Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Find 5Byte length Jumps/Calls to address

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Extensions
View previous topic :: View next topic  
Author Message
broly7
Advanced Cheater
Reputation: 0

Joined: 13 Aug 2015
Posts: 60

PostPosted: Wed Apr 01, 2020 10:18 am    Post subject: Find 5Byte length Jumps/Calls to address Reply with quote

Hi, i made this guetto 0.5min Lua code to find jumps to an address.
Reasons:
-Find assembler CE function is slow as fuk.
-Find assembler CE function sometimes missaligns instructions so the jmp is never catched.
-Rise of obfuscators and virtualizers that make jmp,jns,je,jne everythwere in the code, so i want to find the function who called the address i need.

Just replace the modulename 'PEX.exe' and the variable ADD and hit execute.

It's a code to be improved, like it takes the whole module size so would be suitable to skip non-execute pages but i lack of time/knowledge.
DOesn't take longer or shorter jmp/call than 5 byte length, that could be improved as well.

Code:
--FIND LE "POSIBOL" JUMPS PLS
local NAME='PE.exe';
local mod=getAddress(NAME);
if mod==0 then return;end;
local ADD=0x00519E51;
local siz=getModuleSize(NAME);
local i=0;
print(string.format('%02X',siz));--siz=0x20000;

for i=1,siz do
a=readInteger(mod+i);
b=mod+i-1;c=readBytes(b);b=b+5+a;
if c==0xE8 or c==0xE9 or (c>=0x71 and c<=0x7f) then
if b==ADD then
print(NAME..'+'..string.format('%02X',i-1));
end;
end;

end;
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Extensions All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites