AdvancedScript icon indicating copy to clipboard operation
AdvancedScript copied to clipboard
verified publisher icon Ahmadmansoor

It's too messy.

Open nihuai opened this issue 6 years ago • 1 comments

1.The grammar is complicated

The original grammar: mov FixAddr,ref.addr(i) Plug-in Syntax: mov eax,ref.addr($i) setx $FixAddr,{eax}

The original grammar: mov FunOffset,[FixAddr+2] Plug-in Syntax: mov eax,[$FixAddr+2] setx $FunOffset,{eax}

....

2.Grammar is getting Messier //setx( Not belonging to C grammar ) setx and movx //if( There is a big difference between C grammar ) if and cmp

3.By the way, BUG was discovered.

//Always the same value A6)31_3Q9K8239@}S~W@9UE image

nihuai avatar Jul 01 '19 11:07 nihuai

Hi and many thanks for try : For this /////////////////////////////// 1 The original grammar:

mov FixAddr,ref.addr(i) Plug-in Syntax: mov eax,ref.addr($i) setx $FixAddr,{eax} // you can write it like this :

setx $FixAddr,{ref.addr($i)} or $FixAddr={ref.addr($i)}

/////////////////////////////// 1

/////////////////////////////// 2

mov FunOffset,[FixAddr+2] Plug-in Syntax: mov eax,[$FixAddr+2] setx $FunOffset,{eax}

// you can write it like this :

$FunOffset=$FixAddr+2 or setx $FunOffset,$FixAddr+2

/////////////////////////////// 2

explanation: you have to know that there are 2 commands mov : which is normal command from x64dbg system ,it will not handle any variable from this plugin. and movx : which is parallel command of mov but in this (first parameter will not analyzed, just the second one.) like this movx rax,$x , it mean its same mov just the second parameter can analyzed that all. in this command (movx rax,$x) we didn't put like this {rax} , because as I told u , movx is modified command of mov , so movx at the end will executed mov command after analyzed the second parameter. so with example will be like this : movx eax ,{eax} this will be proceed like this : plugin will analyzed second parameter which is {eax} =1 then command will be like this : mov eax,1 then it will executed . I hope u got the process and this apply to all (parallel commands of x64dbg ).

in other hand you will note that movx is opposite of setx command , because setx get value after analyzed then it assigned to the variable of AdvancedScript System.

note : in new version no need to use setx command u can write directly like this :

$FixAddr={eax} >>>which is >>> setx $FixAddr,{eax}

for the bug u mention can u share the script u have? the command u have problem is mov command So just replace it with movx to be able to fix it as I explain before. and why u use ref.addr($i) ? if u get the result form findallmemx then it will assigned directly in array that u defined . so u can reach to all element of this array . I think I miss some update of the ReadMe I will reupdate it soon with more samples. Thanks for support and try any question feel free to ask . BR

Ahmadmansoor avatar Jul 01 '19 18:07 Ahmadmansoor