root/Cheat Engine/FoundCodeUnit.pas @ 311

Revision 311, 14.9 kB (checked in by dark_byte, 8 months ago)

mass commit for beta 6

Line 
1unit FoundCodeUnit;
2
3interface
4
5uses
6  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
7  Dialogs, StdCtrls,disassembler,cefuncproc,ExtCtrls, Menus, newkernelhandler, clipbrd;
8
9type Tcoderecord = record
10  address: dword;
11  size: integer;
12  opcode: string;
13  description: string;
14  eax,ebx,ecx,edx,esi,edi,ebp,esp,eip: dword;
15  context: TContext;
16end;
17
18type
19  TFoundCodeDialog = class(TForm)
20    FoundcodeList: TListBox;
21    Panel1: TPanel;
22    Description: TLabel;
23    pmOptions: TPopupMenu;
24    ReplacewithcodethatdoesnothingNOP1: TMenuItem;
25    Showthisaddressinthedisassembler1: TMenuItem;
26    Addtothecodelist1: TMenuItem;
27    MoreInfo1: TMenuItem;
28    Panel2: TPanel;
29    btnOK: TButton;
30    Panel3: TPanel;
31    btnExtraInfo: TButton;
32    btnAddToCodeList: TButton;
33    btnOpenDisassembler: TButton;
34    btnReplacewithnops: TButton;
35    N1: TMenuItem;
36    Copyselectiontoclipboard1: TMenuItem;
37    procedure FoundcodeListClick(Sender: TObject);
38    procedure btnOKClick(Sender: TObject);
39    procedure FormClose(Sender: TObject; var Action: TCloseAction);
40    procedure btnReplacewithnopsClick(Sender: TObject);
41    procedure btnOpenDisassemblerClick(Sender: TObject);
42    procedure btnAddToCodeListClick(Sender: TObject);
43    procedure FoundcodeListDblClick(Sender: TObject);
44    procedure btnExtraInfoClick(Sender: TObject);
45    procedure FormCloseQuery(Sender: TObject; var CanClose: Boolean);
46    procedure FoundcodeListContextPopup(Sender: TObject; MousePos: TPoint;
47      var Handled: Boolean);
48    procedure pmOptionsPopup(Sender: TObject);
49    procedure Copyselectiontoclipboard1Click(Sender: TObject);
50  private
51    { Private declarations }
52    procedure moreinfo;
53  public
54    { Public declarations }
55    coderecords: array of TCodeRecord;
56    useexceptions: boolean;
57
58  end;
59
60
61resourcestring
62  strClose='Close';
63
64var
65  FoundCodeDialog: TFoundCodeDialog;
66
67implementation
68
69{$R *.dfm}
70uses debugger,
71     MemoryBrowserFormUnit,
72     {$ifdef net}unit2,ceclient,{$else}MainUnit,kerneldebugger,{$endif}
73     advancedoptionsunit ,formFoundcodeListExtraUnit,mainunit2;
74
75procedure TFoundCodedialog.moreinfo;
76var disassembled: array[1..5] of string;
77    address: dword;
78    itemindex: integer;
79    temp,temp2: string;
80    max: dword;
81    p: dword;
82    i: integer;
83begin
84  itemindex:=foundcodelist.ItemIndex;
85  if itemindex<>-1 then
86  begin
87    FormFoundCodeListExtra:=TFormFoundCodeListExtra.Create(nil);
88    if useexceptions then
89      FormFoundCodeListExtra.Label18.Visible:=false
90    else
91      FormFoundCodeListExtra.Label18.Visible:=true;
92
93    address:=coderecords[ItemIndex].address;
94    address:=previousopcode(address);
95    address:=previousopcode(address);
96
97    disassembled[1]:=disassemble(address,temp);
98    disassembled[2]:=disassemble(address,temp);
99
100    if address<>coderecords[itemindex].address then
101    begin
102      disassembled[1]:='';
103      disassembled[2]:='';
104      disassembled[3]:=coderecords[itemindex].opcode;
105      disassembled[4]:='';
106      disassembled[5]:='';
107    end
108    else
109    begin
110      disassembled[3]:=disassemble(address,temp);
111      disassembled[4]:=disassemble(address,temp);
112      disassembled[5]:=disassemble(address,temp);
113    end;
114
115    //convert disassembled strings to address+opcode only (no bytes)
116    //xxxxxxxx - xx xx xx - opcode
117    temp:=copy(disassembled[1],pos('-',disassembled[1])+2,length(disassembled[1]));
118    temp:=copy(temp,pos('-',temp)+2,length(temp));
119    disassembled[1]:=copy(disassembled[1],1,pos('-',disassembled[1]))+' '+temp;
120
121    temp:=copy(disassembled[2],pos('-',disassembled[2])+2,length(disassembled[2]));
122    temp:=copy(temp,pos('-',temp)+2,length(temp));
123    disassembled[2]:=copy(disassembled[2],1,pos('-',disassembled[2]))+' '+temp;
124
125    temp:=copy(disassembled[3],pos('-',disassembled[3])+2,length(disassembled[3]));
126    temp:=copy(temp,pos('-',temp)+2,length(temp));
127    disassembled[3]:=copy(disassembled[3],1,pos('-',disassembled[3]))+' '+temp;
128
129    temp:=copy(disassembled[4],pos('-',disassembled[4])+2,length(disassembled[4]));
130    temp:=copy(temp,pos('-',temp)+2,length(temp));
131    disassembled[4]:=copy(disassembled[4],1,pos('-',disassembled[4]))+' '+temp;
132
133    temp:=copy(disassembled[5],pos('-',disassembled[5])+2,length(disassembled[5]));
134    temp:=copy(temp,pos('-',temp)+2,length(temp));
135    disassembled[5]:=copy(disassembled[5],1,pos('-',disassembled[5]))+' '+temp;
136
137
138    with FormFoundCodeListExtra do
139    begin
140      Label1.Caption:=disassembled[1];
141      Label2.Caption:=disassembled[2];
142      Label3.Caption:=disassembled[3];
143      Label4.Caption:=disassembled[4];
144      Label5.Caption:=disassembled[5];
145
146      label7.caption:='EAX='+IntToHex(coderecords[itemindex].eax,8);
147      label8.caption:='EBX='+IntToHex(coderecords[itemindex].ebx,8);
148      label9.caption:='ECX='+IntToHex(coderecords[itemindex].ecx,8);
149      label11.caption:='EDX='+IntToHex(coderecords[itemindex].edx,8);
150      label16.caption:='ESI='+IntToHex(coderecords[itemindex].esi,8);
151      label14.caption:='EDI='+IntToHex(coderecords[itemindex].edi,8);
152      label13.caption:='ESP='+IntToHex(coderecords[itemindex].esp,8);
153      label12.caption:='EBP='+IntToHex(coderecords[itemindex].ebp,8);
154      label15.caption:='EIP='+IntToHex(coderecords[itemindex].eip,8);
155
156      label6.Caption:=coderecords[itemindex].description;
157    end;
158
159    //parse the disassembled[3] string to help the user find the pointer
160    //first find the [xxx]
161
162    temp:=copy(disassembled[3],pos('[',disassembled[3])+1,(pos(']',disassembled[3])-1)-(pos('[',disassembled[3])));
163    if temp<>'' then
164    begin
165      //parse
166      //find the biggest value, registers or exact value
167      max:=0;
168      if pos('eax',temp)>0 then if coderecords[itemindex].eax>max then max:=coderecords[itemindex].eax;
169      if pos('ebx',temp)>0 then if coderecords[itemindex].ebx>max then max:=coderecords[itemindex].ebx;
170      if pos('ecx',temp)>0 then if coderecords[itemindex].ecx>max then max:=coderecords[itemindex].ecx;
171      if pos('edx',temp)>0 then if coderecords[itemindex].edx>max then max:=coderecords[itemindex].edx;
172      if pos('edi',temp)>0 then if coderecords[itemindex].edi>max then max:=coderecords[itemindex].edi;
173      if pos('esi',temp)>0 then if coderecords[itemindex].esi>max then max:=coderecords[itemindex].esi;
174      if pos('ebp',temp)>0 then if coderecords[itemindex].ebp>max then max:=coderecords[itemindex].ebp;
175      if pos('esp',temp)>0 then if coderecords[itemindex].esp>max then max:=coderecords[itemindex].esp;
176
177      //the offset is always at the end, so read from back to front
178      temp2:='';
179      for i:=length(temp) downto 1 do
180        if temp[i] in ['0'..'9','a'..'f'] then temp2:=temp[i]+temp2 else break;
181
182      if temp2<>'' then //I know this isn't completly correct e.g: [eax*4] but even then the 4 will NEVER be bigger than eax (unless it's to cause a crash)
183      begin
184        p:=StrToInt('$'+temp2);
185        if p>max then max:=p;
186      end;
187
188      formfoundcodelistextra.probably:=max;
189    end else formfoundcodelistextra.label17.caption:='';
190
191
192    maX:=formfoundcodelistextra.width;
193    if formfoundcodelistextra.label1.width>max then max:=formfoundcodelistextra.label1.width;
194    if formfoundcodelistextra.label2.width>max then max:=formfoundcodelistextra.label2.width;
195    if formfoundcodelistextra.label3.width>max then max:=formfoundcodelistextra.label3.width;
196    if formfoundcodelistextra.label4.width>max then max:=formfoundcodelistextra.label4.width;
197    if formfoundcodelistextra.label5.width>max then max:=formfoundcodelistextra.label5.width;
198 //   if formfoundcodelistextra.Label17.width>max then max:=formfoundcodelistextra.Label17.width;
199
200    if max<>formfoundcodelistextra.Width then
201      formfoundcodelistextra.Width:=max+5;
202
203
204    formfoundcodelistextra.context:=coderecords[itemindex].context;
205    FormFoundCodeListExtra.Show;
206  //  FormFoundCodeListExtra.free;
207  end;
208end;
209
210procedure TFoundCodeDialog.FoundcodeListClick(Sender: TObject);
211begin
212  if foundcodelist.ItemIndex<>-1 then
213  begin
214    btnReplacewithnops.enabled:=true;
215    btnOpenDisassembler.enabled:=true;
216    btnAddToCodeList.enabled:=true;
217    btnExtraInfo.Enabled:=true;
218    description.Caption:=coderecords[foundcodelist.itemindex].description;
219  end
220  else
221  begin
222    btnReplacewithnops.enabled:=false;
223    btnOpenDisassembler.enabled:=false;
224    btnAddToCodeList.enabled:=false;
225    btnExtraInfo.Enabled:=false;
226    if foundcodelist.Items.Count=0 then
227      description.caption:='Use the game/application for a while and make the address you''re watching change. The list will be filled with addresses that contain code that change the watched address.'
228    else
229      description.caption:='Select a item from the list for a small description';
230  end;
231end;
232
233procedure TFoundCodeDialog.btnOKClick(Sender: TObject);
234var original: dword;
235    i: integer;
236begin
237  {$ifndef net}
238  if btnOK.caption=strStop then
239  begin
240    if kdebugger.isactive then
241    begin
242      //todo: Make this only disable the related breakpoints
243      kdebugger.DisableAllBreakpoints;
244      btnOK.caption:=strClose;
245    end
246    else
247    begin
248      try
249        crdebugging.Acquire;
250        with debuggerthread do
251        begin
252          if (debuggerthread=nil) or (not debuggerthread.attached) then
253          begin
254            btnOK.caption:=strClose;
255            exit;
256          end;
257
258          if findwriter2 then
259          begin
260            debuggerthread.Suspend;
261            zeromemory(@debuggerthread.DRRegs,sizeof(debuggerthread.DRRegs));
262            debuggerthread.DRRegs.ContextFlags:=CONTEXT_DEBUG_REGISTERS;
263            debuggerthread.DRRegs.Dr7:=reg0set or reg1set or reg2set or reg3set;
264
265            for i:=0 to length(debuggerthread.threadlist)-1 do
266            begin
267              suspendthread(debuggerthread.threadlist[i][1]);
268              SetThreadContext(debuggerthread.threadlist[i][1],debuggerthread.DRRegs);
269              resumethread(debuggerthread.threadlist[i][1]);
270            end;
271
272            debuggerthread.FindWriter2:=false;
273            debuggerthread.Resume;
274          end
275          else
276          begin
277            if WaitForSingleObject(semaphore,30000)=WAIT_FAILED then
278            begin
279              messagedlg('Timeout on stopping the code finder, the debugger has crashed!',mtError,[mbok],0);
280              debuggerthread.Terminate;
281              debuggerthread.free;
282              debuggerthread:=nil;
283
284              closehandle(debugger.Semaphore);
285              debugger.Semaphore:=createsemaphore(nil,1,1,nil);
286              terminateprocess(processhandle,0);
287              close;
288              exit;
289            end;
290
291            //set the original protection back
292
293            debuggerthread.readonlyset:=false;
294            debuggerthread.findreaderset:=false;
295            debuggerthread.alsowrites:=false;
296
297            debuggerthread.readonlyremoved:=true;
298            debuggerthread.findreaderremoved:=true;
299
300            if debuggerthread.readonlyset then
301              VirtualProtectEx(processhandle,pointer(readonly.Address),readonly.size,readonly.originalprotection,original);
302
303            if debuggerthread.findreaderset then
304              VirtualProtectEx(processhandle,pointer(findreader.Address),findreader.size,findreader.originalprotection,original);
305
306
307            //set the read-only flag to false
308            releasesemaphore(semaphore,1,nil);
309          end;
310          btnOK.caption:=strClose;
311        end;
312
313      finally
314        crdebugging.release;
315      end;
316
317    end;
318
319
320  end
321  else close;
322 
323  {$else}
324  //handle network version stop here
325  if btnOK.caption=strStop then
326  begin
327    output[0]:=CS_StopCodefinder;
328    sendbuf(1);
329    btnreplacewithnops.Enabled:=true;
330    btnOpenDisassembler.Enabled:=true;
331    btnAddToCodeList.Enabled:=true;
332    btnOK.caption:=strClose;
333  end else close;
334
335  {$endif}
336end;
337
338procedure TFoundCodeDialog.FormClose(Sender: TObject;
339  var Action: TCloseAction);
340begin
341  action:=caFree;
342  foundcodedialog:=nil;
343end;
344
345procedure TFoundCodeDialog.btnReplacewithnopsClick(Sender: TObject);
346var codelength: integer;
347    written: dword;
348    i,j: integer;
349    nops: array of byte;
350    a: dword;
351    original: dword;
352
353    mbi : _MEMORY_BASIC_INFORMATION;
354  //set the protectionlabel
355begin
356  with foundcodelist do
357  begin
358    for j:=0 to foundcodelist.Count-1 do
359    begin
360      if foundcodelist.Selected[j] then
361      begin
362        codelength:=coderecords[itemindex].size;
363        //add it to the codelist
364        if advancedoptions.AddToCodeList(coderecords[itemindex].address,codelength,true, foundcodelist.SelCount>1) then
365        begin
366          setlength(nops,codelength);
367          for i:=0 to codelength-1 do
368            nops[i]:=$90;  //$90=nop
369
370
371          zeromemory(@mbi,sizeof(mbi));
372
373          if debuggerthread<>nil then debuggerthread.Suspend;
374          RewriteCode(processhandle,coderecords[itemindex].address,@nops[0],codelength);
375          if debuggerthread<>nil then debuggerthread.Resume;
376        end;
377      end;
378    end;
379  end;
380end;
381
382procedure TFoundCodeDialog.btnOpenDisassemblerClick(Sender: TObject);
383begin
384  memorybrowser.disassemblerview.SelectedAddress:=coderecords[foundcodelist.itemindex].address;
385  memorybrowser.panel1.visible:=true;
386  memorybrowser.show;
387
388end;
389
390procedure TFoundCodeDialog.btnAddToCodeListClick(Sender: TObject);
391var i: integer;
392begin
393  for i:=0 to foundcodelist.count-1 do
394  begin
395    if foundcodelist.Selected[i] then
396      advancedoptions.AddToCodeList(coderecords[i].address,coderecords[i].size,false, foundcodelist.SelCount>1);
397  end;
398  advancedoptions.Show;
399end;
400
401procedure TFoundCodeDialog.FoundcodeListDblClick(Sender: TObject);
402begin
403  MoreInfo;
404end;
405
406procedure TFoundCodeDialog.btnExtraInfoClick(Sender: TObject);
407begin
408  moreinfo;
409end;
410
411procedure TFoundCodeDialog.FormCloseQuery(Sender: TObject;
412  var CanClose: Boolean);
413begin
414  if btnOK.caption=strStop then btnOK.Click;
415  CanClose:=true;
416end;
417
418procedure TFoundCodeDialog.FoundcodeListContextPopup(Sender: TObject;
419  MousePos: TPoint; var Handled: Boolean);
420var selected: boolean;
421begin
422  foundcodelist.ItemIndex:=foundcodelist.ItemAtPos(mousepos,true);
423
424  selected:=foundcodelist.itemindex<>-1;
425  ReplacewithcodethatdoesnothingNOP1.Enabled:=selected;
426  Showthisaddressinthedisassembler1.enabled:=selected;
427  Addtothecodelist1.enabled:=selected;
428  MoreInfo1.Enabled:=selected;
429end;
430
431procedure TFoundCodeDialog.pmOptionsPopup(Sender: TObject);
432begin
433  n1.visible:=foundcodelist.ItemIndex<>-1;
434  Copyselectiontoclipboard1.visible:=foundcodelist.ItemIndex<>-1;
435end;
436
437procedure TFoundCodeDialog.Copyselectiontoclipboard1Click(Sender: TObject);
438var
439  i: integer;
440  s: string;
441begin
442  s:='';
443  for i:=0 to FoundcodeList.Items.count-1 do
444    if FoundcodeList.Selected[i] then
445      s:=s+FoundcodeList.Items[i]+#13;
446
447  clipboard.AsText:=s;
448end;
449
450end.
Note: See TracBrowser for help on using the browser.