View previous topic :: View next topic |
Author |
Message |
ayuanx Newbie cheater Reputation: 0
Joined: 15 Oct 2014 Posts: 13
|
Posted: Wed Oct 15, 2014 10:02 pm Post subject: Is it possible to use CheatEnigne as a loader? |
|
|
The situation is that most programs run the initialization code only once.
So I have to run CheatEngine first and try to auto-attach to it as soon as the program starts in order to change its initialization code.
But in CheatEngine help, it says onProcessOpen() is called **before** attachment is fully done.
Is there a method that can guarantee the attachment is done meanwhile pause the program as soon as possible so hopefully it won't execute too much initialization code? (Just like what other loaders do.)
BTW1, do I have to specify the process name in writeBytes() like writeBytes(‘"name.exe"+0123ABCD’, 100)?
Or can I skip the process name like writeBytes(‘0123ABCD’, 100) when there is only one process attached?
I couldn't find any document describing the parameter formats (e.g. address) of those functions.
BTW2, how to distinguish between hex and decimal? (e.g. the above 0123ABCD, should it be 0x0123ABCD? It seems that it doesn't comply with LUA numerical convention.)
Thanks.
Last edited by ayuanx on Mon Oct 20, 2014 10:34 pm; edited 1 time in total |
|
Back to top |
|
|
panraven Grandmaster Cheater Reputation: 55
Joined: 01 Oct 2008 Posts: 942
|
Posted: Fri Oct 17, 2014 11:21 am Post subject: |
|
|
CE can act as a file patch-er.
ie.File>Open File,
If the .exe is not compressed and what you modified can be found in the .exe, may work.
backup the original.
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25296 Location: The netherlands
|
Posted: Fri Oct 17, 2014 12:31 pm Post subject: |
|
|
declare function debugger_onBreakpoint() and create the process using createProcess(path, parameters OPTIONAL, debug OPTIONAL, breakonentrypoint OPTIONAL)
set debug and breakonentry to true
debugger_onBreakpoint will hit when the process has loaded and is about to execute the first command
from there inject a code injection that goes into an infinite loop until a certain variable is set
while it's looping detach the debugger detachIfPossible() (might need to be called from a timer you spawn, it may not work from inside onBreakpoint() )
then do all your changes, and when done, set the variable so that the program will exit it's loop and start running the actual program
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
ayuanx Newbie cheater Reputation: 0
Joined: 15 Oct 2014 Posts: 13
|
Posted: Mon Oct 20, 2014 10:29 pm Post subject: |
|
|
Dark Byte wrote: | declare function debugger_onBreakpoint() and create the process using createProcess(path, parameters OPTIONAL, debug OPTIONAL, breakonentrypoint OPTIONAL)
set debug and breakonentry to true
debugger_onBreakpoint will hit when the process has loaded and is about to execute the first command
from there inject a code injection that goes into an infinite loop until a certain variable is set
while it's looping detach the debugger detachIfPossible() (might need to be called from a timer you spawn, it may not work from inside onBreakpoint() )
then do all your changes, and when done, set the variable so that the program will exit it's loop and start running the actual program |
Thanks Dark Byte, this might work I think.
May I ask some more questions?
1. How can I know whether functions like "wirteBytes()" are executed successfully? Is there a return value of true/false?
(The help document doesn't mention the return value.)
2. If I have a script in cheat table which has no hotkey associated with it, how can I invoke and run it from the main lua script?
3. How can I know the attached process has ended or not?
(getProcessID() always returns a valid value even after the process exits.)
4. Does auto-attach list only work for the first time?
For example, if you have declared onProcessOpen() function. It is called the first time the process is found. However, it the process exits and starts again, this function isn't called anymore.
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25296 Location: The netherlands
|
Posted: Tue Oct 21, 2014 5:31 am Post subject: |
|
|
1:
writeBytes returns the number of bytes it wrote. If it fails, it's likely to be 0
writeInteger and related return true/false
2: get the memoryrecord from the addresslist and activate it.
example: http://forum.cheatengine.org/viewtopic.php?p=5556813#5556813
3: try reading an address you know should exist. (e.g modulename.exe+0 )
4: yes, but there is an undocumented trick you can use to make it reattach every time, even if the current process is still open and you start another one
Code: |
getSettingsForm().cbAlwaysAutoAttach.Checked=true
|
Alternatively, start a timer that calls openProcess("processname") every time when you've found the current process memory is unreadable
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
ayuanx Newbie cheater Reputation: 0
Joined: 15 Oct 2014 Posts: 13
|
Posted: Tue Oct 21, 2014 5:52 am Post subject: |
|
|
Dark Byte wrote: | 1:
writeBytes returns the number of bytes it wrote. If it fails, it's likely to be 0
writeInteger and related return true/false |
Thanks for taking time to answer my questions!
|
|
Back to top |
|
|
|