|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
salumor Advanced Cheater Reputation: 0
Joined: 14 Jan 2019 Posts: 87
|
Posted: Wed Dec 08, 2021 5:56 pm Post subject: mono static fields |
|
|
I do want to read vaules of a "public const int" from a unity game but whatever i tried I fail.
https://www.cheatengine.org/forum/viewtopic.php?t=608437
mono_class_findInstancesOfClassListOnly returns nothing
https://www.cheatengine.org/forum/viewtopic.php?t=608923
finds the values but returns simply 0 (base and offset)
I tried playing with many suff I found like f.e. on naming most promising "mono_class_getStaticFieldValue" but I never got to any result that would provide me with the int value i'm looking for. Is this still impossible or am I missing s.t. or ...?
|
|
Back to top |
|
|
panraven Grandmaster Cheater Reputation: 55
Joined: 01 Oct 2008 Posts: 942
|
Posted: Wed Dec 08, 2021 8:12 pm Post subject: |
|
|
const does not have a memory location, it is compiled into the instruction that use the value.
For example, for a non const variable, like a instance mutable variable, it may be read as in such instruction:
mov rax,[rcx+140] /// rcx is the object base, +140 is offset for the variable, it has a memory location
for a const value, the instruction is like
mov rax,#1000 /// it has no memory location!!
So to modifier the const, one has to find what instructions use that const value, and modified the instruction.
_________________
- Retarded. |
|
Back to top |
|
|
salumor Advanced Cheater Reputation: 0
Joined: 14 Jan 2019 Posts: 87
|
Posted: Thu Dec 09, 2021 2:41 pm Post subject: |
|
|
Dang, I thought it would be more if the likes: mov rax,[12345678]
But the const is just jit compiled?
On that a question. [preinfo] the closest i got yet is mono_class_enumFields (with field addr etc) and cycling through array comparing ".name" (which I found but no way and addr. of a value). I am yet not that clear how these monofunctions work, took a look into monoscript.lua but it makes use of the monopipe so yeah ... [/preinfo]
My question: How do these functions get that information - some mono jit compilation? If so why shouldn't it also be possible to get the value?
|
|
Back to top |
|
|
Csimbi I post too much Reputation: 94
Joined: 14 Jul 2007 Posts: 3108
|
Posted: Thu Dec 09, 2021 3:25 pm Post subject: |
|
|
panraven wrote: | const does not have a memory location, it is compiled into the instruction that use the value.
|
Actually, in mono, it does. Contants like zero, float 1, float 100, etc. are optimized to be in just one place, but they are stored somewhere.
In mono, only a very few constants are baked into the instruction.
Well, at least, the ones I saw thus far, anyhore.
Constants related to a class are usually near the class template itself - or the base class - and they are indeed accessed as mov rax,[1234567890].
They are just hard to find because they don't change.
Find a constant related to a class (only to that class), debug a function that uses such a constant, and then browse the memory at that address, they are all nearby.
|
|
Back to top |
|
|
salumor Advanced Cheater Reputation: 0
Joined: 14 Jan 2019 Posts: 87
|
Posted: Thu Dec 09, 2021 5:21 pm Post subject: |
|
|
@Csimbi Oh , well thanks. I mean great ... just when I found some ... other place with technically another value (though storing same info) just ... hardcoded text I can easily read. But it's still interesting and may be usefull, esp on some other dynamic mono fnc I try to create.
I tried to find some code I could check on, but the problem is that on that class all constants are read VERY early on gamestart only. So I thought mono features could help me. (There is one supposed to be runtime fnc, but it hasn't been called yet AND is very long so i dunno if i'll find the const there.)
Well maybe some high frequently attach & debug code could allow me checking on that, but it wont help me on the table. And well your method won't help me in lua code (or do you mean i should hook function x, read addr of const y and add offset z to wanted const?)
For now I guess I'll try to find another class with constants that I can check on to get the idea behind - as soon as I find the time for that.
EDIT: Well that did work out, found s.t. but .... it won't help me with what I did want to achieve (lua script using a value from any unity game constant).
Last edited by salumor on Thu Dec 16, 2021 6:11 pm; edited 2 times in total |
|
Back to top |
|
|
panraven Grandmaster Cheater Reputation: 55
Joined: 01 Oct 2008 Posts: 942
|
Posted: Fri Dec 10, 2021 12:20 am Post subject: |
|
|
Csimbi wrote: | panraven wrote: | const does not have a memory location, it is compiled into the instruction that use the value.
|
Actually, in mono, it does. Contants like zero, float 1, float 100, etc. are optimized to be in just one place, but they are stored somewhere.
In mono, only a very few constants are baked into the instruction.
Well, at least, the ones I saw thus far, anyhore.
Constants related to a class are usually near the class template itself - or the base class - and they are indeed accessed as mov rax,[1234567890].
They are just hard to find because they don't change.
Find a constant related to a class (only to that class), debug a function that uses such a constant, and then browse the memory at that address, they are all nearby. |
oh, you are right, I'm wrong.
Tho not totally wrong
On Arm cpu it does encode at least some float into instruction too.
To try answer again, the const variable lack information where it used in the assembly, so it cannot be 'located' by mono-function or via 'usage' from a de-compiler. 'Where' the const use is a compiler (AOT/il2cpp or JIT) thing, whether it encoded in instruction or nearby memory of the used function.
_________________
- Retarded. |
|
Back to top |
|
|
Csimbi I post too much Reputation: 94
Joined: 14 Jul 2007 Posts: 3108
|
Posted: Sat Dec 11, 2021 4:56 pm Post subject: |
|
|
salumor wrote: | And well your method won't help me in lua code |
Yeah, LUA code is a completely different beast.
I thought we were talking mono.
panraven wrote: |
oh, you are right, I'm wrong.
Tho not totally wrong
On Arm cpu it does encode at least some float into instruction too.
|
To be fair, it's all generated code - depending how how the current version of the Unity engine runs, it can go both ways. That said, it could change between different versions of the same game.
So, we are both right.
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|