Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Instant actions after enabling/disabling script

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
Punz1A4
Cheater
Reputation: 0

Joined: 10 Jun 2016
Posts: 25

PostPosted: Fri Jun 10, 2016 6:20 pm    Post subject: Instant actions after enabling/disabling script Reply with quote

So I was writing this simple script that moves a value into desired location. Although it works, it requires some additional actions (to disable the effects of script I have to use certain ability twice again) in game to do what I wanted to achieve.

My question is whether it is possible or not to:

a) move certain value (float 1 in this case) to an address ( [ecx+14] in this case) in the disable section (which would spare me some extra work I have to do in the game after disabling the script)

b) forcing the script to execute the code as soon as it's enabled (not when the process gets to the opcode's location after something in the game happens that requires this opcode to be used)

(Preferably in assembly cause as close as I ever got to lua was c++... which is still kinda far away in some cases)

Oh and here's the original script I wrote that as I said requires some additional actions in the game in order to work:

Code:
[ENABLE]
aobscanmodule(time_stop,Dishonored.exe,F3 0F 11 41 14 D9)
alloc(newmem,$1000)

label(code)
label(return)

newmem:

code:
  mov [ecx+14],(float)0.0  //stops the time
  jmp return

time_stop:
  jmp code
return:
registersymbol(time_stop)

[DISABLE]
time_stop:
  db F3 0F 11 41 14

unregistersymbol(time_stop)
dealloc(newmem)


If it makes any difference moving 0 to an address in [ecx+14] stops the time in the game while character can move and moving 1 makes everyting back to normal.
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 152

Joined: 06 Jul 2014
Posts: 4706

PostPosted: Fri Jun 10, 2016 7:12 pm    Post subject: Reply with quote

The register ecx is constantly changing as the game is running. Before the game gets to this instruction, it must assign the correct value to ecx usually via a hierarchy of pointers to structures with offsets. Moving some value randomly into [ecx+14] won't do what you want it to unless you move the right value into ecx first. So, either wait for the game do that for you, or do it yourself via a static pointer or registered symbol.

For example, to directly answer your first question:
Code:
[ENABLE]
aobscanmodule(time_stop,Dishonored.exe,F3 0F 11 41 14 D9)
alloc(newmem,1024)

label(code)
label(return)
label(timeaddr)

registersymbol(timeaddr)
registersymbol(time_stop)

newmem:
code:
  mov [timeaddr],ecx
  mov [ecx+14],(float)0.0  //stops the time
  jmp return
timeaddr:
  dd 0

time_stop:
  jmp code
return:

[DISABLE]
time_stop:
  db F3 0F 11 41 14

{$lua}
writeFloat("[timeaddr]+14",1)
{$asm}

unregistersymbol(timeaddr)
unregistersymbol(time_stop)
dealloc(newmem)


As for your second question, you can call whatever subroutine that code is in to run. Just make sure you call it with the same parameters that the game does. The stack and some registers will probably have to be set to a specific value in order for the game to not crash (let alone do what it's suppose to). Use createthread in order to create a thread that will execute the call.

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
Punz1A4
Cheater
Reputation: 0

Joined: 10 Jun 2016
Posts: 25

PostPosted: Sat Jun 11, 2016 2:13 pm    Post subject: Reply with quote

Okay so first off huge thanks ParkourPenguin for help Very Happy
I managed to modify the example you have given to save the appropriate address at [ecx+14] after using ability one time in game.
Code:
  push eax
  lea eax,[ecx+14]
  mov [time_address],eax
  pop eax

As long as script is active, which makes time_address hold the address of ecx+14, I can toogle on and off the second script as many times as I want stopping and resuming time in the game with a hotkey Smile
Code:
[ENABLE]
globalalloc(_freeze,2048)
createthread(_freeze)

_freeze:
push eax
mov eax,[time_address]
mov [eax],(float)0           //stops time
pop eax

ret

[DISABLE]
{$lua}
writeFloat("[time_address]",1)


So basically everything works as I wanted it to, though since I'm still pretty new to that stuff could somebody explain that part a little more?

Quote:
As for your second question, you can call whatever subroutine that code is in to run.

Subroutine meaning a part of the code in memory viewer consisting of few lines of opcodes? I looked around the opcode I was modifying in scripts above and there was indeed a chunk of code in memory viewer separated by a lot of "int 3" opcodes from both sides. Would I have to include all of that code between "int 3" stuff in order to force script to execute as soon as it's enabled? Asking cause it was about 100 lines of code... which is kinda a lot (if I attached it properly there should be a screenshot of the end of that chunk in memory viewer).

Also
Quote:
Just make sure you call it with the same parameters that the game does. The stack and some registers will probably have to be set to a specific value in order for the game to not crash (let alone do what it's suppose to).

Those parameters are found via breakpoint right? But if so then at which point? The one where the line of code I wanted to edit is placed or the beginning of subroutine? Lastly how can you set stack values?

Sorry for the lengthy post but it's a bit confusing for a newbie. Confused



memory_viewer_screenshot.JPG
 Description:
 Filesize:  168.69 KB
 Viewed:  2422 Time(s)

memory_viewer_screenshot.JPG


Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 152

Joined: 06 Jul 2014
Posts: 4706

PostPosted: Sat Jun 11, 2016 2:47 pm    Post subject: Reply with quote

A subroutine is generally synonymous with a function or a method in higher-level programming languages. It's more or less a sequence of instructions you call to run. It starts at a specific point and can end at any "ret" instruction inside of it. You don't need to copy and paste the entire thing; just figure out the address of the start of the subroutine and call that. For example, if it starts at the address Dishonored.GetStackOwnerClass+D3B80, then your code (if there was no parameters or other setup) would generally look something like this:
Code:
alloc(derp,1024)
createthread(derp)

derp:
  call Dishonored.GetStackOwnerClass+D3B80
  ret

However, as I said previously, you'll have to pass the same arguments to the subroutine that the game does. It looks like there's 6 of them from that ret instruction (stdcall, 24 bytes / 4 bytes = 6 arguments). Some registers might also need to be set properly beforehand depending on what the subroutine is doing (i.e. if it accesses a register w/o first assigning a value to it). You can step past the ret to see what instruction called the subroutine to run and see where the game gets the arguments from.

Since you stated you're a newbie, it would probably be best if you just put this on hold. Learn more about assembly (i.e. what the stack is) and come back to this later if you want.


Also, you can simplify that second script to this:
Code:
{$lua}
[ENABLE]
writeFloat("[time_address]",0)

[DISABLE]
writeFloat("[time_address]",1)
The [ENABLE] and [DISABLE] tags will be recognized even when after a {$lua} tag.
_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites