Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Disassembler using Listview or Virtual Listview

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
_Veggy
Cheater
Reputation: 2

Joined: 30 Apr 2013
Posts: 34
Location: BReWErS rox your dox
PostPosted: Fri Jun 10, 2016 8:43 am    Post subject: Disassembler using Listview or Virtual Listview Reply with quote
Hey guys,

Trying to experiment with a disassembler engine using BeaEngine.

I want the output of the disassembled instructions to be shown in a listview.
For this there are two methods:

1. Using a regular listview and fill it in, this works, but after a couple thousand results the listview is starting to become incredible slow and the listview is taking a lot of system resources.

2. A Virtual Listview which can handle thousands of results but requests them.

So number 2 seems a better method.

What I tried to do is the following:
1. Disassemble the file and save all instruction addresses into an allocated memory buffer.
2. Than when the listview requests an item I traverse through the allocated buffer and pick the appropriate instruction address to disassemble.
3. Fill in the requested info.

This is working perfectly fine but the problem is the following.

Since we do not know on forehand how many instructions we will have, we can't inform the virtual listview about the amount of instructions either.
So what I tried is:

//allocate buffer to store disassembled addresses for our listview
mov r14, [ImageBase]
mov rax, [SizeOfImage]
add r14, rax
mov rbx, 8
mul rbx
invoke GlobalAlloc, GMEM_ZEROINIT, rax
mov [Disasm_Index], rax
mov rdi, rax

It's an allocated buffer that allows me to store all qwords (instruction addresses).

but when I have a file of 50 MB my program will allocate an enormous amount of memory as a buffer.

My main question would be:
How is it possible to keep track of the instruction to assemble.

for example:
When the listview requests the first item:
iItem = 0 --> instruction to disassemble at: 140000000
iItem = 1 --> instruction to disassemble at: 140000005
iItem = 2 --> instruction to disassemble at: 140000009

As you see the amount of opcodes (bytes) vary for each iItem.

What I do atm is I store the addresses 140000000, 140000005, 140000009 etc..
into the allocated buffer.
Than when the listview asks for iItem 1 -> I read the addresses from the buffer and disassemble the instruction and fill the listview with information.

Are there any quicker less memory taking methods?
Back to top
View user's profile Send private message
ulysse31
Master Cheater
Reputation: 2

Joined: 19 Mar 2015
Posts: 324
Location: Paris
PostPosted: Fri Jun 10, 2016 2:55 pm    Post subject: Reply with quote
Have you taken a peek at the x64 debugger project ? the source code is available and they use BeaEngine as well.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites