Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Lua Breakpoints: Get current address instruction or the EIP

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Lua Scripting
View previous topic :: View next topic  
Author Message
airvzxf
How do I cheat?
Reputation: 0

Joined: 16 Jul 2020
Posts: 4
PostPosted: Thu Jul 16, 2020 6:50 pm    Post subject: Lua Breakpoints: Get current address instruction or the EIP Reply with quote
UPDATED, FOLLOW THE TIMELINE IN THIS POST PLEASE.

I want to do a manual trace of the code because I want to know where is the flow going after some `call [eax+200]`, the problem is that this EAX value is changing in every execution.

Code:

   local base_memory = getAddress('"' .. game_name_process .. '"')
   instruction_address = getAddress(base_memory + 0x1191E90)

   debug_setBreakpoint(instruction_address, 1, bptExecute, function()
      debug_removeBreakpoint(instruction_address)

      print("instruction_address: ", dec_to_hex(instruction_address))
      print("")

      debug_continueFromBreakpoint(co_stepover)

      -- HERE I NEED TO GET THE CURRENT ADDRESS AFTER THE STEP OVER OR STEP INTO.
      local next_instruction_address = [GET CURRENT ADDRESS WHICH IS POINTED TO THE CURRENT INSTRUCTION]

      print("next_instruction_address: ", dec_to_hex(next_instruction_address))
      print("")

      -- I'LL DO THIS STEP OVER 5 OR 10 TIMES, MEANS NEEDS TO TAKE THE CURRENT ADDRESS AFTER EVERY STEP OVER.

   end)



--- UPDATED: 7/16/2020 AT 8:22 PM GMT-6

I FOUND the SOLUTION, easy as use the IP (Instruction Pointer) register in assembler.

You can use EIP for 32 bits or RIP for 64 bits.


BUT I have a problem with the `co_stepover`, it is not working, always show the first instruction, it's not advancing to the next instruction.

Code:

   local base_memory = getAddress('"' .. game_name_process .. '"')
   instruction_address = getAddress(base_memory + 0x1191E90)
   local next_instruction_address

   debug_setBreakpoint(instruction_address, 1, bptExecute, function()
      debug_removeBreakpoint(instruction_address)

      -- The instruction_address is the same as the RIP
      print("instruction_address: ", dec_to_hex(instruction_address))
      print("RIP: ", dec_to_hex(RIP))
      print("")

      debug_continueFromBreakpoint(co_stepover)
      print("Instruction address: ", dec_to_hex(RIP))
      print("")

      debug_continueFromBreakpoint(co_stepover)
      print("Instruction address: ", dec_to_hex(RIP))
      print("")

      debug_continueFromBreakpoint(co_run)
   end)


The output for this code is something like this:

Quote:

instruction_address: 7FF7333EE96D
RIP: 7FF7333EE96D

Instruction address: 7FF7333EE96D

Instruction address: 7FF7333EE96D


Do you know how to create a trace for 3 instructions given this explanation and examples?


--- UPDATED: 7/17/2020 AT 12:53 AM GMT-6

I FOUND the solution for that I was looking.

Notes:
- It's not working at all because it shows some alerts when `miDebugStepOver` is true, if it's false not work well, basically I don't know if it's part of my error or the LUA API is not working.


Code:

   -- FIRST, I create some global variables and create a breakpoint with anonymous function to find the data structure address.

   max_steps = 1
   current_step = 1
   data_structure_address = 0

   local base_memory = getAddress('"' .. game_name_process .. '"')
   local instruction_address

   instruction_address = getAddress(base_memory + 0x1191E90)
   debug_setBreakpoint(instruction_address, 1, bptExecute, function()
      debug_removeBreakpoint(instruction_address)

      data_structure_address = RCX

      debug_continueFromBreakpoint(co_run)

      -- SECOND, add a breakpoint with the address which I want to go deep.
      local new_instruction_address = getAddress(base_memory + 0x12CAD56)
      debug_setBreakpoint(new_instruction_address, 0, bptExecute)
   end)



-- THIRD, I use the CE Lua function which execute after a breakpoint is touched, then I play with some conditional in the Registers and execute certain mount of times the step over or into.

function debugger_onBreakpoint()
   getMemoryViewForm().miDebugStepOver.Enabled = true

   if (RDI ~= data_structure_address) then
      return 1
   else
      print("RDI ->", dec_to_hex(RDI), "==", dec_to_hex(data_structure_address))
   end

   if (current_step <= max_steps) then
      print("debugger_onBreakpoint()")

      if (current_step == 1) then
         instruction_pointer = RIP
         print("instruction_pointer:", dec_to_hex(instruction_pointer))
         print("data_structure_address:", dec_to_hex(data_structure_address))
      end

      print("current_step:", current_step, "of", max_steps)

      execute_instruction(instruction_pointer)

      extra, opcode, bytes, address = splitDisassembledString(disassemble(instruction_pointer))
      print("address:", address, "->", opcode, "|" , extra)
      print("")

      current_step = current_step + 1
      debug_continueFromBreakpoint(co_stepinto)
   else
      print("Remove breakpoint and continue")
      print("instruction_pointer:", dec_to_hex(instruction_pointer))
      print("")
      debug_removeBreakpoint(instruction_pointer)
      debug_continueFromBreakpoint(co_run)
   end

   return 0
end



Last edited by airvzxf on Fri Jul 17, 2020 12:11 am; edited 3 times in total
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 470

Joined: 09 May 2003
Posts: 25785
Location: The netherlands
PostPosted: Fri Jul 17, 2020 12:07 am    Post subject: Reply with quote
the last continue method will be used when the breakpoint code finishes

here is an example:
Code:

local count=10
debug_setBreakpoint(0x10002B08C, 1, bptExecute, function()
  print(string.format("RIP: %x", RIP))
  if count>0 then
    count=count-1
    debug_continueFromBreakpoint(co_stepinto)
  else
      return 1 --return nil if you don't want it to break
  end
end)


One issue with stepover is that when the stepover happens it will be a different unrelatred breakpoint that triggers it, so a breakpoint specific BP won't be able to handle that.

I recommend in this case the use of debugger_onBreakpoint() like this:
Code:

local insideSteppingMode=false
local count=10
function debugger_onBreakpoint()
  print(string.format("RIP: %x", RIP))
  if (RIP==0x10002B08C) or insideSteppingMode then
    insideSteppingMode=true
    count=count-1

    if count>0 then
      debug_continueFromBreakpoint(co_stepover)
      return 1 --continue
    else
      print("Done")
      insideSteppingMode=false
      return nil --break (DO NOT call debug_continueFromBreakpoint when you decide to break)
    end
  else
    print("not expected")
    return nil --break
  end
  return nil
end

debug_setBreakpoint(0x10002B08C, 1, bptExecute)


(note that debugger_onBreakpoint uses the opposite return value from the breakpoint specific one)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Lua Scripting All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites