| View previous topic :: View next topic |
| Author |
Message |
itsoqrappy
Advanced Cheater
![]() Reputation: 0
Joined: 24 Mar 2016
Posts: 67
|
 Posted: Mon Apr 11, 2016 6:55 am Post subject: Get/replace selected opcode in the Memory View using LUA |
 |
|
I'm trying to make a plugin for CE which gets the selected opcode in memory view, then replaces it with a custom code.
Could anyone do an example about that? Which functions should I use?
edit:
Any advices? by the way i've just added in the dropdown menu an item with the hotkey to get/replace it.
|
|
| Back to top |
|
 |
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Mon Apr 11, 2016 1:40 pm Post subject: |
|
|
| Why do you want to do this? What custom code are you replacing it with?
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
 Reputation: 152
Joined: 06 Jul 2014
Posts: 4700
|
| Posted: Mon Apr 11, 2016 2:55 pm Post subject: |
|
|
Do you mean right clicking on an instruction and clicking on "Assemble"?
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
akumakuja28
Master Cheater
 Reputation: 16
Joined: 28 Jun 2015
Posts: 432
|
| Posted: Mon Apr 11, 2016 3:45 pm Post subject: |
|
|
Why do you need to write a plugin? All this can be done on with cheat table script.
Also making something like this is a rather bad idea figuring all injections and opcode edits are unique unless its "nop".
_________________
|
|
| Back to top |
|
|
itsoqrappy
Advanced Cheater
![]() Reputation: 0
Joined: 24 Mar 2016
Posts: 67
|
| Posted: Mon Apr 11, 2016 5:03 pm Post subject: |
|
|
| ParkourPenguin wrote: | | Do you mean right clicking on an instruction and clicking on "Assemble"? |
| ++METHOS wrote: | | Why do you want to do this? What custom code are you replacing it with? |
| akumakuja28 wrote: | Why do you need to write a plugin? All this can be done on with cheat table script.
Also making something like this is a rather bad idea figuring all injections and opcode edits are unique unless its "nop". |
There are some instructions which are equal, so I'm trying to do a plugin which replaces it with another instruction (not NOP) using an hotkey and stores it when I want with another hotkey.
Eg.
Replace (CTRL+Z) inc [esi+10] with dec [esi+10] ... Store (CTRL+X) to the original function.
(I don't need anyhow the store function so much, it was just a more user-friendly thing  )
But I can't find any documentation for this, that's why I'm asking you.
ps: Yes, I'm lazy. But, figure out you have like 50 inc [esi+10] instruction(s) which you want to replace to dec [esi+10]...
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 152
Joined: 06 Jul 2014
Posts: 4700
|
| Posted: Mon Apr 11, 2016 5:54 pm Post subject: |
|
|
If you want to replace it immediately, right click on the instruction and select "Assemble" (or just double-click it). Keep track of multiple instructions using the code list.
If you want to use hotkeys and/or mass replace instructions, write an AA script which does that and bind it to some hotkey.
A Lua plugin would be much more work to make than what you're going to get out of it. It's only marginally more useful than already existing CE features in pretty specific cases.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Mon Apr 11, 2016 9:29 pm Post subject: |
|
|
| itsoqrappy wrote: | | But I can't find any documentation for this, that's why I'm asking you. |
-Have you completed the CE tutorial?
Anyway, as previously suggested, you are better off using the Auto Assemble feature in lieu of writing an LUA plugin for this.
In memory viewer, with the instruction highlighted, select 'Tools' from the drop-down menu. Click on 'Auto Assemble'. In the auto assemble window, click on 'Template' and select 'AOB Injection'. Click okay, name your script and click okay again. Click on 'File' from the drop-down menu...select 'Assign to current cheat table'.
