 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
danrevella
Master Cheater
 Reputation: 2
Joined: 11 Jun 2008
Posts: 291
|
 Posted: Sun Dec 13, 2015 11:51 am Post subject: injecting code and save ECX in a variable without use debug |
 |
|
Hi!
I have this problem: I wanna that my injecting code before executing, save the ECX register in a variable f.e. "myforce", so i may use it in a cheat table.
| Code: |
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
originalcode:
mov [ecx+000001A2],edi
exit:
jmp returnhere
"XWINGALLIANCE.EXE"+907D8:
jmp newmem
nop
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"XWINGALLIANCE.EXE"+907D8:
mov [ecx+000001A2],edi
//Alt: db 89 B9 A2 01 00 00 |
I know I may use f.e.:
mov [myregistervaluevar],ecx
but I'm unable in figuring how to realize it.
May you gently help me with a pratical example?
Many thanks
|
|
| Back to top |
|
 |
Zanzer
I post too much
![]() Reputation: 126
Joined: 09 Jun 2013
Posts: 3278
|
| Posted: Sun Dec 13, 2015 12:08 pm Post subject: |
 |
|
| Code: | [ENABLE]
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
label(myforce) // setup a label for your address
newmem:
mov [myforce],ecx // store the address inside ECX
originalcode:
mov [ecx+000001A2],edi
exit:
jmp returnhere
myforce: // place this outside of the execution path (notice the JMP above)
dd 0 // reserve 4-bytes / dword / dd
"XWINGALLIANCE.EXE"+907D8:
jmp newmem
nop
returnhere:
registersymbol(myforce) // register the symbol so you can use it within the table
[DISABLE]
dealloc(newmem)
"XWINGALLIANCE.EXE"+907D8:
mov [ecx+000001A2],edi
//Alt: db 89 B9 A2 01 00 00 |
|
|
| Back to top |
|
|
danrevella
Master Cheater
Reputation: 2
Joined: 11 Jun 2008
Posts: 291
|
| Posted: Sun Dec 13, 2015 1:28 pm Post subject: |
|
|
It does work 100%!!!!!!
Many time a pratical example is even better that pages of instructions 
I'm so happy you were so kind!!!
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Sun Dec 13, 2015 11:45 pm Post subject: |
|
|
Don't forget to unregistersymbol. 
|
|
| Back to top |
|
|
danrevella
Master Cheater
Reputation: 2
Joined: 11 Jun 2008
Posts: 291
|
| Posted: Fri Dec 18, 2015 3:25 pm Post subject: |
|
|
| Zanzer wrote: | | Code: | [ENABLE]
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
label(myforce) // setup a label for your address
newmem:
mov [myforce],ecx // store the address inside ECX
originalcode:
mov [ecx+000001A2],edi
exit:
jmp returnhere
myforce: // place this outside of the execution path (notice the JMP above)
dd 0 // reserve 4-bytes / dword / dd
"XWINGALLIANCE.EXE"+907D8:
jmp newmem
nop
returnhere:
registersymbol(myforce) // register the symbol so you can use it within the table
[DISABLE]
dealloc(newmem)
"XWINGALLIANCE.EXE"+907D8:
mov [ecx+000001A2],edi
//Alt: db 89 B9 A2 01 00 00 |
|
Ehm...... all ok of course, but......
now I also would like that the table I have done with adress "myforce" was auto setted to value f.e. "9999", and i woul like that this same table was also freezed.
I know that a lua script may perform this task, unfortunelly lua script is pre-processed, so when it's actived CE have still NOT upgrade the just now registered symbol "myforce"(in my case it take abot 7 secs,), so lua exit with an error.
Is there a way, please?
Here is the lua pseudo code that use the symbol "myforce" just registered in the prievious AA script:
| Code: |
{$LUA}
AL = getAddressList()
boxtofreeze = AL.getMemoryRecordByDescription("table that use myforce")-- table name
memoryrecord_unfreeze(boxtofreeze)
vartofreeze = getAddress("[myforce]")--here Lua does fail coz the CE still have not upgraded the symbol
writeInteger(vartofreeze,9999)
memoryrecord_freeze(boxtofreeze)
|
In other word I would like that while enabling a single table with AA script the other table is auto filled with "9999" and auto-freezed.
Again a pratical example may be the best for me to understand.
|
|
| Back to top |
|
|
Zanzer
I post too much
![]() Reputation: 126
Joined: 09 Jun 2013
Posts: 3278
|
| Posted: Fri Dec 18, 2015 4:24 pm Post subject: |
|
|
There a reason you want to save the address someplace instead of simply doing:
| Code: | [ENABLE]
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
newmem:
mov edi,#9999 // set and freeze the value at 9999
originalcode:
mov [ecx+000001A2],edi
exit:
jmp returnhere
"XWINGALLIANCE.EXE"+907D8:
jmp newmem
nop
returnhere:
[DISABLE]
dealloc(newmem)
"XWINGALLIANCE.EXE"+907D8:
mov [ecx+000001A2],edi
//Alt: db 89 B9 A2 01 00 00 |
|
|
| Back to top |
|
|
danrevella
Master Cheater
Reputation: 2
Joined: 11 Jun 2008
Posts: 291
|
| Posted: Fri Dec 18, 2015 4:35 pm Post subject: |
|
|
| Zanzer wrote: | There a reason you want to save the address someplace instead of simply doing:
|
I understand that in this situation it does work in this fashion, but I would like to learn if it is possible also the alternative method I proposed.
In similiar but not equal situation may be useful for me.
I'm sure in the past I have seen here in this forum exactelly an example of this, but I have search for it with no success.
Also may be for estetichal reason, f.e. I would like to assign a different colour at the table, and also I may f.e. utilize this tecnique for setting and freezing not only the just found parameter, but also other who are so close on it, so I may simply decide that I woul like a parameter on or off to test my different skill on the game, etc....
And also to learn more about Lua.
many thanks!!
|
|
| Back to top |
|
|
Zanzer
I post too much
![]() Reputation: 126
Joined: 09 Jun 2013
Posts: 3278
|
| Posted: Fri Dec 18, 2015 4:53 pm Post subject: |
|
|
Well, you can wrap the entire AA script inside the following Lua function:
| Code: | autoAssemble([[
// script here
]]) |
And then add your other Lua after that so it executes AFTER your AA script is injected.
|
|
| Back to top |
|
|
danrevella
Master Cheater
Reputation: 2
Joined: 11 Jun 2008
Posts: 291
|
| Posted: Fri Dec 18, 2015 5:46 pm Post subject: |
|
|
I have try:
ctl-alt-L to opent the lua table, then:
autoAssemble([[
now copying my entire AA script with also ENABLE /DISABLE SECTION
]])
Now also adding my LUA script
unpause my game
Now press execute 1 time........
nothingh appears
so I press execute another time
the value in the table is now right setted, but the box is not freezed...
so I press execute another time
now box is freezed but the value is no longer 9999........
Even worse, I may not use this inside a regular table, even if I prefix all with
{$LUA}
I get:
Not all code is injectable.
(Lua error in the script at line 1:[string "local syntax check=....
