Difference between revisions of "Auto Assembler:alloc"
Jump to navigation
Jump to search
(→See also) |
m (alloc and its size explained a little more) |
||
(5 intermediate revisions by 3 users not shown) | |||
Line 2: | Line 2: | ||
'''Auto Assembler''' alloc(''SymbolName'', ''Size'', ''AllocateNearThisAddress'' OPTIONAL) | '''Auto Assembler''' alloc(''SymbolName'', ''Size'', ''AllocateNearThisAddress'' OPTIONAL) | ||
− | Allocates a | + | Allocates a memory block of ''Size'' bytes and defines the ''SymbolName'' in the script, pointing to the beginning of the allocated memory block. |
− | If 'AllocateNearThisAddress' is specified CE will try to allocate the memory near | + | If the optional parameter ''AllocateNearThisAddress'' is specified then the CE will try to allocate the memory near to this address (this is useful for 64-bit targets where the jump distance could be bigger than 2GB otherwise). |
− | |||
Note: Use [[Auto Assembler:dealloc|dealloc]] to free the memory when done. | Note: Use [[Auto Assembler:dealloc|dealloc]] to free the memory when done. | ||
+ | Note2: There are 2 other alloc variants: '''allocnx''' and '''allocxo'''. allocnx will allocate memory as non-executable. allocxo will allocate memory as execute only. | ||
+ | (These are required when using a Mac) | ||
+ | |||
+ | [https://www.cheatengine.org/forum/viewtopic.php?t=577560&sid=4dfa0df98e8db192709e6570b7c40f8a Note3] | ||
=== Command Parameters === | === Command Parameters === | ||
{|width="85%" cellpadding="10%" cellpadding="5%" cellspacing="0" border="0" | {|width="85%" cellpadding="10%" cellpadding="5%" cellspacing="0" border="0" | ||
Line 36: | Line 39: | ||
alloc(SomeSymbol, 0x4, Tutorial-x86_64.exe+164C2) | alloc(SomeSymbol, 0x4, Tutorial-x86_64.exe+164C2) | ||
+ | :From the '''SunBeam''': CE actually fetches the module and allocates close to the end of the module. Additionally specifying '''+164C2''' does not add to it in any way :D Jus' sayin' ''Tutorial-x86_64.exe'' is enough.[http://fearlessrevolution.com/threads/ce-coord-how-to-find-correct-x-z-pos-when-you-have-found-a-y-position.6431/post-42870 post] | ||
+ | |||
+ | alloc(SomeSymbol, 0x4, SomeAOBSymbol) | ||
− | alloc(SomeSymbol, 0x1000, Tutorial-x86_64.exe | + | alloc(SomeSymbol, 0x1000, Tutorial-x86_64.exe) |
− | alloc(SomeSymbol, $1000, Tutorial-x86_64.exe | + | alloc(SomeSymbol, $1000, Tutorial-x86_64.exe) |
alloc(memloc1,4) | alloc(memloc1,4) | ||
Line 50: | Line 56: | ||
00410000: | 00410000: | ||
− | mov [ | + | mov [memloc1],esi |
mov [esi+80],ebx | mov [esi+80],ebx | ||
xor eax,eax | xor eax,eax |
Latest revision as of 16:36, 15 November 2022
Auto Assembler alloc(SymbolName, Size, AllocateNearThisAddress OPTIONAL)
Allocates a memory block of Size bytes and defines the SymbolName in the script, pointing to the beginning of the allocated memory block. If the optional parameter AllocateNearThisAddress is specified then the CE will try to allocate the memory near to this address (this is useful for 64-bit targets where the jump distance could be bigger than 2GB otherwise).
Note: Use dealloc to free the memory when done.
Note2: There are 2 other alloc variants: allocnx and allocxo. allocnx will allocate memory as non-executable. allocxo will allocate memory as execute only. (These are required when using a Mac)
Command Parameters[edit]
Parameter | Type | Description |
---|---|---|
SymbolName | string | The symbol name to use for allocated memory |
Size | integer | The byte size of the block of memory to allocate |
AllocateNearThisAddress | string | The address to allocate near if given |
Examples[edit]
alloc(SomeSymbol, 0x4)
alloc(SomeSymbol, 0x1000)
alloc(SomeSymbol, $1000)
alloc(SomeSymbol, 0x4, Tutorial-x86_64.exe+164C2)
- From the SunBeam: CE actually fetches the module and allocates close to the end of the module. Additionally specifying +164C2 does not add to it in any way :D Jus' sayin' Tutorial-x86_64.exe is enough.post
alloc(SomeSymbol, 0x4, SomeAOBSymbol)
alloc(SomeSymbol, 0x1000, Tutorial-x86_64.exe)
alloc(SomeSymbol, $1000, Tutorial-x86_64.exe)
alloc(memloc1,4) 00451029: jmp 00410000 nop nop nop 00410000: mov [memloc1],esi mov [esi+80],ebx xor eax,eax jmp 00451031