| View previous topic :: View next topic |
| Author |
Message |
OldCheatEngineUser
Whateven rank
 Reputation: 20
Joined: 01 Feb 2016
Posts: 1586
|
 Posted: Mon Jan 29, 2018 10:57 pm Post subject: programming with cheat engine |
  |
|
| Code: | {
Author: OldCheatEngineUser
Website: forum.cheatengine.org
About: just inject it in a 32-bit process and enjoy!
}
define(ok,06)
[enable]
alloc(asm,$100)
registersymbol(asm)
createthread(asm)
asm:
push 30
call User32.MessageBeep
push 4
push "mTitle"
push "mMsg"
push 0
call User32.MessageBoxA
cmp al,"ok"
jnz "nMain"
yMain:
push 40
call User32.MessageBeep
push 0
push "yTitle"
push "yMsg"
push 0
call User32.MessageBoxA
ret
nMain:
push 10
call User32.MessageBeep
push 0
push "nTitle"
push "nMsg"
push 0
call User32.MessageBoxA
ret
mTitle:
db 'CheatEngine Says . . .', 0
mMsg:
db 'Hey!' 0D0A 'You Are Enjoying Right?' 0D0A 'I Mean Using The AutoAssembler', 0
yTitle:
db 'Oh Sweet!', 0
yMsg:
db 'Play Around With Me!', 0
nTitle:
db 77 74 66 3F 00
nMsg:
db 46 75 63 6B 20 4F 66 66 21 00
[disable]
unregistersymbol(asm)
dealloc(asm)
|
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
Last edited by OldCheatEngineUser on Tue Jan 30, 2018 9:43 pm; edited 1 time in total |
|
| Back to top |
|
 |
Corroder
Grandmaster Cheater Supreme
 Reputation: 75
Joined: 10 Apr 2015
Posts: 1668
|
| Posted: Tue Jan 30, 2018 2:52 am Post subject: |
|
|
How about 64 bit app ?
_________________
Stealing Code From Stolen Code...
And Admit It.. Hmmm....Typically LOL |
|
| Back to top |
|
|
FreeER
Grandmaster Cheater Supreme
![]() Reputation: 53
Joined: 09 Aug 2013
Posts: 1091
|
| Posted: Tue Jan 30, 2018 9:19 am Post subject: |
|
|
Yeah, that's one problem with assembly. You have to write it twice for x86 and x64. Hence the invention of languages where you can compile an x86 dll and an x64 dll from the same source (if it's trivial or you coded it properly)
Though I didn't actually realize you could refer to labels with "s around them lol
anyways, here's an x64 version
| Code: | {
Author: OldCheatEngineUser (modified for x64 by FreeER)
Website: forum.cheatengine.org
About: just inject it in a 64-bit process and enjoy!
}
define(ok,06)
[enable]
alloc(asm,$100)
registersymbol(asm)
createthread(asm)
asm:
mov r9, 4
mov r8, "mTitle"
mov rdx, "mMsg"
mov rcx, 0
// 32 bytes of shadow space, must be 16 byte aligned
mov rbp, rsp
and rsp, -10 // FFFFFFFFFFFFFFF0
sub rsp, 20
call User32.MessageBoxA
mov rsp, rbp
cmp al,"ok"
jnz "nMain"
yMain:
mov r9, 0
mov r8, "yTitle"
mov rdx, "yMsg"
mov rcx, 0
mov rbp, rsp
and rsp, -10
sub rsp, 20
call User32.MessageBoxA
mov rsp, rbp
ret
nMain:
mov r9, 0
mov r8, "nTitle"
mov rdx, "nMsg"
mov rcx, 0
mov rbp, rsp
and rsp, -10
sub rsp, 20
call User32.MessageBoxA
mov rsp, rbp
ret
mTitle:
db 'CheatEngine Says . . .', 0
mMsg:
db 'Hey!' 0D0A 'You Are Enjoying Right?' 0D0A 'I Mean Using The AutoAssembler', 0
yTitle:
db 'Oh Sweet!', 0
yMsg:
db 'Play Around With Me!', 0
nTitle:
db 77 74 66 3F 00
nMsg:
db 46 75 63 6B 20 4F 66 66 21 00
[disable]
unregistersymbol(asm)
dealloc(asm) |
Last edited by FreeER on Tue Jan 30, 2018 9:56 am; edited 1 time in total |
|
| Back to top |
|
|
OldCheatEngineUser
Whateven rank
Reputation: 20
Joined: 01 Feb 2016
Posts: 1586
|
| Posted: Tue Jan 30, 2018 9:55 am Post subject: |
|
|
lol Free, thanks for that.
dQuotes dont mean anything in CE, i just used them them for visual purpose.
you can say:
db "00" "01" "05" "19"
or anything really haha, so yeah visual purpose.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
|
|
| Back to top |
|
|
Corroder
Grandmaster Cheater Supreme
Reputation: 75
Joined: 10 Apr 2015
Posts: 1668
|
| Posted: Tue Jan 30, 2018 7:30 pm Post subject: |
|
|
Thanks FreeER...great job., but
found an error :
line 15 : (move r9, 4) : This instruction can't be compiled
_________________
Stealing Code From Stolen Code...
And Admit It.. Hmmm....Typically LOL |
|
| Back to top |
|
|
FreeER
Grandmaster Cheater Supreme
![]() Reputation: 53
Joined: 09 Aug 2013
Posts: 1091
|
| Posted: Tue Jan 30, 2018 7:45 pm Post subject: |
|
|
| @Corroder Make sure you're attached to a 64 bit process because "mov r9, 4" is certainly a valid instruction (and if you search for "move" you'll find it's not in the script so it's not that typo either lol)
|
|
| Back to top |
|
|
OldCheatEngineUser
Whateven rank
Reputation: 20
Joined: 01 Feb 2016
Posts: 1586
|
| Posted: Tue Jan 30, 2018 9:43 pm Post subject: |
|
|
update:
- added 3 different sounds, each box have one.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
|
|
| Back to top |
|
|
FreeER
Grandmaster Cheater Supreme
![]() Reputation: 53
Joined: 09 Aug 2013
Posts: 1091
|
| Posted: Tue Jan 30, 2018 10:20 pm Post subject: |
|
|
Well now that's kind of begging for something more flexible lmao
note: this will save CE's default activate and deactivate sounds to your "My Cheat Tables" folder, they're the only wavs I felt I could guarantee having access to (and I wanted to demo that actual file paths would work, not just a few system sounds).
Also note that it requires loading a library, at least for the tutorial. Not sure how common winmm might be lol
| Code: | {
Author: OldCheatEngineUser
Website: forum.cheatengine.org
About: just inject it in a 32-bit process and enjoy!
}
luacall(findTableFile('Deactivate').saveToFile('Deactivate.wav'))
luacall(findTableFile('Activate').saveToFile('Activate.wav'))
define(ok,06)
LoadLibrary(Winmm.dll)
[enable]
alloc(asm,$100)
registersymbol(asm)
createthread(asm)
asm:
push 20001 // SND_ASYNC|SND_FILENAME
push 0
push sound1
call PlaySoundA
push 4
push "mTitle"
push "mMsg"
push 0
call User32.MessageBoxA
cmp al,"ok"
jnz "nMain"
yMain:
push 20001 // SND_ASYNC|SND_FILENAME
push 0
push sound2
call PlaySoundA
push 0
push "yTitle"
push "yMsg"
push 0
call User32.MessageBoxA
ret
nMain:
push 10001 // SND_ASYNC|SND_ALIAS
push 0
push sound3
call PlaySoundA
push 0
push "nTitle"
push "nMsg"
push 0
call User32.MessageBoxA
ret
sound1:
db 'Activate.wav',0
sound2:
db 'Deactivate.wav',0
sound3:
db 'SystemExit',0
mTitle:
db 'CheatEngine Says . . .', 0
mMsg:
db 'Hey!' 0D0A 'You Are Enjoying Right?' 0D0A 'I Mean Using The AutoAssembler', 0
yTitle:
db 'Oh Sweet!', 0
yMsg:
db 'Play Around With Me!', 0
nTitle:
db 77 74 66 3F 00
nMsg:
db 46 75 63 6B 20 4F 66 66 21 00
[disable]
unregistersymbol(asm)
dealloc(asm) |
|
|
| Back to top |
|
|
OldCheatEngineUser
Whateven rank
Reputation: 20
Joined: 01 Feb 2016
Posts: 1586
|
| Posted: Tue Jan 30, 2018 10:40 pm Post subject: |
|
|
lol awesome, it loads windows shutdown sound.
i could create custom sounds tho, but it will be waste of time.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
|
|
| Back to top |
|
|
TheyCallMeTim13
Wiki Contributor
 Reputation: 51
Joined: 24 Feb 2017
Posts: 976
Location: Pluto
|
| Posted: Tue Jan 30, 2018 11:18 pm Post subject: |
|
|
Is there any kinda of standard way to hook a processes GUI/Forms library, or would you need to know the libraries api and/or reverse a given library.
_________________
|
|
| Back to top |
|
|
OldCheatEngineUser
Whateven rank
Reputation: 20
Joined: 01 Feb 2016
Posts: 1586
|
| Posted: Tue Jan 30, 2018 11:34 pm Post subject: |
|
|
reversing a library takes lot of time since every function call other functions from other libraries, and at the end of this calling process most of the functions call kernel library and ntdll.
but i believe knowing the libraries and api's is enough tho, you still can create your own libraries and/or use other libraries for gui things.
about creating forms or dialogs in other running processes, as long as that process created an entry point in that specific dll then you can hook their functions.
(this is what i know so far, so maybe someone have more technical details than me)
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
|
|
| Back to top |
|
|
FreeER
Grandmaster Cheater Supreme
![]() Reputation: 53
Joined: 09 Aug 2013
Posts: 1091
|
| Posted: Wed Jan 31, 2018 6:27 am Post subject: |
|
|
(disclaimer: I really haven't messed with gui stuff, it's rarely of any interest to me beyond visually looking for clues as to the values I should scan for)
You'd definitely need to figure out the GUI API/Library used. Most large games don't use one. Well, they do but they roll their own or it comes with the game engine which is probably custom made. Even when they do use something they'll likely customize some of the functions to fit their needs so that can occasionally change things 
But if they happen to use a library where you have access (to at least the documentation), then you should be able to create a dll based on that and inject it into the process (probably have to use function pointers rather than relying on the linker/windows to replace addresses for you on load though), and if you can do it in a dll you could eventually do it in asm if you so desired lol
|
|
| Back to top |
|
|
OldCheatEngineUser
Whateven rank
Reputation: 20
Joined: 01 Feb 2016
Posts: 1586
|
| Posted: Wed Jan 31, 2018 12:28 pm Post subject: |
|
|
FreeER wrote: custom made.
i like custom things
lol
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
|
|
| Back to top |
|
|
kantoboy69
Advanced Cheater
![]() Reputation: 2
Joined: 31 Mar 2010
Posts: 71
Location: Manila
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
