|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
dende2000 How do I cheat? Reputation: 0
Joined: 28 Mar 2017 Posts: 1
|
Posted: Tue Mar 28, 2017 2:14 am Post subject: Help for a simple script |
|
|
Hello,
I'm new and not a programmer... so I need your help!
I need a simple script that found a pool of values, changes one and freeze another.
So... what I need is...
- Find this 4bytes string: "4:10 4:20 4:30 4:40 4:50"
- Change it to: "4:100 4:200 4:300 4:400 4:500"
- Freeze the last value (500)
Can you help me please?
|
|
Back to top |
|
|
FreeER Grandmaster Cheater Supreme Reputation: 53
Joined: 09 Aug 2013 Posts: 1091
|
Posted: Tue Mar 28, 2017 7:32 am Post subject: |
|
|
I know you can do a groupscan in lua but I think it'd be easier to just use an aob if you don't need to scan for 4 potentially changing values (or are willing to limit it to only working at the start of the game when you know the values, instead of at any time). So here's you can change the 5 values with an aob scan
If you manually do the groupscan and find the first (smallest) address, which should be the 10, you can then change the type to Array of Byte (and a length of 20 since you have 5 values of 4 bytes each) and copy the (hex) values there. You'll get Code: | 0A 00 00 00 14 00 00 00 1E 00 00 00 28 00 00 00 32 00 00 00 |
You can then do an aobscan like this:
Code: | [ENABLE]
aobscan(values,0A 00 00 00 14 00 00 00 1E 00 00 00 28 00 00 00 32 00 00 00)
values:
dd #100 #200 #300 #400 #500 // same as dd (int)100 (int)200 ...
// Note: Remember to change the getMemoryRecordByDescription if you change the script name/description
// use some lua to automatically disable this script shortly after its enabled
{$lua}
if syntaxcheck then return end
timer = createTimer()
timer.onTimer = function()
timer.destroy() -- destroy the timer so this code isn't run again
al = getAddressList()
mr = al.getMemoryRecordByDescription("Change Values")
mr.active = false
end
timer.interval = 100 -- 1/10 of a second
{$asm}
[DISABLE]
// do nothing
|
Note that the script needs to be changed to use the script name/description in the getMemoryRecordByDescription call if you don't name it "Change Values"...
If anyone does know of a way to get the currently running script's description/id/index (or the memory record itself) I'd love to know
As for freezing a value, the simplest way might be to add another memory record and let CE handle freezing it. Otherwise you could use a lua timer or createthread to create a loop which constantly writes to it. Though if just one (or only a few) functions changed it then you could hook those functions in the same script and prevent them from doing so, effectively freezing the value.
1. Create a memory record:
Method 1: asm + lua code Code: | [ENABLE]
aobscan(values,0A 00 00 00 14 00 00 00 1E 00 00 00 28 00 00 00 32 00 00 00)
values:
dd #100 #200 #300 #400 #500
// we need the address of values in lua, but we can't use the defined value from the asm so register it as a symbol
registerSymbol(values)
{$lua}
-- Note: Remember to change the getMemoryRecordByDescription if you change the script name/description
if syntaxcheck then return end
sleep(400) -- wait some arbitrary time for the aobscan to finish and values to be registered
-- add a memory record for the last value and freeze it
al = getAddressList()
mr = al.createMemoryRecord()
base = getAddress("values")
mr.Address = string.format("%x", base+16)
mr.Active = true
mr.Description = "The Frozen Value"
unregisterSymbol("values")
-- automatically disable this script shortly after its enabled
timer = createTimer()
timer.onTimer = function()
timer.destroy() -- destroy the timer so this code isn't run again
al = getAddressList()
mr = al.getMemoryRecordByDescription("Change Values")
mr.active = false
end
timer.interval = 100 -- 1/10 of a second
[DISABLE] |
I don't really like the sleep call. If it takes longer than 400 milliseconds (because your computer is slower than mine or it's located further in memory, whatever) then it won't work. You could make it larger like 2 seconds, but then you're making people wait longer than they need to. That's not an issue if you use all lua, which does make the aobscan slightly more complicated Code: | [ENABLE]
{$lua}
-- Note: Remember to change the getMemoryRecordByDescription if you change the script name/description
if syntaxcheck then return end
result = AOBScan("0A 00 00 00 14 00 00 00 1E 00 00 00 28 00 00 00 32 00 00 00")
if result == nil then return end
if result.Count ~= 1 then
result.destroy() -- free the list of results
showMessage("Found more than 1 result")
return
end
-- results are strings (in hexadecimal)
base = tonumber(result[0],16) -- store first (and only) result as a regular number
result.destroy() -- free the list of results
-- add a memory record for the last value and freeze it
al = getAddressList()
mr = al.createMemoryRecord()
mr.Description = "The Frozen Value"
mr.Address = string.format("%x", base+16) -- expects address as hex string
mr.Active = true -- freezes the value
-- automatically disable this script shortly after its enabled
timer = createTimer()
timer.onTimer = function()
timer.destroy() -- destroy the timer so this code isn't run again
al = getAddressList()
mr = al.getMemoryRecordByDescription("Change Values")
mr.active = false
end
timer.interval = 100 -- 1/10 of a second
[DISABLE] |
As for the lua timer Code: | [ENABLE]
aobscan(values,0A 00 00 00 14 00 00 00 1E 00 00 00 28 00 00 00 32 00 00 00)
values:
dd #100 #200 #300 #400 #500
// we need this address outside of the local script so register it
registerSymbol(values)
// Note: Remember to change the getMemoryRecordByDescription if you change the script name/description
{$lua}
--fullAccess(tonumber("4002A0",16),4) -- I was using a code cave on the tutorial to test that was read only lol
timer = createTimer()
timer.onTimer = function()
old = errorOnLookupFailure(false) -- don't quit on failing to find "values" symbol, just return 0
addr = getAddress("values")
if addr ~= 0 then
writeInteger(addr+16, 500)
end
errorOnLookupFailure(old) -- restore old error method for any other scripts
end
timer.interval = 100 -- 1/10 of a second
-- use some lua to automatically disable this script shortly after its enabled
if syntaxcheck then return end
timer = createTimer()
timer.onTimer = function(tmr)
tmr.destroy() -- destroy the timer so this code isn't run again
al = getAddressList()
mr = al.getMemoryRecordByDescription("Change Values")
mr.active = false
end
timer.interval = 100 -- 1/10 of a second
{$asm}
[DISABLE]
// do nothing |
I didn't actually get createThread to work unfortunately, it complains about the symbol being 0. My guess is that's just because it hasn't actually be registered yet but I'm not sure how to fix that... here's the script I tried if anyone can fix it Code: | [ENABLE]
aobscan(values,0A 00 00 00 14 00 00 00 1E 00 00 00 28 00 00 00 32 00 00 00)
values:
dd #100 #200 #300 #400 #500
registerSymbol(values)
globalalloc(freezeValue,$1000)
label(stopFreeze)
freezeValue:
mov [values+10], #500
// sleep 1/10 of a second
push 100 // 1000 milliseconds, mov into ecx for x64 code
call sleep
// loop
cmp byte ptr [stopFreeze], 0
je freezeValue
ret // let the thread die
stopFreeze:
db 0
registerSymbol(stopFreeze)
createThread(freezeValue)
{$lua}
-- Note: Remember to change the getMemoryRecordByDescription if you change the script name/description
-- automatically disable this script shortly after its enabled
timer = createTimer()
timer.onTimer = function()
timer.destroy() -- destroy the timer so this code isn't run again
al = getAddressList()
mr = al.getMemoryRecordByDescription("Change Values")
mr.active = false
end
timer.interval = 100 -- 1/10 of a second
[DISABLE]
stopFreeze:
db 1
|
exact error: error in line 10 (mov [00000000+10], #500): this instruction can't be compiled. Also not sure of a good way to be able to stop the lua timer method without actually allocating memory to check (I'd rather avoid that since you otherwise don't have to manually allocate memory, with createthread you're already doing that for the function so you might as well use part of it as a flag to let it die)...
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|