 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Attack
Cheater
![]() Reputation: 0
Joined: 21 Mar 2011
Posts: 46
Location: Canada
|
 Posted: Mon Feb 02, 2015 9:12 pm Post subject: Script that automatically disables itself? |
 |
|
I've been searching the web since I'm sure I saw it somewhere, but I am trying to write a script that kills itself after it is enabled.
I need a timer to end on command, but I need the script to disable itself, otherwise it kills every level instantly thereafter.
This is the code I am using that currently I have to hotkey twice. I know it's just one press, but I think a more elegant solution would be nice.
| Code: | [ENABLE]
aobscan(endtimer,2B C6 8D 0C 8D)
registersymbol(endtimer)
endtimer:
db 29 C0
//og code sub eax,esi
//new code sub eax,eax
[DISABLE]
endtimer:
db 2B C6
unregistersymbol(endtimer) |
I had some ideas, but ultimately none of them actually disable the script and/or actually change the code back.
|
|
| Back to top |
|
 |
Geri
Moderator
![]() Reputation: 111
Joined: 05 Feb 2010
Posts: 5636
|
|
| Back to top |
|
|
Attack
Cheater
![]() Reputation: 0
Joined: 21 Mar 2011
Posts: 46
Location: Canada
|
| Posted: Tue Feb 03, 2015 1:08 am Post subject: |
|
|
Thanks. That helps. I realized that if the timer is frozen aobscan would fail, so instead I scanned for the next instruction and injected there, as whether time is reducing or frozen aren't important, so I inject after, but I still want to run the original code, so I got this.
| Code: | [ENABLE]
alloc(timerend,512)
label(returnhere)
label(exit)
label(ogcode)
label(_endtimer)
registersymbol(_endtimer)
aobscan(endtimer,8D 0C 8D 20 9E C2 01)
timerend:
sub eax,eax
ogcode:
db 8D 0C 8D 20 9E C2 01
//og code sub eax,esi
//new code sub eax,eax
exit:
jmp returnhere
endtimer:
_endtimer:
jmp timerend
nop
nop
returnhere:
[DISABLE]
dealloc(timerend)
_endtimer:
db 8D 0C 8D 20 9E C2 01
unregistersymbol(_endtimer) |
This works well for ending the timer, so now using your link and stuff written there, I tried to implement something that automatically turns off. LUA is still too advanced for me and I know you can put the same code in disable, so it would work either way.
BUT I cannot get my script to work. I feel like I am missing something obvious.
| Code: | [ENABLE]
globalalloc(timerend,512)
globalalloc(ogcode,7)
label(returnhere)
label(_endtimer)
registersymbol(_endtimer)
aobscan(endtimer,8D 0C 8D 20 9E C2 01)
ogcode:
db 8D 0C 8D 20 9E C2 01
endtimer:
_endtimer:
jmp timerend
nop
nop
returnhere:
timerend:
sub eax,eax
db 8D 0C 8D 20 9E C2 01
//og code sub eax,esi
//new code sub eax,eax
pushad
pushfd
cld
mov ecx,7
mov esi, ogcode
mov edi, endtimer
rep movsb
popfd
popad
jmp returnhere
[DISABLE]
//dealloc(timerend)
//_endtimer:
//db 8D 0C 8D 20 9E C2 01
//unregistersymbol(_endtimer) |
I am assuming that mov edi, endtimer is creating the issues. I can view the memory and following the code, it simply isn't right.
I don't know what I can do to fix this, all examples use static address and not aobscans.
|
|
| Back to top |
|
|
Geri
Moderator
![]() Reputation: 111
Joined: 05 Feb 2010
Posts: 5636
|
| Posted: Tue Feb 03, 2015 8:58 am Post subject: |
|
|
Before you go further, you should know that as I have explained it in the previous topic, this solution is for extreme cases, when you need to absolutely clean up the memory and remove the code injection after execution (eg to try to avoid memory checks).
To disable a script after 1 (or x amount of) execution, you can simply use a flag.
If you want to enable/disable a cheat very rapidly whenever it's needed, you can use GetAsyncKeyState, which will enable the cheat only until a defined key is pressed. Or you can also use a flag and 2 hotkeys to set the flag to on or off, which allows the user to quickly turn the cheat on/off, without executing aobscan and the whole code injection again.
With these solution, the script (code injection) itself is not removed, but it can be turned on/off easily as you prefer it. And I think that this is what you are looking for, not the more radical method.
_________________
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Tue Feb 03, 2015 9:32 am Post subject: |
|
|
| He's probably looking for the more radical method...for an online target, presumably.
|
|
| Back to top |
|
|
Geri
Moderator
![]() Reputation: 111
Joined: 05 Feb 2010
Posts: 5636
|
| Posted: Tue Feb 03, 2015 9:44 am Post subject: |
|
|
I am not sure about it. He said disable and/or change the code back, so based on the first post in the topic, I think it's enough if he is using a flag.
_________________
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Tue Feb 03, 2015 10:51 am Post subject: |
|
|
| If that is the case, then I would agree that a simple flag is the way to go.
|
|
| Back to top |
|
|
Attack
Cheater
![]() Reputation: 0
Joined: 21 Mar 2011
Posts: 46
Location: Canada
|
| Posted: Tue Feb 03, 2015 2:36 pm Post subject: |
|
|
| Geri wrote: | | Before you go further, you should know that as I have explained it in the previous topic, this solution is for extreme cases, when you need to absolutely clean up the memory and remove the code injection after execution (eg to try to avoid memory checks). |
Yeah, there's no memory checks. The logical solution was just to replace the code after execution.
What I am trying to accomplish is simple. The game has X amount of time. I can freeze the time, but it is necessary for the time to end. If I enable my cheat and leave it, it will instantly end the time every time a level is started. I need it to only end it once.
| Geri wrote: | To disable a script after 1 (or x amount of) execution, you can simply use a flag.
If you want to enable/disable a cheat very rapidly whenever it's needed, you can use GetAsyncKeyState, which will enable the cheat only until a defined key is pressed. Or you can also use a flag and 2 hotkeys to set the flag to on or off, which allows the user to quickly turn the cheat on/off, without executing aobscan and the whole code injection again.
With these solution, the script (code injection) itself is not removed, but it can be turned on/off easily as you prefer it. And I think that this is what you are looking for, not the more radical method. |
If it's flags I am to be using, what I want to do is
First execution, hit F5 -> run script to end time (which turns flag to off as last step)
F5 thereafter -> turn flag on, script runs, turns it off
Otherwise, I could add the necessary injection onto the freeze time script, without having it run, i.e. flag is set off, and have the end timer script only
change the flag?
Or put it all into one and have two separate hotkeys if possible.
I'm going to start looking to see if I can find some resources to help me do this.
EDIT: I am obviously not searching for the right thing. I keep finding black flag (game) related things.
I just need to set a global variable that I can change from 0 to 1 and vice versa, allowing me to use a jump instruction.
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Tue Feb 03, 2015 4:21 pm Post subject: |
|
|
There are a couple of different ways you can do it. If you want to stay away from LUA, and use assembly only, you can do something like this:
| Code: | [ENABLE]
alloc(newmem,48,"game.exe"+123)
label(returnhere)
label(originalcode)
label(enable)
label(custom_code)
registersymbol(enable)
newmem:
cmp byte ptr [enable],1
je custom_code
jmp originalcode
custom_code:
mov byte ptr [enable],0
//custom_code here
jmp originalcode
originalcode:
//originalcode here
jmp returnhere
enable:
db 0
"game.exe"+123:
jmp newmem
nop
nop
returnhere:
[DISABLE]
dealloc(newmem)
"game.exe"+123:
//originalcode
unregistersymbol(enable) |
Once the script is enabled, add an address, manually, to your cheat table. In the address field, put enable. Change the type to byte. Now, just set a hotkey that will change the value of that custom address to 1, whenever it is pressed.
Last edited by ++METHOS on Tue Feb 03, 2015 4:43 pm; edited 1 time in total |
|
| Back to top |
|
|
Attack
Cheater
![]() Reputation: 0
Joined: 21 Mar 2011
Posts: 46
Location: Canada
|
| Posted: Tue Feb 03, 2015 4:37 pm Post subject: |
|
|
++METHOS thanks for the code example. I'm going to mess around after lunch, hopefully get it all working the way I want.
Are flags generally the better way to do cheats or is it better to have a proper enable/disable section?
Just thinking that with these flags you could load your whole script, only aobscan once, rather than every time it is enabled.
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Tue Feb 03, 2015 4:46 pm Post subject: |
|
|
Depends. Personally, I prefer doing less work...and in most cases, just using simple flags is the better way to go.
By the way...I made a slight change to the script after I posted it.
|
|
| Back to top |
|
|
Attack
Cheater
![]() Reputation: 0
Joined: 21 Mar 2011
Posts: 46
Location: Canada
|
| Posted: Tue Feb 03, 2015 7:10 pm Post subject: |
|
|
| Ugh, this has revealed an issue in my script I didn't know about before. It worked a million times and now it doesn't, I know why, but don't know how to fix it.
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Tue Feb 03, 2015 7:46 pm Post subject: |
|
|
| Paste your script.
|
|
| Back to top |
|
|
Attack
Cheater
![]() Reputation: 0
Joined: 21 Mar 2011
Posts: 46
Location: Canada
|
| Posted: Tue Feb 03, 2015 7:55 pm Post subject: |
|
|
Your script works. It's an issue with mine.
| Code: | [ENABLE]
alloc(newmem,512)
label(returnhere)
label(originalcode)
label(endTime)
label(custom_code)
registersymbol(endTime)
aobscan(aobTime,8D 0C 8D 20 9E ?? 01)
label(_aobTime)
registersymbol(_aobTime)
newmem:
cmp byte ptr [endTime],1
je custom_code
jmp originalcode
custom_code:
mov byte ptr [endTime],0
sub eax,eax
jmp originalcode
originalcode:
db 8D 0C 8D 20 9E 96 01 // problem here as the 96 is different next time
jmp returnhere
endTime:
db 0
aobTime:
_aobTime:
jmp newmem
nop
nop
returnhere:
[DISABLE]
dealloc(newmem)
_aobTime:
db 8D 0C 8D 20 9E 96 01 // problem here as the 96 is different next time
unregistersymbol(endTime)
unregistersymbol(_aobTime) |
The issue arises with the opcode I use for aob and replace. I am looking for a code that has a slightly different opcode every restart, so I have the ??, works great for aob. The code itself stays static. This causes an issue for my code, because I still need that original code, this is just the injection point I need to use. So how do I know what to restore as two bytes are different every time? Can I read and store the opcode before replacing it?
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
