Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Making 64bit trainers

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
STN
I post too much
Reputation: 43

Joined: 09 Nov 2005
Posts: 2676
PostPosted: Mon Mar 03, 2014 5:38 am    Post subject: Making 64bit trainers Reply with quote
So seems more games are using 64bit these days and even forcing you to use the 64bit version (thief e.g). Seems there isn't much info on trainer-making on 64bit or the search function above is failing me. So does anyone have a basic trainer template that i could look at and figure out the differences.

What i am more interested is in the WPM()/RPM() methods and if there's a change in that, also dll injection. I feel like such a newb and should have done this long ago but better late than never, eh.
_________________
Cheat Requests/Tables- Fearless Cheat Engine
https://fearlessrevolution.com
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 470

Joined: 09 May 2003
Posts: 25791
Location: The netherlands
PostPosted: Mon Mar 03, 2014 6:05 am    Post subject: Reply with quote
Compile your trainer in 64 will show the main issues (warnings and errors by the compiler)
Also, read the msdn about the api's you use.
Dont typecast pointers to dword, but to UINT_PTR (or QWORD if you know it's going to be 64 bit)

Also, dll injection is a bit different.
First read http://msdn.microsoft.com/en-us/library/ms235286.aspx
It explains how to do function calls

In short: allocate stackspace for at least 4 parameters (even if the function takes less)
And fill in the first 4 parameters in rcx,rdx,r8 and r9(floats get added to xmm0,xmm1,xmm2 and xmm3)
If you need more than 4 parameters allocate more stack and fill in the extra stack slots with the value)
And the rsp register must be aligned on a 16 byte boundary before the call instruction is executed.
Keep in mind that when a function is called, including createremotethread, the return address is pushed on the stack(8 bytes). This means the stack is misaligned on function entry. So when setting up the stack for a function call, keep that in mind (decrease rsp with 8 to fix that)

Another issue is that relative jumps can only do 32-bit distances (still 5 byte)
This can be problematic for code injections if you blindly allocate. Luckily VirtualAllocEx lets you specify the location to allocate, so you can allocate nearby the code you're hooking. But it has a few rules
1: The location must not be in use
2: The address must be aligned on the allocation granularity of the os (windows 7 is 64KB)

Alternatively, you could use an construction like this, which takes way more bytes:
Code:

Jmp addresslabel
Addresslabel:
DQ <address>

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
kik4444
Expert Cheater
Reputation: 0

Joined: 07 Sep 2013
Posts: 120
Location: Bulgaria
PostPosted: Mon Mar 03, 2014 6:27 am    Post subject: Reply with quote
If you're generating a trainer through CE, I think there was an option to target 64-bit
_________________
Silence will fall when the question is asked...
Back to top
View user's profile Send private message
STN
I post too much
Reputation: 43

Joined: 09 Nov 2005
Posts: 2676
PostPosted: Mon Mar 03, 2014 10:19 am    Post subject: Reply with quote
Dark Byte wrote:
Compile your trainer in 64 will show the main issues (warnings and errors by the compiler)
Also, read the msdn about the api's you use.
Dont typecast pointers to dword, but to UINT_PTR (or QWORD if you know it's going to be 64 bit)
.....
...
..

Alternatively, you could use an construction like this, which takes way more bytes:
Code:

Jmp addresslabel
Addresslabel:
DQ <address>


So basically everything is increased in size due to the large address space of 64bit. I was looking to be spoonfed with a template hehe but thanks for the detailed response. I will start with just simple template first (wpm etc.).

By the way, thanks for clarifying the bit about alloc, i was wondering why CE wrote that game.exe+offset in my auto assemble scripts. Removing that, the jump was like 10 or more bytes.

kik4444 wrote:
If you're generating a trainer through CE, I think there was an option to target 64-bit


Its actually easy with CE to generate 64bit trainers, just use the target is 64bit option. I am writing a trainer engine myself with c++ and that is what i need help with.
_________________
Cheat Requests/Tables- Fearless Cheat Engine
https://fearlessrevolution.com
Back to top
View user's profile Send private message
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197
PostPosted: Mon Mar 03, 2014 10:41 am    Post subject: Reply with quote
STN wrote:
kik4444 wrote:
If you're generating a trainer through CE, I think there was an option to target 64-bit
Its actually easy with CE to generate 64bit trainers, just use the target is 64bit option..
-Just to clarify, for anyone that is reading...you do have to edit your scripts accordingly.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites