jgoemat
Master Cheater
![]() Reputation: 23
Joined: 25 Sep 2011
Posts: 264
|
 Posted: Sat Feb 06, 2021 4:36 pm Post subject: Suggestion: AA for variable values? |
 |
|
I've been having to deal with some code that changes occasionally. Working on my MonoHelper that generates scripts, it uses the exact bytes at the time of generation to create a script that doesn't require any extra lua. Sometimes a value might change occasionally like the amount of stack reserved at the start of a function I hook. Here's an example where the 'sub rsp,30' might be 'sub rsp,38' due to JIT differences without any other meaningful change:
| Code: | define(hook,"XUiM_Recipes:GetRecipeIsUnlocked")
define(bytes,55 48 8B EC 48 83 EC 30 01 00 00)
[enable]
assert(hook, bytes)
alloc(newmem,$1000, hook)
{
RCX: XUiM_Recipes (this)
RDX: XUi xui
R8: Recipe _recipe
Returns (RAX) System.Boolean
}
newmem:
mov al,1
ret // return true
// original code
push rbp
mov rbp,rsp
sub rsp,130
jmp hook+b
hook:
jmp newmem
[disable]
hook:
db bytes
dealloc(newmem) |
As a work-around I can edit the script to use readmem and create a symbol for the relocated code (or guess I could maybe use globalalloc), but it makes the code uglier:
| Code: | define(hook,"XUiM_Recipes:GetRecipeIsUnlocked")
define(bytes,55 48 8B EC 48 83 EC * * 00 00)
[enable]
assert(hook, bytes)
alloc(newmem,$1000, hook)
alloc(relocated_XUiM_Recipes_GetRecipeIsUnlocked)
{
RCX: XUiM_Recipes (this)
RDX: XUi xui
R8: Recipe _recipe
Returns (RAX) System.Boolean
}
newmem:
mov al,1
ret // return true
// original code
relocated_XUiM_Recipes_GetRecipeIsUnlocked:
readmem(hook,$b)
jmp hook+b
hook:
jmp newmem
registersymbol(relocated_XUiM_Recipes_GetRecipeIsUnlocked)
[disable]
hook:
readmem(relocated_XUiM_Recipes_GetRecipeIsUnlocked,$b)
unregistersymbol(relocated_XUiM_Recipes_GetRecipeIsUnlocked)
dealloc(newmem) |
Part of the problem is defining a symbol name that will be unique across scripts, and cluttering up the user-defined symbols. I notice that 'newmem' doesn't need to be defined as a symbol to be deallocated at least in the disable section but I don't know how CE does that or if it is just kept in a special list. It would be nice if any label created in the `[enable]` section could be used in the `[disable]` section. That would allow script-local variables so it could be renamed 'relocatedCode' or something, the same name could be used in different scripts, and it wouldn't have to do the symbol registering.
I realize that in this instance the jmp doesn't actually overwrite the '30 01 00 00' so I could use a smaller bytes AOB and just do the readmem in the source, but something generic for generating AA scripts when that isn't the case would be nice...
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
Reputation: 470
