Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


[Plugin] WatchExpression CE Plugin

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Source -> Plugin development
View previous topic :: View next topic  
Author Message
honoka
How do I cheat?
Reputation: 1

Joined: 06 Jun 2016
Posts: 1

PostPosted: Mon Jun 06, 2016 12:40 am    Post subject: [Plugin] WatchExpression CE Plugin This post has 1 review(s) Reply with quote

WatchExpression CE Plugin by Honoka

If you find bug please mail to "honoka @ protonmail . com".

Download : https://www.dropbox.com/s/kbwrpmjd53pjw5x/WatchExpression.zip?dl=1
Source Code(vs2010 c++) : https://www.dropbox.com/s/htr2li0mu0dg8ux/Honoka0607.zip?dl=1
Youtube tutorial : https://youtu.be/uLP4Ckhylwg

This plugin hooks CE's debug event. it captures registers which are needed by your custom expression and log them to list control. My original focus is hooking function's return address but I extended my think so the plugin can hook any expression. if you're debugging x86 process and want to hook function's return address, use this expression [ebp+4]Smile

Beginners guide
1. Execute CE.
2. Go to "Settings" -> "Plugins"
3. Click "Add new" and add WatchExpression plugin.
4. Enable plugin by clicking check box.
5. Open process to debug.
6. Go to "Memory View" and go to address to hook
7. Click mouse right button and select "Watch expression"(or press shortcut "CTRL+W")
8. Customise your expression and choose data type.
9. Press start button.
10. Enjoy debugging!

Features
- All debugger methods are supported(VEH, Windows, Kernelmode)
- All breakpoint mothods are supported(Hardware BP, Software BP, Page exceptions BP)
- Multiple watcher windows at single breakpoint
- Using CE symbol is allowed.(Userdefined symbol, DLL name, DLL exported functions, just address and etc..)

Limitations
- The plugin works on only CE 6.5+(Debugevent callback is not implemented under 6.5 version.)
- The plugin is for only x64 "system".(Using on x86 processes is possible.)
- You can use only "hexadecimal constant" on your expression.

Registers supported on expression
rax, eax, ax, ah, al
rbx, ebx, bx, bh, bl
rcx, ecx, cx, ch, cl
rdx, edx, dx, dh, dl
rsi, esi, si, sil
rdi, edi, di, dil
rbp, ebp, bp, bpl
rsp, esp, sp, spl
r8, r8d, r8w, r8b
r9, r9d, r9w, r9b
..
..
..
r15, r15d, r15w, r15b
rip, eip
cs, ss, ds, es, fs, gs
eflags
dr0, dr1, dr2, dr3, dr6, dr7

Operators supported on expression(Almost of them are based on C language)
High priority
qword[Exp], dword[Exp], word[Exp], byte[Exp], [Exp] : Pointer operators
qword(Exp), dword(Exp), word(Exp), byte(Exp), bool(Exp), (Exp) : Casting operators
+, -, ~, ! : Unary operators
*, /, % : Multiplicative operators
+, - : Additive operators
<<, >> : Shift operators
<, <=, >, >=: Compare operators
==, != : Equality operators
& : Bit and
^ : Bit xor
| : Bit or
&& : Logic and
|| : Logic or
Low priority

Select data type you want to hook
- Integer
- Opcode *Use this when hooking function return addresses or vtable values.
- Float, Double
- String
- Array of bytes
Back to top
View user's profile Send private message
Hexshark
How do I cheat?
Reputation: 0

Joined: 13 Nov 2016
Posts: 3

PostPosted: Sat Nov 19, 2016 5:24 am    Post subject: about CE_GetThreadContext() Reply with quote

CE_GetThreadContext() is quite complex,why not just using GetThreadContext(). It works fine as I tested.
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 329

Joined: 09 May 2003
Posts: 19510
Location: The netherlands

PostPosted: Sat Nov 19, 2016 5:40 am    Post subject: Reply with quote

i don't think GetThreadContext works on the VEH or Kernelmode debugger when a thread has been broken (they have a seperate context)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Back to top
View user's profile Send private message MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Source -> Plugin development All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites