Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


HELP - Button click transaction and injection

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
marko001
How do I cheat?
Reputation: 0

Joined: 24 Jan 2013
Posts: 4
PostPosted: Wed Apr 22, 2015 5:30 am    Post subject: HELP - Button click transaction and injection Reply with quote
Hi to all guys,
i'm playing around with a game trying develop a Bot based on memory reading instead of pixelcolors and mouse move.
In the past I used AutoIt to achieve that, and now, still using AutoIt, I'd like to use memory reading and injection.
I have no troubles (let's say minor torubles) in finding pointers and statics.
My problem is finding WHEN a button is clicked and INJECT it through Autoit.

To clarify it: I want to autofill username/pw fields and start login procedure (i.e. clicking the LOGIN button)

I'll appreciate any hint on that.
Thanks a lot,
M.

Last edited by marko001 on Wed Apr 29, 2015 7:36 am; edited 1 time in total
Back to top
View user's profile Send private message
Fresco
Grandmaster Cheater
Reputation: 4

Joined: 07 Nov 2010
Posts: 600
PostPosted: Wed Apr 22, 2015 9:18 am    Post subject: Reply with quote
Backtrack an action of the button.

If you were the programmer, you would have some kind of function ( or method, or action listener, call it however you want ) that gets executed when the button is pressed.
Inside that function you would make the program do something.
Most often ( like, kinda, always ) you would have it change some variables.

So to find the button's procedure, you need to find a variable or something tied to it.

Once you've found that, just simply find out what writes to said variable.

From the code that writes to the variable scroll the assembly listing up until you either see "int 3" or "push ebp; mov ebp, esp", that signals your button procedure start. if you want to find out who called the procedure, scroll down until you see a "ret" instruction. right lick on the ret instruction, break and trace, 3 instructions is enough.

Just know that you don't necessarily want to specify that the game you're hacking is online, because, talking about online cheating is against the forum's rules.

PS: The above works for offline games too :)
_________________
... Fresco
Back to top
View user's profile Send private message
marko001
How do I cheat?
Reputation: 0

Joined: 24 Jan 2013
Posts: 4
PostPosted: Wed Apr 29, 2015 7:37 am    Post subject: Reply with quote
Hi Fresco ,
I tried what you told me but found it really hard to understand.
So I decided to create a simple program that just "do it" so I can exercise with it.

Here is the code (AutoIt):

Code:

#include <GUIConstantsEx.au3>
#include <WindowsConstants.au3>
#Region ### START Koda GUI section ###
$hGUI = GUICreate("Button Test", 259, 75, 192, 124)
$pulsante1 = GUICtrlCreateButton("Add 1", 8, 8, 75, 25, $WS_GROUP)
$pulsante2 = GUICtrlCreateButton("Subtract 1", 88, 8, 83, 25, $WS_GROUP)
$testo = GUICtrlCreateLabel("BEGIN", 8, 40, 243, 25, $WS_GROUP)
$hQuit = GUICtrlCreateButton("Quit", 176, 8, 75, 25, $WS_GROUP)
GUISetState(@SW_SHOW)
#EndRegion ### END Koda GUI section ###
$startvalue = 1000
GUICtrlSetData($testo,$startvalue)
While 1
   Switch GUIGetMsg()
      Case $pulsante1
         _cambiatesto(1)
      Case $pulsante2
         _cambiatesto(2)
      Case $hQuit
         Exit
      Case $GUI_EVENT_CLOSE
         Exit
   EndSwitch
WEnd

Func _cambiatesto($pulsante)
   If $pulsante = 1 Then $startvalue +=1
   If $pulsante = 2 Then $startvalue -=1
   GUICtrlSetData($testo, $startvalue)
EndFunc   ;==>_cambiatesto


If you run it you will understand.

What I would like to do is change the value without writing the value itself into memory but injecting in memory the button press. In this way I can "simulate" the button press and obtain same result.

Thanks a lot, hope you can help me to sort it out.

marco
Back to top
View user's profile Send private message
Fresco
Grandmaster Cheater
Reputation: 4

Joined: 07 Nov 2010
Posts: 600
PostPosted: Wed Apr 29, 2015 12:38 pm    Post subject: Reply with quote
No need to run it, I can see from a distance what it's trying to do.

Yes, that's exactly what I've said.
You must search with Cheat Engine the variable $startvalue
Once you've found the variable ( i.e. the address ), find out what writes to this address. This will show you the code that writes to $startvalue which is $startvalue +=1 and $startvalue -=1 from there scroll down until ret, then break-trace 3 instructions. This will bring you to: _cambiatesto(1) or _cambiatesto(2)

Pushing the button means either calling _cambiatesto(1) or _cambiatesto(2)

In pseudo-assembly would be something like:

Code:

///other stuff
lea ebx,[$startvalue] // ebx = address of $startvalue

infloop: //while 1

call GUIGetMsg
//return value is usually in eax

cmp eax,$pulsante1
jne case2
push 1
call _cambiatesto

case2:
cmp eax,$pulsante2
jne case3:
push 2
call _cambiatesto

case3:
cmp eax,$hQuit
jne case4
ret

case4:
cmp eax,$GUI_EVENT_CLOSE
jne infloop
ret

_cambiatesto:
push ebp
mov ebp,esp
cmp [ebp-4], 1 //ebp-4 is the argument passed to the function ( i.e. 1 or 2 )
jne button2
inc [ebx]
jmp lastfxstep
button2:
dec [ebx]
lastfxstep:
push [ebx]
push $testo
call GUICtrlSetData
ret

$startvalue:
dd #1000

$GUI_EVENT_CLOSE:
dd //some value that represent event close
//same for all the buttons etc...



remember the above is not fully working assembly code, it's just a sketch for you to understand how it works, in particular the stack is not managed well and eax is not saved and restored after calling a function in the "while 1"

so: the code that writes to the address $startvalue is:
inc [ebx]
dec [ebx]

these 2 instructions are inside the procedure that gets executed when the button is pressed.

from one of the 2 scroll down until you find a ret.
break-trace from ret 3 instruction, and the disassembler will bring you to the instruction after call _cambiatesto

_cambiatesto gets executed whenever a button is pressed, so calling it form whatever part of the program would be just as if you pressed the button with your mouse cursor.
_________________
... Fresco
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites