Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Create, Exit and Terminate Thread in AA

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
Game Hacking Dojo
Master Cheater
Reputation: 1

Joined: 17 Sep 2023
Posts: 250
PostPosted: Sun Jun 02, 2024 4:49 am    Post subject: Create, Exit and Terminate Thread in AA Reply with quote
Is there a clean way to create a thread in the enable section and then exit and terminate in the disable section?

Can I also know if it is possible for a Lua version?
Back to top
View user's profile Send private message Visit poster's website
Dark Byte
Site Admin
Reputation: 470

Joined: 09 May 2003
Posts: 25807
Location: The netherlands
PostPosted: Sun Jun 02, 2024 5:49 am    Post subject: Reply with quote
currently on my phone but something like this:
Code:

[enable]
alloc(stopped,4)
alloc(muststop,4)
registersymbol(muststop)
registersymbol(stopped)

muststop:
dd 0

stopped:
dd 0

...
cmp [musttop],0
je end

...
end:
mov [stopped],1
ret


[disable]
{$lua}

writeInteger(getAddress('muststop'),1)

while readInteger(getAddress('stopped')==0 do sleep(50) end -- maybe add a check for time and error() when it takes too long

dealloc(*)
unregistersymbol(*)


_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
ParkourPenguin
I post too much
Reputation: 152

Joined: 06 Jul 2014
Posts: 4707
PostPosted: Sun Jun 02, 2024 9:56 am    Post subject: Reply with quote
Thread memory management:
https://forum.cheatengine.org/viewtopic.php?t=619046

As for "terminating" a thread, use a flag:
Code:
code:
// initialization code
  ...
loop:
// code to continuously run
  ...
  cmp [terminated],0
  jz loop
// thread was terminated: cleanup stuff and return
  ...

terminated:
  dd 0

[DISABLE]
terminated:
  dd 1
// do NOT dealloc here
You can't deallocate memory in the disable section. The thread is still running in that memory. Either use globalalloc (with a more unique symbol name than "code") or use a tail call to VirtualFree.
_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
Game Hacking Dojo
Master Cheater
Reputation: 1

Joined: 17 Sep 2023
Posts: 250
PostPosted: Sun Jun 02, 2024 12:56 pm    Post subject: Reply with quote
Thank you that was pretty useful.

I want to call functions from other scripts using this thread. However, those scripts might not be all enabled at once.

Functions listed under functionCalls are going to be placed under functionCalls using other scripts and my plan is to separate them by x bytes

I know I could either add x bytes to each script I want to link or I could make labels separated by x bytes in this script. Are there other ways or better approaches you reckon?

Code:

[ENABLE]

alloc(hookThread,4096)
registersymbol(functionCalls)
alloc(terminate_hookThread,1)

hookThread:
  sub rsp,28
  mov ecx,#1000
  call kernel32.sleep
  add rsp,28

  cmp [terminate_hookThread],1
  je terminate

  cmp ....

functionCalls:

  call 1
  jmp hookThread

  call 2
  jmp hookThread

  call 3
  jmp hookThread

terminate:
  mov rcx,hookThread
  xor rdx,rdx
  mov r8d,8000
  jmp kernel32.VirtualFree

createthread(hookThread)

[DISABLE]

terminate_hookThread:
  db 1
 
unregistersymbol(functionCalls)
Back to top
View user's profile Send private message Visit poster's website
Dark Byte
Site Admin
Reputation: 470

Joined: 09 May 2003
Posts: 25807
Location: The netherlands
PostPosted: Sun Jun 02, 2024 1:08 pm    Post subject: Reply with quote
you may want to look into createRemoteExecutor() and related functions
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Game Hacking Dojo
Master Cheater
Reputation: 1

Joined: 17 Sep 2023
Posts: 250
PostPosted: Sun Jun 02, 2024 1:47 pm    Post subject: Reply with quote
could you please provide me with an example on createRemoteExecutor()
I only could find one topic about it.
And I noticed that it creates a thread every time it executes. Should that make me concerned about thread management or will it just get terminated once done?

Thank you.

Example:
Code:
  push rcx
  sub rsp,20
  mov rcx,[argument]
  mov rcx,[rcx+00000610]
  call aob_func
  xor rcx,rcx
  mov [argument],rcx
  add rsp,20
  pop rcx
Back to top
View user's profile Send private message Visit poster's website
ParkourPenguin
I post too much
Reputation: 152

Joined: 06 Jul 2014
Posts: 4707
PostPosted: Sun Jun 02, 2024 2:06 pm    Post subject: Reply with quote
Game Hacking Dojo wrote:
I want to call functions from other scripts using this thread. However, those scripts might not be all enabled at once.

You can make indirect calls.
Parent script:
Code:
[ENABLE]
...
code:
  ...
  mov rdi,[pFunction1]
  test rdi,rdi
  jz pointerIsNull  // child script wasn't enabled: the function to call doesn't exist
  call rdi
  ...

pFunction1:
  dq 0

registersymbol(pFunction1)
...
Child script:
Code:
[ENABLE]
...
function1:
  ...
  ret

pFunction1:
  dq function1

[DISABLE]
pFunction1:
  dq 0
Again, be careful about deallocating memory while the thread is executing it.

For anything more advanced, you should probably use Lua.
_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 470

Joined: 09 May 2003
Posts: 25807
Location: The netherlands
PostPosted: Sun Jun 02, 2024 3:06 pm    Post subject: Reply with quote
createRemoteExecutor() creates a thread that you can use to execute whatever you like. It's just sitting there waiting for you to call executeStub() which contains info on how to call a given function. You can call it over and over

it's a lot faster than executeCodeEx and related as it doesn't have to clean up the stack each time

e.g:

Code:

if executorpid~=getOpenedProcessID() then --only need to create it once
  executor=createRemoteExecutor() --only create when you need it
  executorpid=getOpenedProcessID()
end

if functionx==nil then
  functionx=createExecuteMethodStub(0, aob_func, 0) --callmethod=0, address=aob_func, first paramtype is 0 (integer)
end

...
--and whenever you wish to call the function:"
function callfunctionx(argument)
  executor.executeStub(functionx,{readPointer(readPointer(argument)+0x610}},0,true)
  return 0
end
argument=callfunctionx(argument)


(Tried to make it as close as your example code)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites