| 
			
				|  | Cheat Engine The Official Site of Cheat Engine
 
 
 |  
 
	
		| View previous topic :: View next topic |  
		| Author | Message |  
		| wxy2ab How do I cheat?
 
 ![]() Reputation: 2 
 Joined: 13 Jan 2014
 Posts: 6
 Location: 美国
 
 | 
			
				|  Posted: Tue Jan 14, 2014 10:21 pm    Post subject: call mono.mono_assembly_get_main get nothing |   |  
				| 
 |  
				|  	  | Code: |  	  | alloc(bla, 2048)
 
 alloc(domain,4)
 alloc(assembly,4)
 
 registersymbol(domain)
 registersymbol(assembly)
 
 bla:
 call mono.mono_get_root_domain
 mov [domain],eax
 
 push eax
 call mono.mono_thread_attach
 add esp,4
 
 call  mono.mono_assembly_get_main
 mov [assembly],eax
 
 ret
 
 createthread(bla)
 
 | 
 
 when i call mono.mono_assembly_get_main ,it returns NULL.
 how can i get main assembly?
 |  |  
		| Back to top |  |  
		|  |  
		| Dark Byte Site Admin
 
  Reputation: 470 
 Joined: 09 May 2003
 Posts: 25806
 Location: The netherlands
 
 | 
			
				|  Posted: Tue Jan 14, 2014 10:57 pm    Post subject: |   |  
				| 
 |  
				| not sure. This is the sourcecode of that function. 
  	  | Code: |  	  | MonoAssembly *
 mono_assembly_get_main (void)
 {
 return (main_assembly);
 }
 
 | 
 So it looks like main_assembly is null (perhaps an earlier "mono_assembly_set_main(NULL)" call)
 
 
 Anyhow, you can use mono_assembly_foreach which will call a callback function.
 It won't show what the main assembly is, but you may figure that out from the name
 _________________
 
 Do not ask me about online cheats. I don't know any and wont help finding them.
 Like my help? Join me on Patreon so i can keep helping
 |  |  
		| Back to top |  |  
		|  |  
		| wxy2ab How do I cheat?
 
 ![]() Reputation: 2 
 Joined: 13 Jan 2014
 Posts: 6
 Location: 美国
 
 | 
			
				|  Posted: Thu Jan 16, 2014 1:13 am    Post subject: thanks! |   |  
				| 
 |  
				| thanks for your help. I'm trying to invoke mono_assembly_foreach and try to copy assembly's name down , but my callback function received NULL as parameters
 
  	  | Code: |  	  | 
 alloc(bla, 2048)
 alloc(str,4096)
 
 alloc(pointer,4)
 alloc(domain,4)
 alloc(assembly,4)
 
 label(flabel)
 label(strcpy)
 label(start)
 label(walk)
 
 registersymbol(domain)
 registersymbol(assembly)
 registersymbol(pointer)
 registersymbol(str)
 
 bla:
 jmp start    //jump to start point
 walk:        //this is my callback function
 push ebp
 push eax
 push ebx
 mov ebp,esp
 
 mov eax,[ebp+4]   //this vaule is NULL
 add eax,8              //suppose to get MonoAssemblyName address
 
 push eax
 call mono.mono_stringify_assembly_name    //get assembly name
 add esp,4
 
 push eax              //copy name to str
 push pointer
 call strcpy
 add esp,8
 mov [pointer],eax
 
 mov esp,ebp
 pop ebx
 pop eax
 pop ebp
 ret
 //---------------------------------------------
 strcpy:          //simple str copy function
 push edx
 mov eax,[esp+4]
 mov edx,[esp+8]
 push esi
 mov esi,eax
 sub esi,edx
 flabel:
 mov cl,[edx]
 mov [esi+edx],cl
 inc edx
 inc eax
 test cl, cl
 jnz flabel
 pop esi
 pop edx
 ret
 
 start:     //start point
 call mono.mono_get_root_domain
 mov [domain],eax
 
 push eax
 call mono.mono_thread_attach
 add esp,4
 
 mov eax,str
 mov [pointer],eax
 
 push 0
 push walk
 call mono.mono_assembly_foreach
 add esp,8
 
 ret
 
 createthread(bla)
 
 | 
 
 
 i checked the document
 
  	  | Code: |  	  | struct _MonoAssembly {
 /*
 * The number of appdomains which have this assembly loaded plus the number of
 * assemblies referencing this assembly through an entry in their image->references
 * arrays. The later is needed because entries in the image->references array
 * might point to assemblies which are only loaded in some appdomains, and without
 * the additional reference, they can be freed at any time.
 * The ref_count is initially 0.
 */
 int ref_count; /* use atomic operations only */
 char *basedir;
 MonoAssemblyName aname;
 MonoImage *image;
 GSList *friend_assembly_names; /* Computed by mono_assembly_load_friends () */
 guint8 friend_assembly_names_inited;
 guint8 in_gac;
 guint8 dynamic;
 guint8 corlib_internal;
 gboolean ref_only;
 /* security manager flags (one bit is for lazy initialization) */
 guint32 ecma:2;                /* Has the ECMA key */
 guint32 aptc:2;                /* Has the [AllowPartiallyTrustedCallers] attributes */
 guint32 fulltrust:2;        /* Has FullTrust permission */
 guint32 unmanaged:2;        /* Has SecurityPermissionFlag.UnmanagedCode permission */
 guint32 skipverification:2;        /* Has SecurityPermissionFlag.SkipVerification permission */
 };
 
 typedef struct {
 const char *name;
 const char *culture;
 const char *hash_value;
 const guint8* public_key;
 // string of 16 hex chars + 1 NULL
 guchar public_key_token [MONO_PUBLIC_KEY_TOKEN_LENGTH];
 guint32 hash_alg;
 guint32 hash_len;
 guint32 flags;
 guint16 major, minor, build, revision;
 } MonoAssemblyName;
 
 | 
 |  |  
		| Back to top |  |  
		|  |  
		| Dark Byte Site Admin
 
  Reputation: 470 
 Joined: 09 May 2003
 Posts: 25806
 Location: The netherlands
 
 | 
			
				|  Posted: Thu Jan 16, 2014 1:38 am    Post subject: |   |  
				| 
 |  
				|  	  | Code: |  	  | walk:        //this is my callback function
 //ESP+4=assembly
 push ebp //ESP+8=assembly
 push eax //ESP+c=assembly
 push ebx //ESP+10=assembly
 mov ebp,esp  //EBP=ESP, ESP+10=assembly, so EBP+10=assembly
 
 mov eax,[ebp+4]   //this vaule is NULL
 
 | 
 
 so change EBP+4 to EBP+10
 
 also, use mono_assembly_get_image() and then mono_image_get_name()
 _________________
 
 Do not ask me about online cheats. I don't know any and wont help finding them.
 Like my help? Join me on Patreon so i can keep helping
 |  |  
		| Back to top |  |  
		|  |  
		| wxy2ab How do I cheat?
 
 ![]() Reputation: 2 
 Joined: 13 Jan 2014
 Posts: 6
 Location: 美国
 
 | 
			
				|  Posted: Thu Jan 16, 2014 3:06 am    Post subject: |   |  
				| 
 |  
				|  	  | Dark Byte wrote: |  	  |  	  | Code: |  	  | walk:        //this is my callback function
 //ESP+4=assembly
 push ebp //ESP+8=assembly
 push eax //ESP+c=assembly
 push ebx //ESP+10=assembly
 mov ebp,esp  //EBP=ESP, ESP+10=assembly, so EBP+10=assembly
 
 mov eax,[ebp+4]   //this vaule is NULL
 
 | 
 
 so change EBP+4 to EBP+10
 
 also, use mono_assembly_get_image() and then mono_image_get_name()
 | 
 
 lots of thanks for you.
 It's a huge mistake , and I haven't even noticed .
 I've accomplish my task that get the loaded assemblies list.
 
 SteamworksManaged
 Assembly-CSharp
 UnityEngine
 mscorlib
 
 it's very sad that i am still know nothing about the game assembly .
 is there any other way i can get the game assembly?
 |  |  
		| Back to top |  |  
		|  |  
		| daspamer Grandmaster Cheater Supreme
 
  Reputation: 54 
 Joined: 13 Sep 2011
 Posts: 1588
 
 
 | 
			
				|  Posted: Thu Jan 16, 2014 7:34 am    Post subject: |   |  
				| 
 |  
				| If you can get the game as .unity3d file, you may decomplie it. And then view the whole game source (And create hacks for it too, lot's of them using CIL language).
 _________________
 
 I'm rusty and getting older, help me re-learn lua. |  |  
		| Back to top |  |  
		|  |  
		| Dark Byte Site Admin
 
  Reputation: 470 
 Joined: 09 May 2003
 Posts: 25806
 Location: The netherlands
 
 | 
			
				|  Posted: Thu Jan 16, 2014 8:05 am    Post subject: |   |  
				| 
 |  
				| Assembly-CSharp is the one you need to take a closer look on. That is the one that contains all game related classes 
 Just learn the mono functions
 You can use the image to find the class you're interested in
 Then use the class to find the method.
 With the method you can find the cil code, or (my favourite), compile it using mono_method_compile and work on the assemblercode.
 
 You can also get a list of all fields in a class like their name and offset.
 
 (Check out the monoDataCollector inside the cheat engine svn. It's a lua/c++ hybrid extension for ce 6.3+ which adds some new features to ce )
 _________________
 
 Do not ask me about online cheats. I don't know any and wont help finding them.
 Like my help? Join me on Patreon so i can keep helping
 |  |  
		| Back to top |  |  
		|  |  
		| wxy2ab How do I cheat?
 
 ![]() Reputation: 2 
 Joined: 13 Jan 2014
 Posts: 6
 Location: 美国
 
 | 
			
				|  Posted: Thu Jan 16, 2014 1:18 pm    Post subject: oh,no! |   |  
				| 
 |  
				| It's really helpful to me. I've solved my problem.
 thanks , guys
 |  |  
		| Back to top |  |  
		|  |  
		|  |  
  
	| 
 
 | You cannot post new topics in this forum You cannot reply to topics in this forum
 You cannot edit your posts in this forum
 You cannot delete your posts in this forum
 You cannot vote in polls in this forum
 You cannot attach files in this forum
 You can download files in this forum
 
 |  |