 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
mgr.inz.Player
I post too much
 Reputation: 221
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
 Posted: Sun Feb 28, 2016 11:56 am Post subject: Custom 'AOB Injection' Templates [ver. 1.3.6] |
  |
|
Installing / requirements :
1.
version 1.3.6 - only CE6.5.1 and above are supported
version 1.3.4 - only CE6.5.1 and above are supported
version 1.3.3 - only CE6.5.1 and above are supported
version 1.2 - CE6.4 and above are supported
2. place it in CE autorun folder.
Usage:
1. open "auto assemble" window
2. in template submenu you will see additional entries
3. click one of them,
4. type the name (it check if it collides with existing names)
Example:
1. you have found two injection points, one for receiveDamageGeneric and one for receiveDamageFromGrenade
2. highlight first address, open "auto assemble" window, choose custom template (e.g. "Alternative AOB")
3. give it a name: Godmode
4. still with the same "auto assemble" window, highlight second address
5. choose again custom template (e.g. "Alternative AOB")
6. give it a name: noGrenadeDamage
You can add your own templates, just update lua file with another entry:
| Code: | {
displayName="name for alternative AOB template", -- visible name
submenu="submenu caption", -- submenu caption
group=1, -- group, helps arranging menu items
defaultSymbolName="cheatnamehere", -- default symbol name
templateSections=
[==[
<<INFO>>
<<INFO_END>>
<<ENABLE>>
<<ENABLE_END>>
<<DISABLE>>
<<DISABLE_END>>
]==]
},
|
Keywords are:
%cheatName%, %authorName%, %processName% - self explainable
%originalCodeLines%, %nopLines%, %originalBytes% - self explainable
%_originalCodeLines%, %_nopLines% - with indent
%db90s% - it will be "db 90 90 90" when %nopLines% contains three "nop"
%CoriginalCodeLines% - commented out version of %originalCodeLines%
%moduleName% - self explainable, if selected instruction is not inside a module, it will be empty
%isModuleScan% - if aob scan is the aobscanmodule, it will contain "module" word, otherwise it will be empty
%searchPattern% - array of byte search pattern
%CmoduleName%, %moduleNameC% - same as %moduleName%, plus it has a comma at the beginning or at the end
%aobAdjust% - sometimes found searchPattern doesn't exactly point to address we need, this will contain adjustment, e.g. "-7" or "+C"
%additionalInfo% - "original code" as a comment (chosen opcode with surrounding lines)
%bracketsRegsOffset% - if the first line of original code (selected instruction) is e.g. "movsxd rax,dword ptr [rax+3C]", it will contain "dword ptr [rax+3C]", otherwise it is empty
%regsOffset% - if the first line is e.g. "movsxd rax,dword ptr [rax+3C]", it will contain "rax+3C", otherwise it is empty
%replacedInstructionsSize% - byte count of all original instructions that are overwritten., e.g. if there are three nops, it will be "8"
%replacedInstructionsSizeHex% - hexadecimal version of above
predprey suggested
"Mono Inject" template and keywords:
%monoAddress% - If mono data collector is active, it returns the methodname+offset. Else it is empty.
%injectAddress% - Hooking point.
keywords added in newer versions:
https://forum.cheatengine.org/viewtopic.php?p=5753247#5753247
With this template:
| Code: | <<INFO>>
// Game : %processName%
// Version:
// Date :
// Author : %authorName%
<<INFO_END>>
<<ENABLE>>
aobscan%isModuleScan%(aob_%cheatName%,%moduleNameC%%searchPattern%)
registersymbol(aob_%cheatName%)
alloc(newmem_%cheatName%,1024%CmoduleName%)
label(return_%cheatName%)
newmem_%cheatName%:
%originalCodeLines%
jmp return_%cheatName%
aob_%cheatName%%aobAdjust%:
jmp newmem_%cheatName%
%nopLines%
return_%cheatName%:
<<ENABLE_END>>
<<DISABLE>>
aob_%cheatName%%aobAdjust%:
db %originalBytes%
unregistersymbol(aob_%cheatName%)
dealloc(newmem_%cheatName%)
<<DISABLE_END>> |
It will generate something like this:
| Code: | // Game : game.exe
// Version:
// Date :
// Author : mgr.inz.Player
[ENABLE]
aobscanmodule(aob_itemQuantity,game.exe,48 63 40 3C 48 8D 04 03)
registersymbol(aob_itemQuantity)
alloc(newmem_itemQuantity,1024,game.exe)
label(return_itemQuantity)
newmem_itemQuantity:
movsxd rax,dword ptr [rax+3C]
lea rax,[rbx+rax]
jmp return_itemQuantity
aob_itemQuantity:
jmp newmem_itemQuantity
nop
nop
nop
return_itemQuantity:
[DISABLE]
aob_itemQuantity:
db 48 63 40 3C 48 8D 04 03
unregistersymbol(aob_itemQuantity)
dealloc(newmem_itemQuantity) |
_________________
Last edited by mgr.inz.Player on Sun Dec 01, 2019 2:40 pm; edited 27 times in total |
|
| Back to top |
|
 |
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Sun Feb 28, 2016 4:27 pm Post subject: |
|
|
| YES!!!!!!! This is amazing! This is going to save me soooo much time. Thank you! |
|
| Back to top |
|
|
akumakuja28
Master Cheater
 Reputation: 16
Joined: 28 Jun 2015
Posts: 432
|
| Posted: Sun Feb 28, 2016 5:44 pm Post subject: |
|
|
No more Notepad replace all. I dont know how you come up with this stuff. This is really useful thanks mgr.
_________________
|
|
| Back to top |
|
|
danrevella
Master Cheater
 Reputation: 2
Joined: 11 Jun 2008
Posts: 291
|
| Posted: Mon Feb 29, 2016 5:07 am Post subject: |
|
|
An excellent works, as always!!!
An excellent idea to open this section: "lua extension"
The only problem is that my lua-autorun folder become so grow, and I'm worry for incompatibility from the various version..... |
|
| Back to top |
|
|
mgr.inz.Player
I post too much
Reputation: 221
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Mon Feb 29, 2016 6:32 am Post subject: |
|
|
"my lua-autorun folder become so grow"
Currently I have 14 lua extensions created by me. Some of them aren't ready for a release. All of them are in autorun folder. Don't have any problems.
"I'm worry for incompatibility from the various version"
Now authors can easily find their threads and update the scripts.
Also, I hope this time authors will get more feedback for extension they created.
Maybe someone finally will upload mp3 which doesn't work with my "playing MP3 files with CE [extended playSound function]"
_________________
|
|
| Back to top |
|
|
mgr.inz.Player
I post too much
Reputation: 221
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Tue Mar 01, 2016 6:12 am Post subject: |
|
|
Changes:
those are without indentation now:
%originalCodeLines%, %nopLines%
with indent:
%_originalCodeLines%, %_nopLines%
new keyword:
%db90s% - e.g. it will be db 90 90 90 when %nopLines% contains three "nop"
_________________
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Tue Mar 01, 2016 10:02 am Post subject: |
|
|
Yes! This is so great! Thank you, mgr.inz.Player!
I just tested this. It works great. I noticed that if no nop's are required, and %db90s% is used, then the script will contain an empty line, unlike the other methods. Is it possible to fix this?
Also, I think 'test' 'Test' and 'TEST' should be added to the 'bad name' list, as it could mess up some scripts.
Another +rep coming soon...
Big thanks!
EDIT:
In my script, I tried replacing the bad name for INJECT with test:
| Code: | ::setValidname::
while cheatName=='test' or cheatName=='' do
cheatName=inputQuery('Caution!', 'Ugly name. Change it.', cheatName) or ''
cheatName=cheatName:gsub('%s','') -- remove spaces
end
while cheatName=='Test' or cheatName=='' do
cheatName=inputQuery('Caution!', 'Ugly name. Change it.', cheatName) or ''
cheatName=cheatName:gsub('%s','') -- remove spaces
end
while cheatName=='TEST' or cheatName=='' do
cheatName=inputQuery('Caution!', 'Ugly name. Change it.', cheatName) or ''
cheatName=cheatName:gsub('%s','') -- remove spaces
end |
No matter which version of test I try, the plugin works as it should for the first two attempts. On the third attempt, for some reason, the plugin allows the bad name to be processed. I don't know why. This is true, regardless of the order that I choose. I should note that these are consecutive, back-to-back attempts (i.e. tried one, received the error...tried another one in the same window, on the same attempt, received the error...tried a third time, in the same window, on the same attempt, and it went through).
Thanks, again!
EDIT2:
Regarding the last issue, simplifying the code as follows, fixes the problem:
| Code: | ::setValidname::
while cheatName=='test' or cheatName=='Test' or cheatName=='TEST' or cheatName=='' do
cheatName=inputQuery('Caution!', 'Ugly name. Change it.', cheatName) or ''
cheatName=cheatName:gsub('%s','') -- remove spaces
end |
I should have tested more. (sorry)
Thanks! |
|
| Back to top |
|
|
mgr.inz.Player
I post too much
Reputation: 221
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Tue Mar 01, 2016 5:34 pm Post subject: |
|
|
I've taken your suggestions into account. Try the new version.
_________________
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Tue Mar 01, 2016 5:42 pm Post subject: |
|
|
So awesome! Thank you!  |
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Fri Mar 04, 2016 4:15 pm Post subject: |
|
|
I have another request.
Now that I am writing more templates, I realize that we need more control. Would it be possible to have additional keywords:
| Code: | %register%
%registeroffset%
%registeroffset+n%
|
With this, we can:
| Code: | | cmp [%cheatName%_address],esi ////////// %register% |
| Code: | push eax
mov eax,[esi+30] ////////// [%registeroffset%]
mov [x_c],eax
mov eax,[esi+34] ////////// [%registeroffset+4%]
mov [y_c],eax
mov eax,[esi+38] ////////// [%registeroffset+8%]
mov [z_c],eax
pop eax
|
I imagine it would work the same if the offset happened to be negative.
Is this possible?
Thanks! |
|
| Back to top |
|
|
mgr.inz.Player
I post too much
Reputation: 221
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Sat Mar 05, 2016 6:20 am Post subject: |
|
|
I think %regsOffset% would be enough.
e.g. %regsOffset% will be esi+30
then those
mov eax,[%regsOffset%]
...
mov eax,[%regsOffset%+4]
became those:
mov eax,[esi+30]
...
mov eax,[esi+30+4] // cheatengine will change it to esi+34
(updated)
_________________
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Sat Mar 05, 2016 12:45 pm Post subject: |
|
|
Yes! Of course...I wasn't thinking about that. This is so great! Thanks!
%regsOffset% still uses the brackets, so %regsOffset%+8 is written like this:
Which works, but I wasn't aware that it would work like that. So...
Works. I guess I assumed that it would need to be:
??
Also, I noticed a problem. If the AOB signature cannot be found, no script is generated. I think, it should behave as CE does, and still generate the script, that way we can manually fix it but still have a script to work off of.
This is the best plugin! More +reps forthcoming. |
|
| Back to top |
|
|
mgr.inz.Player
I post too much
Reputation: 221
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Sat Mar 05, 2016 2:07 pm Post subject: |
|
|
Sorry about that. I uploaded file from wrong folder.
Try it now.
_________________
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Sat Mar 05, 2016 2:43 pm Post subject: |
|
|
Great work! Thanks!
Regarding the failed AOB signature, I just commented out that part so that the script will still generate. |
|
| Back to top |
|
|
mgr.inz.Player
I post too much
Reputation: 221
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Sun Mar 06, 2016 9:41 am Post subject: |
|
|
The next step will be adding my own signature (pattern) generator (of course based on built-in disassembler output).
_________________
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
