View previous topic :: View next topic |
Author |
Message |
Empac How do I cheat? Reputation: 0
Joined: 27 Jan 2012 Posts: 2
|
Posted: Fri Jan 27, 2012 2:28 pm Post subject: Some help regarding flash files in memory |
|
|
This post is in reference to DB's "pull SWF from memory" script. (apparently I can't post URLs yet)
What I have is an executable flash game. The only way to get the SWF's from this game is to extract them from memory. I'm able to do this using a program called SWF Window Vampire, which scans the working memory and pulls the SWF's out for me.
The only problem with SWF Vampire, is that the extracted SWF's contain a header of FXX. So I have to open the SWF in cheat engine and edit that to FWS in order for it to be a valid SWF. This all works fine.
What I am trying to do is create my own method of doing this though, and I am using the Lua script that Dark Byte posted above. The problem is, I either: a) can't get it to find the SWF, or b) the script just freezes up trying to write the SWF (the SWF I am wanting is around 30mb).
I have tried doing the AOBScan for bytes matching FWS, as well as FXX and CWS as I am not sure if I will need to scan + pull the SWF using the FXX header, or the standard FWS/CWS.
Here is my code: Code: |
--Warning: Only works on 32-bit processes (convert to stringmethod for 64-bit. Will be slower)
chunksize=10;
function writeRegionToFile(filename, address, totalbytes)
local f=assert(io.open(filename,"wb"))
local i=0;
local b='';
print("Writing "..filename)
while (i<totalbytes-chunksize) do
b=b..string.char(readBytes(address+i,chunksize))
i=i+chunksize
end
--write the rest
print("i="..i.." totalbytes="..totalbytes.." left="..totalbytes-i)
b=b..string.char(readBytes(address+i,totalbytes-i))
f:write(b)
f:close()
end
function saveFlashFiles(outputfolder)
FWSHeaders=AOBScan("46 58 58");
if (FWSHeaders ~= nil) then
local count=stringlist_getCount(FWSHeaders);
if count>0 then
--I'm not yet comfortable with lua for loops so I use a while for now...
local index=0;
while (index<1) do
local address=tonumber("0x"..stringlist_getString(FWSHeaders,index))
local size=readInteger(address+4);
if (size~=nil) then
--if ((address % 0x1000)==0) then
if (size>0) and (size<5000000000) then --max limit in case of corrupted fws (50mb)
print("writing i("..index..") "..stringlist_getString(FWSHeaders,index).." size="..size)
--writeRegionToFile(outputfolder.."swf"..index..".swf", address, size)
end
--end
end
index=index+1;
end
end
object_destroy(FWSHeaders)
else
showMessage("The selected process doesn\'t have any flash headers");
end
end
saveFlashFiles([[c:\]]); |
Any help, even a point in the right direction would be appreciated!
Thanks,
E |
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25288 Location: The netherlands
|
Posted: Fri Jan 27, 2012 7:34 pm Post subject: |
|
|
currently not behind a real comp (android pad now) so I can't quickly check, but ce 6.1 has added a new build in save region to file if i'm not mistaken which should work a lot faster _________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
Empac How do I cheat? Reputation: 0
Joined: 27 Jan 2012 Posts: 2
|
Posted: Sun Jan 29, 2012 3:27 am Post subject: |
|
|
Thanks for the quick reply.
I am using CE 6.1, I am new to this so you'll have to excuse me if what I say here is complete nonsense. I think my problem arises from the check to see if my address is divisible by 0x1000, as you can see I had to comment that line out in order for the script to even acknowledge it found my file.
What does this check mean exactly, and would it cause the problem I am having writing the file? Why wouldn't my find be passing that test? |
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25288 Location: The netherlands
|
Posted: Sun Jan 29, 2012 6:11 pm Post subject: |
|
|
Normally in flash games the decrypted SWF file gets loaded in a newly allocated block of memory. That means it's normally on a page boundary (usually when it's not it means that it's not a real SWF header but just some random data) _________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
|