Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


How can I get the address of a call at Auto Assembler?

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
sir-gunny
Advanced Cheater
Reputation: 0

Joined: 15 Mar 2012
Posts: 77

PostPosted: Thu Dec 02, 2021 10:35 am    Post subject: How can I get the address of a call at Auto Assembler? Reply with quote

Hi.

Is there an easier way to do something like this?

Code:
[ENABLE]
aobscan(memTestMemory,E8 ?? ?? ?? ?? 83 C4 10 85 C0 75 ?? 39 1B C6 43 ?? ?? 39 36 8B 46 ?? 83 EC ?? 50)
registerSymbol(memTestMemory)
LuaCall(registerSymbol("memTestMemory2",string.format("0x%08X",getAddressSafe("[memTestMemory+1]+5")+getAddressSafe("memTestMemory")-0x100000000)))

//[memTestMemory+1]: --How can i get the called address in ASM? All the ASM-Code at the called address is not unique.
memTestMemory2: --04B9F268:
db c3

[DISABLE]

memTestMemory2: --04B9F268:
db 55

unregisterSymbol(memTestMemory2)
unregisterSymbol(memTestMemory)


The original ASM:

Code:
0A530BF4 - E8 6FE666FA           - call 04B9F268
0A530BF9 - 83 C4 10              - add esp,10 { 16 }
0A530BFC - 85 C0                 - test eax,eax
0A530BFE - 75 21                 - jne 0A530C21
0A530C00 - 39 1B                 - cmp [ebx],ebx
0A530C02 - C6 43 28 00           - mov byte ptr [ebx+28],00 { 0 }
0A530C06 - 39 36                 - cmp [esi],esi
0A530C08 - 8B 46 0C              - mov eax,[esi+0C]
0A530C0B - 83 EC 08              - sub esp,08 { 8 }
0A530C0E - 50                    - push eax


EDIT: nop the call is not an option, the function is called multiple times from somewhere else.
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Thu Dec 02, 2021 1:16 pm    Post subject: Reply with quote

Code:
[ENABLE]
{$lua}
if syntaxcheck then return 'define(memTestMemory,0)' end

local results = AOBScan('E8 ?? ?? ?? ?? 83 C4 10 85 C0 75 ?? 39 1B C6 43 ?? ?? 39 36 8B 46 ?? 83 EC ?? 50', '+X-C-W')
assert(results, 'No results found')

local caller = getAddress(results[0])
results.destroy()

-- NOTE: the operand to the CALL (E8) instruction is a signed 32-bit displacement from EIP (next instruction)
local moffs = (readInteger(caller + 1) + caller + 5) & 0xFFFFFFFF

assert(readBytes(moffs, 1) == 0x55, 'No results found')

return ('define(memTestMemory,%08X)'):format(moffs)
{$asm}
registerSymbol(memTestMemory)
memTestMemory:
  db c3

[DISABLE]
memTestMemory:
  db 55

unregisterSymbol(memTestMemory)

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
Csimbi
I post too much
Reputation: 92

Joined: 14 Jul 2007
Posts: 3102

PostPosted: Thu Dec 02, 2021 2:05 pm    Post subject: Reply with quote

Why do you need it the address itself?
Is that because you'd like to call it from a different location?
Back to top
View user's profile Send private message
sir-gunny
Advanced Cheater
Reputation: 0

Joined: 15 Mar 2012
Posts: 77

PostPosted: Fri Dec 03, 2021 4:19 am    Post subject: Reply with quote

@ParkourPenguin:
Thanks, I'll test it when I'm at home.

@Csimbi:
No, the function is called by many other functions. I would like the function to never be executed. I think I have two options. Nop all calls if i found all or force a return at the first line of the called code. The second seems easier to me.
Back to top
View user's profile Send private message
panraven
Grandmaster Cheater
Reputation: 55

Joined: 01 Oct 2008
Posts: 941

PostPosted: Fri Dec 03, 2021 4:34 am    Post subject: Reply with quote

CE 7.1+ has pointer typecast, which can make the call target address from caller's ip relative offset (the 4 bytes after E8 ). (LONG) is for signed 4bytes integer
Code:

[ENABLE]
unregisterSymbol(memTestMemory)
aobscan(memTestMemory,E8 ?? ?? ?? ?? 83 ...)
registerSymbol(memTestMemory)
///    -- ip offset --  --  ip base  --
(LONG)[memTestMemory+1]+memTestMemory+5:
db c3
[DISABLE]
(LONG)[memTestMemory+1]+memTestMemory+5:
db 55

It will syntaxcheck error as the scan is not done during checking. but should work on actual execution.

_________________
- Retarded.
Back to top
View user's profile Send private message
sir-gunny
Advanced Cheater
Reputation: 0

Joined: 15 Mar 2012
Posts: 77

PostPosted: Fri Dec 03, 2021 12:33 pm    Post subject: Reply with quote

@ParkourPenguin:
It works fine. I just had to include writable memory to the scan. THX Smile

@panraven:
I still use CE 6.8.3 Embarassed (Never change a winning team Very Happy ). But this is a good argument for the latest CE. Smile
Back to top
View user's profile Send private message
Csimbi
I post too much
Reputation: 92

Joined: 14 Jul 2007
Posts: 3102

PostPosted: Sat Dec 04, 2021 12:00 pm    Post subject: Reply with quote

sir-gunny wrote:

@Csimbi:
No, the function is called by many other functions. I would like the function to never be executed. I think I have two options. Nop all calls if i found all or force a return at the first line of the called code. The second seems easier to me.

Indeed.
That is the most reliable choice, too.

sir-gunny wrote:

@panraven:
I still use CE 6.8.3 Embarassed (Never change a winning team Very Happy ). But this is a good argument for the latest CE. Smile

Actually, use 7.2 instead of 7.3.
7.3 has many issues.
7.4 was supposed to come in November - it never did.
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Sat Dec 04, 2021 1:03 pm    Post subject: Reply with quote

Csimbi wrote:

7.4 was supposed to come in November - it never did.


i don't recall ever saying November.

I did tell someone in December, but not november

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Csimbi
I post too much
Reputation: 92

Joined: 14 Jul 2007
Posts: 3102

PostPosted: Sat Dec 04, 2021 6:25 pm    Post subject: Reply with quote

Dark Byte wrote:

i don't recall ever saying November.

I did tell someone in December, but not november

I stand corrected!
I must have misinterpreted something.
Maybe that was for the 7.3.x public release.
Anyway, I am sorry about that!
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites