 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Cake-san
Grandmaster Cheater
 Reputation: 8
Joined: 18 Dec 2014
Posts: 541
Location: Semenanjung
|
|
| Back to top |
|
 |
Zanzer
I post too much
![]() Reputation: 126
Joined: 09 Jun 2013
Posts: 3278
|
 Posted: Tue Oct 27, 2015 4:34 pm Post subject: |
 |
|
| Are you specifically using cheatengine-x86_64.exe? Try cheatengine-i386.exe instead.
|
|
| Back to top |
|
|
Cake-san
Grandmaster Cheater
Reputation: 8
Joined: 18 Dec 2014
Posts: 541
Location: Semenanjung
|
|
| Back to top |
|
|
Zanzer
I post too much
![]() Reputation: 126
Joined: 09 Jun 2013
Posts: 3278
|
| Posted: Tue Oct 27, 2015 5:24 pm Post subject: |
|
|
Did you close and reopen the game when you tried the other Cheat Engine?
The previous one's debugger was probably still attached and the AOB script already active? 
|
|
| Back to top |
|
|
Cake-san
Grandmaster Cheater
Reputation: 8
Joined: 18 Dec 2014
Posts: 541
Location: Semenanjung
|
| Posted: Tue Oct 27, 2015 5:39 pm Post subject: |
|
|
| Zanzer wrote: | Did you close and reopen the game when you tried the other Cheat Engine?
The previous one's debugger was probably still attached and the AOB script already active? |
yep,already done that,restarting the game and ce.Now I'm trying to make the debugger to work by using createprocess but it's taking too long for the process to start because I'm hooking it to game process,not the launcher. 
|
|
| Back to top |
|
|
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25788
Location: The netherlands
|
| Posted: Tue Oct 27, 2015 5:49 pm Post subject: |
|
|
you could use lua and a timer to update the address instead. (use readInteger instead of readPointer )
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Cake-san
Grandmaster Cheater
Reputation: 8
Joined: 18 Dec 2014
Posts: 541
Location: Semenanjung
|
|
| Back to top |
|
|
panraven
Grandmaster Cheater
![]() Reputation: 62
Joined: 01 Oct 2008
Posts: 958
|
| Posted: Tue Oct 27, 2015 11:01 pm Post subject: |
|
|
hi,
this is a custom symbol-to-address lookup function to specially handle chained-offset pointer (I called it combo pointer) that 64bit target may contained 32bit pointer in some offset.
The format is ":base|offset/offset:", the double quote and ':' is necessary.
The '/' is used instead of '|' if the following offset will read a 32bit pointer in 64bit target.
But the '/' must not be in the last offset of the expression, otherwise it just simply added to previously calculated address.
In this case add a | or / after last offset.(***)
In 32bit target, using | or / as offset separator is the same.
For the address in question, it may expressed as
| Code: |
":_base3|14/e8|b8|40|0:"
& (added to show how (***) work) the following should show
":_base3|14/e8:"-->7e9d0720+e8=7e9d0808
":_base3|14/e8|:"-->7e9d0858
":_base3|14|e8|:"-->fffffffe7e9d0858
|
Such expression form can be used in aa script or lua like other symbol.
But it cannot enter in PLAIN address in a memory record. But it can input as POINTER address with a slight modification, like
base: ":_base3|14/e8|b8|40:"
offset: 0
That is to move last offset from the expression into the 1st memory record offset field. But then the '/' still cannot be last offset, check (***).
A demo.ct is attached.
Unfortunately, the function is heavy, it may not be practical to register as symbol lookup callback function. Instead,may use parseComboPtr in a timer function as Dark Byte said.
I seldom use pointer thing, my concept may be totally wrong, or the function may be bugged.
bye~
| Code: | function parseComboPtr(s)
local function safeGetAddress(s)
if type(s)=='number' then return s end
if type(s)~='string' then return nil end
local hexform = tonumber(s,16)
if hexform ~= nil then return hexform end
local e = errorOnLookupFailure(false)
local addy = getAddress(s)
errorOnLookupFailure(e)
return addy>0 and addy or nil
end
local function sep(self,SEP)
SEP = type(SEP)=='string' and SEP or ','
local r,s,i,a,b = {},{},1,1,-1
a,b = self:find(SEP,i)
while a~=nil do
r[1+#r]= self:sub(i,a-1)
s[1+#s]= self:sub(a,b)
i = b + 1
a,b = self:find(SEP,i)
end
r[1+#r] = self:sub(i)
return r,s
end
-- if s:match('^:[^"]+:$') then s = s:sub(2,-2) else return nil end
if s:sub(1,1)==':' and s:sub(-1,-1)==':' and s:len()>2 then s = s:sub(2,-2) else return nil end
local bit64 = targetIs64Bit()
local parts,ptype = sep(s,"[|/]")
if #parts>0 and parts[1]:len()>0 then
local addy,offset = safeGetAddress(parts[1])
if addy~= nil then
if #parts<2 then return addy end
for i=2,#parts-1 do
offset = safeGetAddress(parts[i])
if offset~=nil then
if bit64 and ptype[i-1]=='|' then
addy = readQword(addy+offset)
else
addy = readInteger(addy+offset)
end
else
addy = nil
end
if addy==nil then break end
end
if addy ~= nil then
if parts[#parts]:len()==0 then return addy end --
offset = safeGetAddress(parts[#parts])
if offset~=nil then
return addy+offset
end
end
end
end
end
if ComboPtrID~=nil then unregisterSymbolLookupCallback(ComboPtrID) end
ComboPtrID=registerSymbolLookupCallback(parseComboPtr,slFailure)
|
| Description: |
|
Download |
| Filename: |
01_comboptrLookup.CT |
| Filesize: |
5.19 KB |
| Downloaded: |
772 Time(s) |
_________________
- Retarded.
