Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


script can not fetch addressess
Goto page 1, 2  Next
 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Lua Scripting
View previous topic :: View next topic  
Author Message
dharmang1910
Expert Cheater
Reputation: 0

Joined: 09 May 2010
Posts: 102

PostPosted: Sun Dec 12, 2021 3:17 am    Post subject: script can not fetch addressess Reply with quote

Hi,
I am making table for the game "Tunnel of Doom". In this game I've found a shared opcode that contains all the weapon address. Code is as below.

Code:
mov [esi],00000000


At [esi-20] address there is pointer which contains another pointer and at that pointer there is string of weapon name.

I have made AA script easily for this but there is lots of weapons so AA script requires so many alloc and registersymbols, so I have tried to make script in lua. I am not pro in lua so I have tried my best to make script in lua and it can not fetch 'esi' and 'strings'. I think I am doing some mistakes, so can anyone please help me to make this script correct?

My script:
Code:
{$lua}
local function ftchbs()
      autoAssemble([[
        aobscanmodule(weapon,TOD.exe,DD EE FF 83 C4 04 89 06 C7 06 00 00 00 00)
        registersymbol(weapon)
      ]])
      local base = getAddress("weapon+8")
      debug_removeBreakpoint(base)
      registerSymbol("base")
      unregisterSymbol("weapon")
end

function debugger_onBreakpoint()
         EIP = base
         _wbase = ESI
         registerSymbol("_wbase")
         id = readInteger("_wbase")
         id = readPointer(readPointer(id-0x20)+0x0)
         unregisterSymbol("sID")
         registerSymbol("sID",id)
         debug_continueFromBreakpoint(co_run)
         debugProcess(2)
         return 1
end

local function cmpstr()
if _wbase ~= nil then
      if readString(sID) == Pickaxe then
         pkax = _wbase
         registerSymbol("pkax")
      end
end
end

[ENABLE]
ftchbs()
debug_setBreakpoint(base)
cmpstr()

[DISABLE]
debug_removeBreakpoint(base)
unregisterSymbol("pkax")
unregisterSymbol("_wbase")
unregisterSymbol("base")


screenshots:


[/img]
Back to top
View user's profile Send private message
careca777
Expert Cheater
Reputation: 0

Joined: 27 Jul 2013
Posts: 121

PostPosted: Sun Dec 12, 2021 5:42 am    Post subject: Reply with quote

Could something like this be what you want?
Needs a pointer to jump start it.

Code:
[ENABLE]
{$lua}
--============================================================
--Get 00E941B0
autoAssemble'globalalloc(1StOffset,8)'
local 1StOffsetOffset = getAddress'[PointerToC744578]+0' -- +0 not needed, get pointer to 00E941B0
print ('Match 1StOffset')
print(("%08X"):format(readPointer(1StOffsetOffset)))
writePointer('1StOffset', readPointer(1StOffsetOffset))
print ('===========================')
--============================================================
--Get 00E286D8
autoAssemble'globalalloc(2NdOffset,8)'
local 2NdOffsetOffset = getAddress'[1StOffset]+0' --from the previous pointer 00E941B0 get 00E286D8
print ('2NdOffset')
print(("%08X"):format(readPointer(2NdOffsetOffset)))
writePointer('2NdOffset', readPointer(2NdOffsetOffset))
print ('===========================')
--============================================================
createTimer(500, function() memrec.Active = false; end)
[DISABLE]
Back to top
View user's profile Send private message
dharmang1910
Expert Cheater
Reputation: 0

Joined: 09 May 2010
Posts: 102

PostPosted: Sun Dec 12, 2021 6:21 am    Post subject: Reply with quote

careca777 wrote:
Could something like this be what you want?
Needs a pointer to jump start it.

Thanks for the reply.
Actually whole thing complete in 3 stages.
At first we have to get address of opcode and assign variable to it.
At second stage we have to break at that location and fetch "ESI" and "Weapon String".
At third stage we have to compare string and assign it to variable.
So after above three stage completed we put variable as a address of different weapons into table.
May be there is shortcut and combine them in two or one stage but to make it simple I have divided it into 3 stage because I am not pro in lua.
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Sun Dec 12, 2021 1:34 pm    Post subject: Reply with quote

Using {$LUACODE} might be easier.
https://forum.cheatengine.org/viewtopic.php?t=618134

e.g. something like this:
Code:
{$lua}
if not weaponAddresses then
  -- array of tables { name = weaponName, addr = ESI at injection point }
  -- tables can also be indexed by weaponName
  weaponAddresses = {}
end
{$asm}
[ENABLE]
aobscanmodule(weapon,TOD.exe,...)
alloc(newmem,4096)
label(return)
registersymbol(weapon)

newmem:
{$luacode wpnaddr=esi}
  local name = readString(readPointer(readPointer(wpnaddr - 0x20)))

  if not weaponAddresses[name] then
    local t = { name = name, addr = wpnaddr }
    weaponAddresses[#weaponAddresses + 1] = t
    weaponAddresses[name] = t
  end
{$asm}
  mov [esi],00000000
  jmp return


weapon+8:
  jmp newmem
  nop
return:

[DISABLE]
weapon+8:
  db C7 06 00 00 00 00

unregistersymbol(weapon)
dealloc(newmem)

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
dharmang1910
Expert Cheater
Reputation: 0

Joined: 09 May 2010
Posts: 102

PostPosted: Sun Dec 12, 2021 10:23 pm    Post subject: Reply with quote

ParkourPenguin wrote:
Using {$LUACODE} might be easier.
https://forum.cheatengine.org/viewtopic.php?t=618134

e.g. something like this:

Thank you very much ParkourPenguin for reply,
I have learned something new with your post. I will try to understand whole post in spare time.

For now only want to ask this,
I have added your script to table but after that how to add addresses of weapons to table and is it required that opcode access weapon address continuously??
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Sun Dec 12, 2021 10:58 pm    Post subject: Reply with quote

If you only want to register symbols, you can delete the top {$lua} block and use this in the {$luacode} block:
Code:
{$luacode wpnaddr=esi}
  local name = readString(readPointer(readPointer(wpnaddr - 0x20)))
  local symbol = 'wpn_'..name

  if not getAddressSafe(symbol) then
    registerSymbol(symbol, wpnaddr, true)
  end
{$asm}
Add memory records manually with addresses "wpn_Pickaxe" etc.

Unless the weapon addresses change, the script can be turned off when you have all the weapons.

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
dharmang1910
Expert Cheater
Reputation: 0

Joined: 09 May 2010
Posts: 102

PostPosted: Mon Dec 13, 2021 3:38 am    Post subject: Reply with quote

ParkourPenguin wrote:
If you only want to register symbols, you can delete the top {$lua} block and use this in the {$luacode} block:
Code:
{$luacode wpnaddr=esi}
  local name = readString(readPointer(readPointer(wpnaddr - 0x20)))
  local symbol = 'wpn_'..name

  if not getAddressSafe(symbol) then
    registerSymbol(symbol, wpnaddr, true)
  end
{$asm}
Add memory records manually with addresses "wpn_Pickaxe" etc.

Unless the weapon addresses change, the script can be turned off when you have all the weapons.

Thank you very much for another script I will try that also and will tell you about that.


Actually I just want to ask how can I use that generated table "t" in my script?
Either I have to add addresses with some variables or it will automatically add found addresses to the table??
I have modified your script a bit to remove some crap addresses as follows but after activating it nothing happened. So just want to ask that if I have to do other steps or not after activating this script?

Code:
{$lua}
if not weaponAddresses then
  -- array of tables { name = weaponName, addr = ESI at injection point }
  -- tables can also be indexed by weaponName
  weaponAddresses = {}
end
{$asm}
[ENABLE]
aobscanmodule(weapon,TOD.exe,DD EE FF 83 C4 04 89 06 C7 06 00 00 00 00)
alloc(newmem,4096)
label(return)
registersymbol(weapon)

newmem:
{$luacode wpnaddr=esi}
if readPointer(wpnaddr - 0x20) ~= 0 then
  local name = readString(readPointer(readPointer(wpnaddr - 0x20)))

  if not weaponAddresses[name] then
    local t = { name = name, addr = wpnaddr }
    weaponAddresses[#weaponAddresses + 1] = t
    weaponAddresses[name] = t
  end
end
{$asm}
  mov [esi],00000000
  jmp return


weapon+8:
  jmp newmem
  nop
return:

[DISABLE]
weapon+8:
  db C7 06 00 00 00 00

unregistersymbol(weapon)
dealloc(newmem)



Edit:
I have tried your second script and it have successfully fetched weapon address but after at some points some other crap addresses are accessed by this opcodes and game hangs but one good thing is that address of weapons remain same in whole session of game so after fetching all result I disable the script. How can I limit registering limited amount of symbols like 20(I mean "for t(n) n-1 ,20 do..etc) and then script disables itself.??
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Mon Dec 13, 2021 1:05 pm    Post subject: This post has 1 review(s) Reply with quote

