|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25295 Location: The netherlands
|
Posted: Thu Aug 26, 2021 1:47 pm Post subject: {$ccode} function call example |
|
|
In this example for the 64-bit tutorial of Cheat Engine 7.3 step 2, I'll show how to call the function MessageBoxA and react on it based on the result the user clicks
It also shows how to modify a single register, and how to access memory pointed at by a pointer
Code: |
alloc(newmem,2048,"Tutorial-x86_64.exe"+2B42C)
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
{$ccode step2form=rbx decreaseby=eax}
#define MB_YESNO 0x4
#define IDYES 6
if (MessageBoxA(0,"Change Health to 1000 ?","Cheat Engine C",MB_YESNO)==IDYES)
{
int *health=(int*)(step2form+0x7f8);
*health=1000;
//*health=*health * 3.14159265359f; //in case you wish to multiply by pi instead (which works as well)
decreaseby=0; //don't decrease
}
//else leave everything unmodified
{$asm}
originalcode:
sub [rbx+000007F8],eax
exit:
jmp returnhere
"Tutorial-x86_64.exe"+2B42C:
jmp newmem
nop
returnhere:
|
Because the C compiler can figure out the parameters for the call for MessageBoxA you don't have to define it, but in cases where it's ambiguous you'll have to declare it.
example code you should then add at the top:
Code: |
{$c}
extern int MessageBoxA(int, char *, char *, int);
{$asm}
|
Note that not ALL targets support calling MessageBoxA as it depends on if the target process can handle message loops at that point
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
ragnaroks Newbie cheater Reputation: 1
Joined: 30 Aug 2021 Posts: 13
|
Posted: Mon Aug 30, 2021 12:35 pm Post subject: |
|
|
sorry for disturb you,does it have some way to use "label(tag)" or "registersymbol(tag)" in $CCODE?
what i'm think:
Code: |
alloc(newmem,128)
label(inject)
label(return)
label(default)
label(case1)
label(exit)
inject:
jmp newmem
return:
newmem:
{$CCODE refEAX=EAX}
(int *)gameLoaded=(int *)refEAX+0x04;
if(*gameLoaded!=1){
goto exit;
}
(int *)gunType=(int *)refEAX+0x20;
if(*gunType==1 || *gunType==3 || *gunType==5){
goto case1;
}else{
goto default;
}
{$ASM}
case1:
mov [ammo],(int)30
mov [hp],(float)100
mov [ap],(float)100
jmp return
default:
mov [ammo],(int)10
mov [hp],(float)500
mov [ap],(float)500
jmp return
exit:
mov [ammo],(int)0
mov [hp],(float)0
mov [ap],(float)0
jmp return
|
i had tried this but game crash immediately:
Code: |
alloc(newmem,128)
label(inject)
label(return)
label(default)
label(case1)
registersymbol(default)
registersymbol(case1)
inject:
jmp newmem
return:
newmem:
{$CCODE refEAX=EAX refDefault=default refCase1=case1}
(int *)gunType=(int *)refEAX+0x20;
if(*gunType==1 || *gunType==3 || *gunType==5){
goto refCase1;
}else{
goto refDefault;
}
{$ASM}
case1:
mov [ammo],(int)30
mov [hp],(float)100
mov [ap],(float)100
jmp return
default:
mov [ammo],(int)10
mov [hp],(float)500
mov [ap],(float)500
jmp return
|
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25295 Location: The netherlands
|
Posted: Mon Aug 30, 2021 3:50 pm Post subject: |
|
|
ok, there was another issue with that where local symbols didn't get recognized properly, seems a lot got changed after implementing C compiling. (it's fixed on patreon already)
Anyhow, goto is not going to work, as it's in a completely different stackframe, so the jmp that goto would do would mess up the stack.
It's better to use labels inside the c blocks instead and do the editing there, or use a register as a jump destination based on the result
example (step 2 of the tutorial)
I place an infinite loop after the ccode block, but the rcx register gets the address after that infinite loop (originalcode)
Code: |
alloc(newmem,2048,"Tutorial-x86_64.exe"+2B42C)
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
push rcx //save rcx as it's going to be changed
{$ccode jmpaddress=rcx}
extern void originalcode();
jmpaddress=originalcode;
{$asm}
jmp rcx //jump to where rcx points
db eb fe //inf loop
originalcode:
pop rcx //restore rcx
sub [rbx+000007F8],eax
exit:
jmp returnhere
"Tutorial-x86_64.exe"+2B42C:
jmp newmem
nop
returnhere:
|
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
ragnaroks Newbie cheater Reputation: 1
Joined: 30 Aug 2021 Posts: 13
|
Posted: Mon Aug 30, 2021 8:24 pm Post subject: |
|
|
"extern void originalcode();" it's new syntax in $CCODE or both in $C?
thanks for your help,my test cheat logic was done,i learned so much.
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25295 Location: The netherlands
|
Posted: Tue Aug 31, 2021 12:18 am Post subject: |
|
|
can also be in {$c}
basically a {$ccode} section is a {$c} section but with a function prologue and epilog
once CE assembles the script all {$c} blocks get combined into one c-file internally and compiled like that, so {$ccode} blocks have access to what is in {$c} blocks above it. (order of the blocks matter)
in the example i posted the "extern void originalcode();" would be local to the function it's in , but if you'd put it in the {$c} blocks it'd be accessible to all the c-blocks under it.
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
MMM-304 Expert Cheater Reputation: 0
Joined: 17 Aug 2020 Posts: 166 Location: Milkey Way
|
Posted: Tue Aug 31, 2021 12:48 am Post subject: |
|
|
Dark Byte wrote: | can also be in {$c}
|
wait so we can call asm functions in c? thats cool, also is this feature available for lua?
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25295 Location: The netherlands
|
Posted: Wed Sep 15, 2021 6:48 am Post subject: |
|
|
yes.
Also, here's another script example for flying around in kings bounty 2 (v1.3)
it makes use of the GetKeyState() function
I could likely clean it up by making a single isKeydown() function in {$c}
Code: |
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048,"KingsBounty2.exe"+1E4AAC4)
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
{$c}
float lockedHeight=0;
int lockHeight=0;
{$asm}
{$ccode player=RAX}
#define VK_SHIFT 0x10
#define VK_UP 0x26
#define VK_NUMPAD0 0x60
#define VK_NUMPAD2 0x62
#define VK_NUMPAD4 0x64
#define VK_NUMPAD6 0x66
#define VK_NUMPAD8 0x68
#define VK_ADD 0x6B
#define VK_SUBTRACT 0x6D
#define VK_DECIMAL 0x6E
#define SPEED 40
#define FASTSPEED 150
int speed=SPEED;
if (GetKeyState(VK_SHIFT) & (1<<15))
{
speed=FASTSPEED;
}
if (GetKeyState(VK_NUMPAD8) & (1<<15)) //up
{
*(float *)(player+0x10)+=speed;
}
if (GetKeyState(VK_NUMPAD2) & (1<<15)) //down
{
*(float *)(player+0x10)-=speed;
}
if (GetKeyState(VK_NUMPAD4) & (1<<15)) //left
{
*(float *)(player+0x14)-=speed;
}
if (GetKeyState(VK_NUMPAD6) & (1<<15)) //right
{
*(float *)(player+0x14)+=speed;
}
if (GetKeyState(VK_ADD) & (1<<15)) //numpad +
{
if (lockHeight)
lockedHeight+=speed;
*(float *)(player+0x18)+=speed;
}
if (GetKeyState(VK_SUBTRACT) & (1<<15)) //numpad -
{
if (lockHeight)
lockedHeight-=speed;
*(float *)(player+0x18)-=speed;
}
if (GetKeyState(VK_NUMPAD0) & (1<<15)) //0
{
lockedHeight=*(float *)(player+0x18);
lockHeight=1;
}
if (GetKeyState(VK_DECIMAL) & (1<<15)) //.
{
lockHeight=0;
lockedHeight=0;
}
if (lockHeight)
{
*(float *)(player+0x18)=lockedHeight;
}
{$asm}
originalcode:
movups xmm0,[rax]
movups [r13+000000B0],xmm0
exit:
jmp returnhere
"KingsBounty2.exe"+1E4AAC4:
jmp newmem
nop 6
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"KingsBounty2.exe"+1E4AAC4:
movups xmm0,[rax]
movups [r13+000000B0],xmm0
//Alt: db 0F 10 00 41 0F 11 85 B0 00 00 00
|
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|