| View previous topic :: View next topic |
| Author |
Message |
OldCheatEngineUser
Whateven rank
 Reputation: 20
Joined: 01 Feb 2016
Posts: 1586
|
 Posted: Sat Jan 13, 2018 6:06 am Post subject: dissect code and mono |
 |
|
dissect code did not give any effect in the disassembly in a mono game, so is it a bug?
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
|
|
| Back to top |
|
 |
FreeER
Grandmaster Cheater Supreme
![]() Reputation: 53
Joined: 09 Aug 2013
Posts: 1091
|
| Posted: Sat Jan 13, 2018 11:45 am Post subject: |
|
|
hm, perhaps disable mono (just try debugging something and it'll break the monopipe lol) and then using dissect code.
If it still doesn't work then perhaps there's a bug, though probably not a high priority one.
|
|
| Back to top |
|
|
Dark Byte
Site Admin
 Reputation: 467
Joined: 09 May 2003
Posts: 25700
Location: The netherlands
|
| Posted: Sat Jan 13, 2018 12:05 pm Post subject: |
|
|
dissectcode follows modules
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
OldCheatEngineUser
Whateven rank
Reputation: 20
Joined: 01 Feb 2016
Posts: 1586
|
| Posted: Sat Jan 13, 2018 2:00 pm Post subject: |
|
|
mono features: off
dissect code: every module the game loads
result: nothing
mono features: on
dissect code: every module the game loads
result: nothing
so its probably a bug tho.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 467
Joined: 09 May 2003
Posts: 25700
Location: The netherlands
|
| Posted: Sat Jan 13, 2018 4:21 pm Post subject: |
|
|
is the code you're looking at inside a module ?
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
OldCheatEngineUser
Whateven rank
Reputation: 20
Joined: 01 Feb 2016
Posts: 1586
|
| Posted: Sat Jan 13, 2018 5:30 pm Post subject: |
|
|
| Dark Byte wrote: | | is the code you're looking at inside a module ? |
what are you saying!
where else could the cpu read and execute instructions from?
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 467
Joined: 09 May 2003
Posts: 25700
Location: The netherlands
|
| Posted: Sun Jan 14, 2018 4:07 am Post subject: |
|
|
code dissect doesn't follow dynamically allocated memory
and mono tends to generate code at runtime in allocated memory
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
OldCheatEngineUser
Whateven rank
Reputation: 20
Joined: 01 Feb 2016
Posts: 1586
|
| Posted: Sun Jan 14, 2018 4:34 am Post subject: |
|
|
uhm, i see.
i ran couple tests too, on enumerated dlls still not everything analyzed even the entry point.
and what you said is true, they are dynamically allocated.
first i thought these functions might be imported from another process, but it didnt make sense to me.
well, they are imported actually.
so there is nothing i can do about it?
i tried with olly, but seems olly cant handle the executable since its about 16MBs.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
 Reputation: 150
Joined: 06 Jul 2014
Posts: 4641
|
| Posted: Sun Jan 14, 2018 10:15 am Post subject: |
|
|
celua.txt:
| Code: | | getDissectCode().dissect(base, size) |
Go to "Memory View -> View -> Memory Regions" for base and size info.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
OldCheatEngineUser
Whateven rank
Reputation: 20
Joined: 01 Feb 2016
Posts: 1586
|
| Posted: Sun Jan 14, 2018 10:56 am Post subject: |
|
|
im not sure .. what should i do with this lua code?
i know what base and size means, but its executed under lua engine? right!
plus the functions in this section 0x80000000 and mem_rgn can find this section of the executable.
im not sure if they were marked as uninitialized executable data.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 150
Joined: 06 Jul 2014
Posts: 4641
|
| Posted: Sun Jan 14, 2018 11:12 am Post subject: |
|
|
- Look at an instruction in the disassembler
- Look at the address that instruction is at (turn off symbols in the view menu)
- Open the Memory Regions window
- Find the memory region that address is in
- Open the Lua engine window (Memory View -> Tools -> Lua Engine)
- Copy and paste that code into the bottom part of that window (left of the "Execute" button)
- Replace the "base" parameter with the number under the "Address" column in the memory regions window
- Replace the "size" parameter with the number under the "Size" column in the memory regions window
- Make sure the arguments are prepended with "0x" to tell Lua they are hexadecimal literals
- Click on the "Execute" button
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
OldCheatEngineUser
Whateven rank
Reputation: 20
Joined: 01 Feb 2016
Posts: 1586
|
| Posted: Sun Jan 14, 2018 11:20 am Post subject: |
|
|
no way parkour, base at 7FFF0000 and the size 90000 which will be 80080000.
and the instruction located in 800E0000+
also getDissectCode().dissect(0x7FFF0000, 0x90000) didnt result anything.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 150
Joined: 06 Jul 2014
Posts: 4641
|
| Posted: Sun Jan 14, 2018 11:38 am Post subject: |
|
|
Then why did you choose that memory region if you know it isn't the correct one?
Say an instruction in a memory region you want to dissect is stored at the address 10002B419, and the Memory Regions window looks like this:
| Code: | address | ... | size
...
7FFE0000 ... 1000
7FFE1000 ... F000
7FFF0000 ... 80010000
100000000 ... 1000
100001000 ... 19C000
10019D000 ... 6000
1001A3000 ... 5000
... |
Is the instruction between 7FFF0000 and 100000000? No, because 10002B419 is greater than 100000000.
Is the instruction between 10019D000 and 1001A3000? No, because 10002B419 is less than 10019D000.
Is the instruction between 100001000 and 10019D000? Yes, because 10002B419 is greater than 100001000 and less than 10019D000.
The code in this example would look like this:
| Code: | | getDissectCode().dissect(0x100001000, 0x19C000) |
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
OldCheatEngineUser
Whateven rank
Reputation: 20
Joined: 01 Feb 2016
Posts: 1586
|
| Posted: Sun Jan 14, 2018 12:08 pm Post subject: |
|
|
| ParkourPenguin wrote: | | Then why did you choose that memory region if you know it isn't the correct one? |
because its the largest base available, there is nothing after 7FFF0000 in memory region window.
everything else you said is true and i understand it, i dont know whats wrong with ce really .. btw its 32-bit process.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
|
|
| Back to top |
|
|
panraven
Grandmaster Cheater
![]() Reputation: 61
Joined: 01 Oct 2008
Posts: 958
|
| Posted: Sun Jan 14, 2018 2:06 pm Post subject: |
 |
|
Try to associate the dissect function with a hotkey, but found ce will duplicate same reference with each hotkey pressed.
Work around is to add an artificial call reference to the target function starting address, the artificial call/jump is in between that function start and end.
This may affect some other extension using the dissect function references, since it is not an actual call, it may cause problem.
Hotkey is CTRL-ALT-J, may change.
Usage: Save the text to a *.lua and put in autorun directry.
Updated:
-- add one more 'already' check.
| Code: |
function mono_func_range(addr, bInRange)
local addy = addr
if type(addy)=='string' then addy = GetAddressSafe(addy)end
if type(addy)=='number' and readInteger'mono_domain_get' and 0~=LaunchMonoDataCollector() then
local info = mono_getJitInfo(addy)--GetAddress(na))
if info then
if bInRange~=true then
return info.code_start, info.code_size
else
return info.code_start, info.code_size+info.code_start
end
end
end
return 0,0,'failed, addr = '..math.tointeger(addr) and
string.format("%X",0+addr) or tostring(addr)
end
function mono_dissect_currentDisassembleAddress()
local addr = getMemoryViewForm().DisassemblerView.SelectedAddress
local from,size = mono_func_range(addr)
if from and from~=0 and size>0 then
local dsc = getDissectCode()
local already = dsc.getReferences(from)
if not already or already[from+size]~= jtCall then
dsc.dissect(from,size)
dsc.addReference(from+size,from,jtCall)
dsc.addReference(from,from+size,jtUnconditional)
end
else
speak"mono dissect address failed"
end
end
if not _mono_dsc_hotkey then
_mono_dsc_hotkey = createHotkey(mono_dissect_currentDisassembleAddress,
VK_CONTROL, VK_MENU, VK_J
)
end
|
_________________
- Retarded. |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