From here, you can change the code however you like and assign hotkeys for enable/disable etc..
|
|
| Back to top |
|
|
itsoqrappy
Advanced Cheater
![]() Reputation: 0
Joined: 24 Mar 2016
Posts: 67
|
| Posted: Tue Apr 12, 2016 4:58 am Post subject: |
|
|
| ParkourPenguin wrote: | If you want to replace it immediately, right click on the instruction and select "Assemble" (or just double-click it). Keep track of multiple instructions using the code list.
If you want to use hotkeys and/or mass replace instructions, write an AA script which does that and bind it to some hotkey.
A Lua plugin would be much more work to make than what you're going to get out of it. It's only marginally more useful than already existing CE features in pretty specific cases. |
well I know I didn't explain so much properly. anyhow my real idea is to make a plugin which, when I test a lot of instructions, and there is for example inc [esi +8] or inc [eax+10] by replacing it to dec using an hotkey. I will need to use regex (regular expressions) for that and check if it matches with the actual opcode ... badly, an example of a regular exp wouldd be: (de|in)c (.+)
then i split the spaces and I have two parts of the opcode:
dec/inc and [something]
pseudocode:
if firstPartOpcode EqualsTo "dec" Then
Replace firstPartOpcode To "inc"
Else # in the case it equals to inc
Replace firstPartOpcode To "dec"
End CarryHandlingCondition
then a simple method to effectively replace it to the opcode :
string result = firstPartOpcode + " " + secondPartOpcode;
opcode.Replace(opcode, result);
yeah, imagine the DEL hotkey to NOP a selected opcode instruction. That but with a small customization of the instruction.
I don't want to replace just a specific instruction address, in this case an AA script would be useless
If yes, splits the spaces and replaces the first part of the splitted opcode with a dec instruction.
My real question was just how can I get/replace the selected opcode in the memory view with the plugin I created.
Hope to get your help, tthanks anyway in advance.
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Tue Apr 12, 2016 8:51 am Post subject: |
|
|
| You should listen to the advice that has been given to you. You are going about something the wrong way, it seems.
|
|
| Back to top |
|
|
itsoqrappy
Advanced Cheater
![]() Reputation: 0
Joined: 24 Mar 2016
Posts: 67
|
| Posted: Tue Apr 12, 2016 9:28 am Post subject: |
|
|
| ++METHOS wrote: | | You should listen to the advice that has been given to you. You are going about something the wrong way, it seems. |
Listen... or read? Don't confound them. I don't want to be rude with someone who is trying to help me, but ... Maybe I'm trying to explain badly (I'm so sorry), but I think it's useless to insist and stay "closed" in the personal opinion (you think I don't even know how to assemble an opcode).
My real idea was anyway to make a plugin which replaces "inc" in "dec" in the memory view or vice versa by clicking an hotkey, then I am able to restore it with the same hotkey.
Testing a structure, then another structure with this.
Hope I explained as well as possible.
Last edited by itsoqrappy on Tue Apr 12, 2016 10:18 am; edited 1 time in total |
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Tue Apr 12, 2016 9:46 am Post subject: |
|
|
| itsoqrappy wrote: | | Listen... or read? Don't confound them. I don't want to be rude with someone who is trying to help me |
-Are you sure about that?
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 152
Joined: 06 Jul 2014
Posts: 4700
|
| Posted: Tue Apr 12, 2016 9:55 am Post subject: |
|
|
| itsoqrappy wrote: | | I don't want to replace just a specific instruction address, in this case an AA script would be useless |
You can replace multiple instructions in an AA script if you want. You're not limited to just one.
IMO this is still more work than what you're going to get out of it; regardless, I'll help you with this if you want to do it this way. Here's how I'd go about swapping inc for dec and vise versa in the currently selected line in the disassembler:
| Code: | swapIncDecHK = createHotkey(function(sender)
local addy = getMemoryViewForm().DisassemblerView.SelectedAddress
local extra, mnemonic, bytes, address = splitDisassembledString(disassemble(addy))
local opcode,operands = mnemonic:match("^(%a+)%s*(.*)")
if opcode == "inc" then
autoAssemble(string.format("%s:\ndec %s", address, operands))
elseif opcode == "dec" then
autoAssemble(string.format("%s:\ninc %s", address, operands))
end
end, VK_DELETE)
swapIncDecHK.DelayBetweenActivate = 250 |
Hopefully this gives you plenty of information to go off of. If you have any questions, feel free to ask. Look inside main.lua for more information.
PS: an opcode is not the same thing as an instruction. The term opcode refers to the part of the instruction that defines the operation to be performed (including the addressing mode of said instruction). An instruction also usually has operands- the data it operates on. The operands are not a part of the opcode, but both constitute the instruction.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
akumakuja28
Master Cheater
Reputation: 16
Joined: 28 Jun 2015
Posts: 432
|
| Posted: Tue Apr 12, 2016 10:09 am Post subject: |
|
|
| itsoqrappy wrote: | | ++METHOS wrote: | | You should listen to the advice that has been given to you. You are going about something the wrong way, it seems. |
Listen... or read? Don't confound them. I don't want to be rude with someone who is trying to help me, but ... Maybe I'm trying to explain badly (I'm so sorry), but I think it's useless to insist and stay "closed" in the personal opinion (you think I don't even know how to assemble an opcode).
My real idea was anyway to make a plugin which replaces conditional jumps (JE, JNE) in the memory view with an unconditional jump (JMP) by clicking an hotkey, then I am able to restore it with the same hotkey.
Testing a structure, then another structure with this.
Hope I explained as well as possible. |
Ok now that actually sounds rather useful. Still would use the cheat table though. Just add the the address of the opcode as a "hex" byte. It will always be the Jump instruction.
http://sparksandflames.com/files/x86InstructionChart.html List of opcodes.
Then you can set all your jumps back and forth by highlighting all and changing the value.
If you plan on doing this in LUA or another plugin form you will hit so much resistance. You will have to store every opcode changed in a "LUA table" you will need to keep track of each original opcode that means a different table for each jmp condition if want a restore all hotkey. Set up arrays to compare to original table(opcodes)...... This is daunting and I havent scratched the surface yet.
_________________
|
|
| Back to top |
|
|
itsoqrappy
Advanced Cheater
![]() Reputation: 0
Joined: 24 Mar 2016
Posts: 67
|
| Posted: Tue Apr 12, 2016 10:12 am Post subject: |
|
|
| ParkourPenguin wrote: | | itsoqrappy wrote: | | I don't want to replace just a specific instruction address, in this case an AA script would be useless |
You can replace multiple instructions in an AA script if you want. You're not limited to just one.
IMO this is still more work than what you're going to get out of it; regardless, I'll help you with this if you want to do it this way. Here's how I'd go about swapping inc for dec and vise versa in the currently selected line in the disassembler:
| Code: | swapIncDecHK = createHotkey(function(sender)
local addy = getMemoryViewForm().DisassemblerView.SelectedAddress
local extra, mnemonic, bytes, address = splitDisassembledString(disassemble(addy))
local opcode,operands = mnemonic:match("^(%a+)%s*(.*)")
if opcode == "inc" then
autoAssemble(string.format("%s:\ndec %s", address, operands))
elseif opcode == "dec" then
autoAssemble(string.format("%s:\ninc %s", address, operands))
end
end, VK_DELETE)
swapIncDecHK.DelayBetweenActivate = 250 |
Hopefully this gives you plenty of information to go off of. If you have any questions, feel free to ask. Look inside main.lua for more information.
PS: an opcode is not the same thing as an instruction. The term opcode refers to the part of the instruction that defines the operation to be performed (including the addressing mode of said instruction). An instruction also usually has operands- the data it operates on. The operands are not a part of the opcode, but both constitute the instruction. |
Thank you so much ParkourPenguin, you are a clever guy . Yes, it works, now this plugin is 50% completed, how can I make something to store the original code then reset it? What do you suggest me to do?
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Tue Apr 12, 2016 10:37 am Post subject: |
|
|
| I guess akumakuja28's help wasn't good enough to justify a response.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
