 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
salumor
Advanced Cheater
![]() Reputation: 0
Joined: 14 Jan 2019
Posts: 87
|
 Posted: Mon Jan 14, 2019 6:24 pm Post subject: AutoAssamble script on deactivation / lua script ok? |
 |
|
Hey, so I have the following partial code (which was already a bit to find out how to get it done). The ENABLE parts works, the questions I have is with the complete DISABLE section and the reset to def. value.
The method hooks up, when you're act. jumping. And if you deact. the script without jumping once, the curr. commented part at DISABLED section (except FA; with the lua part commented out) would halt (meaning the script stays active, can't be reactivated. Though the readmem part below to reset origcode seems to be executed.). I mean it's clear that it would try to write to Addr 0x24, which is prob. not allowed (and not intended).
Now, the lua script does seem to do that just fine. I was just wondering:
- Is there even any possibility to do it without lua? Since there is no code execution, as I'd need to cmp the pointer.
- I am new to lua, is the script as it is okay, or are there any failsafe options I should use?
- I was wondering (tough not needed) why I could not write "fullAccess('[pPlayerScript]+24',4)" - it would work with writeFloat.
| Code: | [ENABLE].... allocs & Co ...
alloc(retPlayerScript,9)
registersymbol(retPlayerScript)
pPlayerScript:
dd 0
fPlayerJumpHeight:
dd (float)40
retPlayerScript:
readmem(aobHighJump,9)
newmem:
mov [pPlayerScript],edi
movss xmm1,[fPlayerJumpHeight]
movss [edi+24],xmm1
pxor xmm1, xmm1
code:...
aobHighJump:...
[DISABLE]
//[pPlayerScript]+24:
// dd (float)20
{$lua}
local addr = readPointer("pPlayerScript")
if addr ~= 0 then
writeFloat(addr+0x24,20)
end
{$asm}
// fullAccess(addr+0x24,4) //not needed
// writeFloat('[pPlayerScript]+24',20) //would work
aobHighJump:
readmem(retPlayerScript,9)
|
Last edited by salumor on Tue Jan 15, 2019 4:34 am; edited 1 time in total |
|
| Back to top |
|
 |
ParkourPenguin
I post too much
 Reputation: 140
Joined: 06 Jul 2014
Posts: 4291
|
| Posted: Mon Jan 14, 2019 10:48 pm Post subject: |
|
|
| salumor wrote: | | Is there even any possibility to do it without lua? Since there is no code execution, as I'd need to cmp the pointer. |
You could point it at a dummy address by default, but that might cause other problems:
| Code: | [ENABLE]
...
pPlayerScript:
dd newmem+400
... |
It doesn't matter if the script writes a value to newmem- it gets deallocated all the same.
| salumor wrote: | | I am new to lua, is the script as it is okay, or are there any failsafe options I should use? |
You might not want {$lua} blocks to run during syntax checks. CE defines a variable to detect this:
| Code: | ...
{$lua}
if syntaxcheck then return end
... |
I'm a bit confused why you're not getting an "attempt to perform arithmetic on a nil value" error when the syntaxcheck executes that code since the symbol pPlayerScript shouldn't be defined.
You could account for that too:
| Code: | | if addr and addr ~= 0 then |
but perhaps that's fastidious.
You could replace all that Lua code with this and it'll work just fine:
| Code: | | writeFloat('[pPlayerScript]+24',20) |
writeFloat will return true on success and false/nil/nothing on error. It won't propagate any Lua errors by itself AFAIK, so it's easy to rely solely on CE's checks.
| salumor wrote: | | I was wondering (tough not needed) why I could not write "fullAccess('[pPlayerScript]+24',4)" - it would work with writeFloat. |
That syntax works fine for me.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
salumor
Advanced Cheater
![]() Reputation: 0
Joined: 14 Jan 2019
Posts: 87
|
| Posted: Tue Jan 15, 2019 5:11 am Post subject: |
|
|
| ParkourPenguin wrote: | You could point it at a dummy address by default, but that might cause other problems:
It doesn't matter if the script writes a value to newmem- it gets deallocated all the same. |
Yeah, I was on to write some cmp + @@ jmps at newmem+**. But since it will never be executed, but deallocated ....
| ParkourPenguin wrote: | You might not want {$lua} blocks to run during syntax checks. CE defines a variable to detect this: | Code: | | if syntaxcheck then return end |
I'm a bit confused why you're not getting an "attempt to perform arithmetic on a nil value" error when the syntaxcheck executes that code since the symbol pPlayerScript shouldn't be defined.
You could account for that too:
| Code: | | if addr and addr ~= 0 then |
but perhaps that's fastidious. |
Also tried (alone) | Code: | | luacall(writeFloat('[pPlayerScript]+24',20)) |
which would work fine too. Then I found out: I do registersymbol(pPlayerScript) (but never unreg.). So if I do run the script at least once (which already works), also AA edit wont complain. If I do delete the userdefined symbol and try to save the AA, I do get above error. May syntaxcheck should check, if I do define a symbol in the script? Or is that intended for some reason?
| ParkourPenguin wrote: | You could replace all that Lua code with this and it'll work just fine:
| Code: | | writeFloat('[pPlayerScript]+24',20) |
writeFloat will return true on success and false/nil/nothing on error. It won't propagate any Lua errors by itself AFAIK, so it's easy to rely solely on CE's checks. |
Okay, but it's only failsafe as long as I am not allowed to write to 0x24, right? Will that always be the case with any game at any reasonable offset like +480? Since the script does provide "correct syntax/works" (see above) is it better to have it, or can I savely ignore it?
| ParkourPenguin wrote: | | salumor wrote: | | I was wondering (tough not needed) why I could not write "fullAccess('[pPlayerScript]+24',4)" - it would work with writeFloat. |
That syntax works fine for me. |
Strange, now it does work. Before (when the lua script did yet not work), I even tried adding fullAccess([pPlayerScript]+24,4) already at the [ENABLE] part and so on, many different versions to write it (as i've found on the net), none would work. Did also restart game/CE. But may I had to restart pc? Or call it the gizmos.
EDIT: Funny backstory on writeFloat - I act. did have | Code: | | writeFloat([pPlayerScript+24],20) |
, reusing as I found it on the net and working for a script to another game. Though syntax correct, the value was not reset (smart eyes do know why, mine seem to be not, so ...), I then browsed the web as why, found fullAccess (didn't work as written above), then found some similar but different lua solution, after more searching, I got it running. I just couldn't find answers to above questions, hence I'm here. Just to get the tip "use writeFloat in AA". Well, yeah, if you do set the offsets at right places ... ^^ I guess I learned a bit lua on the way so, that's something.
EDIT: I hope you don't feel guilt pointing it out. If was no offense, nothing inbetween lines like ... childish hope you'd be some greek myth, able to not violate my privacy, but magically know what i'd need to know before I do and am able to even ask a question normal humans won't know about.
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 140
Joined: 06 Jul 2014
Posts: 4291
|
| Posted: Tue Jan 15, 2019 6:45 pm Post subject: |
|
|
| salumor wrote: | | May syntaxcheck should check, if I do define a symbol in the script? Or is that intended for some reason? |
I can't think of any easy way to do that correctly.
| salumor wrote: | | Okay, but it's only failsafe as long as I am not allowed to write to 0x24, right? |
No; it's safe even if the address isn't valid. You can test this:
| Code: | | writeFloat(0,20) -- doesn't emit any error |
| salumor wrote: | Funny backstory on writeFloat - I act. did have | Code: | | writeFloat([pPlayerScript+24],20) |
, reusing as I found it on the net and working for a script to another game. Though syntax correct, the value was not reset (smart eyes do know why, mine seem to be not, so ...), I then browsed the web as why, found fullAccess (didn't work as written above), then found some similar but different lua solution, after more searching, I got it running. |
That syntax isn't correct. Lua shouldn't even be able to run that code since it's not a string.
If you want to do address calculation yourself, you can just pass it as an integer. Otherwise, pass it as a string and CE will calculate the address for you. Symbols will be dereferenced, addresses in square brackets will be replaced with their values as if by readPointer, and certain basic arithmetic operations can be done.
Your problem is that you're not enclosing that first parameter in quotes (i.e. not a string) and you're adding the offset at the wrong time. The code injection is storing the address of the player's structure in pPlayerScript, so you should be reading the value at the address pPlayerScript- not pPlayerScript+0x24.
fullAccess has nothing to do with this since the memory region should already be writable.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
salumor
Advanced Cheater
![]() Reputation: 0
Joined: 14 Jan 2019
Posts: 87
|
| Posted: Wed Jan 16, 2019 10:57 am Post subject: |
|
|
| ParkourPenguin wrote: |
| salumor wrote: | | Okay, but it's only failsafe as long as I am not allowed to write to 0x24, right? Will that always be the case with any game at any reasonable offset like +480? Since the script does provide "correct syntax/works" (see above) is it better to have it, or can I savely ignore it? |
No; it's safe even if the address isn't valid. You can test this:
| Code: | | writeFloat(0,20) -- doesn't emit any error |
|
I guess there was some missunderstanding. The question was about if it's okay to let it (try) to write to the address 0x24 or whatever offset I elswhere might have. (So not if the writeFloat command will never fail, but if it's save to (try to) write to the Offset alone). Thus if it's better to check, if the pointer has an address set and never try to write somewhere I may not want to, or I can savely ignore as it will never be able to write to such low addresses. On that game, it starts with ?? till FFFF. First lines of code at 10.000. On another game it did start with 400.000.
In other words: will the first 65535 Bytes never be writeable by default?
Here at 0x200? " stackoverflow com/questions/15787729/chip-8-game-has-an-odd-number-of-bytes " tough testing " github com/massung/CHIP-8/releases " i don't see it jumping " www directupload net/file/d/5334/vsc8pt43_jpg htm "
| ParkourPenguin wrote: | | salumor wrote: | | Code: | | writeFloat([pPlayerScript+24],20) |
|
That syntax isn't correct. Lua shouldn't even be able to run that code since it's not a string.
...
fullAccess has nothing to do with this since the memory region should already be writable. |
Yeah sry, that was a typo, had ' ' back then.
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 140
Joined: 06 Jul 2014
Posts: 4291
|
| Posted: Wed Jan 16, 2019 5:27 pm Post subject: |
|
|
| salumor wrote: | | The question was about if it's okay to let it (try) to write to the address 0x24 or whatever offset I elswhere might have. (So not if the writeFloat command will never fail, but if it's save to (try to) write to the Offset alone). |
Let me be more explicit:
Yes, "it's ok to let it (try) to write to the address 0x24 or whatever offset you elswhere [sic] might have."
Yes, "it is safe to (try to) write to the Offset alone."
This code is perfectly safe and will not cause any errors:
| Code: | | writeFloat(0 + 0x24, 20) |
And as I've said before:
| ParkourPenguin wrote: | You could replace all that Lua code with this and it'll work just fine:
| Code: | | writeFloat('[pPlayerScript]+24',20) |
|
| salumor wrote: | | In other words: will the first 65535 Bytes never be writeable by default? |
In Windows, the first page in a virtual address space will always be free. Since 0x24 < 0x1000 and pPlayerScript will be either 0 or a valid address, there will never be a circumstance where that call to writeFloat could overwrite memory it wasn't suppose to.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
panraven
Grandmaster Cheater
![]() Reputation: 55
Joined: 01 Oct 2008
Posts: 942
|
| Posted: Wed Jan 16, 2019 10:00 pm Post subject: |
|
|
May try use Lua to test condition, then output string as AA script, something like conditional compilation.
| Code: |
{$lua}
local addr = readPointer("pPlayerScript")
--- addr will be nil not 0 if above read fail
addr = addr and addr+0x24
--- addition only when addr not nil (readable address)
if addr and readInteger(addr) then
--- use readInteger to test readability of final addr
--- again, it return nil if the read fail
--- output the intended AA script
return string.format([[
fullAccess(%X,4)
%X: // AA style comment ok
dd (float)20
]], addr, addr)
else
error("not exec aa")
-- prevent the script executed in case condition not valid,
-- you may replace error with showMessage to see the error message popup
-- or replace with another AA script if need
end
{$asm}
|
not include lua syntaxcheck test to check syntax of the output AA script.
_________________
- Retarded. |
|
| Back to top |
|
|
salumor
Advanced Cheater
![]() Reputation: 0
Joined: 14 Jan 2019
Posts: 87
|
| Posted: Thu Jan 17, 2019 3:57 pm Post subject: |
|
|
| ParkourPenguin wrote: | You could replace all that Lua code with this and it'll work just fine:
...
In Windows, the first page in a virtual address space will always be free. Since 0x24 < 0x1000 and pPlayerScript will be either 0 or a valid address, there will never be a circumstance where that call to writeFloat could overwrite memory it wasn't suppose to. |
Many thanks for all that answers   That first part has not been clear before on a general purpose, but the sencond one is!
@panraven Thx. Well I guess there is no point for additional code, since I have to use lua anyway. Okay may if i'd ever not want lua's first execution. So for this example not needed but might come in handy sometime. 
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
