| View previous topic :: View next topic |
| Author |
Message |
Dark Byte
Site Admin
 Reputation: 465
Joined: 09 May 2003
Posts: 25509
Location: The netherlands
|
 Posted: Sun Aug 15, 2021 11:41 am Post subject: {$luacode} {$ccode} CE 7.3+ |
 |
|
{$LUACODE} and {$CCODE}:
They function like a {$LUA} block as it needs to be terminated with a {$ASM}, but unlike {$LUA} it does assemble code at that spot
LuaCode runs inside the context of Cheat Engine, so you have access to all of ce's lua code, but CCode runs natively inside the target process
They can take the following parameters for register to parameter conversion: (parametername=register)
| Code: |
RAX/EAX, RBX/EBX, ... : parameter becomes the value of the register
RAXF,RBXF,RCXF: Interpret value as float
XMM0..XMM15: In lua the bytetable format, in c the following typedef:
typedef struct {
union{
struct{
float f0;
float f1;
float f2;
float f3;
};
struct{
double d0;
double d1;
};
float fa[4];
double da[2];
};
} xmmreg, *pxmmreg;
XMM0.0 or XMM0.0F (float)
XMM0.1 or XMM0.1F (float)
....
XMM1.0
...
XMM0.0D (double)
....
|
On return, the parameter will be written back to the register
c-code also has the following special parameters:
| Code: |
PREFIX=xxx: all symbols in the c-code can be referenced alternatively by prefixname.symbolname
nodebug : Don't generate lineinfo
kernelmode: alloc in kernelmode
|
Additonally, C code can reference AA variables and functions (use extern <type> aavarname )
and AA code can reference C code functions and global variables
example: {$LUACODE}
| Code: |
alloc(newmem,2048,"Tutorial-x86_64.exe")
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
{$luacode testparam=eax}
printf("Tutorial hit me called. testparam=%d",testparam)
testparam=-2
{$asm}
originalcode:
sub [rbx+000007F8],eax
exit:
jmp returnhere
"Tutorial-x86_64.exe"+2B42C:
jmp newmem
nop
returnhere:
|
example: {$CCODE} and {$C}
| Code: |
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048,"Tutorial-x86_64.exe"+2B42C)
label(returnhere)
label(originalcode)
label(exit)
{$c}
int valuehelper(int x)
{
return -x;
}
{$asm}
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
{$ccode value=rax}
value=valuehelper(value);
{$asm}
originalcode:
sub [rbx+000007F8],eax
exit:
jmp returnhere
"Tutorial-x86_64.exe"+2B42C:
jmp newmem
nop
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"Tutorial-x86_64.exe"+2B42C:
sub [rbx+000007F8],eax
//Alt: db 29 83 F8 07 00 00
|
For CCode and C blocks, you can find them in the memoryviewer, and their sourcecode lines will show. If you doubleclick on the sourcecode line, a sourcecode viewer will open with debug options and lets you set breakpoints on specific lines and step over on a line-based position
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
 |
Dark Byte
Site Admin
Reputation: 465
Joined: 09 May 2003
Posts: 25509
Location: The netherlands
|
| Posted: Thu Aug 26, 2021 1:28 pm Post subject: |
|
|
also, {$lua} blocks execute before c/ccode/luacode blocks so you can use lua to implement common includes
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
ragnaroks
Newbie cheater
![]() Reputation: 1
Joined: 30 Aug 2021
Posts: 13
|
| Posted: Mon Aug 30, 2021 2:11 am Post subject: |
|
|
cloud you please append some script that show how use "XMM registers" in {$CCODE} ?
i create a script here:
| Code: |
{$STRICT}
[ENABLE]
assert("demo.exe+4F380",F3 0F 11 AE D0 00 00 00)
alloc(newmem,128,"demo.exe+4F380")
label(returnhere)
label(exit)
label(player)
demo.exe+4F380:
jmp newmem
nop 3
returnhere:
newmem:
pushfd
cmp [esi+3C],00
je player
{$CCODE hpValue=XMM5.0F}
if(hpValue<2.0F){return;}
hpValue=1.0F;
{$ASM}
jmp exit
player:
movss xmm5,[esi+25C]
exit:
popfd
movss [esi+D0],xmm5
jmp returnhere
[DISABLE]
demo.exe+4F380:
DB F3 0F 11 AE D0 00 00 00
dealloc(*)
|
when i execute it,throw ("" is an invalid integer) error message.
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 465
Joined: 09 May 2003
Posts: 25509
Location: The netherlands
|
| Posted: Mon Aug 30, 2021 4:45 am Post subject: |
|
|
ah whoops. There's a bug in the parser. I'll fix it. but for now there is a workaround which will keep working after I fix this:
change
| Code: |
{$CCODE hpValue=XMM5.0F}
|
to
| Code: |
{$CCODE hpValue=XMM-5.0F}
|
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
ragnaroks
Newbie cheater
![]() Reputation: 1
Joined: 30 Aug 2021
Posts: 13
|
| Posted: Mon Aug 30, 2021 5:16 am Post subject: |
|
|
thank you for your response.
i changed my $CCODE and it works fine.
---------------------------------------------------------------------
does it have some way to access full-single XMM register?
like this:
| Code: |
{$CCODE xm1=XMM1 this=EAX}
if(this+0x1C==0x01){
xm1.f0=100.0F;
xm1.f1=0.0F;
}else{
xm1.f0=0.0F;
xm1.f1=100.0F;
}
|
---------------------------------------------------------------------
the {$LUACODE} maybe have some problem too.
i copied your example code:
| Code: |
{$STRICT}
[ENABLE]
alloc(newmem,2048,"Tutorial-x86_64.exe")
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
{$luacode testparam=eax}
printf("Tutorial hit me called. testparam=%d",testparam)
testparam=-2
{$asm}
originalcode:
sub [rbx+000007F8],eax
exit:
jmp returnhere
"Tutorial-x86_64.exe"+2B42C:
jmp newmem
nop
returnhere:
[DISABLE]
"Tutorial-x86_64.exe"+2B42C:
DB 29 83 F8 07 00 00
dealloc(*)
|
when execute it will throw this message:
| Quote: |
Not all code is injectable.
(Error in line 0 (call CELUA_ExecuteFunctionByReference) : This instruction can't be compiled)
Are you sure you want to edit it to this?
|
then i find that after open LUA-Engine function,this message will no more popup.
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 465
Joined: 09 May 2003
Posts: 25509
Location: The netherlands
|
| Posted: Mon Aug 30, 2021 5:32 am Post subject: |
|
|
| Quote: |
does it have some way to access full-single XMM register?
|
in the patched version yes, you'll be able to do it just like that. (it's patched on patreon, but the public version may take a day or so)
but for now, do XMM-1.0 XMM-1.1 XMM-1.2 etc...
alternatively, if you really really want to, (I discourage this as the stackframe layout may change in the future)
| Code: |
typedef struct {
union{
struct{
float f0;
float f1;
float f2;
float f3;
};
struct{
double d0;
double d1;
};
float fa[4];
double da[2];
};
} xmmreg2, *pxmmreg2;
xmmreg2 xm1 = *(pxmmreg2)((unsigned long)(parameters+0xa0+1*16));
|
---
As for the lua error, that's just the syntax check. The syntaxcheck does not inject dll's into the target process, so call CELUA_ExecuteFunctionByReference will fail as the dll can't be found yet. But doing an actual run should be fine
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping
Last edited by Dark Byte on Mon Aug 30, 2021 5:43 am; edited 4 times in total |
|
| Back to top |
|
|
ragnaroks
Newbie cheater
![]() Reputation: 1
Joined: 30 Aug 2021
Posts: 13
|
| Posted: Mon Aug 30, 2021 5:39 am Post subject: |
 |
|
| i become an $2.5-level user on patreon just now,i'll try this version,thanks for your help
|
|
| Back to top |
|
|
ajanuw
How do I cheat?
![]() Reputation: 0
Joined: 14 Jul 2020
Posts: 5
|
| Posted: Sat Oct 09, 2021 7:58 pm Post subject: |
|
|
|
|
| Back to top |
|
|
herbaltea
How do I cheat?
![]() Reputation: 0
Joined: 14 Jan 2022
Posts: 3
|
| Posted: Fri Jan 14, 2022 6:59 pm Post subject: |
|
|
I want to dynamically add address to list. Can I use luacode to do that?
If I understood correctly, with luacode I only can access a value of registry, but I need an address for
| Code: |
local list = getAddressList()
local rec = list.createMemoryRecord()
rec.setAddress(address)
|
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 465
Joined: 09 May 2003
Posts: 25509
Location: The netherlands
|
| Posted: Sat Jan 15, 2022 4:10 am Post subject: |
|
|
let's say the following code accesses the address: mov [rcx+28],r8
you can then do
| Code: |
...
{$luacode base=rcx}
local address=base+0x28
local list = getAddressList()
synchronize(function()
local rec = list.createMemoryRecord()
rec.setAddress(address)
end)
{$asm}
...
|
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping
Last edited by Dark Byte on Sat Jan 15, 2022 1:42 pm; edited 1 time in total |
|
| Back to top |
|
|
ParkourPenguin
I post too much
 Reputation: 147
Joined: 06 Jul 2014
Posts: 4518
|
| Posted: Sat Jan 15, 2022 1:13 pm Post subject: |
|
|
Creating a memory record accesses the AddressList's TreeView. Is that safe to do from another thread?
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 465
Joined: 09 May 2003
Posts: 25509
Location: The netherlands
|
| Posted: Sat Jan 15, 2022 1:43 pm Post subject: |
|
|
Right. You should encompass it in a synchronize call or use an event. Synchronize is easy, event is more efficient. (another thread is in an infinite waitloop and only reacts when the event is set)
I've updated the post to use synchronize (and yes, upvalues are supported in synchronize)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
herbaltea
How do I cheat?
![]() Reputation: 0
Joined: 14 Jan 2022
Posts: 3
|
| Posted: Sun Jan 16, 2022 10:24 am Post subject: |
|
|
| Dark Byte wrote: | let's say the following code accesses the address: mov [rcx+28],r8
you can then do
| Code: |
...
{$luacode base=rcx}
local address=base+0x28
local list = getAddressList()
synchronize(function()
local rec = list.createMemoryRecord()
rec.setAddress(address)
end)
{$asm}
...
|
|
Thank you for your help. I injected code to some infinity loop. In injected code I collect unique items and if item already in address list I want to disable AA script. How can I disable AA script from luacode part? Currently the game crashes when I execute memoryRecord.Active = false from luacode.
| Code: |
mov eax,[esi+10]
{$luacode address=esi}
synchronize(function()
if not isAddressInInventoryList(address) then
addAddressToInventoryList(address)
else
disableInventoryScript()
end
end)
|
disableInventoryScript is
| Code: |
function disableInventoryScript()
inventoryList.Active = false
end
|
inventoryList is memory record
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 465
Joined: 09 May 2003
Posts: 25509
Location: The netherlands
|
| Posted: Sun Jan 16, 2022 11:07 am Post subject: |
|
|
that's because the luacode returns and then executes the code that returns to the originalcode, but since you've already deleted that you'll crash
instead of instantly freeing the code use a flag that tells the code to stop logging. (preferable in asm so you skip the luacode block) and use a timer to check if the lua code has finished executing
then after the luablock set a flag that the last luablock has finished so that the timer knows it can free the code
(or just use a long enough timer)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
dharmang1910
Expert Cheater
![]() Reputation: 0
Joined: 09 May 2010
Posts: 102
|
| Posted: Tue Mar 08, 2022 2:45 am Post subject: |
|
|
Is it possible to use st(0) , st(1) etc in parameter conversion in luacode like {$luacode stack=st(0)} or something?
I want to use it prior to fstp opcode.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
