FreeER
Grandmaster Cheater Supreme
Reputation: 53
Joined: 09 Aug 2013
Posts: 1091
|
 Posted: Wed Aug 16, 2017 6:45 am Post subject: |
|
|
if X is a registered symbol then you don't really need lua to do this
| Code: | registersymbol(X)
alloc(X,4)
addressToInjectCode:
cmp eax,[esi+2c]
je blah
mov [x],eax
|
will do the job, if the jump is taken then the mov never happens so eax is not written to X, if it's not taken then it does... If you want a boolean for whether it's been updated then you could either compare it to it's previous value in lua or simply allocate 8 bytes and use 4 for that boolean, eg. mov [x],eax and mov [x+4], 1 (indicates update) then in lua set the boolean to 0 whenever you're done with it.
now if you really want/need to run some lua code when the jump is not taken the only way I've seen is something like this example for step 2 of the tutorial:
| Code: | // http://forum.cheatengine.org/viewtopic.php?p=5726944#5726944 basic x64 call example
// http://forum.cheatengine.org/viewtopic.php?t=604761 faster call with CELUA_ExecuteFunctionByReference
{$lua}
-- lua function to run, could be in global table
function testMe(id)
print('testMe was called with id ' .. tostring(id) .. '!')
--[[
-- registers are not updated unfortunatetly, even with get/set context...
-- I suppose a breakpoint could be set on the return address and set them there,
-- a registered symbol would make it easy to find
debug_getContext() -- update registers for lua
print(('%x'):format(EBX+0x480))
print(EAX)
debug_setContext() -- update registers for asm
--]]
-- disable the mem rec, after a delay for the script to finish
-- or you'll probably crash when you return from the lua function
-- to the asm code that was deallocated.... lol
local t = createTimer()
t.Interval = 300 -- milliseconds 3/10 of a second
t.OnTimer = function(t)
local mr = getAddressList().getMemoryRecordByID(id)
if mr then mr.Active = false end
t.destroy()
end
end
{$asm}
loadlibrary(luaclient-i386.dll)
luacall(openLuaServer('CELUASERVER'))
CELUA_ServerName:
db 'CELUASERVER',0
globalalloc(luaFunctionCode, 200)
luaFunctionCode:
db 'testMe(parameter)',0 // parameter set by CELUA_ExecuteFunction
[ENABLE]
aobscan(step2HitMeCode, 89 83 ?? ?? ?? ?? 8d 55 ?? e8 ?2 62)
alloc(newmem, $1000) // globalalloc mem is not dealloced
label(return)
newmem:
mov [ebx+00000480], eax // set step 2 value
push eax // save eax
// push this scripts id (could be pointer to arguments in memory somewhere)
{$lua}
return memrec and ('push #' .. memrec.id) or ('push #224') -- pre CE6.7 doesn't have memrec
{$asm}
push luaFunctionCode // lua code to run
call CELUA_ExecuteFunction // run it, make sure it doesn't dealloc mem that's running lol
pop eax
jmp return
step2HitMeCode:
jmp newmem
nop
return:
registerSymbol(step2HitMeCode)
[DISABLE]
step2HitMeCode:
mov [ebx+00000480], eax
unregisterSymbol(step2HitMeCode)
dealloc(newmem) |
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
