Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


{$ccode} function call example

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Tutorials -> Auto Assembler tutorials
View previous topic :: View next topic  
Author Message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Thu Aug 26, 2021 1:47 pm    Post subject: {$ccode} function call example This post has 1 review(s) Reply with quote

In this example for the 64-bit tutorial of Cheat Engine 7.3 step 2, I'll show how to call the function MessageBoxA and react on it based on the result the user clicks

It also shows how to modify a single register, and how to access memory pointed at by a pointer

Code:

alloc(newmem,2048,"Tutorial-x86_64.exe"+2B42C)
label(returnhere)
label(originalcode)
label(exit)

newmem: //this is allocated memory, you have read,write,execute access
//place your code here

{$ccode step2form=rbx decreaseby=eax}
#define MB_YESNO 0x4
#define IDYES 6

if (MessageBoxA(0,"Change Health to 1000 ?","Cheat Engine C",MB_YESNO)==IDYES)
{
 int *health=(int*)(step2form+0x7f8);
 *health=1000; 
  //*health=*health * 3.14159265359f; //in case you wish to multiply by pi instead (which works as well)

 decreaseby=0; //don't decrease
}
//else leave everything unmodified
{$asm}


originalcode:
sub [rbx+000007F8],eax

exit:
jmp returnhere

"Tutorial-x86_64.exe"+2B42C:
jmp newmem
nop
returnhere:




Because the C compiler can figure out the parameters for the call for MessageBoxA you don't have to define it, but in cases where it's ambiguous you'll have to declare it.

example code you should then add at the top:
Code:

{$c}
extern int MessageBoxA(int, char *, char *, int);
{$asm}


Note that not ALL targets support calling MessageBoxA as it depends on if the target process can handle message loops at that point

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
ragnaroks
Newbie cheater
Reputation: 1

Joined: 30 Aug 2021
Posts: 13

PostPosted: Mon Aug 30, 2021 12:35 pm    Post subject: Reply with quote

sorry for disturb you,does it have some way to use "label(tag)" or "registersymbol(tag)" in $CCODE?

what i'm think:
Code:

alloc(newmem,128)
label(inject)
label(return)
label(default)
label(case1)
label(exit)

inject:
  jmp newmem
return:

newmem:
{$CCODE refEAX=EAX}
  (int *)gameLoaded=(int *)refEAX+0x04;
  if(*gameLoaded!=1){
    goto exit;
  }
  (int *)gunType=(int *)refEAX+0x20;
  if(*gunType==1 || *gunType==3 || *gunType==5){
    goto case1;
  }else{
    goto default;
  }
{$ASM}
case1:
  mov [ammo],(int)30
  mov [hp],(float)100
  mov [ap],(float)100
  jmp return
default:
  mov [ammo],(int)10
  mov [hp],(float)500
  mov [ap],(float)500
  jmp return
exit:
  mov [ammo],(int)0
  mov [hp],(float)0
  mov [ap],(float)0
  jmp return


i had tried this but game crash immediately:
Code:

alloc(newmem,128)
label(inject)
label(return)
label(default)
label(case1)
registersymbol(default)
registersymbol(case1)

inject:
  jmp newmem
return:

newmem:
{$CCODE refEAX=EAX refDefault=default refCase1=case1}
  (int *)gunType=(int *)refEAX+0x20;
  if(*gunType==1 || *gunType==3 || *gunType==5){
    goto refCase1;
  }else{
    goto refDefault;
  }
{$ASM}
case1:
  mov [ammo],(int)30
  mov [hp],(float)100
  mov [ap],(float)100
  jmp return
default:
  mov [ammo],(int)10
  mov [hp],(float)500
  mov [ap],(float)500
  jmp return
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Mon Aug 30, 2021 3:50 pm    Post subject: Reply with quote

ok, there was another issue with that where local symbols didn't get recognized properly, seems a lot got changed after implementing C compiling. (it's fixed on patreon already)

Anyhow, goto is not going to work, as it's in a completely different stackframe, so the jmp that goto would do would mess up the stack.

It's better to use labels inside the c blocks instead and do the editing there, or use a register as a jump destination based on the result

example (step 2 of the tutorial)
I place an infinite loop after the ccode block, but the rcx register gets the address after that infinite loop (originalcode)

Code:

alloc(newmem,2048,"Tutorial-x86_64.exe"+2B42C)
label(returnhere)
label(originalcode)
label(exit)

newmem: //this is allocated memory, you have read,write,execute access
//place your code here
push rcx //save rcx as it's going to be changed
{$ccode jmpaddress=rcx}
extern void originalcode();

jmpaddress=originalcode;
{$asm}
jmp rcx //jump to where rcx points

db eb fe //inf loop


originalcode:
pop rcx //restore rcx
sub [rbx+000007F8],eax

exit:
jmp returnhere

"Tutorial-x86_64.exe"+2B42C:
jmp newmem
nop
returnhere:

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
ragnaroks
Newbie cheater
Reputation: 1

Joined: 30 Aug 2021
Posts: 13

PostPosted: Mon Aug 30, 2021 8:24 pm    Post subject: Reply with quote

"extern void originalcode();" it's new syntax in $CCODE or both in $C?

thanks for your help,my test cheat logic was done,i learned so much.
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Tue Aug 31, 2021 12:18 am    Post subject: Reply with quote

can also be in {$c}

basically a {$ccode} section is a {$c} section but with a function prologue and epilog

once CE assembles the script all {$c} blocks get combined into one c-file internally and compiled like that, so {$ccode} blocks have access to what is in {$c} blocks above it. (order of the blocks matter)

in the example i posted the "extern void originalcode();" would be local to the function it's in , but if you'd put it in the {$c} blocks it'd be accessible to all the c-blocks under it.

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
MMM-304
Expert Cheater
Reputation: 0

Joined: 17 Aug 2020
Posts: 166
Location: Milkey Way

PostPosted: Tue Aug 31, 2021 12:48 am    Post subject: Reply with quote

Dark Byte wrote:
can also be in {$c}

wait so we can call asm functions in c? thats cool, also is this feature available for lua?
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Wed Sep 15, 2021 6:48 am    Post subject: Reply with quote

yes.

Also, here's another script example for flying around in kings bounty 2 (v1.3)

it makes use of the GetKeyState() function

I could likely clean it up by making a single isKeydown() function in {$c}

Code:

[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048,"KingsBounty2.exe"+1E4AAC4)
label(returnhere)
label(originalcode)
label(exit)

newmem: //this is allocated memory, you have read,write,execute access
//place your code here
{$c}
float lockedHeight=0;
int lockHeight=0;
{$asm}

{$ccode player=RAX}
#define VK_SHIFT 0x10
#define VK_UP 0x26

#define VK_NUMPAD0 0x60
#define VK_NUMPAD2 0x62
#define VK_NUMPAD4 0x64
#define VK_NUMPAD6 0x66
#define VK_NUMPAD8 0x68

#define VK_ADD 0x6B
#define VK_SUBTRACT 0x6D
#define VK_DECIMAL 0x6E


#define SPEED 40
#define FASTSPEED 150

int speed=SPEED;
if (GetKeyState(VK_SHIFT) & (1<<15))
{
  speed=FASTSPEED;
}

if (GetKeyState(VK_NUMPAD8) & (1<<15)) //up
{
  *(float *)(player+0x10)+=speed;
}

if (GetKeyState(VK_NUMPAD2) & (1<<15)) //down
{
  *(float *)(player+0x10)-=speed;
}

if (GetKeyState(VK_NUMPAD4) & (1<<15)) //left
{
  *(float *)(player+0x14)-=speed;
}

if (GetKeyState(VK_NUMPAD6) & (1<<15)) //right
{
  *(float *)(player+0x14)+=speed;
}

if (GetKeyState(VK_ADD) & (1<<15)) //numpad +
{
  if (lockHeight)
    lockedHeight+=speed;

  *(float *)(player+0x18)+=speed;
}

if (GetKeyState(VK_SUBTRACT) & (1<<15)) //numpad -
{
  if (lockHeight)
    lockedHeight-=speed;

  *(float *)(player+0x18)-=speed;
}

if (GetKeyState(VK_NUMPAD0) & (1<<15)) //0
{
  lockedHeight=*(float *)(player+0x18);
  lockHeight=1;
}

if (GetKeyState(VK_DECIMAL) & (1<<15)) //.
{
  lockHeight=0;
  lockedHeight=0;
}

if (lockHeight)
{
  *(float *)(player+0x18)=lockedHeight;
}


{$asm}


originalcode:
movups xmm0,[rax]
movups [r13+000000B0],xmm0

exit:
jmp returnhere

"KingsBounty2.exe"+1E4AAC4:
jmp newmem
nop 6
returnhere:



 
 
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"KingsBounty2.exe"+1E4AAC4:
movups xmm0,[rax]
movups [r13+000000B0],xmm0
//Alt: db 0F 10 00 41 0F 11 85 B0 00 00 00

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Tutorials -> Auto Assembler tutorials All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites