|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
kickclock Advanced Cheater Reputation: 0
Joined: 15 Jan 2008 Posts: 73
|
Posted: Sun Dec 11, 2011 9:08 pm Post subject: help me for my first lua script |
|
|
i'm new in lua
this is my first lua script , it's not work.
how to fix it ?thanks .
it's an AAscript ,and use VEH debugger ,change register EIP to jmp into the alloc memory.
Code: | l_script=[[
assert(pal5.exe+2bd494,e8 d7 b1 ff ff)
loadlibrary(myscriptengine.dll)
globalalloc(myhook_getscript,0x1000)
define(exit,myhook_getscript+200)
define(pointer,Pal5.exe+20910AC)
define(temp1,myhook_getscript+0f00)
define(dllname,myhook_getscript+800)
define(dllproc1,myhook_getscript+820)
dllname:
db 'myscriptengine.dll'
dd 0
dllproc1:
db 'getscript'
dd 0
exit:
popad
jmp Pal5.exe+2A5530
myhook_getscript:
call Pal5.exe+2A5e70
pushad
push dllname
call GetModuleHandleA
push dllproc1
push eax
call GetProcAddress
mov [temp1],eax
push 1
call ShowCursor
push [pointer]
call [temp1]
mov eax,[eax]
mov ecx,[eax+4]
test ecx,ecx
je exit
mov esi,[eax]
mov edi,[pointer]
repe movsb
mov [edi],0
jmp exit
]]
--//Pal5.exe+2A552b:
--//jmp myhook_getscript
autoAssemble(l_script)
debug.debugProcess(2)
reinitializeSymbolhandler()
debug_setBreakpoint("Pal5.exe+2A552b",1,)
function debugger_onBreakpoint()
debug.changingregister(eip,myhook_getscript)
debug.debug_continueFromBreakpoint(co_run)
end |
_________________
Love CE |
|
Back to top |
|
|
atom0s Moderator Reputation: 199
Joined: 25 Jan 2006 Posts: 8518 Location: 127.0.0.1
|
Posted: Sun Dec 11, 2011 11:10 pm Post subject: |
|
|
I wrote this using Minesweeper as an example, so you will need to adjust some parts of this to suite your needs but it works.
Code: |
--[[
change_eip - EIP Register Changer Example
------------------------------------------------------------
(c) 2011 atom0s [aka Wiccaan]
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
]]--
change_eip =
{
bBreakpointSet = false, -- To prevent multiple calls..
cave_address = nil, -- Cave address..
script = -- Script to execute..
[[
registersymbol(cave)
alloc(cave,1024)
cave:
pushad
mov [01005194], 999
popad
jmp 01003474
]]
};
---------------------------------------------------------------------------
-- func : onOpenProcess
-- desc : Called when Cheat Engine attaches to a process.
---------------------------------------------------------------------------
function onOpenProcess( procid )
change_eip:Start();
end
---------------------------------------------------------------------------
-- func : debugger_onBreakpoint
-- desc : Called when Cheat Engine hits a breakpoint.
---------------------------------------------------------------------------
function debugger_onBreakpoint()
-- Set EIP to our cave..
EIP = change_eip.cave_address;
return 1;
end
---------------------------------------------------------------------------
-- func : change_eip:Start
-- desc : Called when Cheat Engine attaches to a process.
---------------------------------------------------------------------------
function change_eip:Start()
if( self.bBreakpointSet == true ) then
return;
end
self.bBreakpointSet = true;
-- Start debugger and set breakpoint..
debugProcess( 0 );
debug_setBreakpoint( "0100346E" ); -- CHANGE THIS!!
-- Initialize script..
local bReturn = autoAssemble( self.script );
self.cave_address = getAddress("cave");
-- Reinitialize symbols..
reinitializeSymbolhandler();
return true;
end
|
Be sure to change the script to yours, as well as change the breakpoint address. It uses the symbol name 'cave' to know where to set EIP to, so name your 'cave' in your script as cave. _________________
- Retired. |
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25296 Location: The netherlands
|
Posted: Mon Dec 12, 2011 12:38 am Post subject: |
|
|
For the original poster:
why do you have debug. in front of some functions ?Have you defined them yourself ?
Also, debug_setBreakpoint("Pal5.exe+2A552b",1,) looks like a syntax error to me
Try this instead:
Code: |
function debugger_onBreakpoint()
EIP=getAddress("myhook_getscript")
debug_continueFromBreakpoint(co_run)
end
reinitializeSymbolhandler()
autoAssemble(l_script)
debugProcess(2)
debug_setBreakpoint("Pal5.exe+2A552b")
|
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
kickclock Advanced Cheater Reputation: 0
Joined: 15 Jan 2008 Posts: 73
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|