Cheat Engine

educofu · Posted: Thu Dec 24, 2009 12:25 pm Post subject: CREATETHREAD understanding

in AA,what is and how do i use the createthread?

Dark Byte · Posted: Wed Jan 06, 2010 3:21 pm Post subject:

let's say you have a piece of code you want to execute, but don't want to hook the game's api

you can then use createthread to execute that code:

educofu · Posted: Wed Jan 06, 2010 5:15 pm Post subject:

thanks.

Aqua Regia · Posted: Sat Mar 20, 2010 2:40 pm Post subject:

If you use createthread in a cheat table, do you have to destroy the thread under [DISABLE]?

Dark Byte · Posted: Sat Mar 20, 2010 3:40 pm Post subject:

in case of threads you have to add in your own disable way , and don't free the associated memory

e.g:
[enable]
alloc(mycode,4096)
CREATETHREAD(mycode);
label(mustend)
registersymbol(mustend)

mycode:
mov eax,[gamex.dll+123456]
mov ebx,[eax+4c]
mov [eax+48],ebx

push #1000
call sleep
cmp [mustend],1
jne mycode

ret

mustend:
dd 0

[disable]
mustend:
dd 1

Aqua Regia · Posted: Sat Mar 20, 2010 4:47 pm Post subject:

Thanks for responding, any idea why the program would crash when I execute that code?

I'm using Windows 7 64-bit version. When I tried the first code you posted in this thread it didn't crash when I removed the sleep part.

Dark Byte · Posted: Sat Mar 20, 2010 7:21 pm Post subject:

when you say you removed the sleep part, did you also remove the parameter push ?

If not, that's the problem (by default a created thread has as return value on the stack the address of terminatethread, by messing with the stack, you'll start crashing

(also, infinitely looping like that is really a bad idea)

edit:
and of course
mov eax,[gamex.dll+123456]
mov ebx,[eax+4c]
mov [eax+48],ebx

will 100% cause a crash in almost any game if the address/pointer is wrong

edit2:
And again, don't even dare to dealloc the memory of the thread

Aqua Regia · Posted: Sat Mar 20, 2010 7:39 pm Post subject:

I was wrong, it's the push part. If I comment that part out it doesn't crash.

This is the code you posted above, I only replaced the part right after "mycode:". What's the return doing there anyway? And are symbols like variables or something, and "dd" sets them?

Dark Byte · Posted: Sat Mar 20, 2010 8:48 pm Post subject:

symbols are names you can use throughout ce
e.g in the memory view you can goto address "mustend" and it'll go there
and you can even put it into your addresslist

and dd initializes a 4 byte value at the current address
dq a 8 byte, dw a 2 byte and db a 1 byte

and as I said in the previous post, the ret will cause the thread to jump to the terminatethread function so it'll terminate itself

XaLeX · Posted: Thu Jul 01, 2010 8:22 am Post subject:

There's something i don't get about this..

Dark Byte · Posted: Thu Jul 01, 2010 9:20 am Post subject:

that script will work, but it looks like you found a bug

push #1000 is assembled wrong, replace it with "push 000003e8"

I'll see if I can quickly upload a fixed version

Dark Byte · Posted: Thu Jul 01, 2010 9:25 am Post subject:

ok, redownload ce and it'll be fixed

one thing I have to say about that script: You have to wait a full second before you can re-enable it else you might end up having multiple threads running.
A lower sleep (e.g 10 ms) will fix it and won't even lag the game at all (1 millisecond is a really long time for a cpu)

XaLeX · Posted: Thu Jul 01, 2010 10:02 am Post subject:

woah, i'm glad i could help improve CE Very Happy

even though i gave you work to do on your birthday xD

anyway, you've been very helpful, as always.. thanks ^_^

Twizz · Newbie cheater Reputation: 0 Joined: 21 Jan 2011 Posts: 12

Dark Byte · Posted: Sat Jan 29, 2011 9:38 pm Post subject:

Assuming you only want to do it one time.

But if you do want to call it multiple times you can replace the alloc with globalalloc
That way it will reuse the memory next time it's executed