Created
January 11, 2019 03:35
-
-
Save fakuivan/5b4c6bd334c55407952f3557dad2362c to your computer and use it in GitHub Desktop.
Cheat engine lua script that creates an auto assembler command used to extract and make absolute a RIP-relative address in an instruction
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ------------------------- | |
| -- Reads a RIP-relative address from an instruction | |
| -- All parameters should be integers | |
| function extractRIPRelativeAddress(address, offset, offset_size) | |
| address = getAddressSafe(address) | |
| if address == nil then return nil end | |
| local instruction_size = getInstructionSize(address) | |
| if instruction_size == nil then return nil end | |
| readOffset = ({ | |
| [1] = function(address_) return readBytes(address_, 1, false) end, | |
| [2] = readSmallInteger, | |
| [4] = readInteger, | |
| [8] = readQword | |
| })[offset_size] | |
| if readOffset == nil then return nil end | |
| offset = (tonumber(offset) or 0) | |
| -- Simple check to see if the offset and size move outside the instruction | |
| if instruction_size < offset + offset_size then | |
| return nil | |
| end | |
| local stored_address_ptr = address + (offset or 0) | |
| return address + instruction_size + readOffset(stored_address_ptr) | |
| end | |
| ------------------------- | |
| ------------------------- | |
| -- Auto assembly command helpers | |
| function parseCommandArgInteger(string_) | |
| return (tonumber(string_, 16) or tonumber(string_)) | |
| end | |
| function string:split(inSplitPattern, outResults) | |
| if not outResults then | |
| outResults = { } | |
| end | |
| local theStart = 1 | |
| local theSplitStart, theSplitEnd = string.find(self, inSplitPattern, theStart) | |
| while theSplitStart do | |
| table.insert(outResults, string.sub(self, theStart, theSplitStart-1)) | |
| theStart = theSplitEnd + 1 | |
| theSplitStart, theSplitEnd = string.find(self, inSplitPattern, theStart) | |
| end | |
| table.insert(outResults, string.sub(self, theStart)) | |
| return outResults | |
| end | |
| ------------------------- | |
| ------------------------- | |
| -- Auto assembly commands | |
| -- Usage on auto assembler: extractRIPRelativeAddress(<define_alias>,<instruction_address>,<offset_from_instruction>,<size>) | |
| function commandExtractRIPRelativeAddress(parameters, isSyntaxCheck) | |
| local symbol, address, offset, offset_size = unpack(parameters:split(",")) | |
| if symbol == nil or address == nil or offset == nil or offset_size == nil then | |
| return nil, "Wrong number of parameters passed" | |
| end | |
| address = getAddressSafe(address) | |
| offset = parseCommandArgInteger(offset) | |
| offset_size = parseCommandArgInteger(offset_size) | |
| if address == nil then | |
| return nil, "Failed to parse address parameter" end | |
| if offset == nil then | |
| return nil, "Failed to parse offset parameter" end | |
| if offset_size == nil then | |
| return nil, "Failed to parse offset_size parameter" end | |
| if isSyntaxCheck then return "define(" .. symbol .. "," .. "0" .. ")" end | |
| -- Function defined on the table's lua script | |
| local extracted_address = extractRIPRelativeAddress(address, | |
| offset, | |
| offset_size) | |
| if extracted_address == nil then | |
| ret = nil, "Failed to find address" | |
| else | |
| ret = "define(" .. symbol .. "," .. getNameFromAddress(extracted_address) .. ")" | |
| end | |
| --print(ret) | |
| return ret | |
| end | |
| registerAutoAssemblerCommand("extractRIPRelativeAddress", commandExtractRIPRelativeAddress) | |
| ------------------------- |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment