View previous topic :: View next topic |
Author |
Message |
Rammwurst How do I cheat? Reputation: 0
Joined: 18 Jul 2017 Posts: 8
|
Posted: Tue Jul 18, 2017 4:08 pm Post subject: "Find out what accesses/writes to this address" in |
|
|
Is it possible to do either a
Find out what accesses this address
or a
Find out what writes to this address
in a script to return an address? At least if only one function writes to the specified address
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4300
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25296 Location: The netherlands
|
Posted: Tue Jul 18, 2017 4:29 pm Post subject: |
|
|
Code: |
debug_setBreakpoint(address, 1, bptAccess, function()
print(string.format("%X accessed %X", RIP, address))
debug_continueFromBreakpoint(co_run)
return 0
end)
|
to disable use debug_removeBreakpoint(address)
as for using a function that waits till it's accessed I recommend starting a timer or thread, as the breakpoint callback is done in the main thread, so it has to stay responsive
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25296 Location: The netherlands
|
Posted: Tue Jul 18, 2017 4:45 pm Post subject: |
|
|
This code will add a waitTillWritten(address) and waitTillWritten(address,timeout) function
if no timeout is given it will wait indefinitely until the value is written, and the return value is the address only
If a timeout is given, then it will wait till the value is written, or till the timeout it hit.
It returns 2 values, false/true, and the address if true
Code: |
function waitTillWritten(address, timeout)
local written=false
local lastaccess=nil
local stoptime=nil
if timeout~=nil then
stoptime=getTickCount()+timeout
end
debug_setBreakpoint(address, 1, bptWrite, function()
lastaccess=RIP
print(string.format("%X accessed %X", RIP, address))
written=true
debug_continueFromBreakpoint(co_run)
return 0
end)
while (not written) and ((stoptime==nil) or (getTickCount()<stoptime)) do
checkSynchronize()
if not written then sleep(10) end
end
debug_removeBreakpoint(address)
if timeout then
return written,lastaccess
else
return lastaccess
end
end
|
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
Rammwurst How do I cheat? Reputation: 0
Joined: 18 Jul 2017 Posts: 8
|
Posted: Tue Jul 18, 2017 5:10 pm Post subject: |
|
|
so if i got
Code: | {$LUA}
debug_setBreakpoint(address, 4, bptWrite, function()
print(string.format("%X accessed %X", RIP, address))
debug_removeBreakpoint(address)
return 0
end)
{$asm} |
how do I use the address of whatever function wrote to said address in an auto assemble script?
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25296 Location: The netherlands
|
Posted: Tue Jul 18, 2017 5:13 pm Post subject: |
|
|
in your aa script allocate space for the address but leave it blank (but register the location), and later when it has been found fill it in
your script should check if it has been filled in or not
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
Rammwurst How do I cheat? Reputation: 0
Joined: 18 Jul 2017 Posts: 8
|
Posted: Tue Jul 18, 2017 5:24 pm Post subject: |
|
|
Really just need something like this non-functional-code
Code: | [ENABLE]
label(myvar)
{$LUA}
local lastaccess=nil
debug_setBreakpoint(address, 4, bptWrite, function()
print(string.format("%X accessed %X", RIP, address))
??? myvar=RIP ???
debug_removeBreakpoint(address)
return 0
end)
myvar-2:
_myvar:
db 38 00
[DISABLE]
_myvar:
db 00 00
unregistersymbol(_myvar) |
in functional, the address is constantly written to so there doesn't seem to be a need to wait in a thread, it should return immediately
Last edited by Rammwurst on Tue Jul 18, 2017 8:31 pm; edited 1 time in total |
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25296 Location: The netherlands
|
Posted: Tue Jul 18, 2017 6:07 pm Post subject: |
|
|
then check out the waitTillWritten function i posted above
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
Rammwurst How do I cheat? Reputation: 0
Joined: 18 Jul 2017 Posts: 8
|
Posted: Tue Jul 18, 2017 6:11 pm Post subject: |
|
|
Code: | [ENABLE]
{$LUA}
unregisterSymbol("myVar")
debug_setBreakpoint(0x27BFC3524E4, 4, bptWrite, function()
print(string.format("%X accessed %X", RIP, 0x27BFC3524E4))
debug_removeBreakpoint(0x27BFC3524E4)
registerSymbol("myVar",RIP)
return 0
end)
{$asm}
label(_myVar)
registersymbol(_myVar)
myVar-2:
_myVar:
db 38 00
[DISABLE]
_myVar:
db 00 00
{$LUA}
unregisterSymbol("myVar")
debug_removeBreakpoint(0x27BFC3524E4) |
This doesn't seem to write to the address of _myVar
any idea what I'm doing wrong?
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25296 Location: The netherlands
|
Posted: Tue Jul 18, 2017 6:53 pm Post subject: |
|
|
the breakpoint hasn't been hit yet by the time it assembles the code
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
Rammwurst How do I cheat? Reputation: 0
Joined: 18 Jul 2017 Posts: 8
|
Posted: Wed Jul 19, 2017 2:16 pm Post subject: |
|
|
RIP seems to always point to the end of the instruction writing to an address (or rather to the instruction after itself), if that instruction changes in length I'm not sure how to point back to the writing instruction
are there other options to RIP when using bptWrite?
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25296 Location: The netherlands
|
Posted: Wed Jul 19, 2017 2:19 pm Post subject: |
|
|
you can use getPreviousOpcode(RIP) to let ce guess the instruction before it.
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
Rammwurst How do I cheat? Reputation: 0
Joined: 18 Jul 2017 Posts: 8
|
Posted: Wed Jul 19, 2017 7:11 pm Post subject: |
|
|
Dark Byte wrote: | you can use getPreviousOpcode(RIP) to let ce guess the instruction before it. |
That worked perfectly, thank you for all your help.
|
|
Back to top |
|
|
|