 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
wxy2ab
How do I cheat?
![]() Reputation: 2
Joined: 13 Jan 2014
Posts: 6
Location: 美国
|
 Posted: Tue Jan 14, 2014 10:21 pm Post subject: call mono.mono_assembly_get_main get nothing |
 |
|
| Code: |
alloc(bla, 2048)
alloc(domain,4)
alloc(assembly,4)
registersymbol(domain)
registersymbol(assembly)
bla:
call mono.mono_get_root_domain
mov [domain],eax
push eax
call mono.mono_thread_attach
add esp,4
call mono.mono_assembly_get_main
mov [assembly],eax
ret
createthread(bla)
|
when i call mono.mono_assembly_get_main ,it returns NULL.
how can i get main assembly?
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25805
Location: The netherlands
|
| Posted: Tue Jan 14, 2014 10:57 pm Post subject: |
|
|
not sure. This is the sourcecode of that function.
| Code: |
MonoAssembly *
mono_assembly_get_main (void)
{
return (main_assembly);
}
|
So it looks like main_assembly is null (perhaps an earlier "mono_assembly_set_main(NULL)" call)
Anyhow, you can use mono_assembly_foreach which will call a callback function.
It won't show what the main assembly is, but you may figure that out from the name
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
wxy2ab
How do I cheat?
![]() Reputation: 2
Joined: 13 Jan 2014
Posts: 6
Location: 美国
|
| Posted: Thu Jan 16, 2014 1:13 am Post subject: thanks! |
|
|
thanks for your help.
I'm trying to invoke mono_assembly_foreach and try to copy assembly's name down , but my callback function received NULL as parameters
| Code: |
alloc(bla, 2048)
alloc(str,4096)
alloc(pointer,4)
alloc(domain,4)
alloc(assembly,4)
label(flabel)
label(strcpy)
label(start)
label(walk)
registersymbol(domain)
registersymbol(assembly)
registersymbol(pointer)
registersymbol(str)
bla:
jmp start //jump to start point
walk: //this is my callback function
push ebp
push eax
push ebx
mov ebp,esp
mov eax,[ebp+4] //this vaule is NULL
add eax,8 //suppose to get MonoAssemblyName address
push eax
call mono.mono_stringify_assembly_name //get assembly name
add esp,4
push eax //copy name to str
push pointer
call strcpy
add esp,8
mov [pointer],eax
mov esp,ebp
pop ebx
pop eax
pop ebp
ret
//---------------------------------------------
strcpy: //simple str copy function
push edx
mov eax,[esp+4]
mov edx,[esp+8]
push esi
mov esi,eax
sub esi,edx
flabel:
mov cl,[edx]
mov [esi+edx],cl
inc edx
inc eax
test cl, cl
jnz flabel
pop esi
pop edx
ret
start: //start point
call mono.mono_get_root_domain
mov [domain],eax
push eax
call mono.mono_thread_attach
add esp,4
mov eax,str
mov [pointer],eax
push 0
push walk
call mono.mono_assembly_foreach
add esp,8
ret
createthread(bla)
|
i checked the document
| Code: |
struct _MonoAssembly {
/*
* The number of appdomains which have this assembly loaded plus the number of
* assemblies referencing this assembly through an entry in their image->references
* arrays. The later is needed because entries in the image->references array
* might point to assemblies which are only loaded in some appdomains, and without
* the additional reference, they can be freed at any time.
* The ref_count is initially 0.
*/
int ref_count; /* use atomic operations only */
char *basedir;
MonoAssemblyName aname;
MonoImage *image;
GSList *friend_assembly_names; /* Computed by mono_assembly_load_friends () */
guint8 friend_assembly_names_inited;
guint8 in_gac;
guint8 dynamic;
guint8 corlib_internal;
gboolean ref_only;
/* security manager flags (one bit is for lazy initialization) */
guint32 ecma:2; /* Has the ECMA key */
guint32 aptc:2; /* Has the [AllowPartiallyTrustedCallers] attributes */
guint32 fulltrust:2; /* Has FullTrust permission */
guint32 unmanaged:2; /* Has SecurityPermissionFlag.UnmanagedCode permission */
guint32 skipverification:2; /* Has SecurityPermissionFlag.SkipVerification permission */
};
typedef struct {
const char *name;
const char *culture;
const char *hash_value;
const guint8* public_key;
// string of 16 hex chars + 1 NULL
guchar public_key_token [MONO_PUBLIC_KEY_TOKEN_LENGTH];
guint32 hash_alg;
guint32 hash_len;
guint32 flags;
guint16 major, minor, build, revision;
} MonoAssemblyName;
|
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25805
Location: The netherlands
|
| Posted: Thu Jan 16, 2014 1:38 am Post subject: |
|
|
| Code: |
walk: //this is my callback function
//ESP+4=assembly
push ebp //ESP+8=assembly
push eax //ESP+c=assembly
push ebx //ESP+10=assembly
mov ebp,esp //EBP=ESP, ESP+10=assembly, so EBP+10=assembly
mov eax,[ebp+4] //this vaule is NULL
|
so change EBP+4 to EBP+10
also, use mono_assembly_get_image() and then mono_image_get_name()
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
wxy2ab
How do I cheat?
![]() Reputation: 2
Joined: 13 Jan 2014
Posts: 6
Location: 美国
|
| Posted: Thu Jan 16, 2014 3:06 am Post subject: |
|
|
| Dark Byte wrote: | | Code: |
walk: //this is my callback function
//ESP+4=assembly
push ebp //ESP+8=assembly
push eax //ESP+c=assembly
push ebx //ESP+10=assembly
mov ebp,esp //EBP=ESP, ESP+10=assembly, so EBP+10=assembly
mov eax,[ebp+4] //this vaule is NULL
|
so change EBP+4 to EBP+10
also, use mono_assembly_get_image() and then mono_image_get_name() |
lots of thanks for you.
It's a huge mistake , and I haven't even noticed .
I've accomplish my task that get the loaded assemblies list.
SteamworksManaged
Assembly-CSharp
UnityEngine
mscorlib
it's very sad that i am still know nothing about the game assembly .
is there any other way i can get the game assembly?
|
|
| Back to top |
|
|
daspamer
Grandmaster Cheater Supreme
 Reputation: 54
Joined: 13 Sep 2011
Posts: 1588
|
| Posted: Thu Jan 16, 2014 7:34 am Post subject: |
|
|
If you can get the game as .unity3d file, you may decomplie it.
And then view the whole game source (And create hacks for it too, lot's of them using CIL language).
_________________
I'm rusty and getting older, help me re-learn lua. |
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25805
Location: The netherlands
|
| Posted: Thu Jan 16, 2014 8:05 am Post subject: |
|
|
Assembly-CSharp is the one you need to take a closer look on. That is the one that contains all game related classes
Just learn the mono functions
You can use the image to find the class you're interested in
Then use the class to find the method.
With the method you can find the cil code, or (my favourite), compile it using mono_method_compile and work on the assemblercode.
You can also get a list of all fields in a class like their name and offset.
(Check out the monoDataCollector inside the cheat engine svn. It's a lua/c++ hybrid extension for ce 6.3+ which adds some new features to ce )
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
wxy2ab
How do I cheat?
![]() Reputation: 2
Joined: 13 Jan 2014
Posts: 6
Location: 美国
|
| Posted: Thu Jan 16, 2014 1:18 pm Post subject: oh,no! |
|
|
It's really helpful to me.
I've solved my problem.
thanks , guys
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
