 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
gir489
Grandmaster Cheater
![]() Reputation: 14
Joined: 03 Jan 2012
Posts: 841
Location: Maryland, United States
|
 Posted: Wed Aug 06, 2014 6:48 pm Post subject: How do I hook a function that's being called too much? |
 |
|
| I'm trying to hook a function with an auto assembly script, and basically it's called so many times per second, that hooking it is a gamble. Sometimes the hook will go through and be successful, sometimes it will crash the game. Is there any way to pause execution of the game while it assembles my script?
|
|
| Back to top |
|
 |
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Wed Aug 06, 2014 7:04 pm Post subject: |
|
|
| Enabling a script should not crash your target unless there is a problem with your script or there are anti-cheat/debugger schemes in place. If you are attaching the debugger, that is another matter.
|
|
| Back to top |
|
|
gir489
Grandmaster Cheater
![]() Reputation: 14
Joined: 03 Jan 2012
Posts: 841
Location: Maryland, United States
|
| Posted: Wed Aug 06, 2014 7:07 pm Post subject: |
|
|
| ++METHOS wrote: | | Enabling a script should not crash your target unless there is a problem with your script or there are anti-cheat/debugger schemes in place. If you are attaching the debugger, that is another matter. |
I thought the same thing.
But when I attached a debugger, the IP (Instruction Pointer) was 2 to 4 bytes (changed each time) between the address I wanted to hook and the end result.
It seems the function is called so many times that it's a gamble if Cheat Engine can inject the code fast enough.
Sometimes the hook goes through and the code works fine. It only crashes when enabling the hook.
Here's the script:
| Code: | //Original table by mgr.inz.Player
//Fixed by gir489 for 1.03 STEAM
[ENABLE]
alloc(newmem,256)
alloc(missionpointerhook,128)
alloc(address,4)
alloc(missioncompletedpointer,4)
alloc(dest,1)
label(returnhere)
registersymbol(address)
registersymbol(dest)
registersymbol(missioncompletedpointer)
Dunia.dll+4B0AFF:
jmp newmem
nop
returnhere:
newmem:
mov [address],eax
fld dword ptr [eax+08]
movaps xmm1,xmm0
jmp returnhere
missionpointerhook:
mov eax,[ecx]
cmp [missioncompletedpointer],0
jne @f
cmp eax,#283773848
jne @f
mov [missioncompletedpointer],ecx
@@:
mov edx,[eax+04]
jmp Dunia.CThreadInformer::GetLastThread+1FE9B
address:
db 00 00 00 00
dest:
db 00
missioncompletedpointer:
db 00 00 00 00
Dunia.CThreadInformer::GetLastThread+1FE96:
jmp missionpointerhook
[DISABLE]
dealloc(newmem)
dealloc(address)
dealloc(returnhere)
dealloc(missionpointerhook)
dealloc(missioncompletedpointer)
dealloc(dest)
unregistersymbol(address)
unregistersymbol(dest)
unregistersymbol(missioncompletedpointer)
Dunia.dll+4B0AFF:
fld dword ptr [eax+08]
movaps xmm1,xmm0
Dunia.CThreadInformer::GetLastThread+1FE96:
mov eax,[ecx]
mov edx,[eax+04] |
|
|
| Back to top |
|
|
Dark Byte
Site Admin
 Reputation: 471
Joined: 09 May 2003
Posts: 25819
Location: The netherlands
|
| Posted: Wed Aug 06, 2014 7:34 pm Post subject: |
|
|
Try doing the hooking AFTER having setup the memory for the destination (it writes the bytes in the order it gets them. Right now you write the jmp to the newly allocated memory, and afterwards you write the bytes in that new memory)
| Code: |
//Original table by mgr.inz.Player
//Fixed by gir489 for 1.03 STEAM
[ENABLE]
alloc(newmem,256)
alloc(missionpointerhook,128)
alloc(address,4)
alloc(missioncompletedpointer,4)
alloc(dest,1)
label(returnhere)
registersymbol(address)
registersymbol(dest)
registersymbol(missioncompletedpointer)
newmem:
mov [address],eax
fld dword ptr [eax+08]
movaps xmm1,xmm0
jmp returnhere
Dunia.dll+4B0AFF:
jmp newmem
nop
returnhere:
missionpointerhook:
mov eax,[ecx]
cmp [missioncompletedpointer],0
jne @f
cmp eax,#283773848
jne @f
mov [missioncompletedpointer],ecx
@@:
mov edx,[eax+04]
jmp Dunia.CThreadInformer::GetLastThread+1FE9B
address:
db 00 00 00 00
dest:
db 00
missioncompletedpointer:
db 00 00 00 00
Dunia.CThreadInformer::GetLastThread+1FE96:
jmp missionpointerhook
[DISABLE]
dealloc(newmem)
dealloc(address)
dealloc(returnhere)
dealloc(missionpointerhook)
dealloc(missioncompletedpointer)
dealloc(dest)
unregistersymbol(address)
unregistersymbol(dest)
unregistersymbol(missioncompletedpointer)
Dunia.dll+4B0AFF:
fld dword ptr [eax+08]
movaps xmm1,xmm0
Dunia.CThreadInformer::GetLastThread+1FE96:
mov eax,[ecx]
mov edx,[eax+04]
|
else try adding this to the top of your code:
| Code: |
{$lua}
pause() --suspend the process
local t=createTimer(nil)
t.OnTimer=function(t)
unpause()
t.destroy()
end
t.Interval=1 --as soon as the gui is ready (e.g: after this script has been executed by clicking the checkbox. DOES NOT WORK FOR MANUAL EXECUTION WHERE A POPUP SHOWS IF YOU WANT TO EXECUTE IT)
{$asm}
|
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
gir489
Grandmaster Cheater
![]() Reputation: 14
Joined: 03 Jan 2012
Posts: 841
Location: Maryland, United States
|
| Posted: Wed Aug 06, 2014 8:15 pm Post subject: |
|
|
| Dark Byte wrote: | Try doing the hooking AFTER having setup the memory for the destination (it writes the bytes in the order it gets them. Right now you write the jmp to the newly allocated memory, and afterwards you write the bytes in that new memory)
| Code: |
//Original table by mgr.inz.Player
//Fixed by gir489 for 1.03 STEAM
[ENABLE]
alloc(newmem,256)
alloc(missionpointerhook,128)
alloc(address,4)
alloc(missioncompletedpointer,4)
alloc(dest,1)
label(returnhere)
registersymbol(address)
registersymbol(dest)
registersymbol(missioncompletedpointer)
newmem:
mov [address],eax
fld dword ptr [eax+08]
movaps xmm1,xmm0
jmp returnhere
Dunia.dll+4B0AFF:
jmp newmem
nop
returnhere:
missionpointerhook:
mov eax,[ecx]
cmp [missioncompletedpointer],0
jne @f
cmp eax,#283773848
jne @f
mov [missioncompletedpointer],ecx
@@:
mov edx,[eax+04]
jmp Dunia.CThreadInformer::GetLastThread+1FE9B
address:
db 00 00 00 00
dest:
db 00
missioncompletedpointer:
db 00 00 00 00
Dunia.CThreadInformer::GetLastThread+1FE96:
jmp missionpointerhook
[DISABLE]
dealloc(newmem)
dealloc(address)
dealloc(returnhere)
dealloc(missionpointerhook)
dealloc(missioncompletedpointer)
dealloc(dest)
unregistersymbol(address)
unregistersymbol(dest)
unregistersymbol(missioncompletedpointer)
Dunia.dll+4B0AFF:
fld dword ptr [eax+08]
movaps xmm1,xmm0
Dunia.CThreadInformer::GetLastThread+1FE96:
mov eax,[ecx]
mov edx,[eax+04]
|
else try adding this to the top of your code:
| Code: |
{$lua}
pause() --suspend the process
local t=createTimer(nil)
t.OnTimer=function(t)
unpause()
t.destroy()
end
t.Interval=1 --as soon as the gui is ready (e.g: after this script has been executed by clicking the checkbox. DOES NOT WORK FOR MANUAL EXECUTION WHERE A POPUP SHOWS IF YOU WANT TO EXECUTE IT)
{$asm}
|
|
The problem child is Dunia.CThreadInformer::GetLastThread+1FE96. It's already the last thing in line to be written.
The Lua bit worked, thanks.
|
|
| Back to top |
|
|
mgr.inz.Player
I post too much
 Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Thu Aug 07, 2014 11:11 am Post subject: |
|
|
It is always better to use "newmem block" before "inject block"
| Code: | (...)
//newmem block START
newmem:
mov [address],eax
fld dword ptr [eax+08]
movaps xmm1,xmm0
jmp returnhere
//newmem block END
//inject block START
Dunia.dll+4B0AFF:
jmp newmem
nop
returnhere:
//inject block END
()... |
_________________
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 471
Joined: 09 May 2003
Posts: 25819
Location: The netherlands
|
| Posted: Thu Aug 07, 2014 11:16 am Post subject: |
|
|
Yeah, i was talking about the newmem block which had the jmp before the definition
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
