Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Coding an Offset Dumper for Cheat Engine

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
heyimyuuta
Newbie cheater
Reputation: 0

Joined: 14 Sep 2023
Posts: 12
PostPosted: Thu Sep 14, 2023 11:32 am    Post subject: Coding an Offset Dumper for Cheat Engine Reply with quote
I'm trying to code a simple offset dumper, where I just add an empty address to the table and set the description to the pattern. then I search for that pattern and change the address to the offset.

I did something within Lua already which looks like this:

Code:
-- Define the pattern
local aobPattern = "48 8B 05 ?? ?? ?? ?? 48 89 6C 24 ?? 48 89 74 24 ?? 48 8B 58"

-- Perform an AOB scan for the pattern
local result = AOBScan(aobPattern)

-- Get the Cheat Engine address list
local addressList = getAddressList()

-- Iterate through the results
for i = 0, result.Count - 1 do
    local addressString = result[i]

    -- Convert the address string to a numerical address
    local address = tonumber(addressString, 16)

    -- Create a new memory record and set its description
    local memoryRecord = addressList.createMemoryRecord()
    memoryRecord.Description = "Found Address"

    -- Set the address for the memory record
    memoryRecord.Address = addressString

    print("Pattern found at address: " .. addressString)
end

-- Free the result list to avoid memory leaks
result.destroy()


However I'm stuck with getting the correct offset.

on the left is obviously the Address, and on the right is the opcode showing "rax,[7FF771F6C2F8]".
I basically need the offset from the opcode and I wonder if there is an easy universal way to get that since Cheat engine basically knows that Address / Offset already since its within the [].

So if I could do something like "Address.GetOffsetFromOP" which ofc doesn't exist yet, but if there is something like that would be cool.
I mean I can basically do that within the gui, pressing right click at the opcode and selecting "Opcodes only (no address)".

Oh also I wonder if it would be better to code it as Plugin instead?
Not sure if that is easier than using Lua, and if there is a Document about coding CE Plugins to get some references?

opcode.png
 Description:
 Filesize:  15.55 KB
 Viewed:  1521 Time(s)

opcode.png
fasfasf.png
 Description:
 Filesize:  2.68 KB
 Viewed:  1528 Time(s)

fasfasf.png
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 152

Joined: 06 Jul 2014
Posts: 4719
PostPosted: Thu Sep 14, 2023 12:04 pm    Post subject: Reply with quote
That's called RIP-relative addressing.

The register RIP holds the address of the next instruction to execute. While it's executing the instruction `mov rax,[7FF771F694B0]` at the address 0x7FF770087A55, RIP will be the address of the next instruction, 0x7FF770087A5C (the former instruction takes up 7 bytes).

RIP-relative addressing addresses a memory location using a signed 32-bit displacement from RIP. The bytes `54 1A EE 01` correspond to the integer 0x1EE1A54. Add that to RIP and you get the addressed memory location: 0x7FF770087A5C + 0x1EE1A54 = 0x7FF771F694B0

Code:
-- only scanning executable memory will significantly improve scan speed
local results = AOBScan('48 8B 05 ?? ?? ?? ?? 48 89 6C 24 ?? 48 89 74 24 ?? 48 8B 58', '+X-C-W')
-- AOBScan returns nil on failure
assert(results, 'no results found')

for i = 0, results.Count - 1 do
  -- getAddress returns an integer
  local addr = getAddress(results[i])

  local rip = addr + 7
  -- 2nd parameter = signed (default false = unsigned)
  local disp = readInteger(addr+3, true)

  local memoryRecord = AddressList.createMemoryRecord()
  memoryRecord.Description = "Found Address"

  -- getNameFromAddress returns a string (basically the inverse of getAddress)
  memoryRecord.Address = getNameFromAddress(rip + disp)

  -- should also set other properties, e.g. Type
end

results.destroy()

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites