Reverse of memory dump.

[Daisy123]

Hello everyone. I knew that gg have dumpmemory feature which can copy content of a memory region to a binary file. I wonder if there are any way for copy a binary file to a region of memory. Is is possible to write a lua script with can do this? Thank you very much.
 

[Enyby]

Yes. You can write script for that.

[saiaapiz]

Maybe this would be useful,
 

function rwmem(Address, SizeOrBuffer)
	assert(Address ~= nil, "[rwmem]: error, provided address is nil.")
	_rw = {}
	if type(SizeOrBuffer) == "number" then
		_ = ""
		for _ = 1, SizeOrBuffer do _rw[_] = {address = (Address - 1) + _, flags = gg.TYPE_BYTE} end
		for v, __ in ipairs(gg.getValues(_rw)) do _ = _ .. string.format("%02X", __.value & 0xFF) end
		return _
	end
	Byte = {} SizeOrBuffer:gsub("..", function(x) 
		Byte[#Byte + 1] = x _rw[#Byte] = {address = (Address - 1) + #Byte, flags = gg.TYPE_BYTE, value = x .. "h"} 
	end)
	gg.setValues(_rw)
end

-- Usage:
readedMem = rwmem(0xAABBCCDD, 128) -- Read 0xAABBCCDD with 128 size.
rwmem(0xDDCCBBAA, readedMem) -- Write readedMem memory into 0xDDCCBBAA.

 

Edited October 7, 2019 by saiaapiz

[Daisy123]

10 hours ago, saiaapiz said:

Maybe this would be useful,
 

function rwmem(Address, SizeOrBuffer)
	assert(Address ~= nil, "[rwmem]: error, provided address is nil.")
	_rw = {}
	if type(SizeOrBuffer) == "number" then
		_ = ""
		for _ = 1, SizeOrBuffer do _rw[_] = {address = (Address - 1) + _, flags = gg.TYPE_BYTE} end
		for v, __ in ipairs(gg.getValues(_rw)) do _ = _ .. string.format("%02X", __.value & 0xFF) end
		return _
	end
	Byte = {} SizeOrBuffer:gsub("..", function(x) 
		Byte[#Byte + 1] = x _rw[#Byte] = {address = (Address - 1) + #Byte, flags = gg.TYPE_BYTE, value = x .. "h"} 
	end)
	gg.setValues(_rw)
end

-- Usage:
readedMem = rwmem(0xAABBCCDD, 128) -- Read 0xAABBCCDD with 128 size.
rwmem(0xDDCCBBAA, readedMem) -- Write readedMem memory into 0xDDCCBBAA.

 

Thank you very much for this awesome script. I will try to make it work with a binary file as input.

Edited October 8, 2019 by Daisy123

[Enyby]

The script will work. The idea is not.
The desired address may not be allocated, or allocated for other needs.
You cannot cut off your hand, then attach it back and hope that it will work as before.

[Daisy123]

3 hours ago, Enyby said:

The script will work. The idea is not.
The desired address may not be allocated, or allocated for other needs.
You cannot cut off your hand, then attach it back and hope that it will work as before.

I dont know if it work or not. I just try doing it. My full idea is: 
In game memory, there are some region to save game code. For example, in a unity game there were a special memory range (which wont change) allocated for Assembly-CSharp.dll. I just search that address for one time only. And then extract that file from game package, edit and reserve dump it to the address which I found before. I completed the lua script for that but the problem now is: that script work fine with small file. But for the bigger file (20MB) GG will crash. Can you give me some cue to increase script performance? I actually want to try doing it even after all it will not work. Please help me. Is the problem at file:read("*a") when read a large file?

reverse_dump.lua

[Enyby]

Yes. You can not expect read big file to memory completely. Read and write by small chunks.

[Daisy123]

13 minutes ago, Enyby said:

Yes. You can not expect read big file to memory completely. Read and write by small chunks.

Thank for your reply .When I try to read and write one by one byte it take really more time for do it even with a small binary file. I need read a bigger chunks than 1 byte but how many is the best choice? 

This is the edited script for read and write one by one byte.

reverse_dump.lua

Edited October 8, 2019 by Daisy123

[Enyby]

1 byte is waste of time and resources.

Usually amount must be even 8 or 4 kb.

So try 4096 or 8192, maybe more, like 2*8192.

[Daisy123]

Thank for help me. Finally I wrote a working script. Its still slow when work with large binary file. Please tell me if there are any thing can improve script speed.

reverse_dump.lua

[Enyby]

Use QWORD, not BYTE, for write data. Write it on every 8 bytes.

You use very inefficient ways to convert string to bytes. One byte per once. Convert all string chunk to table with bytes. And iterate it on loop.

And you do not close files after use, so create resource leak.

Also you do not need gmatch.

[added 0 minutes later]

And you need format code more proper make indent in all possible place or it is hard to read and hard to help you.

[added 1 minute later]

(string.format("%02X",t[i]) .. "h")}

useless part only slow down you.

You can set decimal code to value.

[added 4 minutes later]

And you not clear table t on each iteration.

[added 4 minutes later]

And other vars too.

[Enyby]

function reverseDump(file, start_address)
	local inp=io.open(file, 'rb')	
	local ad=start_address-1
	while true do
		local _rw={}
		local data=inp:read(8192)
		if data == nil then break end
		local t = data:byte(1, data:len())
		for i=1,#t do
			_rw[i]={address = ad + i, flags = gg.TYPE_BYTE, value=t[i]}
		end
		ad = ad + #t
		gg.setValues(_rw)
		gg.toast(ad-start_address)
	end
	inp:close()
end

Something like that. Not tested.

[Daisy123]

33 minutes ago, Enyby said:

local t = data:byte(1, data:len())

I got problem at this. It is not a table. It is a number. Should I put a loop to assign the value to table or are there any better choice?

Edited October 8, 2019 by Daisy123

[Enyby]

local t = {data:byte(1, data:len())}

Try this.

[Daisy123]

3 minutes ago, Enyby said:

local t = {data:byte(1, data:len())}

Try this.

Oh it worked. I actually save much time than use loop.

[added 3 minutes later]

48 minutes ago, Enyby said:

Use QWORD, not BYTE, for write data. Write it on every 8 bytes.

If we use 4 byte what happend if the binary have size which is not divide by all for 8?

[added 4 minutes later]

and in that case can I use data:long()

[Enyby]

Usually dumped data divided to 4096 because dumped by memory pages which 4096 bytes size.

data:byte() is shortcut for string.byte. Obviously string.long not exists. Read lua reference about string.byte.

you need build qword or dword yourself from bytes. Maybe it be slower rather than byte - IDK. you need test it if speed of byte solution not suit you.