 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
toontoonizer
Newbie cheater
![]() Reputation: 0
Joined: 24 Dec 2018
Posts: 12
|
 Posted: Mon Mar 11, 2019 2:38 pm Post subject: Using GlobalAlloc from another script |
 |
|
Hi all,
I have a lua script which assigns a set of values stored in 'variable' rotMemory. This 'variable' is declared via GlobalAlloc when the script is activate.
Essentially, the script converts normal raw, pitch roll values into a quaternion vector to override an ingame camera quaternion. The quaternion is written at rotMemory+10 (until rotMemory+20)
I have a script that hooks into a code which loads the base address of the active camera into rax:
lea rax,[rcx+00000140]
Currently my code copies that base address and uses it to get the values:
| Code: | [ENABLE]
alloc(newmem,2048,"dirtrally2.exe"+958980)
label(returnhere)
label(originalcode)
label(exit)
label(camerabase)
registersymbol(camerabase)
globalalloc(rotMemory, 0x50)
newmem:
originalcode:
lea rax,[rcx+00000140]
mov [camerabase],rax
exit:
jmp returnhere
camerabase:
dq 0
"dirtrally2.exe"+958980:
jmp newmem
nop
nop
returnhere:
[DISABLE]
dealloc(newmem)
"dirtrally2.exe"+958980:
lea rax,[rcx+00000140]
unregistersymbol(camerabase)
//Alt: db 48 8D 81 40 01 00 00
|
This works fine. I can use camerabase as a pointer to find the values of the camera struct.
The quaternion is stored from rax to rax+10.
Essentially, i just want the quaternion stored in rotMemory+10 to overwrite the quaternion at RAX. I updated the above script with the following code:
mov [rax], rotMemory+10
but it does not update when i update the quaternion values in rotMemory (as noted the quaternion is calculated from pitch, yaw and roll values which are manipulated via hotkeys):
| Code: |
...
globalalloc(rotMemory, 0x50)
newmem:
originalcode:
lea rax,[rcx+00000140]
mov [rax], rotMemory+10
mov [camerabase],rax
...
|
This script activates fine, but any changes to the rotMemory Quaternion dont update the values stored at the address (and offsets) pointed to by rax.
I have no idea why this isnt working - any help would be greatly appreciated
Last edited by toontoonizer on Tue Mar 12, 2019 1:57 am; edited 2 times in total |
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 458
Joined: 09 May 2003
Posts: 25296
Location: The netherlands
|
| Posted: Mon Mar 11, 2019 3:49 pm Post subject: |
|
|
both scripts overwrite what is at "dirtrally2.exe"+958980
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
toontoonizer
Newbie cheater
![]() Reputation: 0
Joined: 24 Dec 2018
Posts: 12
|
| Posted: Mon Mar 11, 2019 3:52 pm Post subject: |
|
|
| Dark Byte wrote: | | both scripts overwrite what is at "dirtrally2.exe"+958980 |
Sorry, I don't quite follow - the code at "dirtrally2.exe"+958980 is lea rax,[rcx+00000140] .
I've left that intact and am just copying over the address that is loaded into rax?
|
|
| Back to top |
|
|
salumor
Advanced Cheater
![]() Reputation: 0
Joined: 14 Jan 2019
Posts: 87
|
| Posted: Mon Mar 11, 2019 8:38 pm Post subject: |
|
|
| Dark Byte wrote: | | both scripts overwrite what is at "dirtrally2.exe"+958980 |
also @toontoonizer Isn't that the same script, just an updated version?
EDIT: Or should they rly do run at the same time? Then can't work as DB said 2x ""dirtrally2.exe"+958980:" (above jmp newmem) you can't override 2x at same address.
@toontoonizer Anyhow. I think the problem resides with definition of rotMemory. You wrote you have a lua script, that stores into a "'variable' rotMemory". But how is that defined? Is it just a local value in the script?
Then the AA Script wont take note of the variable. Side note to fix: there is 2x "globalalloc(rotMemory,0x50)" in 2nd script, avoid 2x allocating the same name too. (And I am unsure if you even do it 1 time too, as it prob. should be defined before!?)
To solve this it depends on when you execute the lua script in comp. to the AA. But generally speaking you need to define a gobal val that lua and AA can access to. I have seen some codes here on that but it rly depends on your setup. Example: here.
EDIT: Btw. on the topics question (imo got nothing to do with the act. question): You can use a value from another script using (in that case - if it is a global value and has been activated before ....):
rotMemory:
// my new code stored at address of rotMemory
|
|
| Back to top |
|
|
toontoonizer
Newbie cheater
![]() Reputation: 0
Joined: 24 Dec 2018
Posts: 12
|
| Posted: Tue Mar 12, 2019 2:03 am Post subject: |
|
|
| salumor wrote: | | Dark Byte wrote: | | both scripts overwrite what is at "dirtrally2.exe"+958980 |
also @toontoonizer Isn't that the same script, just an updated version?
EDIT: Or should they rly do run at the same time? Then can't work as DB said 2x ""dirtrally2.exe"+958980:" (above jmp newmem) you can't override 2x at same address.
@toontoonizer Anyhow. I think the problem resides with definition of rotMemory. You wrote you have a lua script, that stores into a "'variable' rotMemory". But how is that defined? Is it just a local value in the script?
Then the AA Script wont take note of the variable. Side note to fix: there is 2x "globalalloc(rotMemory,0x50)" in 2nd script, avoid 2x allocating the same name too. (And I am unsure if you even do it 1 time too, as it prob. should be defined before!?)
To solve this it depends on when you execute the lua script in comp. to the AA. But generally speaking you need to define a gobal val that lua and AA can access to. I have seen some codes here on that but it rly depends on your setup. Example:
EDIT: Btw. on the topics question (imo got nothing to do with the act. question): You can use a value from another script using (in that case - if it is a global value and has been activated before ....):
rotMemory:
// my new code stored at address of rotMemory |
Ok so i think i wasnt clear in my original post! sorry - there is only one script. I had 2 versions of the same script to show the changes i made to it. I have amended the original post to be a little clearer. the 2x global alloc was my mistake there is only 1x global alloc.
The lua script is active before any other script and at all times to allocate the memory for rotMemory and calculate the values:
If it helps, here is the lua script:
| Code: |
{$lua}
local halfDegToRad = 0.5 * math.pi / 180
prevYaw = 0
prevPitch = 0
prevRoll = 0
function calcQuaternion(rotMemory, yaw, pitch, roll)
--print("calcQuaternion")
pitch = pitch * halfDegToRad
yaw = yaw * halfDegToRad
roll = roll * halfDegToRad
local sinX = math.sin(pitch)
local cosX = math.cos(pitch)
local sinY = math.sin(yaw)
local cosY = math.cos(yaw)
local sinZ = math.sin(roll)
local cosZ = math.cos(roll)
local w = cosY * cosX * cosZ + sinY * sinX * sinZ
local x = cosY * sinX * cosZ + sinY * cosX * sinZ
local y = sinY * cosX * cosZ - cosY * sinX * sinZ
local z = cosY * cosX * sinZ - sinY * sinX * cosZ
writeFloat(rotMemory + 16, x)
writeFloat(rotMemory + 20, y)
writeFloat(rotMemory + 24, z)
writeFloat(rotMemory + 28, w)
end
function timer_tick(timer)
--print("timer_tick")
local rotMemory = getAddressSafe("rotMemory")
if rotMemory == nil then
return
end
local yaw = readFloat(rotMemory)
local pitch = readFloat(rotMemory+4)
local roll = readFloat(rotMemory+8)
if yaw == prevYaw and pitch == prevPitch and roll == prevRoll then
return
end
calcQuaternion(rotMemory, yaw, pitch, roll)
prevYaw = yaw
prevPitch = pitch
prevRoll = roll
end
function init()
--print("init")
if timer == nil then
print("Creating timer")
timer = createTimer(nil, false)
timer.setInterval(10)
timer.OnTimer = timer_tick
else
timer.setEnabled(true)
end
end
function deinit()
--print("deinit")
timer.setEnabled(false)
end
{$asm}
[ENABLE]
globalalloc(rotMemory, 0x50)
{$lua}
init()
{$asm}
[DISABLE]
{$lua}
deinit()
{$asm}
dealloc(rotMemory)
|
I don't want to store new code at rotMemory, i want to use the output of this lua script which is stored at rotMemory+10 and copy it into the address pointed to by RAX where I hook into the game function.
|
|
| Back to top |
|
|
salumor
Advanced Cheater
![]() Reputation: 0
Joined: 14 Jan 2019
Posts: 87
|
| Posted: Tue Mar 12, 2019 3:24 am Post subject: |
|
|
U're right, it should work, tough a label should be enough.
Maybe it doesn't work 'cause it's 64Bit? Replace at least below lua script to:
| Code: | | globalalloc(rotMemory, 50,"dirtrally2.exe"+958980) |
Else, set a breakpoint at "mov [rax], rotMemory+10". Would be nice to know what's stored in there. Cause taking a look into the script it does start with rotMemory + 16!?[/code]
|
|
| Back to top |
|
|
toontoonizer
Newbie cheater
![]() Reputation: 0
Joined: 24 Dec 2018
Posts: 12
|
| Posted: Tue Mar 12, 2019 6:29 am Post subject: |
|
|
| salumor wrote: | U're right, it should work, tough a label should be enough.
Maybe it doesn't work 'cause it's 64Bit? Replace at least below lua script to:
| Code: | | globalalloc(rotMemory, 50,"dirtrally2.exe"+958980) |
Else, set a breakpoint at "mov [rax], rotMemory+10". Would be nice to know what's stored in there. Cause taking a look into the script it does start with rotMemory + 16!?[/code] |
will give it a try
the +10 is hex for +16 decimal (which the lua script is in). before +10 iare the pitch, yaw, roll values at +0, +4 and +8
I can see what is stored at rotMemory+10 at all times by adding the address to the address list. The values are correct. It just is not put into rax correctly and not updated when the value at rotMemory+10 changes. but i'll try the breakpoint as well to see what is going on
|
|
| Back to top |
|
|
toontoonizer
Newbie cheater
![]() Reputation: 0
Joined: 24 Dec 2018
Posts: 12
|
| Posted: Wed Mar 13, 2019 3:35 pm Post subject: |
|
|
| still no dice - it is not detecting what is stored at rotMemory+10 properly from what i can tell from the breakpoint.
|
|
| Back to top |
|
|
TheyCallMeTim13
Wiki Contributor
 Reputation: 50
Joined: 24 Feb 2017
Posts: 976
Location: Pluto
|
|
| Back to top |
|
|
toontoonizer
Newbie cheater
![]() Reputation: 0
Joined: 24 Dec 2018
Posts: 12
|
| Posted: Thu Mar 14, 2019 2:50 pm Post subject: |
|
|
| TheyCallMeTim13 wrote: | So the "AllocateNearThisAddress" is more for jumps, it's to prevent a jump being more than 5 bytes.
The thing to note here is the LUA is run first. No matter what order it's in, in the script.
You can use the CELua "allocateSharedMemory".
|
thanks for all the help! unfortunately it's still not working
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