Last edited by panraven on Wed Oct 28, 2015 12:08 am; edited 1 time in total |
|
| Back to top |
|
|
Cake-san
Grandmaster Cheater
Reputation: 8
Joined: 18 Dec 2014
Posts: 541
Location: Semenanjung
|
| Posted: Wed Oct 28, 2015 12:04 am Post subject: |
|
|
| panraven wrote: | hi,
this is a custom symbol-to-address lookup function to specially handle chained-offset pointer (I called it combo pointer) that 64bit target may contained 32bit pointer in some offset.
The format is ":base|offset/offset:", the double quote and ':' is necessary.
The '/' is used instead of '|' if the following offset will read a 32bit pointer in 64bit target. But the '/' must not be in the last offset of the expression, otherwise it just simply added to previously calculated address. (***)
In 32bit target, using | or / as offset separator is the same.
For the address in question, it may expressed as
":_base3|14/e8|b8|40|0:"
Such expression form can be used in aa script or lua like other symbol.
But it cannot enter in PLAIN address in a memory record. But it can input as POINTER address with a slight modification, like
base: ":_base3|14/e8|b8|40:"
offset: 0
That is to move last offset from the expression into the 1st memory record offset field. But then the '/' still cannot be last offset, check (***).
A demo.ct is attached.
Unfortunately, the function is heavy, it may not be practical.
I seldom use pointer thing, my concept may be totally wrong, or the function may be bugged.
bye~
| Code: | function parseComboPtr(s)
local function safeGetAddress(s)
if type(s)=='number' then return s end
if type(s)~='string' then return nil end
local hexform = tonumber(s,16)
if hexform ~= nil then return hexform end
local e = errorOnLookupFailure(false)
local addy = getAddress(s)
errorOnLookupFailure(e)
return addy>0 and addy or nil
end
local function sep(self,SEP)
SEP = type(SEP)=='string' and SEP or ','
local r,s,i,a,b = {},{},1,1,-1
a,b = self:find(SEP,i)
while a~=nil do
r[1+#r]= self:sub(i,a-1)
s[1+#s]= self:sub(a,b)
i = b + 1
a,b = self:find(SEP,i)
end
r[1+#r] = self:sub(i)
return r,s
end
-- if s:match('^:[^"]+:$') then s = s:sub(2,-2) else return nil end
if s:sub(1,1)==':' and s:sub(-1,-1)==':' and s:len()>2 then s = s:sub(2,-2) else return nil end
local bit64 = targetIs64Bit()
local parts,ptype = sep(s,"[|/]")
-- print(">>>",#parts)
if #parts>0 and parts[1]:len()>0 then
local addy,offset = safeGetAddress(parts[1])
if addy~= nil then
if #parts<2 then return addy end
for i=2,#parts-1 do
offset = safeGetAddress(parts[i])
if offset~=nil then
if bit64 and ptype[i-1]=='|' then
addy = readQword(addy+offset)
else
addy = readInteger(addy+offset)
end
else
addy = nil
end
-- print(i,hx(addy or -1),hx(offset or -1))
if addy==nil then break end
end
if addy ~= nil then
offset = safeGetAddress(parts[#parts])
-- print(">",hx(addy or -1),hx(offset or -1))
if offset~=nil then
return addy+offset
end
end
end
end
end
if ComboPtrID~=nil then unregisterSymbolLookupCallback(ComboPtrID) end
ComboPtrID=registerSymbolLookupCallback(parseComboPtr,slFailure)
|
|
The idea and the script is amazing.Although,the test is working fine,it's not working for teh game.Don't know why
But,thankyou very much for the script  ,it might be of use on others game.
P.S. the game name is Renowned Explorers.
_________________
... |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
,when using cheatengine-i386.exe,the aob that I had work on has malfunction,even the debugger doesn't work but I haven't check the pointer. p.s how I'm going to work on the pointer injection if the debugger doesn't work ? .Nevertheless,thankyou for your suggestion,will work on it (slowly).
,things that I should learn but don't have the guts to do it. 