..]:37:unfinished long string (starting at line 2) near <eof>)
Are you sure you wan't to edit it to this?
|
|
| Back to top |
|
|
Zanzer
I post too much
![]() Reputation: 126
Joined: 09 Jun 2013
Posts: 3278
|
| Posted: Fri Dec 18, 2015 6:19 pm Post subject: |
|
|
| Code: | {$lua}
if syntaxcheck then return end
[ENABLE]
autoAssemble([[
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
label(myforce) // setup a label for your address
newmem:
mov [myforce],ecx // store the address inside ECX
originalcode:
mov [ecx+000001A2],edi
exit:
jmp returnhere
myforce: // place this outside of the execution path (notice the JMP above)
dd 0 // reserve 4-bytes / dword / dd
"XWINGALLIANCE.EXE"+907D8:
jmp newmem
nop
returnhere:
registersymbol(myforce) // register the symbol so you can use it within the table
]])
AL = getAddressList()
boxtofreeze = AL.getMemoryRecordByDescription("table that use myforce")
memoryrecord_unfreeze(boxtofreeze)
vartofreeze = readPointer("myforce")
writeInteger(vartofreeze,9999)
memoryrecord_freeze(boxtofreeze)
{$asm}
[DISABLE]
dealloc(newmem)
"XWINGALLIANCE.EXE"+907D8:
mov [ecx+000001A2],edi
//Alt: db 89 B9 A2 01 00 00 |
|
|
| Back to top |
|
|
panraven
Grandmaster Cheater
![]() Reputation: 61
Joined: 01 Oct 2008
Posts: 958
|
| Posted: Fri Dec 18, 2015 6:51 pm Post subject: |
|
|
| Zanzer wrote: | | Code: | {$lua}
if syntaxcheck then return end
[ENABLE]
autoAssemble([[
alloc(newmem,2048)
...
{$asm}
[DISABLE]
dealloc(newmem)
"XWINGALLIANCE.EXE"+907D8:
mov [ecx+000001A2],edi
//Alt: db 89 B9 A2 01 00 00 |
|
Currently, the AA dealloc cannot release memory allocated by Lua autoAssemble with AA alloc executed inside.
The alloc dealloc AA command pair is associated within the Memory Record they executed.
From Lua autoAssemble, without a host Memory Record, the association cannot be obtained from Lua.
There may be a Lua command deAlloc in 6.5 to fill this functionality.
bye~
ADDED:
Here a *.ct contain a table file luaret.lua.
It define a custom AA command LuaRet (or alternative the symbol _ ) similar to LuaCall, but LuaRet as a legit AA Command, it will execute in order with other AA command.
LuaRet expect its input as a Lua expression. If it return a string, this string will be transformed to AA Script text, for example, if it return 'Define(asymbol, 123)', it will be same as the AA script having the text appear at that line. If it is not a string, then we just want the side effect of the execution of the Lua expression.
But still , the AA script will not start allocate memory and write memory until all script text parse successfully. That means LuaRet cannot receive information about symbol yet to be generated.
So here we define a DelayCB (read Delayed CallBack) object.
We use LuaRet to call DelayCB:add to register Lua action, then in last line of AA script we use DelayCB:fire to execute all the registered Lua actions, with a time delay.
The *.ct has a demo how it work.
Hope it be helpful~
bye~
ADDED:
In AA Script, the symbol { and } start and end a comment.
The comment will be replace as 'no thing' (or think as zero length spaces).
So the LuaRet's expression cannot contain these 2 characters.
Use <: to replace {, and :> to replace } plz.
eg.
| Code: | | LuaRet(writeBytes(0x400000,<:1,2,3,4:>)) // to means writeBytes(0x400000,{1,2,3,4}) |
| Description: |
| LuaRet AA script extension |
|
Download |
| Filename: |
0.LuaRet.V1.CT |
| Filesize: |
5.6 KB |
| Downloaded: |
834 Time(s) |
_________________
- Retarded. |
|
| Back to top |
|
|
danrevella
Master Cheater
Reputation: 2
Joined: 11 Jun 2008
Posts: 291
|
| Posted: Sat Dec 19, 2015 7:49 am Post subject: |
|
|
@panraven
I really thank you for you effort, BTW for me is unpossible understand what you mean, I have saved all, and maybe in future when I'll be more good with LUA I'll try to understand your code.
At the moment is not a problem that dealloc() not work correctelly, coz i don't need to switch off the scrip after activation
@zanzer&panraven
My problem is not so complicate (in theory).
I have found that my AA script is able in retrieving the beginning of a data structure ("myforce" is where begin), so I have setted a certain number of CE tables that simple point to "myforce". f.e.
shield up = [myforce]+2
shield down = [myforce]+4
power laser up = [myforce]+8
power laser down = [myforce]+0a
etc........
All I want is that when my AA script being activate, and the game land on it ----> "myforce" assume the right value, so now:
I would like that in automatich these tables:
shield up = [myforce]+2 ------------- --->auto set to: 9999
shield down = [myforce]+4 -------------->auto set to: 9999
power laser up = [myforce]+8----------->auto set to: 45
power laser down = [myforce]+0a------>auto set to: 45
Then ALL these table have to be freezed
Seems to be a simple task, but in fact the realizazion is very problematich
Ok, I may pause the game, Alt-tabbing to CE, manual setting value for all tables, and then freeze all table, Alt-tabbing to the game, Un-pause the game.
It is not a great task to execute, but is possible that all this work may not be automatized?
For sure was me that have not supplied all the right info about my purpose, I hope that now is clear.
BTW (even not considering the dealloc() problem) at the moment I was not able in founding a working solution.
So I have for the moment abbandoned my game for switch to a very little prog (test.exe who was a counterpart of Cetutorial.exe for the Tsearch old utility I used before the CE days), so I may have all windows under control and no need to Alt-tabbing, but it does not work.
If possible I may upload this little prog with my tables for a pratical use.
Thanks to all for the help.
|
|
| Back to top |
|
|
Zanzer
I post too much
![]() Reputation: 126
Joined: 09 Jun 2013
Posts: 3278
|
| Posted: Sat Dec 19, 2015 9:44 am Post subject: |
|
|
So your problem is that the pointer "myforce" is not updated with your address until you do something in game.
So immediately upon executing the AA, CE has no clue what address will populate into "myforce".
Execute this script at the same time as the assembly.
| Code: | t=createTimer(nil, false)
t.Interval=1000
t.OnTimer=function(t)
if readInteger("myforce") ~= 0 then
t.Enabled = false
--execute the rest of your lua here
end
end
t.Enabled=true |
This sets up a timer that will check if "myforce" has been populated.
Once it has, it will execute the code you place inside to set/freeze whatever you like.
|
|
| Back to top |
|
|
danrevella
Master Cheater
Reputation: 2
Joined: 11 Jun 2008
Posts: 291
|
| Posted: Sat Dec 19, 2015 11:10 am Post subject: |
|
|
I does not work at 100%......
- run CE
- ctrl-alt-L and load the lua script
- run test.exe
- active my aa script
- click Execute script on LUA table
- do what I need in the game so my AA script is called (I have to press a button)
-Lua engine show to me: "Now execute"
- the table get upgrade value -------->98 OK!!
- table is NOT freezed
so AGAIN click Execute script on LUA table
this time table IS freezed
But if I was in the game I had to alt-tabbing to ce and manual freeze the table...
so:
my AA table/script:
| Code: |
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
label(_myforce) // setup a label for your address
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
push ecx
mov ecx,test.exe+1D090
mov [_myforce],ecx // store the address inside ECX
pop ecx
originalcode:
mov [test.exe+1D090],eax
exit:
jmp returnhere
_myforce: // place this outside of the execution path (notice the JMP above)
dd 0 // reserve 4-bytes / dword / dd
"test.exe"+1384:
jmp newmem
returnhere:
registersymbol(_myforce) // register the symbol so you can use it within the table
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
unregistersymbol(_myforce)
dealloc(newmem)
"test.exe"+1384:
mov [test.exe+1D090],eax
//Alt: db A3 90 D0 41 00
|
my LUA script I load with ctrl-alt-L
| Code: |
if syntaxcheck then return end
t=createTimer(nil, false)
t.Interval=1000
t.OnTimer=function(t)
if readInteger("_myforce") ~= 0 then
t.Enabled = false
--execute the rest of your lua here
print ("Now execute") --This is shoved also first time
AL = getAddressList()
boxtofreeze = AL.getMemoryRecordByDescription("[_myforce] tra parentesi")--nome tabella
memoryrecord_unfreeze(boxtofreeze)
vartofreeze = getAddress("[_myforce]")
writeInteger(vartofreeze,98)
memoryrecord_freeze(boxtofreeze)-- this is executed Only the second time i click on Execute scrip on Lua table
end
end
t.Enabled=true
|
Please note that minor change applied coz I switch from the game to the test.exe program, f.e. "_myforce" and no longer "myforce", now freeze value to 98, no longer to 9999
My offer to upload test.exe is always valid...., BTW the program test is part of Magic Trainer Creator 1.27 available here:
http://g1.gamecopyworld.eu/?y=8845b57c&x=Via2gfUJtXbZV2aQDkEx5JAKUZ2jsrByanJHQsvrJ70rdsnU2SVqt0GmvfBBcr3LvjWjoack2kOP3GgGvsCSivLrbJyBwNxwf3f7yCxlzrbTNmFpeGh8aSsWHhHAkSXR
You need only the file "programme test.exe" inside the zip (151552 bytes)
|
|
| Back to top |
|
|
panraven
Grandmaster Cheater
![]() Reputation: 61
Joined: 01 Oct 2008
Posts: 958
|
| Posted: Sat Dec 19, 2015 12:10 pm Post subject: |
|
|
This rely on memory record setup.
Hopefully it work with just copy & paste the demo rec-base into your table.
Please check if it work?
| Code: | {$lua}
-- paste into your script
local bDebug = true
function setAndFreeze(OnOff,delay,mrs)
if type(delay)~='number' then
delay,mrs = 1,delay
end
delay = type(delay)=='number' and delay or 1
if type(mrs)=='string' then
local list
list,mrs = mrs,{}
list:gsub('[%w ]+',function(w)mrs[1+#mrs]=w end)
end
if type(mrs)~='table' or #mrs==0 or #mrs % 2 ~= 0 then
error('memory record list not valid')
end
local act = function()
local al = getAddressList()
for i=1,#mrs,2 do
local mr = al.getMemoryRecordByDescription(mrs[i])
if mr~=nil then
if OnOff == true then -- active and freeze
mr.Value = mrs[i+1]
mr.Active = true
else
mr.Active = false
end
else
if bDebug then
print('Check Memory Record with Description: '..mrs[i])
end
end
end
end
if OnOff == true then
local t = createTimer()
t.Interval = delay
t.OnTimer = function(sender)
sender.Destroy()
act()
end
else
act()
end
end
{$asm}
[ENABLE]
// demo setup to get myforce, replace yours
aobscan(aobmyforce,08 12 = = = = 33 44 ?? 99)
alloc(myforce,8)
myforce:
readmem(aobmyforce+2,4)
dd 0
registersymbol(myforce)
// delay = 2000ms here, no meaning on OFF mode, it can be omit to use defauult 1 milliseconds
// add this line in your script ,
LuaCall(setAndFreeze(true,2000, "shield up=9999;shield down=9999;laser up=45;laser down=45"))
[DISABLE]
// add this line in your script
LuaCall(setAndFreeze(false,"shield up=9999;shield down=9999;laser up=45;laser down=45"))
[myforce]:
//dq -1,-1
dealloc(myforce)
unregistersymbol(myforce) |
oops, the symbol is _myforce not myforce.
oops2, probably misunderstood thing again, haha, sry~
| Description: |
|
Download |
| Filename: |
test_myforce.CT |
| Filesize: |
4.18 KB |
| Downloaded: |
939 Time(s) |
_________________
- Retarded. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
