Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


how to log values?

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Lua Scripting
View previous topic :: View next topic  
Author Message
Freiza
Grandmaster Cheater
Reputation: 22

Joined: 28 Jun 2010
Posts: 662

PostPosted: Tue Apr 03, 2012 12:20 am    Post subject: how to log values? Reply with quote

I want to print all the value of [ebx+08] and ebx to lua console and to a text file.

1015C194 - 89 53 08 - mov [ebx+08],edx



And how to implement writefile in AA?

SetFilePointer(datafile, 0, 0, FILE_END);
WriteFile(datafile,text, strlen(text), &dwBytesWritten, 0);

_________________
Back to top
View user's profile Send private message Send e-mail
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Tue Apr 03, 2012 5:08 am    Post subject: Reply with quote

You'll also need CreateFile and CloseHandle

anyhow, these api's use the stdcall calling convention, so you push the values in the reverse order (or you decrease esp and write the values into the stack in the correct order)

so:
Code:

push valuethatfile_endmeans
push 0
push 0
push datafilehandle
call SetFilePointer


and
Code:

push 0
push ebx  //ebx contains the address of the location you wish to store byteswritten
push ecx //ecx contains the number of bytes of the string
push eax //eax contains the address of the string
push datafilehandle
call WriteFile

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Freiza
Grandmaster Cheater
Reputation: 22

Joined: 28 Jun 2010
Posts: 662

PostPosted: Tue Apr 03, 2012 5:12 am    Post subject: Reply with quote

And what about this:

I want to print all the value of [ebx+08] and ebx to lua console and to a text file.

1015C194 - 89 53 08 - mov [ebx+08],edx

I want to implement this is lua. I mean this code is executed 100 times per second. I want to log all the value to file and to lua console using Lua scripting

_________________
Back to top
View user's profile Send private message Send e-mail
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Tue Apr 03, 2012 5:19 am    Post subject: Reply with quote

Just write the values using writefile (write ebx and the value of ebx+8 to memory and then call writebyte with a size of 8 on that block)

then when you feel like it you can use lua to open that file and read the contents and display it on the screen

Alternatively, check out this topic: http://forum.cheatengine.org/viewtopic.php?t=550108 and don't use writefile at all, and use readInteger instead of readString

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Freiza
Grandmaster Cheater
Reputation: 22

Joined: 28 Jun 2010
Posts: 662

PostPosted: Tue Apr 03, 2012 8:49 am    Post subject: Reply with quote

Code:

alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit)



label(bytewritten)  //  ------------------------------------------  (4)
label(texty)
label(filename)
globalalloc(filehandle,4)

filename:
db 'freiza.txt',0   //------------------------------------(2)
bytewritten:
dd 0
texty:
db 'cheat engine',13,10,0  // -------------------------------------   (1)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here

originalcode:
mov [ebx+0C],eax
//*********************createfile*************************************
pushad
pushfd

push 0
push 0x80
push 0x00000002
push 0
push 0x00000003
push 0x10000000
push filename
call CreateFile  //------------------------------  (5)
mov [filehandle],eax







//*******************writefile*********************************************

push 0
push dword ptr [bytewritten]  //    --------------------------( 4 )
push ecx // what should i write here?  --------------------------(3)
push [texty]
push [filehandle]
call WriteFile
popfd
popad


exit:
jmp returnhere

"Painkiller.exe"+44459:
jmp newmem
returnhere:



Please answer:
Numbers are marked in the code.
(1) I want a newline after it writes. Is it correct.
(2) "c:\freiza.txt" is correct or "c:\\freiza.txt"
(3) How do I use sizeof operator here?
(4) Should I use label(bytewritten) or globalalloc(bytewritten,100) ?
(5) Call CreateFile cannot be compiled?
(6) Is there any other mistakes?

_________________
Back to top
View user's profile Send private message Send e-mail
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Tue Apr 03, 2012 9:10 am    Post subject: Reply with quote

First: stop assuming you're going to write a textfile
Read the binary file back later on and ONLY THEN parse it as text

1: no, 0d,0a is a newline, but for a binary this is useless and will cause interpretation problems later on (alignment issues)

2: just one \

3: For text you first do a counting function first to count how many bytes there are in the array till you hit a 0 terminator. In your case for the header, it's 14 (0e)
In case of binary, just 4(address) or 8 (address+value)

4: neither, just alloc

5: use CreateFileA

6: as I mentioned, don't assume you're going to write clearly readable text. Just write data, interpretation can be done later on
You could of course make use of calls to "itoa", but that will complicate things a lot more

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Freiza
Grandmaster Cheater
Reputation: 22

Joined: 28 Jun 2010
Posts: 662

PostPosted: Tue Apr 03, 2012 10:13 am    Post subject: Reply with quote

Code:

[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit)

alloc(variable,4)
variable:
dd (int)-999


alloc(bytewritten,4)
label(filename)
globalalloc(filehandle,4)

filename:
db 'c:\freiza.txt',0
bytewritten:
dd 0


newmem: //this is allocated memory, you have read,write,execute access
//place your code here

originalcode:
//**************CreateFile*************************************
   pushad
   pushfd
   push 0
   push 0x80
   push 0x00000002
   push 0
   push 0x00000003
   push 0x10000000
   push [filename]
   call CreateFileA
   mov [filehandle],eax

   popfd
   popad
//***************End of CreateFile*******************************

     sub [ebx+00000464],eax   // original code
      mov [variable],eax     // storing eax in a variable


//*****************WriteFile*************************************
   pushad
   pushfd
   push 0
   push dword ptr [bytewritten]
   push 4
   push [variable]
   push [filehandle]
   call WriteFile
   popfd
   popad

//****************End Of WriteFile*********************************


exit:
jmp returnhere

"tutorial-i386.exe"+2276B:
jmp newmem
nop
returnhere:


 
 
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"tutorial-i386.exe"+2276B:
sub [ebx+00000464],eax
//Alt: db 29 83 64 04 00 00


Something is wrong program crashes?
please check yourself in tutorial-i386 yourself. Tutorial 1

Is this what you mean by binary File?

And Can we use C routines in AA?

_________________
Back to top
View user's profile Send private message Send e-mail
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Tue Apr 03, 2012 2:31 pm    Post subject: Reply with quote

Filename is the address of the string [filename] is the 4 byte value that the first 4 characters represent

With binary file i just mean a file that does not contain any readable text and only values stored binary instead of ascii

You can use c routines if the c library is loaded in memory(even ce's tutorial, written in pascal, has it loaded). itoa for example is just a simple function

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
atom0s
Moderator
Reputation: 198

Joined: 25 Jan 2006
Posts: 8516
Location: 127.0.0.1

PostPosted: Tue Apr 03, 2012 2:48 pm    Post subject: Reply with quote

Going off your original post, and using Lua instead of AA.

Using Minesweeper as an example, here is where flags are used:
Code:

winmine.exe+346A - 8B 44 24 04        - mov eax,[esp+04]
winmine.exe+346E - 01 05 94510001     - add [winmine.exe+5194],eax
winmine.exe+3474 - E8 88F3FFFF        - call winmine.exe+2801


So we would use the value of [winmine.exe+5194] and eax in this example to mimic what you want to do.

Code:

function debugger_onBreakpoint( )
    -- Print out our wanted data..
    local eaxVal = EAX;
    local ptrVal = readInteger( "winmine.exe+5194" ) or -1;

    print( string.format( "EAX Value: %d\r\nPTR Value: %d", eaxVal, ptrVal ) );

    return 1;
end

-- Attach the debugger and set our breakpoint..
debugProcess();
debug_setBreakpoint( "winmine.exe+346E", nil, nil );

_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
Freiza
Grandmaster Cheater
Reputation: 22

Joined: 28 Jun 2010
Posts: 662

PostPosted: Tue Apr 03, 2012 3:52 pm    Post subject: Reply with quote

@DB

1)
Quote:
With binary file i just mean a file that does not contain any readable text and only values stored binary instead of ascii


Every Windows api uses binary file. There is nothing like text mode in Win32 api.
So my code is by default in binary mode.

