[Celua] Heaplist
I might share this here too am not sure...
All this because CE's heaplist sometimes on some applications doesn't work -- i created something I can look at or...
Also, long/short writing, heaps regions in some cases helps find values quicker than usual.
Instead of using 0x0 and 0x7ffff... you can use the first process heap region and last heap region or lowest heap address of region and highest address of heap region.
I was collecting data, but it was scraped, because usually values goes beyond process heaps region which am looking for...
... but uhm as more I do stuff, it seems some applications uses to store important values at process heap region...
(Tested: Cheat Engine Tutorial, few UE games which data result is mixed up)
Install: No. Code set to be executed directly through lua engine.
Full Code at (form)
NOTE: Process might crash while getting ALL or certain regions, this is could be because heaps region was deallocated during getting heaps (heapwalk) (I didn't use HeapLock / HeapUnlock -- to prevent deadlock situation) or due other stuff. Currently then getting heaps you can't stop process.
If you want to get only heaps regions addresses then you can use this (from the code)
GetProcessHeaps = {}
GetProcessHeaps._ = {}
function GetProcessHeaps._:Count()
return executeCodeEx(nil, nil, 'GetProcessHeaps', 0, 0)
end
function GetProcessHeaps._:GetProcessHeap()
return executeCodeEx(nil, nil, 'GetProcessHeap')
end
function GetProcessHeaps.Update()
local s = 0
local c = GetProcessHeaps._:Count()
AM = allocateMemory(0x1)
local a = AM -- might lead to corruption?
executeCodeEx(nil, nil, 'GetProcessHeaps', c, a)
local low, high = s, s
local d
for i = 1, c do
if targetIs64Bit() then
d = readQword(a + s)
else
d = readInteger(a + s)
end
if low == 0 or d < low then
low = d
elseif d > high then
high = d;
end
local o = string.format("%X", d)
if o ~= GetProcessHeaps[i] then
if targetIs64Bit() then
GetProcessHeaps[i] = string.format("%X", readQword(a + s))
s = s + 8
else
GetProcessHeaps[i] = string.format("%X", readInteger(a + s))
s = s + 4
end
end
end
if GetProcessHeaps.First ~= GetProcessHeaps[1] or GetProcessHeaps.First == nil then
GetProcessHeaps.First = GetProcessHeaps[1]
end
if GetProcessHeaps.Last ~= GetProcessHeaps[c] or GetProcessHeaps.Last == nil then
GetProcessHeaps.Last = GetProcessHeaps[c]
end
if GetProcessHeaps.High == nil or high ~= tonumber(GetProcessHeaps.High, 16) then
GetProcessHeaps.High = string.format("%X", high)
end
if GetProcessHeaps.Low == nil or high ~= tonumber(GetProcessHeaps.Low, 16) then
GetProcessHeaps.Low = string.format("%X", low)
end
deAlloc(AM)
-- In case in need , don't repeat yourself
local _ = {
getFirst = function(self)
return GetProcessHeaps.First
end,
getLast = function(self)
return GetProcessHeaps.Last
end,
getHigh = function(self)
return GetProcessHeaps.High
end,
getLow = function(self)
return GetProcessHeaps.Low
end
}
return _
end
to use this run GetProcessHeaps.Update() and if process didn't crashed (shouldn't from running this code): address should be filled example:
GetProcessHeaps.Update()
return GetProcessHeaps.Low,GetProcessHeaps.High