Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Weird lua behavior with autoassemble

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
teckex
How do I cheat?
Reputation: 0

Joined: 22 Aug 2022
Posts: 6

PostPosted: Mon May 22, 2023 8:50 am    Post subject: Weird lua behavior with autoassemble Reply with quote

CE Version: 7.5 (self compiled)
Used on a game with AC

Actual test script:
Code:
{$lua}
if syntaxcheck then return end

[ENABLE]
testAddress = AOBScanModuleUnique(module, "48 63 6A 6D 90")
allocMem  = allocateMemory(0x100)

registerSymbol("reloc", testAddress)
registerSymbol("newmem", allocMem)

AAScript = [[
  label(return)
  newmem:
    add rcx,90
    add rcx,90

  reloc:
    jmp newmem
  return:
]]

fullAccess(allocMem,0x100)
autoAssemble(AAScript)

[DISABLE]
writeBytes(testAddress, "48 63 6A 6D 90")
unregisterSymbol("reloc")
unregisterSymbol("newmem")
deAlloc(allocMem, 0x100)


The script just doesnt write anything inside allocated memory, also doesnt show any error. Page proctection is x+r, although memory can be manually changed by (currently) using CEs dbk.
Funny part, what works is calling autoAssembler() in a separate file just like this:

Code:
{$lua}
if syntaxcheck then return end

[ENABLE]
scr = [[
    newmem:
    add rcx,90
    add rcx,90
]]

autoAssemble(scr)

[DISABLE]


Another thing to take into account is that deAlloc() doesnt work either, Ive tried many things but no result.


I have no clue whats happening, maybe someone can give me a hint on what to do or what to test. Thank you in advance.

More info: after attaching CE I load 2 scripts. One is a loop to re-register the symbol list because CE cannot get the image base address (or any modules at all) and the second one makes sure page protection is ignored (code by DarkByte):

Code:
{$lua}
if syntaxcheck then return end

[ENABLE]

dbk_initialize()
dbk_useKernelmodeOpenProcess()
dbk_useKernelmodeProcessMemoryAccess()

if getOpenedProcessID() then openProcess(getOpenedProcessID()) end

dbk_writesIgnoreWriteProtection(true)

[DISABLE]


Edit: code injection, AOB injection, etc have the same problem using LUA and normal AA script.
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Mon May 22, 2023 11:40 am    Post subject: Reply with quote

In `AOBScanModuleUnique`, I assume the argument `module` is defined elsewhere

You aren't doing any error handling, so it's hard for anyone else to say what's going wrong.
Maybe AOBScanModuleUnique is returning nil.
Maybe allocateMemory is failing.
Maybe some symbols are already registered and something weird is happening with that.
Maybe fullAccess isn't working.
Maybe autoAssemble is failing (e.g. newmem is more than 2 GiB away from the injection point).
Start with autoAssemble first. `assert(autoAssemble(...))` will work

Why not just use the AOB injection template? In that template, the third parameter to alloc is there for a reason. There's nothing important you're doing in Lua anyway.

I can confirm deAlloc doesn't seem to work.

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
teckex
How do I cheat?
Reputation: 0

Joined: 22 Aug 2022
Posts: 6

PostPosted: Tue May 23, 2023 10:22 am    Post subject: Reply with quote

ParkourPenguin wrote:
In `AOBScanModuleUnique`, I assume the argument `module` is defined elsewhere

You aren't doing any error handling, so it's hard for anyone else to say what's going wrong.
Maybe AOBScanModuleUnique is returning nil.
Maybe allocateMemory is failing.
Maybe some symbols are already registered and something weird is happening with that.
Maybe fullAccess isn't working.
Maybe autoAssemble is failing (e.g. newmem is more than 2 GiB away from the injection point).
Start with autoAssemble first. `assert(autoAssemble(...))` will work

Why not just use the AOB injection template? In that template, the third parameter to alloc is there for a reason. There's nothing important you're doing in Lua anyway.

I can confirm deAlloc doesn't seem to work.


You are right, I should have checked if the AOB and AA functions were working properly, and you were absolutely correct about autoAssembler failing, main reason was that I didn't allocate memory close to the injection point as you said.

However, I'm still encountering the same error, which is why I attempted to do it in LUA. I tried using the AOB injection template, but it fails with 'some instructions could not be injected,' specifically the part where I write to the allocated memory.

Test script:
Code:

aobscanmodule(INJECT,game.exe,79 58 8E FD 5C)
alloc(newmem,$1000,INJECT)

label(code)
label(return)
newmem:
  add rax, 00  <--- THIS fails
code:
INJECT:
  jmp newmem
return:

registersymbol(INJECT)
registersymbol(newmem)
[DISABLE]

INJECT:
  db 79 58 8E FD 5C

unregistersymbol(INJECT)
unregistersymbol(newmem)
dealloc(newmem)


The interesting thing is that writing in a separate file still works:
Code:

[ENABLE]
newmem:
  add rax, 00
[DISABLE]


All the other things you mentioned were fine. I'm also having some issues with the 'baseAddress' parameter of allocateMemory(). It doesn't seem to take it into account properly.

For example:
allocateMemory(0x100, "game.exe") returns a value that is way off.

I then tried with a random injection point using getAddress("game.exe+30"), but when I use it in allocateMemory(0x100, injectionPoint), it returns nil.

Thank you for your help, though. I'm still trying to figure this out.

Edit: I'm not sure why, but the global variable 'process' is nil, and enumodules() returns an empty table, which is obvious since 'process' is nil. However, when I go to View -> Enumerate DLLs and symbols, everything is shown correctly.
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Tue May 23, 2023 11:17 am    Post subject: Reply with quote

"Not all instructions could be injected" is a generic error that basically says something went wrong.
If you comment out the instruction `add rax, 00`, does it work? If not, that's probably not the problem.

I haven't experimented with dbk at all so this is just a guess, but have you tried `dbk_useKernelmodeQueryMemoryRegions()` along with the rest of the dbk stuff?

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
teckex
How do I cheat?
Reputation: 0

Joined: 22 Aug 2022
Posts: 6

PostPosted: Tue May 23, 2023 1:37 pm    Post subject: Reply with quote

ParkourPenguin wrote:
"Not all instructions could be injected" is a generic error that basically says something went wrong.
If you comment out the instruction `add rax, 00`, does it work? If not, that's probably not the problem.


Yes it does work when erasing that line, it fails otherwise doesnt matter what I write.

ParkourPenguin wrote:
I haven't experimented with dbk at all so this is just a guess, but have you tried `dbk_useKernelmodeQueryMemoryRegions()` along with the rest of the dbk stuff?


Hmm, I thought dbk query was set by default. Let me try, I'll edit this after I try.

Edit: didn't solve the issue
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites