 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
TPRammus
Advanced Cheater
 Reputation: 0
Joined: 05 Jan 2016
Posts: 61
Location: Germany
|
 Posted: Wed Jun 29, 2016 12:18 pm Post subject: writeString writes parts of the string before |
 |
|
Hey
I have a game where text is showing up on the screen which you have to write down and press enter.
I made a button with which the text you need to write will get moved into the text you've written (So you would only have to press the button without typing anything):
| Code: | function CEButton1Click(sender)
mainWindow.CELabel2.setCaption(readString("[[[[[cartlife.exe+001AF81C]+44]+12c]+ac]+34c]+1d0",6000,false)) --this writes the text you need to write to a label (just to see whats going on)
writeString("[[[[[cartlife.exe+003E3818]+4cc]+30]+c0]+4d0]+6e4",readString("[[[[[cartlife.exe+001AF81C]+44]+12c]+ac]+34c]+1d0",6000,false),false)
end |
This worked fine at first(at least that's what I thought). However when the text before was "Hello my Friend", and the new text is "Nice", it will write "Niceo my Friend" to that address for some reason.
|
|
| Back to top |
|
 |
ParkourPenguin
I post too much
 Reputation: 152
Joined: 06 Jul 2014
Posts: 4699
|
| Posted: Wed Jun 29, 2016 12:39 pm Post subject: |
|
|
Well, that must be the null-terminated string stored at that address. Look at that address in the memory viewer and see what pops up. It could be a length-prefixed string.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
panraven
Grandmaster Cheater
![]() Reputation: 62
Joined: 01 Oct 2008
Posts: 958
|
| Posted: Wed Jun 29, 2016 12:39 pm Post subject: |
|
|
May need zero terminated, or set string length.
May try, | Code: | --zero-terminated
writeString(saddr,yourStr..string.char(0))
-- set string length
writeString(saddr,yourStr)
writeInteger(saddr-0x4,yourStr:len())
-- the length address/offset has to be determined |
-- or there may be other string format that need to synchronizing the string length.
bye~
_________________
- Retarded. |
|
| Back to top |
|
|
TPRammus
Advanced Cheater
Reputation: 0
Joined: 05 Jan 2016
Posts: 61
Location: Germany
|
| Posted: Thu Jun 30, 2016 1:57 am Post subject: |
|
|
| panraven wrote: | May need zero terminated, or set string length.
May try, | Code: | --zero-terminated
writeString(saddr,yourStr..string.char(0))
-- set string length
writeString(saddr,yourStr)
writeInteger(saddr-0x4,yourStr:len())
-- the length address/offset has to be determined |
-- or there may be other string format that need to synchronizing the string length.
bye~ |
Yeah I think it is because of the length. Can I anyhow get the length of the string of an address and then move the content (including the string length) to an other address?
|
|
| Back to top |
|
|
panraven
Grandmaster Cheater
![]() Reputation: 62
Joined: 01 Oct 2008
Posts: 958
|
| Posted: Thu Jun 30, 2016 6:41 am Post subject: |
|
|
| TPRammus wrote: | ...
Yeah I think it is because of the length. Can I anyhow get the length of the string of an address and then move the content (including the string length) to an other address? |
I guess there may be something before the _length_ has to be moved too, ie. vtable of the string object.
For example, in 32-bit mono, the string length is at +0c offset, and the string is 2byte unicode begin at +10 offset.
ADDED lua example:
Suppose our String in a edit box EDIT is supposed to replace into a target string at address ADDR when a button BTN is clicked.
The click handler of BTN can be:
| Code: |
BTN.OnClick = function(btn)
local text = EDIT.Text
local tlen = text:len()
local ok = autoAssemble"globalalloc(myString,256)"-- get myString storage
if ok and tlen*2<256-0x10-2 and readBytes('myString') and readBytes(ADDR)then
local strAddr = readInteger(ADDR)
writeInteger('myString+0c',tlen)
writeString('myString+10',text,true) -- true for wide chars
writeBytes('myString',readBytes(strAddr,0xc,true)) -- copy vtable stuff
writeInteger(ADDR,myString) -- replace target string address with myString address
end
end
|
PREVIOUS AA example:
---
Suppose a fixed String in AA's Address is supposed to replace into a target string.
In AA:
| Code: |
globalalloc(myString,$100)
myString+0c:
dd 6
myString+10:
db 'm',0,'y',0,'N',0,'a',0,'m',0,'e',0,0,0
-- then in our cave: suppose target string address is inside an object's +64 offset, and we have the object base address as ebx
...
push esi
push edi
mov esi,[ebx+064]
mov edi,myString
// begin move vtable stuff
push [esi]
push [esi+04]
push [esi+08]
pop [edi+08]
pop [edi+04]
pop [edi]
// end move vtable stuff
mov [ebx+064],edi -- replace target string's address with ours
pop edi
pop esi
...
|
without moving the vtable stuff, the game may not recognize the replaced string as a proper string object.
bye~
_________________
- Retarded. |
|
| Back to top |
|
|
TPRammus
Advanced Cheater
Reputation: 0
Joined: 05 Jan 2016
Posts: 61
Location: Germany
|
| Posted: Fri Jul 01, 2016 7:32 pm Post subject: |
|
|
| panraven wrote: | | I guess there may be something before the _length_ ha(...) |
Thank you for your effort but I dont really know what to do now. It would be wonderful if you could show me an example with those addresses:
Address of the text you have to write: "game.exe+22222222"
Address of the length of the text you have to write: "game.exe+00002222" (yes, I've found out the address for it)
Address of the text you have written: "game.exe+11111111"
What I basically did is this:
| Code: | | writeString("game.exe+11111111",getAddressList().getMemoryRecordByDescription("TextYouHaveToWrite").Value,50,false) |
(And now, it even only writes the first letter)
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 152
Joined: 06 Jul 2014
Posts: 4699
|
| Posted: Fri Jul 01, 2016 8:18 pm Post subject: |
|
|
| TPRammus wrote: | | Address of the length of the text you have to write: "game.exe+00002222" (yes, I've found out the address for it) |
If you know how long the string is, just set the maxlength parameter of the readString function to that.
(edit: typo)
_________________
I don't know where I'm going, but I'll figure it out when I get there.
Last edited by ParkourPenguin on Fri Jul 01, 2016 9:13 pm; edited 1 time in total |
|
| Back to top |
|
|
panraven
Grandmaster Cheater
![]() Reputation: 62
Joined: 01 Oct 2008
Posts: 958
|
| Posted: Fri Jul 01, 2016 9:11 pm Post subject: |
|
|
I use mono string as example because I only have some experience on manipulating mono string, it likely not the same as your game.
The mono string is treat like an object so that its length (baseAddress+0c), and its character array (baseAddress+10) are combine in a structure. If we know the baseAddress, we will also know its string length and string character array content.
So in your string to write
Address
text1 : game.exe+22222222
len1 : game.exe+00002222
It may be your arbitrary examples, but it don't look like they are in some same struct.
Beside that, what's the length of string written with text at game.exe+11111111" ?
btw
| Code: | | writeString("game.exe+11111111",(..some string...),50,false) |
Lua function writeString 3rd and last (optional) parameter is either true or false for unicode string or not, the number is for readString as its 2nd parameter.
Anyway, let me use another labeling, since I'm a bit confuse on 'have to write' and 'have written' as I'm not native English speaking, sorry.
source string(read from):
address of length : srcLen
address of charater array: srcText
target string(write to):
address of length : dstLen
address of charater array: dstText
We can somehow know the length of srcText if it is in game memory, by ce Lua function readString
| Code: |
local srcString = readString(srcText, 50) -- 50 is maximum string length to read, the actual string can be shorter (read complete string), or longer (some later chars is truncated )
-- or reading from memory record
-- local mr = getAddressList().getMemoryRecordByDescription("TextYouHaveToWrite")
-- local srcString = mr and readString(mr.CurrentAddress,50)
if srcString~=nil and readBytes(dstLen) and readBytes(dstText)then -- both src and dst is readable
local srcLength = srcString:len()
writeInteger(dstLen, srcLength)
writeString(dstText, srcString..string.char(0,0)) -- zero terminated anyway
end
|
Assume it won't cause problem if srcLen is bigger than dstLen, ie. risk of overwrite some other content.
bye~
_________________
- Retarded. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
