| View previous topic :: View next topic |
| Author |
Message |
abystus
Expert Cheater
 Reputation: 1
Joined: 09 Dec 2010
Posts: 140
|
 Posted: Sat Mar 21, 2015 1:19 am Post subject: Monitoring Function Calls |
 |
|
Is there a way to track all calls to a particular function? I'm looking for a feature similar to "Find what accesses this address", but for function calls instead ("Find what accesses this function"). Maybe I've overlooked this option? Any help is appreciated.
_________________
Hitler are you bored? Watch some of my hacks here. Want 2 gb of online storage space for free? Get Dropbox for computer, phone, etc...
Last edited by abystus on Sat Mar 21, 2015 3:09 am; edited 4 times in total |
|
| Back to top |
|
 |
justa_dude
Grandmaster Cheater
 Reputation: 23
Joined: 29 Jun 2010
Posts: 891
|
| Posted: Sat Mar 21, 2015 2:57 am Post subject: |
|
|
I believe the dissect code option can find all static xrefs. I assume your call could still be accessed by indirect calls, but I guess I'm not positive.
_________________
A nagy kapu mellett, mindig van egy kis kapu.
----------------------
Come on... |
|
| Back to top |
|
|
Redouane
Master Cheater
![]() Reputation: 3
Joined: 05 Sep 2013
Posts: 363
Location: Algeria
|
| Posted: Sat Mar 21, 2015 6:34 am Post subject: Re: Monitoring Function Calls |
|
|
| Abystus wrote: | | Is there a way to track all calls to a particular function? I'm looking for a feature similar to "Find what accesses this address", but for function calls instead ("Find what accesses this function"). Maybe I've overlooked this option? Any help is appreciated. |
I think that you could hook the function,redirect it to a memory block where you could log the return address (this is done by placing a jmp at the start of the function).
For this,I mostly use ollydbg,with hardware log breakpoints,whenever the breakpoint is hit,it'll write the 'return address'(address of caller+5),and the arguments if you wish to the log file,without even pausing the application.
|
|
| Back to top |
|
|
abystus
Expert Cheater
Reputation: 1
Joined: 09 Dec 2010
Posts: 140
|
| Posted: Sat Mar 21, 2015 5:19 pm Post subject: Re: Monitoring Function Calls |
|
|
| justa_dude wrote: | | I believe the dissect code option can find all static xrefs. I assume your call could still be accessed by indirect calls, but I guess I'm not positive. |
This may be doable, but I'm looking for something at runtime if at all possible similar to the other loggers. I'd assume something similar to the "Find what accesses" options could be applied to function calls as well (listing the calling address).
| rnib wrote: |
I think that you could hook the function,redirect it to a memory block where you could log the return address (this is done by placing a jmp at the start of the function).
For this,I mostly use ollydbg,with hardware log breakpoints,whenever the breakpoint is hit,it'll write the 'return address'(address of caller+5),and the arguments if you wish to the log file,without even pausing the application. |
This would only log the last call every iteration to said address (logging to a file would show them all of course, but it would grow immensely in no time). This would also require something (direct asm modifications, custom subroutine) not already built into cheat engine as a tool, and would have to be manipulated for each separate function I attempted to log. I would need a listing of all calls/counts similar to what occurs in the "Find what accesses this ..." methods.
The problem is, the function in question is being call constantly, but I want to only see when it is called in other locations. There is no way to exclude calls from a particular address that I have seen (maybe there are conditional breakpoints?), so I'm looking for a logging option.
_________________
Hitler are you bored? Watch some of my hacks here. Want 2 gb of online storage space for free? Get Dropbox for computer, phone, etc... |
|
| Back to top |
|
|
justa_dude
Grandmaster Cheater
Reputation: 23
Joined: 29 Jun 2010
Posts: 891
|
| Posted: Sat Mar 21, 2015 5:32 pm Post subject: |
|
|
The return address is probably at the top of the stack during the function prolog. Maybe you can figure out what you need using that.
_________________
A nagy kapu mellett, mindig van egy kis kapu.
----------------------
Come on... |
|
| Back to top |
|
|
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25791
Location: The netherlands
|
| Posted: Sat Mar 21, 2015 5:33 pm Post subject: |
|
|
Adapt this lua function to your situation:
| Code: |
addressToWatch=0x00424fc0
returnAddressLog={}
function debugger_onBreakpoint()
if (EIP==addressToWatch) then
local returnAddress=readInteger(ESP)
if (returnAddressLog[returnAddress]==nil) then
returnAddressLog[returnAddress]=0
else
returnAddressLog[returnAddress]=returnAddressLog[returnAddress]+1
end
debug_continueFromBreakpoint(co_run) --not really needed for return 1, but lets be sure
return 1
else
return 0
end
end
|
just change addressToWatch to the entry point of the function you're interested in, and then set a breakpoint there (manually, or you could use setBreakpoint(addressToWatch) )
to get the results execute:
| Code: |
for address,count in pairs(returnAddressLog) do
print(string.format("%x : %d",address,count))
end
|
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
abystus
Expert Cheater
Reputation: 1
Joined: 09 Dec 2010
Posts: 140
|
| Posted: Sat Mar 21, 2015 6:17 pm Post subject: |
|
|
| Dark Byte wrote: | Adapt this lua function to your situation:
| Code: |
addressToWatch=0x00424fc0
returnAddressLog={}
function debugger_onBreakpoint()
if (EIP==addressToWatch) then
local returnAddress=readInteger(ESP)
if (returnAddressLog[returnAddress]==nil) then
returnAddressLog[returnAddress]=0
else
returnAddressLog[returnAddress]=returnAddressLog[returnAddress]+1
end
debug_continueFromBreakpoint(co_run) --not really needed for return 1, but lets be sure
return 1
else
return 0
end
end
|
just change addressToWatch to the entry point of the function you're interested in, and then set a breakpoint there (manually, or you could use setBreakpoint(addressToWatch) )
to get the results execute:
| Code: |
for address,count in pairs(returnAddressLog) do
print(string.format("%x : %d",address,count))
end
|
|
You say to use this with a breakpoint, but wouldn't that halt the execution of the application in question? Is there a way to set a breakpoint which doesn't halt the execution, but would still trigger this lua function? I would like something similar to how you have the "Find what accesses this ...", as it does not halt execution (maybe this is what debug_continueFromBreakpoint(co_run) does?), and allows me to monitor while triggering different events throughout said application (it isn't frozen). I will work with this lua example to see what can be done.
_________________
Hitler are you bored? Watch some of my hacks here. Want 2 gb of online storage space for free? Get Dropbox for computer, phone, etc... |
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Sat Mar 21, 2015 7:57 pm Post subject: |
|
|
| Wouldn't ultimap work?
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25791
Location: The netherlands
|
| Posted: Sat Mar 21, 2015 8:53 pm Post subject: |
|
|
that function won't freeze the game as it just records and resumes, just like the find what... options
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
abystus
Expert Cheater
Reputation: 1
Joined: 09 Dec 2010
Posts: 140
|
| Posted: Sun Mar 22, 2015 12:09 am Post subject: |
|
|
| ++METHOS wrote: | | Wouldn't ultimap work? |
It would, but ultimap has issues just getting it to work correctly (have to disable some of my cores, and it also causes a lot of slowdown).
| Dark Byte wrote: | | that function won't freeze the game as it just records and resumes, just like the find what... options |
Thanks, I'll be working with this to meet my needs. BTW, you should include this option in a future build of cheat engine as it would make determining call locations for constantly accessed functions much easier. A good name for the option (right-click on the disassembler screen) would be "Find what calls this function", and you could easily identify the start of function by using the other option you already include "Select current function". I'm always willing to use Lua alternatives, but having something built into Cheat Engine is always a better option in my opinion. Appreciate the help.
_________________
Hitler are you bored? Watch some of my hacks here. Want 2 gb of online storage space for free? Get Dropbox for computer, phone, etc... |
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25791
Location: The netherlands
|
| Posted: Sun Mar 22, 2015 5:20 am Post subject: |
|
|
the thing is that certain debug options are very similar and just slightly differ from one another
in your case you wish to see the count of the different callers, but someone else else might wish a sequential list of all the calls.
if i where to implement the list feature you'd be able to use as well (i can make it count) but there would be a lot of overhead of adding to the list and a lot of memory wasted(when called a billion times) for something you don't need
i could add 2 seperate functions, but that would probably clutter the already full menu even more
so, i think adding select features with plugins (lua or native) is probably the best solution for adding similar but slightly different features
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
abystus
Expert Cheater
Reputation: 1
Joined: 09 Dec 2010
Posts: 140
|
| Posted: Sun Mar 22, 2015 7:45 pm Post subject: |
|
|
| Dark Byte wrote: | the thing is that certain debug options are very similar and just slightly differ from one another
in your case you wish to see the count of the different callers, but someone else else might wish a sequential list of all the calls.
if i where to implement the list feature you'd be able to use as well (i can make it count) but there would be a lot of overhead of adding to the list and a lot of memory wasted(when called a billion times) for something you don't need
i could add 2 seperate functions, but that would probably clutter the already full menu even more
so, i think adding select features with plugins (lua or native) is probably the best solution for adding similar but slightly different features |
I see your point. BTW, what is there a way to include AOBScan in this to set "addressToWatch" (the game in question changes this address every launch)? Also, I see the "Clear Output" option in the Lua Script window, but is there a way to do the same thing in Lua script (not wanting it to write down the window)?
_________________
Hitler are you bored? Watch some of my hacks here. Want 2 gb of online storage space for free? Get Dropbox for computer, phone, etc... |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
