|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
doublechocotaco How do I cheat? Reputation: 0
Joined: 02 May 2017 Posts: 2
|
Posted: Tue May 02, 2017 10:06 am Post subject: Windows 10 x64 issue with calling Lua from ASM? |
|
|
I followed the template with AOB Injection as well as the Call CE Lua function
I actually got this to run and work properly on my Windows 7 x64 pc.
When I tried on Windows 10 x64 pc, it freezes/loops somewhere in the luaclient-x86_64.dll. I have to end task the game.
The box will tick active successfully, and i can view the disassembly in memory viewer with the injection.
I have tried to make sure that all registers and stuff get put back to where they are, but my call to lua call never actually completes based on the Break and trace stack.
This is on windows 10 home 64 bit.
version 1703
build 15063.138
Just curious if there are any known issues with Win10 and the call CELUA_ExecuteFunction feature.
Tried running as admin on both the game and cheat engine. Disabled windows defender.
Anything else I can try? Thanks
Code: | loadlibrary(luaclient-x86_64.dll)
luacall(openLuaServer('CELUASERVER'))
CELUA_ServerName:
db 'CELUASERVER',0
[ENABLE]
{$lua}
if syntaxcheck then return end
function logShieldChange(params)
local damageType = "SH";
local myShieldAddress = 0x8D0469D0
local shieldAfter = readFloat(params);
local shieldBefore = readFloat(params + 0x4);
local rbxAddress = readInteger(params + 0x20);
local shieldAddress = rbxAddress + 0x730;
if (shieldAfter > shieldBefore) then return end;
if (shieldAddress == myShieldAddress) then return end;
local shieldMax = readFloat(rbxAddress + 0x63C);
local shieldAfter = readFloat(params);
local shieldDiff = shieldAfter - shieldBefore;
print(string.format("%4s, %12s, %12.3f, %10X, %12.3f, %12.3f, %12.3f, %12.3f", damageType, os.time(), os.clock(), shieldAddress, shieldMax, shieldBefore, shieldAfter, shieldDiff));
end
{$asm}
aobscanmodule(shieldDamageLog,MassEffectAndromeda.exe,F3 0F 11 83 30 07 00 00) // should be unique
alloc(newmem,$1000,"MassEffectAndromeda.exe"+726D19)
alloc(shieldDamageScript,$1000)
alloc(shieldParams,$1000) // create some memory space for params to pass
label(code)
label(return)
shieldDamageScript:
db 'logShieldChange(parameter)',0
newmem:
push r8 // save off all registers that might be affected by our code
push r9
push r10
push r11
push rcx
push rdx
push rax
movss [shieldParams],xmm0 // shield value about to be assigned
mov [shieldParams+20],rbx // pointer to data structure
mov r8,[rbx+00000730] // copy before shield value to register
mov [shieldParams+4],r8 // copy shield value to our function parameter
movss [shieldParams+8],xmm6 // copy shield value to our function parameter
movss [rbx+00000730],xmm0 // call original code
mov rcx,shieldDamageScript //(The lua function will have access to the variable passed by name "parameter")
mov rdx,shieldParams
sub rsp,20
call CELUA_ExecuteFunction // or CELUA_ExecuteFunctionAsync if you don't need GUI access or want to handle it yourself
add rsp,20
pop rax // restore all values
pop rdx
pop rcx
pop r11
pop r10
pop r9
pop r8
code:
jmp return
shieldDamageLog:
jmp newmem
nop
nop
nop
return:
registersymbol(shieldDamageLog)
[DISABLE]
shieldDamageLog:
db F3 0F 11 83 30 07 00 00
unregistersymbol(shieldDamageLog)
dealloc(newmem)
dealloc(shieldDamageScript)
dealloc(shieldParams)
{
// ORIGINAL CODE - INJECTION POINT: "MassEffectAndromeda.exe"+726D19
"MassEffectAndromeda.exe"+726CF5: E8 16 CF FF FF - call MassEffectAndromeda.exe+723C10
"MassEffectAndromeda.exe"+726CFA: 0F 57 C9 - xorps xmm1,xmm1
"MassEffectAndromeda.exe"+726CFD: 0F 2F F1 - comiss xmm6,xmm1
"MassEffectAndromeda.exe"+726D00: 72 03 - jb MassEffectAndromeda.exe+726D05
"MassEffectAndromeda.exe"+726D02: 0F 28 CE - movaps xmm1,xmm6
"MassEffectAndromeda.exe"+726D05: F3 0F 10 83 3C 06 00 00 - movss xmm0,[rbx+0000063C]
"MassEffectAndromeda.exe"+726D0D: 0F 2F C1 - comiss xmm0,xmm1
"MassEffectAndromeda.exe"+726D10: 72 03 - jb MassEffectAndromeda.exe+726D15
"MassEffectAndromeda.exe"+726D12: 0F 28 C1 - movaps xmm0,xmm1
"MassEffectAndromeda.exe"+726D15: F3 0F 5C F7 - subss xmm6,xmm7
// ---------- INJECTING HERE ----------
"MassEffectAndromeda.exe"+726D19: F3 0F 11 83 30 07 00 00 - movss [rbx+00000730],xmm0
// ---------- DONE INJECTING ----------
"MassEffectAndromeda.exe"+726D21: 0F 54 35 E8 DD 91 02 - andps xmm6,[MassEffectAndromeda.exe+3044B10]
"MassEffectAndromeda.exe"+726D28: 0F 2F 35 71 95 91 02 - comiss xmm6,[MassEffectAndromeda.exe+30402A0]
"MassEffectAndromeda.exe"+726D2F: 72 42 - jb MassEffectAndromeda.exe+726D73
"MassEffectAndromeda.exe"+726D31: 48 8B 07 - mov rax,[rdi]
"MassEffectAndromeda.exe"+726D34: 48 8B CF - mov rcx,rdi
"MassEffectAndromeda.exe"+726D37: FF 50 38 - call qword ptr [rax+38]
"MassEffectAndromeda.exe"+726D3A: 48 8B 07 - mov rax,[rdi]
"MassEffectAndromeda.exe"+726D3D: 48 8B CF - mov rcx,rdi
"MassEffectAndromeda.exe"+726D40: 0F 28 F0 - movaps xmm6,xmm0
"MassEffectAndromeda.exe"+726D43: FF 50 30 - call qword ptr [rax+30]
}
|
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25296 Location: The netherlands
|
Posted: Tue May 02, 2017 10:24 am Post subject: |
|
|
could be a stack alignment issue
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
doublechocotaco How do I cheat? Reputation: 0
Joined: 02 May 2017 Posts: 2
|
Posted: Tue May 02, 2017 12:18 pm Post subject: |
|
|
Dark Byte wrote: | could be a stack alignment issue |
That worked! Thank you very much.
i changed the sub/add for rsp from 20 to 28 and everything seems to work as expected.
sub rsp,20
call CELUA_ExecuteFunction
add rsp,20
to
sub rsp,28
call CELUA_ExecuteFunction
add rsp,28
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|