2)
Quote:
Filename is the address of the string [filename] is the 4 byte value that the first 4 characters represent


I donot understand why you wrote this?
I think "push [filename]" is correct.
@"is the 4 byte value that the first 4 characters represent"
But I think filename is 4 byte address to the first character. And it represents the entire string.

3)
Quote:
You can use c routines if the c library is loaded in memory(even ce's tutorial, written in pascal, has it loaded). itoa for example is just a simple function

How do I load it? (Sorry, But you know I am a noob)

4) Why my program is not working? Did you test that?

@Wiccaan
Thank you. But DB already told me that. I just want to learn api hook instead of custom debugger_onBreakpoint.

_________________
Back to top
View user's profile Send private message Send e-mail
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Tue Apr 03, 2012 3:59 pm    Post subject: This post has 1 review(s) Reply with quote

2 use filename instead of [filename] else createfile will try to access an address that does not exist
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Freiza
Grandmaster Cheater
Reputation: 22

Joined: 28 Jun 2010
Posts: 662

PostPosted: Tue Apr 03, 2012 4:27 pm    Post subject: Reply with quote

File is not being created when the code is executed ([filename]-> filename done)
and
When I tried to see what is happening behind the scene using break and trace the program crashed.

Please copy paste the code in CE and attach tutorial i386 and run yourself. It will give you a good idea why the code is not working.

_________________
Back to top
View user's profile Send private message Send e-mail
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Tue Apr 03, 2012 4:46 pm    Post subject: Reply with quote

You haven't allocated memory for filename.

What you're doing now is write the filename after "variable", which is only 4 bytes

bytewritten comes after variable, so the initialization of that will overwrite the first part of the string

allocate memory for filename first if you don't want this to happen, or place the definition of filename somewhere else (or make variable bigger)
I recommend instead of label do
Code:

alloc(filename,128)

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Freiza
Grandmaster Cheater
Reputation: 22

Joined: 28 Jun 2010
Posts: 662

PostPosted: Tue Apr 03, 2012 5:42 pm    Post subject: Reply with quote

File created but empty, Nothing is logged onto the file.

Code:

//**************CreateFile*************************************
   pushad
   pushfd
   push 0                      //htemplate null
   push 0x80                    // file_attribute-normal
   push 0x00000004         //  Open_always
   push 0                       // security null
   push 0x00000003        // 0x00000001 | 0x00000002 = 3 (shared mode read | write)
   push 0x10000000          { Public Const GENERIC_ALL As Int32 = &H10000000 (from msdn) and  #define GENERIC_ALL (0x10000000L) from other sources.}
   push filename
   call CreateFileA
   mov [filehandle],eax

   popfd
   popad
//***************End of CreateFile*******************************

     sub [ebx+00000464],eax   // original code
      mov [variable],eax     // storing eax in a variable


//*****************WriteFile*************************************
   pushad
   pushfd
   push 0                                     // bounded buffer, synchronization .. Not used.
   push dword ptr [bytewritten]     //useless for me. stores
   push 4                                   //size in bytes, 4 bytes here coz each address is 4 byte long
   push [variable]                        //LPCVoid buffer, I doubt here is the culprit.
   push [filehandle]
   call WriteFile


cmp eax,0
jnz here
mov dword ptr [test],333
here:

   push [filehandle]
   call CloseHandle
   popfd
   popad



writefile fails? I checked test is set to 333.


3)

Quote:
You can use c routines if the c library is loaded in memory(even ce's tutorial, written in pascal, has it loaded). itoa for example is just a simple function


How do I load it?

_________________
Back to top
View user's profile Send private message Send e-mail
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Tue Apr 03, 2012 5:49 pm    Post subject: Reply with quote

Code:

push dword ptr [bytewritten]

writefile needs the address of bytewritten, not the value
so:
Code:

push bytewritten


also
Code:

push [variable]

writefile needs the address of the variable, not the value
Code:

push variable



3: loadlibrary on msvcrt.dll , but itoa is also located in ntdll.dll

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Lua Scripting All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites