 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Stacktrace
Expert Cheater
 Reputation: 1
Joined: 04 Jul 2015
Posts: 105
|
 Posted: Wed May 25, 2016 3:08 pm Post subject: Cheat Engine 6.5.1 | Bugs |
 |
|
Heyyo, I've come accross some really annoying bugs within the latest Cheat Engine build. Windows tends to freeze on top more often(not being able to X it out) such as the DBVM activating window, if I activate DBVM I won't be able to close the window. Another bug is that if you double click in memory viewer it'll bring you to the main form for whatever reason. It can get very annoying.
To top that:
Amazing version! I love it. Thanks for fixing Ultimap like we talked about @DarkByte - You might want to re-name the ultimap fix though as it says for windows 10, the rkfix itself wos perfectly fine on windows 8 which is what I've always used. I couldn't even last two hours after using Ultimap but it works fine now!
|
|
| Back to top |
|
 |
panraven
Grandmaster Cheater
![]() Reputation: 55
Joined: 01 Oct 2008
Posts: 942
|
| Posted: Sat Jun 11, 2016 10:45 am Post subject: |
|
|
It seems Lua function executeCode with no parameter behave differently between 32bit and 64bit target.
| Code: |
CE is 64bit
(A)
print(os.date("start:%X"))
print(executeCode('Sleep',5000)) -- 1 parameter
print(os.date(" end:%X"))
(B)
print(executeCode('GetCurrentProcessID')) -- no parameter
(C)
print(executeCode('mono.mono_get_root_domain'))-- on mono 32/64bit target, no parameter, function should be cdecl
target => 64bit / 32bit
(A) OK OK
(B) OK crash target, after closed target, CE got the right pid
(C) return a number,no crash crash target, after closed target, CE got some number,
|
Is there any precaution when executeCode with no parameter function?
_________________
- Retarded. |
|
| Back to top |
|
|
Dark Byte
Site Admin
 Reputation: 458
Joined: 09 May 2003
Posts: 25281
Location: The netherlands
|
| Posted: Sat Jun 11, 2016 11:27 am Post subject: |
|
|
Executecode wasn't really designed to call win api's directly. Usually you inject some code and call that according to your own specification.
But to answer, 32 bit pushes a parameter on the stack, but GetCurrentProcessID doesn't pop it off using 'ret 4'
That way the stack gets corrupted
In 64 bit no value is pushed. Only the rcx register is set
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
panraven
Grandmaster Cheater
![]() Reputation: 55
Joined: 01 Oct 2008
Posts: 942
|
| Posted: Sat Jun 11, 2016 12:35 pm Post subject: |
|
|
I see... so, for 32bit no parameter function, the function has to be wrapped ?
Here a wrapper seems work,
| Code: |
function executeCode0P(addr)
if not targetIs64Bit() then
addr = type(addr)=='number' and string.format("%X",addr) or addr
if type(addr)=='string' then
local sym = '_call_'..addr
local script = string.format([[
define(target,%s)
define(symbol,%s)
globalalloc(symbol,$100)
symbol:
// push 0 // some dummy value pushed by original executeCode?
call target
ret 04
]],addr,sym)
if autoAssemble(script) then
return executeCode(sym)
end
end
else
return executeCode(addr)
end
end
-- work for 64bit or 32bit mono target
print(executeCode0P('GetCurrentProcessID'))
print(string.format("%X",executeCode0P('mono.mono_get_root_domain')))
|
But it need extra symbol and allocation.
Is there simpler way? eg. the executeCode function detect 32bit target and with no optional parameter should not push a dummy on stack?
Thank you~
_________________
- Retarded. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
