so all their logic jumps back to the original code (e.g int3's in all instructions except the boundary instructions and on int3 make it jump to the corresponding page)

also adjust all rip relative instructions in case you haven't done that yet


i think i get the idea. fill the before and after pages with 0xCC and catch them with EXCEPTION_BREAKPOINT then jump to original location.

but, what if its a very long jump or a distant call?

and so said "except the boundary instructions". that's my problem. how can i do that code-wise? how can i find out if a page begins or ends with incomplete instruction?

would really appreciate a pseudo code. its easy if implementing it for one location but becomes a challenge when trying to create a universal solution.

there's also PAGE_EXECUTE_WRITECOPY. is it possible to exploit (write to that copied page) this too? i mean even if only in kernel level, its worth a try.
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 467

Joined: 09 May 2003
Posts: 25669
Location: The netherlands
PostPosted: Tue Apr 16, 2024 11:35 pm    Post subject: Reply with quote
disassemble it all

and as i said adjust all rip relative instructions. That includes long jumps (short jumps are fine as they can never jump beyond the int3 pages)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
reverser69
Expert Cheater
Reputation: 0

Joined: 03 Sep 2014
Posts: 112
PostPosted: Wed Apr 17, 2024 12:30 am    Post subject: Reply with quote
there are "Disassembler" and "disassembleEx" exported functions. how are they different?

i know I'm being dumb here but when you say "disassemble it all" i don't really get where this "all" starts so that i can pass its address to those exported functions.

i can go back another 0x1000 bytes and start copying from there but what if that page also doesn't start with a complete instruction? what if i enter another function?
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 467

Joined: 09 May 2003
Posts: 25669
Location: The netherlands
PostPosted: Wed Apr 17, 2024 1:17 am    Post subject: Reply with quote
I recommend invoking ce's lua so you have access to the lastDisassembleData which contains info like rip relativity etc... There's also a riprelative scanner in lua

Normally when you are at a wrong offset and disassemble it eventually snaps back to the correct code . If you start 0x1000 bytes before you should snap back correctly before the last instruction which is the important one

you can of course also scan for known function start markers and start the disassembler from there

I think the stealthedit plugin also uses ce's lua to do something like this
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
reverser69
Expert Cheater
Reputation: 0

Joined: 03 Sep 2014
Posts: 112
PostPosted: Mon Apr 22, 2024 3:23 am    Post subject: Reply with quote
thanks for the info.

i know there's the *L from CE C interface but how exactly should i call lastDisassembleData with that?
is there any debug capability (via VS or any other tool) that makes it possible to view returned object by lastDisassembleData? in real-time.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Extensions All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites