|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
Twistedfate Expert Cheater Reputation: 1
Joined: 11 Mar 2016 Posts: 231
|
Posted: Tue Aug 15, 2017 6:45 pm Post subject: readIntger when asm code executed. |
|
|
I want lua readIntger (x) when the instruction is executed only and the count of the instrction still on ...
example :
{$lua}
local r=readInteger('X') //I will use timer later ..
{$asm}
registersymbol(X)
alloc(X,4)
cmp eax,[esi+2c]
je blah
mov [x],eax // → If the jump is not taken I want lua read x else dont read ... how ??
------------------------------------------------
or I want to jump in asm if the instruction count is on or executed
ex :
mov ecx,3
jmp if the game using (mov ecx,3) now
|
|
Back to top |
|
|
FreeER Grandmaster Cheater Supreme Reputation: 53
Joined: 09 Aug 2013 Posts: 1091
|
Posted: Wed Aug 16, 2017 6:45 am Post subject: |
|
|
if X is a registered symbol then you don't really need lua to do this
Code: | registersymbol(X)
alloc(X,4)
addressToInjectCode:
cmp eax,[esi+2c]
je blah
mov [x],eax
|
will do the job, if the jump is taken then the mov never happens so eax is not written to X, if it's not taken then it does... If you want a boolean for whether it's been updated then you could either compare it to it's previous value in lua or simply allocate 8 bytes and use 4 for that boolean, eg. mov [x],eax and mov [x+4], 1 (indicates update) then in lua set the boolean to 0 whenever you're done with it.
now if you really want/need to run some lua code when the jump is not taken the only way I've seen is something like this example for step 2 of the tutorial:
Code: | // http://forum.cheatengine.org/viewtopic.php?p=5726944#5726944 basic x64 call example
// http://forum.cheatengine.org/viewtopic.php?t=604761 faster call with CELUA_ExecuteFunctionByReference
{$lua}
-- lua function to run, could be in global table
function testMe(id)
print('testMe was called with id ' .. tostring(id) .. '!')
--[[
-- registers are not updated unfortunatetly, even with get/set context...
-- I suppose a breakpoint could be set on the return address and set them there,
-- a registered symbol would make it easy to find
debug_getContext() -- update registers for lua
print(('%x'):format(EBX+0x480))
print(EAX)
debug_setContext() -- update registers for asm
--]]
-- disable the mem rec, after a delay for the script to finish
-- or you'll probably crash when you return from the lua function
-- to the asm code that was deallocated.... lol
local t = createTimer()
t.Interval = 300 -- milliseconds 3/10 of a second
t.OnTimer = function(t)
local mr = getAddressList().getMemoryRecordByID(id)
if mr then mr.Active = false end
t.destroy()
end
end
{$asm}
loadlibrary(luaclient-i386.dll)
luacall(openLuaServer('CELUASERVER'))
CELUA_ServerName:
db 'CELUASERVER',0
globalalloc(luaFunctionCode, 200)
luaFunctionCode:
db 'testMe(parameter)',0 // parameter set by CELUA_ExecuteFunction
[ENABLE]
aobscan(step2HitMeCode, 89 83 ?? ?? ?? ?? 8d 55 ?? e8 ?2 62)
alloc(newmem, $1000) // globalalloc mem is not dealloced
label(return)
newmem:
mov [ebx+00000480], eax // set step 2 value
push eax // save eax
// push this scripts id (could be pointer to arguments in memory somewhere)
{$lua}
return memrec and ('push #' .. memrec.id) or ('push #224') -- pre CE6.7 doesn't have memrec
{$asm}
push luaFunctionCode // lua code to run
call CELUA_ExecuteFunction // run it, make sure it doesn't dealloc mem that's running lol
pop eax
jmp return
step2HitMeCode:
jmp newmem
nop
return:
registerSymbol(step2HitMeCode)
[DISABLE]
step2HitMeCode:
mov [ebx+00000480], eax
unregisterSymbol(step2HitMeCode)
dealloc(newmem) |
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|