Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Also show drivers in the modulelist dropdown for scanning

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Extensions
View previous topic :: View next topic  
Author Message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Mon Jun 01, 2020 2:17 am    Post subject: Also show drivers in the modulelist dropdown for scanning Reply with quote

One of my patreon members requested the function to show drivers in the dropdown list for memory scanning, so I made him a script and also posting it here for those that are interested

It builds upon the already existing modulelistscan.lua which is in the autorun folder

Code:

function getDriverList()
  local r
  local _need=createMemoryStream()
  _need.writeDword(0)

  local i
  i=ExecuteCodeLocalEx('EnumDeviceDrivers',0,0,_need.Memory)

  if i==1 then
    local need=readIntegerLocal(_need.Memory)

    local _buffer=createMemoryStream()
    _buffer.Size=need*2

    writeIntegerLocal(_need.Memory,0)

    i=ExecuteCodeLocalEx('EnumDeviceDrivers',_buffer.Memory,_buffer.Size,_need.Memory)
    if i==1 then
      r={}
      local _drivername=createMemoryStream()
      _drivername.size=255

      local need=readIntegerLocal(_need.Memory)
      local count=need / 8 --change to 4 if on 32-bit windows
      local di
      for di=1,count do
        r[di]={}
        r[di].Base=_buffer.readQword() --change to Dword on 32-bit

        ExecuteCodeLocalEx('GetDevicedriverBaseNameA',r[di].Base,_drivername.Memory, 255);
        r[di].Name=readStringLocal(_drivername.Memory,255)

        ExecuteCodeLocalEx('GetDevicedriverFileNameA',r[di].Base,_drivername.Memory, 255);
        local filename=readStringLocal(_drivername.Memory,255)
        filename=string.lower(filename) --windows isn't case sensitive
        filename=filename:gsub([[\systemroot\]],[[c:\windows\]])
        filename=filename:gsub([[\%?%?\]],'')
        r[di].Path=filename
        r[di].Size=getImageSize(filename)
      end

      _drivername.destroy()

    else
      _buffer.destroy()
      return nil, "EnumDeviceDrivers with buffer failed"
    end

    _buffer.destroy()
  else
    _need.destroy()
    return nil, "EnumDeviceDrivers init failed"
  end

  _need.destroy()

  return r
end

function getImageSize(path)
  local stream=createMemoryStream()
  local f=io.open(path,'r')
  if not f then
    return nil,'Can not open' --todo, read the kernel memory pe header instead or psloadedModules
  end
  f:close()
  stream.loadFromFile(path)



  if (byteTableToString(stream.read(2))~='MZ') then
    stream.destroy()
    return nil,'Not a valid executable'
  end

  stream.Position=60;
  local lfanew=stream.readDword();
  stream.Position=lfanew;

  if (byteTableToString(stream.read(2))~='PE') then
    stream.destroy()
    return nil, 'Not a valid windows executable'
  end

  stream.Position=stream.Position+2
  --fileheader
  stream.Position=stream.Position+20
  --Optional Header

  stream.Position=stream.Position+56
  --imagesize
  local imagesize=stream.readDword()


  stream.destroy()

  return imagesize
end



local originalOnDropDown
local originalOnSelect
local currentDriverStartIndex
local currentDriverList

local i
for i=0,MainForm.gbScanOptions.ControlCount-1 do
  local c=MainForm.gbScanOptions.Control[i]
  if c.ClassName=='TComboBox' then
    originalOnDropDown=c.OnDropDown
    c.OnDropDown=function(sender)
      if originalOnDropDown then
        originalOnDropDown(sender)
      end

      currentDriverStartIndex=c.Items.Count

      currentDriverList=getDriverList()
      local j
      for j=1,#currentDriverList do
        c.Items.Add(currentDriverList[j].Name)
      end
    end

    originalOnSelect=c.OnSelect
    c.OnSelect=function(sender)
      if c.ItemIndex>=currentDriverStartIndex then
        local e=currentDriverList[1+c.ItemIndex-currentDriverStartIndex]
        showMessage(e.Name)
        MainForm.FromAddress.Text=string.format("%.16x",e.Base)
        if e.Size then
          MainForm.ToAddress.Text=string.format("%.16x",e.Base+e.Size)
        else
          MainForm.ToAddress.Text=''
        end
      else
        originalOnSelect(sender)
      end

    end

    break
  end
end

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
danrevella
Master Cheater
Reputation: 2

Joined: 11 Jun 2008
Posts: 290

PostPosted: Sun Jun 07, 2020 12:35 am    Post subject: Reply with quote

hi!!
May you gently tell me how may utilize it?
I have saved it and copied in the autorun dir, but I see no differences at all...
Thanks
Back to top
View user's profile Send private message
mgr.inz.Player
I post too much
Reputation: 218

Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00

PostPosted: Mon Jun 08, 2020 4:28 am    Post subject: Reply with quote

This script is an extension to already existing extension.

Add above code at the end of modulelistscan.lua file
or create new file which filename is alphabetically after modulelistscan.lua, e.g. modulelistscan_showdrivers.lua

PS: you probably will want line "showMessage(e.Name)" commented/removed.

_________________
Back to top
View user's profile Send private message MSN Messenger
Csimbi
I post too much
Reputation: 92

Joined: 14 Jul 2007
Posts: 3102

PostPosted: Mon Jun 08, 2020 4:49 am    Post subject: Reply with quote

Good stuff!
Why not make it official and include it in the next release?
Back to top
View user's profile Send private message
danrevella
Master Cheater
Reputation: 2

Joined: 11 Jun 2008
Posts: 290

PostPosted: Mon Jun 08, 2020 5:31 am    Post subject: Reply with quote

Wow!!!!!!!
@mgr.inz.Player Great!!! Now it works
I do like this extension!!!!!!
@Dark Byte
Many thanks!!!

Now I wanna experiment in running CE as user SYSTEM ^_^

Last moment sad news, after a reboot it no loger work, trying on another computer with win10 2004 NOT working......
Simple I see no differences with the normal version...
Maybe it work only on beta version of CE?
Thanks
Back to top
View user's profile Send private message
mgr.inz.Player
I post too much
Reputation: 218

Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00

PostPosted: Tue Jun 09, 2020 5:21 am    Post subject: Reply with quote

what exactly you did? Did you append script to an existing modulelistscan.lua?
_________________
Back to top
View user's profile Send private message MSN Messenger
danrevella
Master Cheater
Reputation: 2

Joined: 11 Jun 2008
Posts: 290

PostPosted: Tue Jun 09, 2020 5:25 am    Post subject: Reply with quote

mgr.inz.Player wrote:
what exactly you did? Did you append script to an existing modulelistscan.lua?

yes exactelly...
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Extensions All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites