Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


how to use readfile and SetFilePointer ?

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
reverser69
Cheater
Reputation: 0

Joined: 03 Sep 2014
Posts: 47

PostPosted: Wed Dec 27, 2017 7:37 pm    Post subject: how to use readfile and SetFilePointer ? Reply with quote

hi all

PUSH 0
PUSH #128
PUSH 2
PUSH 0
PUSH 0
PUSH 0x40000000
PUSH [filename] ----. this causes crash. filename: db E:\XXX XXX\XXX.exe how should i push the file path?

CALL CreateFile


push 0 //file begin
push 0 // offset hi null
push X //setting offset
push x // hfile
call setfilepointer

push 0 //poverlapped = null
push x //pbytesread
push 8 //butestoread
push xxxxxx //buffer
push x // hfile
call readfile
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 346

Joined: 09 May 2003
Posts: 20186
Location: The netherlands

PostPosted: Wed Dec 27, 2017 8:05 pm    Post subject: Reply with quote

push filename instead of [filename] as you need to push the address of the filename.

But before you continue, is this a 32-bit or 64-bit target ? (if 64-bit you will need to use a very different method)

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Back to top
View user's profile Send private message MSN Messenger
reverser69
Cheater
Reputation: 0

Joined: 03 Sep 2014
Posts: 47

PostPosted: Wed Dec 27, 2017 8:53 pm    Post subject: Reply with quote

64 bit
yeah what ever i do i crash.even pushing filename without bracket
so what should i do?

sent you a pm.didnt want to break the rules.
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 346

Joined: 09 May 2003
Posts: 20186
Location: The netherlands

PostPosted: Thu Dec 28, 2017 4:30 am    Post subject: Reply with quote

https://msdn.microsoft.com/en-us/library/ms235286.aspx?f=255&MSPPError=-2147217396

as example for createFile:

Code:

sub rsp,40 //40 assuming the call is done from a position where the stack is already aligned (function entry, usually not, but after it usually it is)
mov rcx,filename
mov rdx,40000000
mov r8,0
mov r9,0

//The next 4 are not needed but give an idea of how it works
//mov [rsp],filename
//mov [rsp+8],40000000
//mov [rsp+10],0
//mov [rsp+18],0

mov [rsp+20],2
mov [rsp+28],#128
mov [rsp+30],0
CALL CreateFile

add rsp,40

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Back to top
View user's profile Send private message MSN Messenger
reverser69
Cheater
Reputation: 0

Joined: 03 Sep 2014
Posts: 47

PostPosted: Thu Dec 28, 2017 5:52 am    Post subject: Reply with quote

1. why arent you using push instead of mov rsp ?!?
2.does readfile return size or byte of indicated location?

eg: after calling setpoiner rax is the offset I want but after calling readfile rax is empty. I want it to fetch me the bytes of that location

my code so far:
Code:

    sub rsp,40
mov rcx,filename
mov rdx,40000000
mov r8,0
mov r9,0
mov [rsp+20],2
mov [rsp+28],#128
mov [rsp+30],0
CALL CreateFilew
add rsp,40


mov [hfile],rax

mov rcx,[hfile]
mov rdx,[offsettoread]
mov r8,0
mov r9,0
call setfilepointer


sub rsp,20
mov rcx,[hfile]
mov rdx,buffer
mov r8,8
mov r9,pbytesread
mov [rsp+20],0
call readfile
add rsp,20
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 346

Joined: 09 May 2003
Posts: 20186
Location: The netherlands

PostPosted: Thu Dec 28, 2017 6:29 am    Post subject: Reply with quote

1 because the stack must get aligned on a 16 byte boundary
i guess you could push a bogus last param first and then the rest, but this is how it's usually done (and this way you skip 4 push instructions)

2 https://msdn.microsoft.com/en-us/library/windows/desktop/aa365467%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396

readfile returns a boolean, and onsuccess writes the number of bytes read to pbytesread

also, your sub rsp,20 is too small , it needs at least 28. (so 30 for proper aligning)

---
also, you use createfilew , is the filename formatted as widestring? else try createfilea

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Back to top
View user's profile Send private message MSN Messenger
reverser69
Cheater
Reputation: 0

Joined: 03 Sep 2014
Posts: 47

PostPosted: Thu Dec 28, 2017 6:37 am    Post subject: Reply with quote

is this code ok?
Code:
push rax   
push rdx

mov [bytesbeingread],rdx
mov rax,[imagebase]
sub [bytesbeingread],rax
mov rax,[bytesbeingread]
mov [offsettoread],rax

sub rsp,40
mov rcx,filename
mov rdx,40000000
mov r8,0
mov r9,0
mov [rsp+20],2
mov [rsp+28],#128
mov [rsp+30],0
CALL CreateFilew
add rsp,40


mov [hfile],rax

mov rcx,[hfile]
mov rdx,[offsettoread]
mov r8,0
mov r9,0
call setfilepointer

sub rsp,30
mov rcx,[hfile]
mov rdx,buffer
mov r8,8
mov r9,pbytesread
mov [rsp+20],0
call readfile
add rsp,30

    pop rdx
    pop rax

xor al,[pbytesread]


i crash after CALL CreateFilew

i think im messing with stack. i see the mov rsp command overwrites other data in stack
can i upload video on forum so you could see stack changes?
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 346

Joined: 09 May 2003
Posts: 20186
Location: The netherlands

PostPosted: Thu Dec 28, 2017 7:52 am    Post subject: Reply with quote

i checked your code in the pm as well

your filename is in ascii format so use createfilea
also end it with a ,0 like 'c:\bla',0

as for the stack not sure, the add rsp,40 should undo all the stack edits

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Back to top
View user's profile Send private message MSN Messenger
reverser69
Cheater
Reputation: 0

Joined: 03 Sep 2014
Posts: 47

PostPosted: Thu Dec 28, 2017 9:06 am    Post subject: Reply with quote

code:
Code:
mov [bytesbeingread],rdx
mov rax,[imagebase]
sub [bytesbeingread],rax
mov rax,[bytesbeingread]
mov [offsettoread],rax

sub rsp,40
mov rcx,filename
mov rdx,40000000
mov r8,0
mov r9,0
mov [rsp+20],2
mov [rsp+28],#128
mov [rsp+30],0
CALL CreateFileA
add rsp,40


mov [hfile],rax

mov rcx,[hfile]
mov rdx,[offsettoread]
mov r8,0
mov r9,0
call setfilepointer

sub rsp,30
mov rcx,[hfile]
mov rdx,buffer
mov r8,8
mov r9,pbytesread
mov [rsp+20],0
call readfile
add rsp,30


filename:
db 'E:\Assassin creed unity\ACU.exe',0

//db 45 00 3A 00 5C 00 41 00 73 00 73 00 61 00 73 00 73 00 69 00 6E 00 20 00 63 00 72 00 65 00 65 00 64 00 20 00 75 00 6E 00 69 00 74 00 79 00 5C 00 41 00 43 00 55 00 6F 00 2E 00 74 00 78 00 74 00 00


hfile:
db 00

origbyte:
dq 0000000000000000

bytebeingread:
db 00

pbytesread:
db 00

buffer:
db 00

bytesbeingread:
dq 0000000000000000

offsettoread:
db 00

imagebase:
dq 0140000000



could you please whatch the video and see what is wrong?
i crash right after executing Readfile.

https://www.datafilehost.com/d/921c7f5c


********************************************
ok.readfile does not crash anymore but rax is 0 and pbytesread is empty after call.
Back to top
View user's profile Send private message
reverser69
Cheater
Reputation: 0

Joined: 03 Sep 2014
Posts: 47

PostPosted: Fri Dec 29, 2017 3:25 pm    Post subject: Reply with quote

any help?!
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites