|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
Menoetius Cheater Reputation: 0
Joined: 01 Jul 2018 Posts: 29
|
Posted: Fri Jul 27, 2018 8:34 pm Post subject: CE Autoassembler: Printing values out |
|
|
Just want to know if there's any way either directly or with a workaround to print out values anywhere that CE reads.
>>print esp
cmp [esp+964],A7
je mycode
jmp code
Something akin to that. If anyone knows, thank you kindly for your info and help. _________________
Big Gun
#1
Shoot the Hell Outta You |
|
Back to top |
|
|
FreeER Grandmaster Cheater Supreme Reputation: 53
Joined: 09 Aug 2013 Posts: 1091
|
Posted: Fri Jul 27, 2018 8:37 pm Post subject: |
|
|
Code: | setBreakpoint(address, function()
print(ESP, readInteger(ESP+0x964))
debug_continueFromBreakpoint(co_run)
end) |
_________________
|
|
Back to top |
|
|
Menoetius Cheater Reputation: 0
Joined: 01 Jul 2018 Posts: 29
|
Posted: Sat Jul 28, 2018 1:29 am Post subject: |
|
|
I'm gonna assume that's lua so I'd shove it somewhere in the autoassembler like this
Code: |
aobscanmodule(INJECT,Risk of Rain.exe,89 94 81 C0 00 00 00) // should be unique
alloc(newmem,$1000)
alloc(cdMax,$4)
alloc(cdAut0,$4)
label(code)
label(return)
alloc(myCool,$500)
cdAut0:
db 00 00 02 6C
cdMax:
db FF FF FF FF
newmem:
{$lua}
setBreakpoint(INJECT)
print(ESP, readInteger(ESP+0x964))
debug_continueFromBreakpoint(co_run)
end)
{$lua}
cmp [ebp+8B8],cdAut0
je myCool
jmp code
myCool:
cmp [ebp+8C4],264
jne code
mov [edx],cdMax
jmp code
code:
mov [ecx+eax*4+000000C0],edx
jmp return
INJECT:
jmp newmem
nop
nop
return:
registersymbol(INJECT)
|
Dunno what I should do with function(), according to wiki.cheatengine. org/index.php?title=Lua:debug_setBreakpoint it can be a string or a function. I believe another lua function, but it appears I may be able to omit it. Thanks for letting me know lua CAN read directly from memory, didn't know if I had to do some conversions or global vars. Anyways I can't seem to get the above lua code functioning in asm, maybe I need to import something so it recognizes the AOB as an address?
Reason I'm requesting the print out mem that you kindly provided is because the program always crashes on cmp, and I'm unsure if I'm writing it wrong, or there's no esp+964 value to compare with.
Thanks for the assistance my man. If one could point out the mistake I'm making in the cmp that crashes the exe, that would also be greatly appreciated. c:
EDIT: I remedied the cmp by using ESP instead of EBP for the stack reference and holy cow it twerks.
EDIT2:Well now it's back to crashing lmao
EDIT3:I can get it to function with a xor edx,edx but I'm really interested on how to make it work when I manually put a value in there
Code: |
{ Game : Risk of Rain.exe
Version:
Date : 2018-07-28
Author : Mexon
This script does blah blah blah
}
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
aobscanmodule(INJECT,Risk of Rain.exe,89 94 81 C0 00 00 00) // should be unique
alloc(newmem,$1000)
alloc(cdMax,$4)
alloc(cdAut0,$4)
alloc(cdAut1,$4)
label(code)
label(return)
alloc(myCool,$500)
cdAut0:
db 00 00 02 6C
cdMax:
db FF FF FF FF
newmem:
cmp [ESP+97C],26C //ESP+97C ebp+8B8
je myCool
jmp code
myCool:
mov [edx],FFFFFFFF
jmp code
code:
mov [ecx+eax*4+000000C0],edx
jmp return
INJECT:
jmp newmem
nop
nop
return:
registersymbol(INJECT)
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
INJECT:
db 89 94 81 C0 00 00 00
unregistersymbol(INJECT)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "Risk of Rain.exe"+355AD
"Risk of Rain.exe"+3559A: CC - int 3
"Risk of Rain.exe"+3559B: CC - int 3
"Risk of Rain.exe"+3559C: CC - int 3
"Risk of Rain.exe"+3559D: CC - int 3
"Risk of Rain.exe"+3559E: CC - int 3
"Risk of Rain.exe"+3559F: CC - int 3
"Risk of Rain.exe"+355A0: 8B 44 24 04 - mov eax,[esp+04]
"Risk of Rain.exe"+355A4: 83 F8 0B - cmp eax,0B
"Risk of Rain.exe"+355A7: 77 0B - ja "Risk of Rain.exe"+355B4
"Risk of Rain.exe"+355A9: 8B 54 24 08 - mov edx,[esp+08]
// ---------- INJECTING HERE ----------
"Risk of Rain.exe"+355AD: 89 94 81 C0 00 00 00 - mov [ecx+eax*4+000000C0],edx
// ---------- DONE INJECTING ----------
"Risk of Rain.exe"+355B4: C2 08 00 - ret 0008
"Risk of Rain.exe"+355B7: CC - int 3
"Risk of Rain.exe"+355B8: CC - int 3
"Risk of Rain.exe"+355B9: CC - int 3
"Risk of Rain.exe"+355BA: CC - int 3
"Risk of Rain.exe"+355BB: CC - int 3
"Risk of Rain.exe"+355BC: CC - int 3
"Risk of Rain.exe"+355BD: CC - int 3
"Risk of Rain.exe"+355BE: CC - int 3
"Risk of Rain.exe"+355BF: CC - int 3
}
|
_________________
Big Gun
#1
Shoot the Hell Outta You |
|
Back to top |
|
|
FreeER Grandmaster Cheater Supreme Reputation: 53
Joined: 09 Aug 2013 Posts: 1091
|
Posted: Sat Jul 28, 2018 6:55 am Post subject: |
|
|
mov [edx],FFFFFFFF
You do realize that's how tell the computer to take the value in edx as an address, and set it to FFFFFFFF (aka -1). Right?
While what I assume is the original code is just moving edx into something else which does not imply that edx stores an address aka is a pointer
Did you perhaps mean to change edx rather than what it "points" to using
mov edx, -1 or mov edx, FFFFFFFF
as for the lua, "function() ... end" is how you can pass an anonymous/unnamed/closure/lambda function to another function. So you'd do nothing "with" it, you'd just paste it as is. However, the {$lua} blocks in AA scripts are really more meta-scripting, they don't run in place with the assembly code, they are run before any of the other AA code (so aobscans aren't done and labels are meaningless) and if it returns a string that string is used as AA code in place of the {$lua} block (eg. return ('nop\n'):rep(300) to put 300 nops in the code without typing them all lol).
While there's a template to call lua code from assembly and a lua extension that makes it a bit easier in this case there's really no need to do that if it's just for debugging, you can just run the code from the lua engine (ctrl+shift+alt+L from the main CE window, or just ctrl+L from the memory viewer, or it's tools menu) after getting the real address or using 'INJECT' (with the quotes) if you can enable the script without it immediately crashing to tell it to use the address associated with the symbol INJECT
edit: also, it should probably be debug_setBreakpoint not just setBreakpoint... my bad. _________________
|
|
Back to top |
|
|
Menoetius Cheater Reputation: 0
Joined: 01 Jul 2018 Posts: 29
|
Posted: Thu Aug 02, 2018 3:27 pm Post subject: |
|
|
Yeh I figured out the assembly part, really wasn't too important or complex. I've still been unable to discern how to print values out mid assembly. If anyone has any further suggestions I'd be quite grateful. _________________
Big Gun
#1
Shoot the Hell Outta You |
|
Back to top |
|
|
bonparadorn How do I cheat? Reputation: 0
Joined: 09 Apr 2012 Posts: 3
|
Posted: Mon Mar 21, 2022 5:11 am Post subject: |
|
|
Code: | setBreakpoint(INJECT) |
This command cannot compile? |
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4300
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|