One thing I forgot to mention here is that the lua code in AA scripts will run before any of the assembly code, so keep that in mind. For instance if you had something like this: [ENABLE] label(test) registerSymbol(test) // could be aob scan etc. 400290: test: {$lua} local addr = getAddressSafe('test') print(tostring(addr)) {$asm} [DISABLE] unregisterSymbol(test) You might expect it to print out 4194960 (0x400290 in decimal), and in fact if you run the same lua code in the lua window after enabling the script it will. But in the script itself the AA code hasn't run yet so the test symbol hasn't been set or registered and so getAddressSafe will return nil. CE comes with a template, Call CE lua function, which lets you call a lua function from assembly. You can see a couple example scripts in my tutorial cheat table www.dropbox.com/s/pqi0571f19w3say/Tutorial-i386.ct?dl=0 labeled "Disable Me From Assembly (step2)" and "Run lua function with one agument/parameter from AA (step 2)". That cheat table is in my github with CE Examples (often lua) github.com/FreeER/CE-Examples though I haven't gotten around to separating the scripts from the table into separate well-named/organized tables.
Excuse me. local addr = '036e2f28' if not debug_isDebugging() then debugProcess() end local inss = {} debug_removeBreakpoint(addr) debug_setBreakpoint(addr, 4, bptAccess, function() local insaddr = getPreviousOpcode(EIP) local ins = inss[insaddr] or {0, disassemble(insaddr)} ins[1] = ins[1] + 1 inss[insaddr] = ins print(ins[1], '-', ins[2]) return 0 end) After i write this code as you shown the lua engine can't show any result. do you know why?
perhaps the address is wrong? I just tested in 6.8.3 by copying the above and changing the address and still worked. Or if there was already a breakpoint set that may interfere as well
One thing I forgot to mention here is that the lua code in AA scripts will run before any of the assembly code, so keep that in mind. For instance if you had something like this:
[ENABLE]
label(test)
registerSymbol(test)
// could be aob scan etc.
400290:
test:
{$lua}
local addr = getAddressSafe('test')
print(tostring(addr))
{$asm}
[DISABLE]
unregisterSymbol(test)
You might expect it to print out 4194960 (0x400290 in decimal), and in fact if you run the same lua code in the lua window after enabling the script it will. But in the script itself the AA code hasn't run yet so the test symbol hasn't been set or registered and so getAddressSafe will return nil.
CE comes with a template, Call CE lua function, which lets you call a lua function from assembly. You can see a couple example scripts in my tutorial cheat table www.dropbox.com/s/pqi0571f19w3say/Tutorial-i386.ct?dl=0 labeled "Disable Me From Assembly (step2)" and "Run lua function with one agument/parameter from AA (step 2)". That cheat table is in my github with CE Examples (often lua) github.com/FreeER/CE-Examples though I haven't gotten around to separating the scripts from the table into separate well-named/organized tables.
This series helped me a lot, answered some questions I didnt realize I had.. Great Job!!
Glad to hear it! :)
Excuse me.
local addr = '036e2f28'
if not debug_isDebugging() then debugProcess() end
local inss = {}
debug_removeBreakpoint(addr)
debug_setBreakpoint(addr, 4, bptAccess, function()
local insaddr = getPreviousOpcode(EIP)
local ins = inss[insaddr] or {0, disassemble(insaddr)}
ins[1] = ins[1] + 1
inss[insaddr] = ins
print(ins[1], '-', ins[2])
return 0
end)
After i write this code as you shown the lua engine can't show any result.
do you know why?
perhaps the address is wrong? I just tested in 6.8.3 by copying the above and changing the address and still worked.
Or if there was already a breakpoint set that may interfere as well
@@FreeER i checked out and found out what's the problem it is.
i forgot to press change value after execute the program code.
however i got something strange.
the value only show something like this
1 - 0002C626 - - ??
1 - 0002C6A1 - - ??
1 - 0002C6AE - - ??
1 - 0002C6E6 - - ??
2 - 0002C626 - - ??
2 - 0002C6A1 - - ??
2 - 0002C6AE - - ??
2 - 0002C6E6 - - ??
3 - 0002C626 - - ??
3 - 0002C6A1 - - ??
3 - 0002C6AE - - ??
3 - 0002C6E6 - - ??
4 - 0002C626 - - ??
4 - 0002C6A1 - - ??
4 - 0002C6AE - - ??
4 - 0002C6E6 - - ??
5 - 0002C626 - - ??
5 - 0002C6A1 - - ??
5 - 0002C6AE - - ??
5 - 0002C6E6 - - ??
6 - 0002C626 - - ??
6 - 0002C6A1 - - ??
6 - 0002C6AE - - ??
6 - 0002C6E6 - - ??
7 - 0002C626 - - ??
7 - 0002C6A1 - - ??
7 - 0002C6AE - - ??
7 - 0002C6E6 - - ??
@@billrob9305 strange... Presumably get previous opcode failed but I don't know why