Перейти к содержанию

Cheat Engine 6.8 Release Candidate 2


Рекомендуемые сообщения

RC2:

Цитата

Fixed disassembling some rex related instructions 
Fixed the disassembler with rip relative instructions 
Speedhack hotkeys shouldn't show a error anymore 
Added compare structure tool to CE to find commonalities between addresses in two different groups 
F1 now opens the wiki 

 

Beta5:

Цитата

Fixed an disassembler issue 
Fixed hotkey configuration 
Speedhack shouldn't give an error anymore on hotkey 
B4 I forgot to generate .sig files so the driver would fail, fixed in this one 

 

Beta4:

Цитата

Added option to disable the Spectre protection on your system

 

Beta3:

Цитата

Fixed the structures config window getting corrupt 
Fixed an issue with saving structures more than 7 levels deep 
Changed the table version so people with 6.7 see there is a new version (6.7 can not properly load 6.8 structures, it's a bug in 6.7) 
Cleaned up some code, and fixed a potential issue with .destroy() in lua 
Added some extra exception handling at some spots 

 

Beta2:

Цитата

fixed a memory corruption when using the dissect data function 
added 3 new tutorial steps to the tutorial (not so much tutorial but something you can hack on and post about in the forum) 
added {$try}/{$except} blocks to AA scripts (You need to jump over the {$except} block yourself. It also does not do any unwinding, so watch the stack ) 
a different DBVM build (let me know if it crashes more often) 
fixed deleting the last address from a group 
suppressed a lua error from showing up when using mono 
fixed forgot value scan from being usable on a tab with no previous addresslist 
fixed keyboard navigation updating the values in the hexview of memview 
added an option to rearrange the structure list (it's under file in the structure window) 
fixed a disassembler issue with push and related in 64-bit 
added some plugin files for lua to the plugin folder 
added AA command createthreadandwait(address) which will spawn the thread right after the block it has been put in has been written to memory (So do NOT put this on top) This is useful if you wish to run some code right before the final hook code overwrites the original code and causes your code to run.  (e.g initializers)

 

Beta1:

Цитата

Fixes: 
Fixed some more high dpi issues 
Fixed issues with the dropdown list in memory records 
Fixed offset symbols 
Fixed registered binutils 
Fixed graphical issues with the tablist 
Fixed issue where memory blocks would get cut of before the page end 
Fixed some memory leaks 
Fixed some graphical issues in the addresslist 
Fixed rightclick on r8 and r9 in memoryview 
Fixed disassembling some instructions 
Fixed DBVM so it works on windows 1709 and later (tested on 1803) 
Fixed several DBVM offload crashes 
Fixed freeze with allow increase/decrease for 8 byte long values 
Fixed several issues where minimizing a window and then close it would hang CE 

 

Additions and changes: 
Text editor improvements 
Added hundreds of new cpu instructions 
Mono now has some new features like instancing of objects 
Mono instances window is now a treeview where you can see the fields and values 
"find what addresses this code accesses" can also be used on RET instructions now 

(useful to find callers) 
The graphical memory view now has a lot more options to set it just the way you need 
Codepage support in hexview 
structure data from PDB files is now stored in a database for lookup later 
dissect structures form can now show a list of known structures (pdb, mono, ...) 
Added a "revert to saved scan" option  (lets you undo changes) 
Added a "forgot scan" option (in case you forgot what you're doing) 
Pointerscan limit nodes is default on in a new ce install (remembers your choice when 

you disable it) 
Autoattach now happens using a thread instead of a gui blocking timer 
Some colorscheme enhancements 
Added a DBVM based "Find what writes/accesses" feature. (For pro users, enable 

kernelmode options for it to show) 
Changed the dissect data setup from seperate yes/no/value dialogs to a single window 
Added a bypass option for ultimap2 on windows 1709. When using ranges, do not use interrupts, or use DBVM 


lua: 
added automatic garbage collection and settings to configure it 
added new functions, like: 
  reinitializeSelfSymbolhandler 
  cpuid 
  and more 

 

https://cheatengine.org/temp/CheatEngine68RC2.exe

  • Понравилось 2
  • Спасибо 1
  • Плюс 1
Ссылка на комментарий
Поделиться на другие сайты

Изменения в Lua при сравнении файлов. Возможно позже напишу, что интересного можно делать в новой бета версии CE

Спойлер

writePointer(address,value)
writePointerLocal(address,value)

У enumModules(processid OPTIONAL):
  Name : String containing the modulename  
  
  
reinitializeSelfSymbolhandler(waittilldone: BOOLEAN OPTIONAL, default=TRUE): reinitializes the selfsymbolhandler. E.g when new modules have been loaded to CE process


registerStructureAndElementListCallback(function StructureListCallback(), function elementlistcallback(id1,id2) ) : Registers a function to be called when a structure needs to be dissected 
  function StructureListCallback() will be a function that returns an array of list of structures in table format
  the entries are build up as:
    name: string - name of the structure
    id1: integer - id you can use for whatever(e.g moduleid). It will be passed on to elementlistcallback when this structure is picked
    id2: integer - id you can use for whatever(e.g structureid inside the module). It will be passed on to elementlistcallback when this structure is picked

  
  function elementlistcallback(id1,id2) will be a function that returns an array of structure elements in table format
  the entries are build up as:
    name: string
    offset: integer
    vartype: variabletype (look up vtByte, vtWord, etc..)

  tip: If you return an empty table the structure will not be created. You can use this to create the structure layout yourself and register that instead

unregisterStructureAndElementListCallback(ID)


showSelectionList(title, caption, stringlist, allowCustomInput OPTIONAL): integer,string - Shows a menu with the given list. It returns the linenumber (starting at 0) and the selected string.  Linenumber is -1 if the user was allowed to enter custom input


getWindowlist(): Returns a table with the windowlist (pid - window caption ).  The table is formatted as : {pid,{id,caption}}



MainForm.OnProcessOpened: function(processid, processhandle, caption) - Define this if you want to be notified when a new process has been opened. Called only once from the main thread. It is recommended to use this instead of onOpenProcess


cpuid(EAX,ECX): returns a table with CPUID info (EAX, EBX, ECX, EDX)

gc_setPassive(state: boolean): enables/disables the passive garbage collector
gc_setActive(state: boolean, interval: integer, minsize: integer): enables/disables the active garbage collector and lets you configure the interval and minimim size


Form Class: (Inheritance: ScrollingWinControl->CustomControl->WinControl->Control->Component->Object)
properties
  FormState: FormState string ReadOnly - The current state of the form. Possible values: fsCreating, fsVisible, fsShowing, fsModal, fsCreatedMDIChild, fsBorderStyleChanged, fsFormStyleChanged, fsFirstShow, fsDisableAutoSize 

  
  ListItems class : (Inheritance: TObject)
methods
  displayRect(code): returns the displayed rectangle of the listitem. code can be: drBounds(0), drIcon(1), drLabel(2), drSelectBounds(3)
  displayRectSubItem(code): returns the displayed rectangle of the listitem. code can be: drBounds(0), drIcon(1), drLabel(2), drSelectBounds(3)

  
  
Stream Class
methods
  readByte(): integer
  writeByte(integer)
  readWord(): integer
  writeWord(integer)
  readDword(): integer
  writeDword(integer)
  readQword(): integer
  writeQword(integer)
  
  
  
MemoryRecord Class:
properties
  AddressString: string - Get the address string shown in CE (ReadOnly)
  VarType: ValueType (string) - The variable type of this record. See vtByte to vtCustom
  Type: ValueType (number) - The variable type of this record. See vtByte to vtCustom
  CustomTypeName: String - If the type is vtCustom this will contain the name of the CustomType
  
  Options: String set - a string enclosed by square brackets filled with the options seperated by a comma. Valid options are: moHideChildren, moActivateChildrenAsWell, moDeactivateChildrenAsWell, moRecursiveSetValue, moAllowManualCollapseAndExpand, moManualExpandCollapse
  
  DropDownLinked: boolean - if dropdown list refers to list of another memory record eg. (memrec name)
  DropDownLinkedMemrec: string - Description of linked memrec or emptystring if not linked
  DropDownList : StringList - list of "value:description" lines, lists are still separate objects when linked, read-write
  DropDownReadOnly: boolean - true if 'Disallow manual user input' is set
  DropDownDescriptionOnly: boolean - self explanatory
  DisplayAsDropDownListItem: boolean - self explanatory
  DropDownCount: integer - equivalent to .DropDownList.Count
  DropDownValue[index] : Array to access values in DropDownList (ReadOnly)
  DropDownDescription[index] : Array to access Descriptions in DropDownList (ReadOnly)

  Parent: MemoryRecord - self explanatory
  
  
  
StructureFrm class:
createStructureForm(address, groupname OPTIONAL, structurename OPTIONAL)
enumStructureForms() : returns a table of StructureFrm objects (can be useful for finding a structure window with the wanted structure)


properties:
MainStruct: structure - The currently selected structure

ColumnCount: integer - the number of columns (columns=address)
Column[index]: structColumn - Fetches a structColumn object from the structure form

GroupCount: integer - The number of groups
Group[index]: structGroup - Fetches a structGroup object from the structure form



StructureElement class: (Inheritance: Object)
Methods:
  getValue(address) : Gets the memory from the specified address and interprets it according to the element type
  setValue(address,value): Sets the memory at the specified address to the interpreted value according to the element type
  getValueFromBase(baseaddress): same as getValue but uses the offset to calculate the final address
  setValueFromBase(baseaddress,value): same as setValue but uses the offset to calculate the final address

dbk_readMSR(msr): Reads the msr
dbk_writeMSR(msr, msrvalue): Writes the msr 
dbk_executeKernelMemory(address, parameter) :
  Executes a routine from kernelmode (e.g a routine written there with auto assembler)
  parameter can be a value or an address. It's up to your code how it's handled


dbvm_initialize(offloados:Boolean OPTIONAL, reason:String OPTIONAL) : Initializes the dbvm functions (dbk_initialize also calls this) offloados is a boolean that when set will offload the system onto dbvm if it's not yet running (and only IF the dbk driver is loaded)
dbvm_readMSR(msr): See dbk_readMSR but then using dbvm
dbvm_writeMSR(msr, value): See dbk_writeMSR
dbvm_getCR4(): Returns the real Control Register 4 state

dbvm_readPhysicalMemory(address, size): bytetable
dbvm_writePhysicalMemory(address, size, bytetable)

dbvm_watch_writes(PhysicalAddress, bytesize OPTIONAL, OPTIONS OPTIONAL,  internalentrycount OPTIONAL) : 
  Starts watching writes to the given address range
  OPTIONS is a binary field.
    (1 << 0): Log the same RIP multiple times (if different registers)
    (1 << 1): Ignore the size field and log everything in the specified page
    (1 << 2): Logs record the floating point state
    (1 << 3): Logs contain a 4KB stack snapshot
    (1 << 4): does nothing
    (1 << 5): If the number of recorded entries gets bigger than internalentrycount, grow the list instead of discarding the entries

  On success returns an ID to use with dbvm_watch_retrievelog and dbvm_watch_disable


dbvm_watch_reads(PhysicalAddress, bytesize OPTIONAL, OPTIONS OPTIONAL,  internalentrycount OPTIONAL) : see dbvm_watch_writes but then for reads and writes
dbvm_watch_retrievelog(ID) : Returns an array of watch event data. (Context of the system at the time of the event, like registers)
dbvm_watch_disable(ID) : Disables the watch operation


dbvm_cloak_activate(physicalbase, virtualbase OPTIONAL): 
  Hides an executable memory range (4096 bytes) from snooping eyes
  Note: It is recommended to cause a copy-on-write on the target first, else this will affect all processes that have this memory block loaded
dbvm_cloak_deactivate(physicalbase): Disables the cloak and restores the executable memory to what the system thinks it is
dbvm_cloak_readOriginal(physicalbase): Reads the memory that will get executed.  On success returns a 4096 byte long bytetable (remember, lua indexes start at 1, so offset 0 is index 1)
dbvm_cloak_writeOriginal(physicalbase, bytetable[4096]): Writes the memory that will get executed. 

dbvm_changeregonbp(physicaladdress, changereginfo, virtualaddress OPTIONAL): boolean
  sets a breakpoint at the given position. When a breakpoint hits the registers will be changed according to the changereginfo table
    changereginfo table:  (set the field to nil, or don't define it, if you don't want to change it)
      newCF: integer/boolean (false=0, true=1) 
      newPF: integer/boolean (false=0, true=1) 
      newAF: integer/boolean (false=0, true=1) 
      newZF: integer/boolean (false=0, true=1) 
      newSF: integer/boolean (false=0, true=1) 
      newOF: integer/boolean (false=0, true=1)
      newRAX: integer
      newRBX: integer
      newRCX: integer 
      newRDX: integer
      newRSI: integer 
      newRDI: integer
      newRBP: integer 
      newRSP: integer
      newRIP: integer
      newR8:  integer
      newR9:  integer
      newR10: integer
      newR11: integer
      newR12: integer
      newR13: integer
      newR14: integer
      newR15: integer

dbvm_log_cr3_start() : Tells DBVM to record (up to 512) unique CR3 values it encounters
dbvm_log_cr3_stop() : Stops the logging and returns the results as a table


getPhysicalAddressCR3(CR3, address): Looks up the physical address for the given virtual address in the given pagetable base. Returns nil if not paged
readProcessMemoryCR3(CR3, address, size): Reads the virtual memory of the given process's CR3 value. Returns a bytetable on success, nil if fail to read (paged out)
writeProcessMemoryCR3(CR3, address, bytetable): Reads the virtual memory of the given process's CR3 value
 
 
createD3DHook(textureandcommandlistsize OPTIONAL, hookmessages OPTIONAL)
methods
  enableConsole(virtualkey): Adds a (lua)console to the specific game. The given key will bring it up (0xc0=tilde(`~))

Disassembler Class (Inheritance: Object)
Methods
      commentsoverride: string - If set, this will be the comments/LastParamatersToString result
      
HotkeyHandlerThread(Inheritence: Thread)
getHotkeyHandlerThread() : Returns the hotkey handler thread used internally by CE

properties
  state: 0 ('htsActive')=Active , 1('htsMemrecOnly')=Memory records only, 2('htsNoMemrec')=Everything except memoryrecords, 3('htsDisabled')=disabled

methods
  -

 

 

Карта сравнений (справа. на глаз изменений не более 20%)

Спойлер

image.png

 

Ссылка на комментарий
Поделиться на другие сайты

5 часов назад, SER[G]ANT сказал:

Added a "revert to saved scan" option  (lets you undo changes) 
Added a "forgot scan" option (in case you forgot what you're doing) 

Неужели таки, в 6.7 я этого не мог найти.

Ссылка на комментарий
Поделиться на другие сайты

3 часа назад, DieVis сказал:

Неужели таки, в 6.7 я этого не мог найти.

Верно

9 часов назад, SER[G]ANT сказал:

Added a "revert to saved scan" option  (lets you undo changes) 
Added a "forgot scan" option (in case you forgot what you're doing) 

При сканировании

Спойлер

image.pngimage.png

 

43 минуты назад, X86Jumps сказал:

поиск в trace не пофиксили?

 

А что с ним не так было?

Работает фильтр на конечное условие и на поиск этого условия. На начальное условие не смотрел

Спойлер

image.png image.png

 

 

 

Ссылка на комментарий
Поделиться на другие сайты

Эх, добавили бы ещё поиск в трассировке по регуляркам, было бы очень удобно отслеживать инструкции, а то приходится это делать через sublime text

Ссылка на комментарий
Поделиться на другие сайты

19 часов назад, MasterGH сказал:

А что с ним не так было?

Работает фильтр на конечное условие и на поиск этого условия. На начальное условие не см

в окне трейса поиск по условиям не пашет, ну по крайне мере в 6.7 так, в 6.5 работало))

Ссылка на комментарий
Поделиться на другие сайты

Эх, допилил бы DarkByte DBVM для 8700к

На форуме вроде писал, что из-за кол-ва ядер не работает DBVM, и вроде в планах есть, но могу ошибаться.

Оууу) Заработала DBVM на 8700к :) Урааа!)

Изменено пользователем temtriss
Потестил!!!)
Ссылка на комментарий
Поделиться на другие сайты

×
×
  • Создать...

Важная информация

Находясь на нашем сайте, Вы автоматически соглашаетесь соблюдать наши Условия использования.