The first script stores weapon name and addresses in the global variable weaponAddresses. You can use that variable in Lua to do whatever you want. e.g. execute this in the Lua engine:
Code:
for _,t in ipairs(weaponAddresses) do
  print(t.name, ('\t%08X'):format(t.addr))
end


The second script can auto-disable itself by keeping count of how many symbols its registered and disable the memory record after it's done.
Code:
[ENABLE]
{$lua}
if syntaxcheck then return end

assert(not _wpnSymbolRegisteredCount, 'Already running')

_wpnSymbolRegisteredCount = { count = 0, memrec = memrec }
{$asm}

aobscanmodule(...)
...

newmem:
{$luacode wpnaddr=esi}
if not _wpnSymbolRegisteredCount or _wpnSymbolRegisteredCount.count >= 20 then
  return
end

local node1 = readPointer(wpnaddr - 0x20)
if node1 ~= 0 then
  local name = readString(readPointer(node1))

  if not weaponAddresses[name] then
    local t = { name = name, addr = wpnaddr }
    weaponAddresses[#weaponAddresses + 1] = t
    weaponAddresses[name] = t
   
    _wpnSymbolRegisteredCount.count = _wpnSymbolRegisteredCount.count + 1
    if _wpnSymbolRegisteredCount.count >= 20 then
      createTimer(1,function()
        if _wpnSymbolRegisteredCount then
          _wpnSymbolRegisteredCount.memrec.Active = false
        end
      end)
    end
  end
end
{$asm}
...

[DISABLE]
{$lua}
if syntaxcheck then return end
if _wpnSymbolRegisteredCount then
  _wpnSymbolRegisteredCount = nil
end
{$asm}
...
This is starting to get a little ridiculous and you might be better off by finding a better injection point.
_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
dharmang1910
Expert Cheater
Reputation: 0

Joined: 09 May 2010
Posts: 102

PostPosted: Tue Dec 14, 2021 5:03 am    Post subject: Reply with quote

ParkourPenguin wrote:
This is starting to get a little ridiculous and you might be better off by finding a better injection point.

Thank you very much for all your valuable help and time. I have added "_wpnSymbolRegisteredCount" things in your second script with registersymbol thing and works fine. now going to another chamber does not hangs the game. I really want to learn lua thing especially related to cheat engine and table things because I can not still understand table related codes. Cheat engine wiki is not completed so can you please suggest me where can I learn all things because I feel bad by asking questions and disturbing you again and again. I want to understand what your script actually do so below I have make comment in after some lines which I can not understand. Please correct me if I am wrong.
Code:

assert(not _wpnSymbolRegisteredCount, 'Already running') -- 'Already running' string does not defined anywhere then what can be assert by this??

_wpnSymbolRegisteredCount = { count = 0, memrec = memrec }  -- Is memrec is limited for this script only or it combined of all other script like this?If i define another 20 symbol at another injection point with another script then it is 20 or 40??

if not _wpnSymbolRegisteredCount or _wpnSymbolRegisteredCount.count >= 20 then -- does this means if "_wpnSymbolRegisteredCount" does not exist or >=20??


  if not weaponAddresses[name] then
    local t = { name = name, addr = wpnaddr }
    weaponAddresses[#weaponAddresses + 1] = t
    weaponAddresses[name] = t -- I can not understand this whole table part, can you please explain it what this 4 lines do. I only understand second line that our table contains these two columns {name, addr}

 createTimer(1,function() -- 'createTimer(1' means this function only executes once??

if _wpnSymbolRegisteredCount then --Is this means if _wpnSymbolRegisteredCount  exist then?? Confused because there is no comparison made.


Again Thank you very much for all your help. You are really nice and helpful.
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Tue Dec 14, 2021 12:35 pm    Post subject: Reply with quote

You should split learning this into two parts: learning the Lua language first, then learning what CE adds to Lua.

There are plenty of tutorials online you can use to learn Lua. Be careful which version of Lua you're learning: CE uses Lua 5.3. Many tutorials cover Lua 5.1 or some other version. There are important differences between versions.

The stuff CE adds to Lua is mostly documented in celua.txt in the main CE directory. Many things are also documented on the CE wiki.

"assert" is a part of Lua. The first argument is something converted to a bool. If it evaluates to false, assert generates an error with the second argument as the reason.

Lua can convert values that aren't bools into bools by checking if they aren't nil. e.g.:
Code:
if 0 then print'0 evaluates to true' end


"memrec" is a special variable defined by CE before it executes {$lua} blocks. It is the memory record that contains the script being executed.

Lua "arrays" are really just tables with integer indexes starting at 1. The common pattern "t[#t+1]" appends an object to the end of the array (# is the length operator).

Lua tables map keys to values. You can index a table with a key to access a value: i.e. "weaponAddresses[name]" indexes the table "weaponAddresses" with the key "name" to access whatever value may be stored there, if any.
The surrounding if statement checks if it already fetched this weapon address.

createTimer is a function CE adds to Lua. I'm not sure if this use is documented on the wiki, but it is documented in celua.txt:
Quote:
createTimer(delay, function(...),...):
Creates a timer object that waits the given delay, executes the given function, and then selfdestructs. Tip: Don't use the timer after it has ran
Basically 1 means "wait one millisecond". After one millisecond (more or less), run the function, then destroy the timer (don't run again).
It might be safe to not do this and simply deactivate the memory record right there, but I don't know if {$luacode} blocks are run in a different thread (only the main thread can access the GUI) and I don't know if it's safe to deactivate the script while the code injection is being run ({$luacode} might return to deallocated memory). The main thread runs timers, and waiting a short while will let the injection complete.

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Tue Dec 14, 2021 1:11 pm    Post subject: Reply with quote

luacode runs in a different thread
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
dharmang1910
Expert Cheater
Reputation: 0

Joined: 09 May 2010
Posts: 102

PostPosted: Sun Dec 19, 2021 2:44 am    Post subject: Reply with quote

Thank you "ParkourPenguin" and "Dark Byte" for the reply. Luacode is really nice feature added to CE and I want to say thanks to Dark Byte and all other contributor of CE.

I have tried lua code in another injection point and but it does not worked. It does not fetch esi register's value to define to the symbol. Here is little explanation of that injection point.

The opcode "mov [esi+10],00000000" is shared opcode andat address of esi there is a pointer which contain another pointer which points to a address which contains a string same as my first post of this topic. Time address have string "Time played" and time is continuously increasing but it does not register value of ESI to symbol. Here is my script. Am i doing something wrong or luacode does not support it??
Code:

[ENABLE]

aobscanmodule(genadrs,TOD.exe,46 10 C7 46 10 00 00 00 00) // should be unique
alloc(newmem,$100)

label(code)
label(return)

newmem:
{$luacode genaddr=esi}


if readString(readPointer(readPointer(genaddr))) == 'Time played' then
--local tme = genaddr
registerSymbol(tme, genaddr, true)
end
{$asm}

code:
  mov [esi+10],00000000
  jmp return

genadrs+02:
  jmp newmem
  nop 2
return:
registersymbol(genadrs)

[DISABLE]

genadrs+02:
  db C7 46 10 00 00 00 00

unregistersymbol(genadrs)
dealloc(newmem)


The following lua code works fine and if I add "gen_Time played" as address then it shows time perfectly
Code:

{$luacode genaddr=esi}

if readPointer(genaddr) ~= 0 and readInteger(genaddr + 0x10) == 0 then
  local gname = readString(readPointer(readPointer(genaddr)))
  local gsymbol = 'gen_'..gname
  registerSymbol(gsymbol, genaddr + 0x10, true)
end

{$asm}
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Sun Dec 19, 2021 2:55 am    Post subject: Reply with quote

Code:
{$luacode genaddr=esi}


if readString(readPointer(readPointer(genaddr))) == 'Time played' then
  --local tme = genaddr
  registerSymbol(tme, genaddr, true)
end
{$asm}
What is "tme"? It's not defined anywhere.
The first argument to registerSymbol should be a string.

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Sun Dec 19, 2021 4:25 am    Post subject: Reply with quote

you can use print/printf in luacode to print out what's happening. (print is threadsafe, but keep in mind that it's slow)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
dharmang1910
Expert Cheater
Reputation: 0

Joined: 09 May 2010
Posts: 102

PostPosted: Sun Dec 19, 2021 7:24 am    Post subject: Reply with quote

ParkourPenguin wrote:
Code:
{$luacode genaddr=esi}


if readString(readPointer(readPointer(genaddr))) == 'Time played' then
  --local tme = genaddr
  registerSymbol(tme, genaddr, true)
end
{$asm}
What is "tme"? It's not defined anywhere.
The first argument to registerSymbol should be a string.

I have tried above "local tme = genaddr" to put value of ESI into tme symbol as above code but it does not worked so I have comment out that line to check if it is disturbing registerSymbol or not. First I have used time as a variable but it shows kernalbase32.time as a address so I have changed it to "tme".
Even "local tme = readInteger(genaddr)" did not worked.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Lua Scripting All times are GMT - 6 Hours
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites