SER[G]ANT Опубликовано 6 мая, 2018 Поделиться Опубликовано 6 мая, 2018 RC2: Цитата Fixed disassembling some rex related instructions Fixed the disassembler with rip relative instructions Speedhack hotkeys shouldn't show a error anymore Added compare structure tool to CE to find commonalities between addresses in two different groups F1 now opens the wiki Beta5: Цитата Fixed an disassembler issue Fixed hotkey configuration Speedhack shouldn't give an error anymore on hotkey B4 I forgot to generate .sig files so the driver would fail, fixed in this one Beta4: Цитата Added option to disable the Spectre protection on your system Beta3: Цитата Fixed the structures config window getting corrupt Fixed an issue with saving structures more than 7 levels deep Changed the table version so people with 6.7 see there is a new version (6.7 can not properly load 6.8 structures, it's a bug in 6.7) Cleaned up some code, and fixed a potential issue with .destroy() in lua Added some extra exception handling at some spots Beta2: Цитата fixed a memory corruption when using the dissect data function added 3 new tutorial steps to the tutorial (not so much tutorial but something you can hack on and post about in the forum) added {$try}/{$except} blocks to AA scripts (You need to jump over the {$except} block yourself. It also does not do any unwinding, so watch the stack ) a different DBVM build (let me know if it crashes more often) fixed deleting the last address from a group suppressed a lua error from showing up when using mono fixed forgot value scan from being usable on a tab with no previous addresslist fixed keyboard navigation updating the values in the hexview of memview added an option to rearrange the structure list (it's under file in the structure window) fixed a disassembler issue with push and related in 64-bit added some plugin files for lua to the plugin folder added AA command createthreadandwait(address) which will spawn the thread right after the block it has been put in has been written to memory (So do NOT put this on top) This is useful if you wish to run some code right before the final hook code overwrites the original code and causes your code to run. (e.g initializers) Beta1: Цитата Fixes: Fixed some more high dpi issues Fixed issues with the dropdown list in memory records Fixed offset symbols Fixed registered binutils Fixed graphical issues with the tablist Fixed issue where memory blocks would get cut of before the page end Fixed some memory leaks Fixed some graphical issues in the addresslist Fixed rightclick on r8 and r9 in memoryview Fixed disassembling some instructions Fixed DBVM so it works on windows 1709 and later (tested on 1803) Fixed several DBVM offload crashes Fixed freeze with allow increase/decrease for 8 byte long values Fixed several issues where minimizing a window and then close it would hang CE Additions and changes: Text editor improvements Added hundreds of new cpu instructions Mono now has some new features like instancing of objects Mono instances window is now a treeview where you can see the fields and values "find what addresses this code accesses" can also be used on RET instructions now (useful to find callers) The graphical memory view now has a lot more options to set it just the way you need Codepage support in hexview structure data from PDB files is now stored in a database for lookup later dissect structures form can now show a list of known structures (pdb, mono, ...) Added a "revert to saved scan" option (lets you undo changes) Added a "forgot scan" option (in case you forgot what you're doing) Pointerscan limit nodes is default on in a new ce install (remembers your choice when you disable it) Autoattach now happens using a thread instead of a gui blocking timer Some colorscheme enhancements Added a DBVM based "Find what writes/accesses" feature. (For pro users, enable kernelmode options for it to show) Changed the dissect data setup from seperate yes/no/value dialogs to a single window Added a bypass option for ultimap2 on windows 1709. When using ranges, do not use interrupts, or use DBVM lua: added automatic garbage collection and settings to configure it added new functions, like: reinitializeSelfSymbolhandler cpuid and more https://cheatengine.org/temp/CheatEngine68RC2.exe 2 1 1 Ссылка на комментарий Поделиться на другие сайты Поделиться
MasterGH Опубликовано 6 мая, 2018 Поделиться Опубликовано 6 мая, 2018 Изменения в Lua при сравнении файлов. Возможно позже напишу, что интересного можно делать в новой бета версии CE Спойлер writePointer(address,value) writePointerLocal(address,value) У enumModules(processid OPTIONAL): Name : String containing the modulename reinitializeSelfSymbolhandler(waittilldone: BOOLEAN OPTIONAL, default=TRUE): reinitializes the selfsymbolhandler. E.g when new modules have been loaded to CE process registerStructureAndElementListCallback(function StructureListCallback(), function elementlistcallback(id1,id2) ) : Registers a function to be called when a structure needs to be dissected function StructureListCallback() will be a function that returns an array of list of structures in table format the entries are build up as: name: string - name of the structure id1: integer - id you can use for whatever(e.g moduleid). It will be passed on to elementlistcallback when this structure is picked id2: integer - id you can use for whatever(e.g structureid inside the module). It will be passed on to elementlistcallback when this structure is picked function elementlistcallback(id1,id2) will be a function that returns an array of structure elements in table format the entries are build up as: name: string offset: integer vartype: variabletype (look up vtByte, vtWord, etc..) tip: If you return an empty table the structure will not be created. You can use this to create the structure layout yourself and register that instead unregisterStructureAndElementListCallback(ID) showSelectionList(title, caption, stringlist, allowCustomInput OPTIONAL): integer,string - Shows a menu with the given list. It returns the linenumber (starting at 0) and the selected string. Linenumber is -1 if the user was allowed to enter custom input getWindowlist(): Returns a table with the windowlist (pid - window caption ). The table is formatted as : {pid,{id,caption}} MainForm.OnProcessOpened: function(processid, processhandle, caption) - Define this if you want to be notified when a new process has been opened. Called only once from the main thread. It is recommended to use this instead of onOpenProcess cpuid(EAX,ECX): returns a table with CPUID info (EAX, EBX, ECX, EDX) gc_setPassive(state: boolean): enables/disables the passive garbage collector gc_setActive(state: boolean, interval: integer, minsize: integer): enables/disables the active garbage collector and lets you configure the interval and minimim size Form Class: (Inheritance: ScrollingWinControl->CustomControl->WinControl->Control->Component->Object) properties FormState: FormState string ReadOnly - The current state of the form. Possible values: fsCreating, fsVisible, fsShowing, fsModal, fsCreatedMDIChild, fsBorderStyleChanged, fsFormStyleChanged, fsFirstShow, fsDisableAutoSize ListItems class : (Inheritance: TObject) methods displayRect(code): returns the displayed rectangle of the listitem. code can be: drBounds(0), drIcon(1), drLabel(2), drSelectBounds(3) displayRectSubItem(code): returns the displayed rectangle of the listitem. code can be: drBounds(0), drIcon(1), drLabel(2), drSelectBounds(3) Stream Class methods readByte(): integer writeByte(integer) readWord(): integer writeWord(integer) readDword(): integer writeDword(integer) readQword(): integer writeQword(integer) MemoryRecord Class: properties AddressString: string - Get the address string shown in CE (ReadOnly) VarType: ValueType (string) - The variable type of this record. See vtByte to vtCustom Type: ValueType (number) - The variable type of this record. See vtByte to vtCustom CustomTypeName: String - If the type is vtCustom this will contain the name of the CustomType Options: String set - a string enclosed by square brackets filled with the options seperated by a comma. Valid options are: moHideChildren, moActivateChildrenAsWell, moDeactivateChildrenAsWell, moRecursiveSetValue, moAllowManualCollapseAndExpand, moManualExpandCollapse DropDownLinked: boolean - if dropdown list refers to list of another memory record eg. (memrec name) DropDownLinkedMemrec: string - Description of linked memrec or emptystring if not linked DropDownList : StringList - list of "value:description" lines, lists are still separate objects when linked, read-write DropDownReadOnly: boolean - true if 'Disallow manual user input' is set DropDownDescriptionOnly: boolean - self explanatory DisplayAsDropDownListItem: boolean - self explanatory DropDownCount: integer - equivalent to .DropDownList.Count DropDownValue[index] : Array to access values in DropDownList (ReadOnly) DropDownDescription[index] : Array to access Descriptions in DropDownList (ReadOnly) Parent: MemoryRecord - self explanatory StructureFrm class: createStructureForm(address, groupname OPTIONAL, structurename OPTIONAL) enumStructureForms() : returns a table of StructureFrm objects (can be useful for finding a structure window with the wanted structure) properties: MainStruct: structure - The currently selected structure ColumnCount: integer - the number of columns (columns=address) Column[index]: structColumn - Fetches a structColumn object from the structure form GroupCount: integer - The number of groups Group[index]: structGroup - Fetches a structGroup object from the structure form StructureElement class: (Inheritance: Object) Methods: getValue(address) : Gets the memory from the specified address and interprets it according to the element type setValue(address,value): Sets the memory at the specified address to the interpreted value according to the element type getValueFromBase(baseaddress): same as getValue but uses the offset to calculate the final address setValueFromBase(baseaddress,value): same as setValue but uses the offset to calculate the final address dbk_readMSR(msr): Reads the msr dbk_writeMSR(msr, msrvalue): Writes the msr dbk_executeKernelMemory(address, parameter) : Executes a routine from kernelmode (e.g a routine written there with auto assembler) parameter can be a value or an address. It's up to your code how it's handled dbvm_initialize(offloados:Boolean OPTIONAL, reason:String OPTIONAL) : Initializes the dbvm functions (dbk_initialize also calls this) offloados is a boolean that when set will offload the system onto dbvm if it's not yet running (and only IF the dbk driver is loaded) dbvm_readMSR(msr): See dbk_readMSR but then using dbvm dbvm_writeMSR(msr, value): See dbk_writeMSR dbvm_getCR4(): Returns the real Control Register 4 state dbvm_readPhysicalMemory(address, size): bytetable dbvm_writePhysicalMemory(address, size, bytetable) dbvm_watch_writes(PhysicalAddress, bytesize OPTIONAL, OPTIONS OPTIONAL, internalentrycount OPTIONAL) : Starts watching writes to the given address range OPTIONS is a binary field. (1 << 0): Log the same RIP multiple times (if different registers) (1 << 1): Ignore the size field and log everything in the specified page (1 << 2): Logs record the floating point state (1 << 3): Logs contain a 4KB stack snapshot (1 << 4): does nothing (1 << 5): If the number of recorded entries gets bigger than internalentrycount, grow the list instead of discarding the entries On success returns an ID to use with dbvm_watch_retrievelog and dbvm_watch_disable dbvm_watch_reads(PhysicalAddress, bytesize OPTIONAL, OPTIONS OPTIONAL, internalentrycount OPTIONAL) : see dbvm_watch_writes but then for reads and writes dbvm_watch_retrievelog(ID) : Returns an array of watch event data. (Context of the system at the time of the event, like registers) dbvm_watch_disable(ID) : Disables the watch operation dbvm_cloak_activate(physicalbase, virtualbase OPTIONAL): Hides an executable memory range (4096 bytes) from snooping eyes Note: It is recommended to cause a copy-on-write on the target first, else this will affect all processes that have this memory block loaded dbvm_cloak_deactivate(physicalbase): Disables the cloak and restores the executable memory to what the system thinks it is dbvm_cloak_readOriginal(physicalbase): Reads the memory that will get executed. On success returns a 4096 byte long bytetable (remember, lua indexes start at 1, so offset 0 is index 1) dbvm_cloak_writeOriginal(physicalbase, bytetable[4096]): Writes the memory that will get executed. dbvm_changeregonbp(physicaladdress, changereginfo, virtualaddress OPTIONAL): boolean sets a breakpoint at the given position. When a breakpoint hits the registers will be changed according to the changereginfo table changereginfo table: (set the field to nil, or don't define it, if you don't want to change it) newCF: integer/boolean (false=0, true=1) newPF: integer/boolean (false=0, true=1) newAF: integer/boolean (false=0, true=1) newZF: integer/boolean (false=0, true=1) newSF: integer/boolean (false=0, true=1) newOF: integer/boolean (false=0, true=1) newRAX: integer newRBX: integer newRCX: integer newRDX: integer newRSI: integer newRDI: integer newRBP: integer newRSP: integer newRIP: integer newR8: integer newR9: integer newR10: integer newR11: integer newR12: integer newR13: integer newR14: integer newR15: integer dbvm_log_cr3_start() : Tells DBVM to record (up to 512) unique CR3 values it encounters dbvm_log_cr3_stop() : Stops the logging and returns the results as a table getPhysicalAddressCR3(CR3, address): Looks up the physical address for the given virtual address in the given pagetable base. Returns nil if not paged readProcessMemoryCR3(CR3, address, size): Reads the virtual memory of the given process's CR3 value. Returns a bytetable on success, nil if fail to read (paged out) writeProcessMemoryCR3(CR3, address, bytetable): Reads the virtual memory of the given process's CR3 value createD3DHook(textureandcommandlistsize OPTIONAL, hookmessages OPTIONAL) methods enableConsole(virtualkey): Adds a (lua)console to the specific game. The given key will bring it up (0xc0=tilde(`~)) Disassembler Class (Inheritance: Object) Methods commentsoverride: string - If set, this will be the comments/LastParamatersToString result HotkeyHandlerThread(Inheritence: Thread) getHotkeyHandlerThread() : Returns the hotkey handler thread used internally by CE properties state: 0 ('htsActive')=Active , 1('htsMemrecOnly')=Memory records only, 2('htsNoMemrec')=Everything except memoryrecords, 3('htsDisabled')=disabled methods - Карта сравнений (справа. на глаз изменений не более 20%) Спойлер Ссылка на комментарий Поделиться на другие сайты Поделиться
DieVis Опубликовано 6 мая, 2018 Поделиться Опубликовано 6 мая, 2018 5 часов назад, SER[G]ANT сказал: Added a "revert to saved scan" option (lets you undo changes) Added a "forgot scan" option (in case you forgot what you're doing) Неужели таки, в 6.7 я этого не мог найти. Ссылка на комментарий Поделиться на другие сайты Поделиться
X86Jumps Опубликовано 6 мая, 2018 Поделиться Опубликовано 6 мая, 2018 поиск в trace не пофиксили? Ссылка на комментарий Поделиться на другие сайты Поделиться
MasterGH Опубликовано 6 мая, 2018 Поделиться Опубликовано 6 мая, 2018 3 часа назад, DieVis сказал: Неужели таки, в 6.7 я этого не мог найти. Верно 9 часов назад, SER[G]ANT сказал: Added a "revert to saved scan" option (lets you undo changes) Added a "forgot scan" option (in case you forgot what you're doing) При сканировании Спойлер 43 минуты назад, X86Jumps сказал: поиск в trace не пофиксили? А что с ним не так было? Работает фильтр на конечное условие и на поиск этого условия. На начальное условие не смотрел Спойлер Ссылка на комментарий Поделиться на другие сайты Поделиться
partoftheworlD Опубликовано 6 мая, 2018 Поделиться Опубликовано 6 мая, 2018 Эх, добавили бы ещё поиск в трассировке по регуляркам, было бы очень удобно отслеживать инструкции, а то приходится это делать через sublime text Ссылка на комментарий Поделиться на другие сайты Поделиться
X86Jumps Опубликовано 7 мая, 2018 Поделиться Опубликовано 7 мая, 2018 19 часов назад, MasterGH сказал: А что с ним не так было? Работает фильтр на конечное условие и на поиск этого условия. На начальное условие не см в окне трейса поиск по условиям не пашет, ну по крайне мере в 6.7 так, в 6.5 работало)) Ссылка на комментарий Поделиться на другие сайты Поделиться
temtriss Опубликовано 7 мая, 2018 Поделиться Опубликовано 7 мая, 2018 (изменено) Эх, допилил бы DarkByte DBVM для 8700к На форуме вроде писал, что из-за кол-ва ядер не работает DBVM, и вроде в планах есть, но могу ошибаться. Оууу) Заработала DBVM на 8700к Урааа!) Изменено 7 мая, 2018 пользователем temtriss Потестил!!!) Ссылка на комментарий Поделиться на другие сайты Поделиться
SER[G]ANT Опубликовано 22 мая, 2018 Автор Поделиться Опубликовано 22 мая, 2018 Вышла Beta2 Ссылка на комментарий Поделиться на другие сайты Поделиться
SER[G]ANT Опубликовано 31 мая, 2018 Автор Поделиться Опубликовано 31 мая, 2018 Вышла Beta3 Ссылка на комментарий Поделиться на другие сайты Поделиться
SER[G]ANT Опубликовано 1 июня, 2018 Автор Поделиться Опубликовано 1 июня, 2018 Внезапно, Beta4 2 Ссылка на комментарий Поделиться на другие сайты Поделиться
SER[G]ANT Опубликовано 2 июня, 2018 Автор Поделиться Опубликовано 2 июня, 2018 Beta5. Что-то их много. 1 Ссылка на комментарий Поделиться на другие сайты Поделиться
SER[G]ANT Опубликовано 6 июня, 2018 Автор Поделиться Опубликовано 6 июня, 2018 Вышла RC2. Релиз 6.8 в пятницу. 1 Ссылка на комментарий Поделиться на другие сайты Поделиться
MasterGH Опубликовано 8 июня, 2018 Поделиться Опубликовано 8 июня, 2018 На официальном сайте вышла 6.8 Ссылка на комментарий Поделиться на другие сайты Поделиться
Рекомендуемые сообщения