 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
h3x1c
Master Cheater
 Reputation: 17
Joined: 27 Apr 2013
Posts: 306
|
 Posted: Tue Sep 29, 2015 8:21 pm Post subject: Can I have an AA script check for a key being pressed, or... |
 |
|
Let's say I have an AA script that, when enabled, runs an AOB scan for the instruction that reduces ammo when you shoot. Then, if I shoot as normal, ammo reduces as normal; however, if I'm holding, say, | (the pipe key) when I shoot, then ammo won't be decreased. Something like this:
| Code: |
int 16h
cmp al, 7Ch
je CodeInjection
sub ebx,2
jmp return
CodeInjection:
mov ebx,#99
jmp return
|
I don't want the interrupt wait, obviously; I'm just looking for a way to have the script see if a certain key is being pressed before running one instruction or another.
Or, perhaps even more ridiculous of a suggestion, could I have some sort of check to see if, say, calc.exe is running in the background, then jmp to code injection, otherwise run the normal instruction?
I'm trying to get silly with a particular solution here and INT appears to be the wrong path, so thanks for any help/suggestions!
_________________
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 471
Joined: 09 May 2003
Posts: 25824
Location: The netherlands
|
| Posted: Tue Sep 29, 2015 8:36 pm Post subject: |
|
|
Check out http://cheatengine.org/keypresstut.php (for 64-bit it's a bit more complex)
And yeah, int 16h is the wrong way.
first off CE doesn't use the h notation, but most importantly, that's a BIOS call which only works when inside real-mode (windows runs programs in protected mode )
To see if calc is running is going to be a lot more complex (I guess you could use the luaserver method to make things easier, but right now requires you to run the program as admin)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
h3x1c
Master Cheater
Reputation: 17
Joined: 27 Apr 2013
Posts: 306
|
| Posted: Tue Sep 29, 2015 8:50 pm Post subject: |
|
|
| Dark Byte wrote: | Check out http://cheatengine.org/keypresstut.php (for 64-bit it's a bit more complex)
And yeah, int 16h is the wrong way.
first off CE doesn't use the h notation, but most importantly, that's a BIOS call which only works when inside real-mode (windows runs programs in protected mode )
To see if calc is running is going to be a lot more complex (I guess you could use the luaserver method to make things easier, but right now requires you to run the program as admin) |
Perfect. I'll get to cracking on that (I promise I tried a few Google searches before asking this and that article never came up). I still need to learn Lua, so this luaserver method might be a good opportunity for me to dig into it. Running as admin is no problem.
Can you link me to resources for that method as well, or is this something that would need to be cooked up? If so, then perhaps it'd make a great tutorial for someone like me who's been looking for the right reason to dig into Lua!
Thanks, DB.
_________________
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 471
Joined: 09 May 2003
Posts: 25824
Location: The netherlands
|
| Posted: Tue Sep 29, 2015 9:26 pm Post subject: |
|
|
Ok, this is a subject pretty much "no one" ever makes use of, since it hasn't been shown much... (and the admin issue. which has been fixed for next version)
First launch the ce tutorial with admin rights (and open it with ce)
execute this lua script so the function checkstate becomes available
| Code: |
function checkstate(x)
if getProcessIDFromProcessName("calc.exe")~=nil then
print("calc is present")
return 0
else
return 1
end
end
|
(this can be done inside the auto assembler inside a {$lua} section as well, but just showing off one neat feature later)
execute this aa script:
| Code: |
{$lua}
if checkstate==nil then
error('Define checkstate first... Or declare it in this script...')
end
{$asm}
//-----------AUTOGENERATED CODE BY CE'S LUA TEMPLATE------
//You can just copy/paste this, and even omit it as long as it's executed once
loadlibrary(luaclient-i386.dll)
luacall(openLuaServer('CELUASERVER'))
globalalloc(luainit, 128)
globalalloc(LuaFunctionCall, 128)
label(luainit_exit)
globalalloc(luaserverinitialized, 4)
globalalloc(luaservername, 12)
luaservername:
db 'CELUASERVER',0
luainit:
cmp [luaserverinitialized],0
jne luainit_exit
push luaservername
call CELUA_Initialize //this function is defined in the luaclient dll
mov [luaserverinitialized],eax
luainit_exit:
ret
LuaFunctionCall:
push ebp
mov ebp,esp
call luainit
push [ebp+c]
push [ebp+8]
call CELUA_ExecuteFunction
pop ebp
ret 8
//luacall call example:
//push integervariableyouwishtopasstolua
//push addresstostringwithfunction //(The lua function will have access to the variable passed by name "parameter")
//call LuaFunctionCall
//When done EAX will contain the result of the lua function
//^^^^^^^^AUTOGENERATED CODE BY CE'S LUA TEMPLATE^^^^^^^^
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
alloc(myscript,16)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
pushad
push 0
push myscript
call LuaFunctionCall //returns 0 if calc is present
cmp eax,0
popad
je exit //skip the sub if calc is running
originalcode:
sub [ebx+00000480],eax
exit:
jmp returnhere
//the text in myscript will get executed by lua (in ce's process)
myscript:
db 'return checkstate(parameter)',0
"tutorial-i386.exe"+24ffb:
jmp newmem
nop
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"tutorial-i386.exe"+23A90:
mov [ebx+00000480],eax
//Alt: db 89 83 80 04 00 00
|
Now, in the tutorial go to step 2 and click on "hit me"
If calc isn't running, and you click on hit me, health will go down, but if it is running, health won't go down, and you'll get a message
Now the fun part:
You can easily redefine that lua script without having to reassemble the aa script
you can just execute this lua script:
| Code: |
function checkstate(x)
if getProcessIDFromProcessName("calc.exe")~=nil then
return 1
else
return 0
end
end
|
For the reverse behavior.
You can even have errors in your script, and the target process won't crash (it'll read 0 in the worst case scenario)
With the parameter you can do even more advanced coding.
e.g you could save the register state on the stack, then give the stack address as parameter to the LuaFunctionCall function, and in lua you can then read that memory and deal with it as you see fit.
And when your script returns, change the registers with the new values in memory
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
h3x1c
Master Cheater
Reputation: 17
Joined: 27 Apr 2013
Posts: 306
|
| Posted: Tue Sep 29, 2015 10:04 pm Post subject: |
|
|
I'm heading to bed, but I'm super-psyched to go over everything you've posted here when I get in from work tomorrow. Really good stuff, man. Thanks, DB! 
_________________
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
