[Search and edit a big hex number.]

Oh, thank you.

[Search and edit a big hex number.]

10 minutes ago, Enyby said:

It is not a number. It is text in hex view. So you need search text, not a number.

See examples for searchNumber in API help.

[added 1 minute later]

-- search for HEX '5C E3 0B 4B 90 9B 11 7B'
gg.searchNumber('h 5C E3 0B 4B 90 9B 11 7B')

For edit use editAll

-- edit HEX
gg.searchNumber('h 5C E3 0B')
gg.getResults(30)
gg.editAll('h 4B 90 9B', gg.TYPE_BYTE)

 

Oh. I didn't read the editAll in API help carefully. Sorry for that and thank for your help.

Btw, What happend if I ignore space character when put hex value like 'h5CE30B' instead of 'h 5C E3 0B'

[Search and edit a big hex number.]

Hello. I am learning to write lua script for GG. I have a question. If you know please help me.
I want to search a big hex number for example: 02390D000000026FC90801066FAB0701A66B2A22000000402A  and then edit it to 00000000000000000000000000000000000000220000C8422A in memory.
To search I use this :

gg.clearResults()
gg.clearList()

gg.searchNumber('h02390D000000026FC90801066FAB0701A66B2A22000000402A', gg.TYPE_BYTE)

But I dont know how to edit results to 00000000000000000000000000000000000000220000C8422A.
Please help me. Thank you.

 

[Reverse of memory dump.]

11 minutes ago, Enyby said:

Usually dumped data divided to 4096 because dumped by memory pages which 4096 bytes size.

data:byte() is shortcut for string.byte. Obviously string.long not exists. Read lua reference about string.byte.

you need build qword or dword yourself from bytes. Maybe it be slower rather than byte - IDK. you need test it if speed of byte solution not suit you.

Thank you very much. I think this speed is enough for me. I know more about lua script and GG because of your help. I hope this script will useful with other people.

[added 1 minute later]

reverse_dump.lua

[Reverse of memory dump.]

3 minutes ago, Enyby said:

local t = {data:byte(1, data:len())}

Try this.

Oh it worked. I actually save much time than use loop.

[added 3 minutes later]

48 minutes ago, Enyby said:

Use QWORD, not BYTE, for write data. Write it on every 8 bytes.

If we use 4 byte what happend if the binary have size which is not divide by all for 8?

[added 4 minutes later]

and in that case can I use data:long()

[Reverse of memory dump.]

33 minutes ago, Enyby said:

local t = data:byte(1, data:len())

I got problem at this. It is not a table. It is a number. Should I put a loop to assign the value to table or are there any better choice?

[Reverse of memory dump.]

Thank for help me. Finally I wrote a working script. Its still slow when work with large binary file. Please tell me if there are any thing can improve script speed.

reverse_dump.lua

[Reverse of memory dump.]

13 minutes ago, Enyby said:

Yes. You can not expect read big file to memory completely. Read and write by small chunks.

Thank for your reply .When I try to read and write one by one byte it take really more time for do it even with a small binary file. I need read a bigger chunks than 1 byte but how many is the best choice? 

This is the edited script for read and write one by one byte.

reverse_dump.lua

[Reverse of memory dump.]

3 hours ago, Enyby said:

The script will work. The idea is not.
The desired address may not be allocated, or allocated for other needs.
You cannot cut off your hand, then attach it back and hope that it will work as before.

I dont know if it work or not. I just try doing it. My full idea is: 
In game memory, there are some region to save game code. For example, in a unity game there were a special memory range (which wont change) allocated for Assembly-CSharp.dll. I just search that address for one time only. And then extract that file from game package, edit and reserve dump it to the address which I found before. I completed the lua script for that but the problem now is: that script work fine with small file. But for the bigger file (20MB) GG will crash. Can you give me some cue to increase script performance? I actually want to try doing it even after all it will not work. Please help me. Is the problem at file:read("*a") when read a large file?

reverse_dump.lua

[Reverse of memory dump.]

10 hours ago, saiaapiz said:

Maybe this would be useful,
 

function rwmem(Address, SizeOrBuffer)
	assert(Address ~= nil, "[rwmem]: error, provided address is nil.")
	_rw = {}
	if type(SizeOrBuffer) == "number" then
		_ = ""
		for _ = 1, SizeOrBuffer do _rw[_] = {address = (Address - 1) + _, flags = gg.TYPE_BYTE} end
		for v, __ in ipairs(gg.getValues(_rw)) do _ = _ .. string.format("%02X", __.value & 0xFF) end
		return _
	end
	Byte = {} SizeOrBuffer:gsub("..", function(x) 
		Byte[#Byte + 1] = x _rw[#Byte] = {address = (Address - 1) + #Byte, flags = gg.TYPE_BYTE, value = x .. "h"} 
	end)
	gg.setValues(_rw)
end

-- Usage:
readedMem = rwmem(0xAABBCCDD, 128) -- Read 0xAABBCCDD with 128 size.
rwmem(0xDDCCBBAA, readedMem) -- Write readedMem memory into 0xDDCCBBAA.

 

Thank you very much for this awesome script. I will try to make it work with a binary file as input.

[Reverse of memory dump.]

Hello everyone. I knew that gg have dumpmemory feature which can copy content of a memory region to a binary file. I wonder if there are any way for copy a binary file to a region of memory. Is is possible to write a lua script with can do this? Thank you very much.
 

[Regview (ARMv7)]

Awesome tool. Hope it will support x86 in future.

[Noob protocol to find any value]

I can understand your guide. But how can someone search a value of same game like pubg mobile: color, anten, recoil, wallhack. Are there any tip for search these kind of value?