|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
etioplmld Advanced Cheater Reputation: 0
Joined: 09 Feb 2021 Posts: 72
|
Posted: Mon Sep 05, 2022 9:14 pm Post subject: lengh 128 string can use in Compare in share code? |
|
|
Got a result with address analysis,a string lengh 128 is c# function access address variable name,how use it to Compare
to deal with share code?
Description: |
|
Filesize: |
117.77 KB |
Viewed: |
1422 Time(s) |
|
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 138
Joined: 06 Jul 2014 Posts: 4275
|
Posted: Mon Sep 05, 2022 10:11 pm Post subject: |
|
|
Invoke a strncmp routine or make your own. Be weary of small string optimizations.
Example in step 9 of the CE tutorial:
Code: | define(address,"Tutorial-x86_64.exe"+2F25D)
define(bytes,F3 0F 11 43 08)
[ENABLE]
assert(address,bytes)
alloc(newmem,$1000,"Tutorial-x86_64.exe"+2F25D)
label(return)
{$c}
#include <string.h>
struct Player {
void *vtable;
float health;
char unknown1[8];
int team;
unsigned char name_length;
char name[12]; // unknown max length...
};
int is_good_player(const struct Player *addr) {
const char *name = addr->name;
const size_t sz = addr->name_length;
return strncmp(name, "Dave", sz) == 0 || strncmp(name, "Eric", sz) == 0;
}
{$asm}
newmem:
{$ccode addr=rbx newval=xmm0.0F}
struct Player *p = (struct Player *)addr;
if (is_good_player(p))
newval = p->health;
{$asm}
movss [rbx+08],xmm0
jmp return
address:
jmp newmem
return:
[DISABLE]
address:
db bytes
// movss [rbx+08],xmm0
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: Tutorial-x86_64.exe+2F25D
Tutorial-x86_64.exe+2F233: E9 97 00 00 00 - jmp Tutorial-x86_64.exe+2F2CF
Tutorial-x86_64.exe+2F238: F3 0F 2A C6 - cvtsi2ss xmm0,esi
Tutorial-x86_64.exe+2F23C: F3 0F 10 4B 08 - movss xmm1,[rbx+08]
Tutorial-x86_64.exe+2F241: F3 0F 5C C8 - subss xmm1,xmm0
Tutorial-x86_64.exe+2F245: 0F 2F 0D 8C 87 20 00 - comiss xmm1,[Tutorial-x86_64.exe+2379D8]
Tutorial-x86_64.exe+2F24C: 7A 0C - jp Tutorial-x86_64.exe+2F25A
Tutorial-x86_64.exe+2F24E: 73 0A - jae Tutorial-x86_64.exe+2F25A
Tutorial-x86_64.exe+2F250: F3 0F 10 05 80 87 20 00 - movss xmm0,[Tutorial-x86_64.exe+2379D8]
Tutorial-x86_64.exe+2F258: EB 03 - jmp Tutorial-x86_64.exe+2F25D
Tutorial-x86_64.exe+2F25A: 0F 28 C1 - movaps xmm0,xmm1
// ---------- INJECTING HERE ----------
Tutorial-x86_64.exe+2F25D: F3 0F 11 43 08 - movss [rbx+08],xmm0
// ---------- DONE INJECTING ----------
Tutorial-x86_64.exe+2F262: 0F 2F 05 6F 87 20 00 - comiss xmm0,[Tutorial-x86_64.exe+2379D8]
Tutorial-x86_64.exe+2F269: 7A 14 - jp Tutorial-x86_64.exe+2F27F
Tutorial-x86_64.exe+2F26B: 75 12 - jne Tutorial-x86_64.exe+2F27F
Tutorial-x86_64.exe+2F26D: 48 8B 4B 60 - mov rcx,[rbx+60]
Tutorial-x86_64.exe+2F271: 48 8B 15 C0 B9 18 00 - mov rdx,[Tutorial-x86_64.exe+1BAC38]
Tutorial-x86_64.exe+2F278: E8 E3 D7 07 00 - call Tutorial-x86_64.exe+ACA60
Tutorial-x86_64.exe+2F27D: EB 42 - jmp Tutorial-x86_64.exe+2F2C1
Tutorial-x86_64.exe+2F27F: F3 0F 10 4B 08 - movss xmm1,[rbx+08]
Tutorial-x86_64.exe+2F284: 48 8D 4D E0 - lea rcx,[rbp-20]
Tutorial-x86_64.exe+2F288: E8 63 BD 01 00 - call Tutorial-x86_64.exe+4AFF0
} | (I still don't fully understand {$c} / {$ccode}, there might be mistakes)
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
etioplmld Advanced Cheater Reputation: 0
Joined: 09 Feb 2021 Posts: 72
|
Posted: Thu Sep 08, 2022 12:51 am Post subject: |
|
|
The code seems to be tested, Replication cannot be activated,display a compilation error 。
Is it caused by ce settings?
Description: |
|
Filesize: |
120.4 KB |
Viewed: |
1249 Time(s) |
|
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 138
Joined: 06 Jul 2014 Posts: 4275
|
Posted: Thu Sep 08, 2022 10:39 am Post subject: |
|
|
I'm not sure. Copy / pasting it works fine for me.
Those symbols should be in ucrtbase.dll. Try going to the address "_strnicmp" in the disassembler. If that fails, see if ucrtbase.dll is even loaded in that process (Memory Viewer -> View -> Enumerate DLLs and symbols)
If it's not loaded, do you even have the dll on your system? Should be in system32
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
etioplmld Advanced Cheater Reputation: 0
Joined: 09 Feb 2021 Posts: 72
|
Posted: Thu Sep 08, 2022 8:43 pm Post subject: |
|
|
There is this dll in the system,but ce doesn't load it,Is it a mysterious bug?
00400000 - cheatengine-x86_64.exe
77360000 - ntdll.dll
77240000 - kernel32.dll
7FEFD1D0000 - KERNELBASE.dll
7FEFDAE0000 - oleaut32.dll
7FEFDF20000 - ole32.dll
7FEFF5A0000 - msvcrt.dll
7FEFE240000 - GDI32.dll
77140000 - USER32.dll
7FEFDA40000 - LPK.dll
7FEFF2F0000 - USP10.dll
7FEFF1C0000 - RPCRT4.dll
7FEFE2B0000 - advapi32.dll
7FEFDF00000 - sechost.dll
7FEFC250000 - version.dll
7FEFE390000 - shell32.dll
7FEFDA50000 - SHLWAPI.dll
7FEE2370000 - opengl32.dll
7FEE2340000 - GLU32.dll
7FEE2240000 - DDRAW.dll
7FEE2230000 - DCIMAN32.dll
7FEFF3C0000 - SETUPAPI.dll
7FEFD2B0000 - CFGMGR32.dll
7FEFD520000 - DEVOBJ.dll
7FEFC200000 - dwmapi.dll
7FEFBD00000 - comctl32.dll
7FEFF120000 - comdlg32.dll
7FEFD7F0000 - ws2_32.dll
7FEFDAD0000 - NSI.dll
7FED17D0000 - wsock32.dll
7FEFDE80000 - imagehlp.dll
7FEFBB20000 - uxtheme.dll
77530000 - psapi.dll
7FECC600000 - hhctrl.ocx
7FEFF640000 - imm32.dll
7FEFE130000 - MSCTF.dll
7FED3F90000 - lua53-64.dll
7FEFDC40000 - wininet.dll
7FEFD290000 - api-ms-win-downlevel-user32-l1-1-0.dll
7FEFD280000 - api-ms-win-downlevel-shlwapi-l1-1-0.dll
7FEFD1C0000 - api-ms-win-downlevel-version-l1-1-0.dll
7FEFD470000 - api-ms-win-downlevel-normaliz-l1-1-0.dll
77520000 - normaliz.DLL
7FEFD540000 - iertutil.dll
7FEFD2A0000 - api-ms-win-downlevel-advapi32-l1-1-0.dll
7FEFC1F0000 - api-ms-win-core-synch-l1-2-0.DLL
7FEFB150000 - msimg32.dll
7FEFD040000 - CRYPTBASE.dll
7FED3E50000 - tcc64-32.dll
7FED24F0000 - tcc64-64.dll
7FEFD9A0000 - CLBCatQ.DLL
7FEF9450000 - explorerframe.dll
7FEFB7B0000 - DUser.dll
7FEFB800000 - DUI70.dll
7FED3F80000 - shfolder.dll
7FEFD110000 - profapi.dll
7FEFBB80000 - propsys.dll
7FEFAF80000 - ntmarta.dll
7FEFDEA0000 - WLDAP32.dll
7FECB5F0000 - dbghelp.dll
00320000 - Xinput1_3.dll
7FEFD240000 - WINTRUST.dll
7FEFD2F0000 - CRYPT32.dll
7FEFD1B0000 - MSASN1.dll
7FED3E20000 - lfs.dll
7FECB4A0000 - sqlite3.dll
----------------------------------
100000000 - Tutorial-x86_64.exe
77360000 - ntdll.dll
77240000 - kernel32.dll
7FEFD1D0000 - KERNELBASE.dll
7FEFDAE0000 - oleaut32.dll
7FEFDF20000 - ole32.dll
7FEFF5A0000 - msvcrt.dll
7FEFE240000 - GDI32.dll
77140000 - USER32.dll
7FEFDA40000 - LPK.dll
7FEFF2F0000 - USP10.dll
7FEFF1C0000 - RPCRT4.dll
7FEFE2B0000 - advapi32.dll
7FEFDF00000 - sechost.dll
7FEFC250000 - version.dll
7FEFE390000 - shell32.dll
7FEFDA50000 - SHLWAPI.dll
7FEFBD00000 - comctl32.dll
7FEFBB20000 - uxtheme.dll
7FEFF640000 - IMM32.DLL
7FEFE130000 - MSCTF.dll
7FEFB150000 - msimg32.dll
7FEFD040000 - CRYPTBASE.dll
7FEFC200000 - dwmapi.dll
Description: |
|
Filesize: |
15.16 KB |
Viewed: |
1178 Time(s) |
|
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Fri Sep 09, 2022 3:30 am Post subject: |
|
|
you can always add the command
Code: |
loadlibrary(ucrtbase.dll)
|
to the autoassembler
including string.h requires all the other string functions to be present as well. But if you only want strncmp then you can just use the one provided by ntdll.dll
replace
Code: |
#include <string.h>
|
with
Code: |
typedef long size_t;
int strncmp(char *a, char *b, size_t size);
|
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
etioplmld Advanced Cheater Reputation: 0
Joined: 09 Feb 2021 Posts: 72
|
Posted: Fri Sep 09, 2022 10:24 am Post subject: |
|
|
Code for a pointer, got it from someone else,although it doesn't work, it doesn't give an error, maybe someone who familiar with c language can use it.
Code: |
alloc(gravity,8)
registersymbol(gravity)
{$c}
typedef long size_t;
int strncmp(char *a, char *b, size_t size);
struct Player {
char unknown1[0x10];
struct {
char unknown2[0x14];
char name[sizeof("DEFAULT_GRAVITY_MAXVEL")];
}* info;
};
int is_good_player(const struct Player* addr) {
const char* name = (void*) addr->info->name;
return strcmp(name,"DEFAULT_GRAVITY_MAXVEL") == 0;
}
{$asm}
newmem:
{$ccode addr=rsi gravity=gravity}
struct Player* p = (struct Player *)addr;
if (is_good_player(p)) *(void**)gravity = (void*) addr;
{$asm}
|
someone made a verified ringt {$c} register pointer code example :
Code: |
register a symbol
{$c}
extern int MesssgeBoxA(int,char*,char*,int); //for the author's hobby
extern void cheat7_store() //put a {$asm} symbol to {$c} {$ccode}
{$asm}
{$ccode refR15=r15 }
long long *adr1=cheat7_store
*adr1=refR15;
|
Code: |
call shlwapi.StrStrIA
|
is Call system functions,if game load this system dll,the call can be use in aascript.
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|