Jump to content

  • Log in with Facebook Log in with Twitter Log In with Google      Sign In   
  • Create Account

Implement a disassembler + browser?


  • Please log in to reply
4 replies to this topic

#1 loco

loco

    PortingTeam Founder

  • Administrators
  • 1186 posts
  • Graphics Card:NVIDIA GeForce 9400M
  • Operating System:macOS 10.12 (Sierra)

Posted 24 February 2011 - 09:32 AM

In honesty, I'm not 100% certain if a disassembler is needed as I have close to no idea how memory works. But it'd be useful to find an address and to be able to browse that memory region and see the values of surrounding addresses.

Why? Some games seem to use only fixed addresses, always the same, and some seem to be quite close to each other. An example is Call of Duty 4: Modern Warfare:

Experience is at: 0xE66408
Total Kills: 0xE66410
Biggest kill streak: 0xE66414
Total Deaths: 0xE66418

and the list goes on. And these are at the same address every time. As you can see each address is very close to the next. Being able to browse would make things a lot easier than simple trial and error when searching fails. Could be useful  :)

Follow us on facebook:


#2 Zorg

Zorg

    Professional Member

  • Members
  • PipPipPipPip
  • 147 posts
  • LocationSpace
  • Graphics Card:I don't know.
  • Operating System:Other OS/Not specified
  • I like to play:Arcade, Side Scrollers

Posted 26 February 2011 - 08:57 PM

What you want is a memory viewer, not a disassembler, I think. I may take a stab at a memory viewer eventually.

The variables you mention above are probably in the same structure (perhaps a player structure?) which is why they're near each other in memory.

I should note you can currently dump memory to file(s) [see Dump Memory in Range and Dump All Memory under Tools menu] and open the file(s) with your favorite hex editor of choice.

#3 loco

loco

    PortingTeam Founder

  • Administrators
  • 1186 posts
  • Graphics Card:NVIDIA GeForce 9400M
  • Operating System:macOS 10.12 (Sierra)

Posted 27 February 2011 - 01:06 PM

My only problem there is I'd have no idea how to find the values in the dump file, but that's my problem I guess I have a bit of reading to do! :) Thanks.

Follow us on facebook:


#4 loco

loco

    PortingTeam Founder

  • Administrators
  • 1186 posts
  • Graphics Card:NVIDIA GeForce 9400M
  • Operating System:macOS 10.12 (Sierra)

Posted 27 February 2011 - 01:27 PM

On a side note, if you do get the memory viewer going well. How about a "View > As values" feature in it, as I'm assuming it's going to look like it does when you open the dump in a hex editor, and it then shows the same you'd see if you added say 0xE66410 to 0xE66420 one by one to your list. Does that make sense?So...
    [*:3kdphfbc]0xE66410  0
    [*:3kdphfbc]0xE66411 25
    [*:3kdphfbc]0xE66413 193432423
    [*:3kdphfbc]0xE66412 0
etc

That kind of live-layout. Probably best to use the same feature when browsing as you have in bit slicer when it finds thousands of results, to prevent the serious potential lag.


EDIT: I got another kind of output I've been looking for using gdb --pid= in terminal, followed by "disassemble 0xE66408" and a bit of browsing. You get a similar thing in the windows version of cheat engine when browsing, makes it easier to find little extras. Thought I might mention how I got it. Here's the screen of a fraction of it in terminal:
Posted Image

Follow us on facebook:


#5 Zorg

Zorg

    Professional Member

  • Members
  • PipPipPipPip
  • 147 posts
  • LocationSpace
  • Graphics Card:I don't know.
  • Operating System:Other OS/Not specified
  • I like to play:Arcade, Side Scrollers

Posted 07 March 2011 - 07:50 AM

loco said:

On a side note, if you do get the memory viewer going well. How about a "View > As values" feature in it, as I'm assuming it's going to look like it does when you open the dump in a hex editor, and it then shows the same you'd see if you added say 0xE66410 to 0xE66420 one by one to your list. Does that make sense?So...
    [*:181mnl5i]0xE66410  0
    [*:181mnl5i]0xE66411 25
    [*:181mnl5i]0xE66413 193432423
    [*:181mnl5i]0xE66412 0
etc

That kind of live-layout. Probably best to use the same feature when browsing as you have in bit slicer when it finds thousands of results, to prevent the serious potential lag.
...

Instead of doing a memory viewer that would just mimic a hex editor in realtime, I could just have it list a number of variables in a specified region. Like, "list 4 32-bit integers starting from 0xE66410", or you could pick doubles, floats, strings, etc...What do you think? I know there's already a command in GDB that allows you to do this, though I'm not sure how flexible it is and I forget what the command is.

I don't think I'm going to worry about a dissembler for now, I'm not very knowledgeable when it comes to that yet..  :no:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users