Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Custom 'AOB Injection' Templates [ver. 1.3.6]
Goto page 1, 2, 3, 4, 5, 6, 7  Next
 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Extensions
View previous topic :: View next topic  
Author Message
mgr.inz.Player
I post too much
Reputation: 217

Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00

PostPosted: Sun Feb 28, 2016 11:56 am    Post subject: Custom 'AOB Injection' Templates [ver. 1.3.6] This post has 2 review(s) Reply with quote

Installing / requirements :
1.
version 1.3.6 - only CE6.5.1 and above are supported
version 1.3.4 - only CE6.5.1 and above are supported
version 1.3.3 - only CE6.5.1 and above are supported
version 1.2 - CE6.4 and above are supported


2. place it in CE autorun folder.

Usage:
1. open "auto assemble" window
2. in template submenu you will see additional entries
3. click one of them,
4. type the name (it check if it collides with existing names)


Example:
1. you have found two injection points, one for receiveDamageGeneric and one for receiveDamageFromGrenade
2. highlight first address, open "auto assemble" window, choose custom template (e.g. "Alternative AOB")
3. give it a name: Godmode
4. still with the same "auto assemble" window, highlight second address
5. choose again custom template (e.g. "Alternative AOB")
6. give it a name: noGrenadeDamage





You can add your own templates, just update lua file with another entry:

Code:
{
displayName="name for alternative AOB template", -- visible name
submenu="submenu caption",                       -- submenu caption
group=1,                                         -- group, helps arranging menu items
defaultSymbolName="cheatnamehere",               -- default symbol name
templateSections=
[==[
<<INFO>>
<<INFO_END>>

<<ENABLE>>
<<ENABLE_END>>

<<DISABLE>>
<<DISABLE_END>>
]==]
},



Keywords are:
%cheatName%, %authorName%, %processName% - self explainable
%originalCodeLines%, %nopLines%, %originalBytes% - self explainable
%_originalCodeLines%, %_nopLines% - with indent
%db90s% - it will be "db 90 90 90" when %nopLines% contains three "nop"

%CoriginalCodeLines% - commented out version of %originalCodeLines%

%moduleName% - self explainable, if selected instruction is not inside a module, it will be empty

%isModuleScan% - if aob scan is the aobscanmodule, it will contain "module" word, otherwise it will be empty

%searchPattern% - array of byte search pattern

%CmoduleName%, %moduleNameC% - same as %moduleName%, plus it has a comma at the beginning or at the end

%aobAdjust% - sometimes found searchPattern doesn't exactly point to address we need, this will contain adjustment, e.g. "-7" or "+C"

%additionalInfo% - "original code" as a comment (chosen opcode with surrounding lines)

%bracketsRegsOffset% - if the first line of original code (selected instruction) is e.g. "movsxd rax,dword ptr [rax+3C]", it will contain "dword ptr [rax+3C]", otherwise it is empty

%regsOffset% - if the first line is e.g. "movsxd rax,dword ptr [rax+3C]", it will contain "rax+3C", otherwise it is empty

%replacedInstructionsSize% - byte count of all original instructions that are overwritten., e.g. if there are three nops, it will be "8"

%replacedInstructionsSizeHex% - hexadecimal version of above

predprey suggested
"Mono Inject" template and keywords:

%monoAddress% - If mono data collector is active, it returns the methodname+offset. Else it is empty.

%injectAddress% - Hooking point.

keywords added in newer versions:
https://forum.cheatengine.org/viewtopic.php?p=5753247#5753247











With this template:
Code:
<<INFO>>
// Game   : %processName%
// Version:
// Date   :
// Author : %authorName%
<<INFO_END>>

<<ENABLE>>
aobscan%isModuleScan%(aob_%cheatName%,%moduleNameC%%searchPattern%)
registersymbol(aob_%cheatName%)
alloc(newmem_%cheatName%,1024%CmoduleName%)
label(return_%cheatName%)

newmem_%cheatName%:
%originalCodeLines%
  jmp return_%cheatName%

aob_%cheatName%%aobAdjust%:
  jmp newmem_%cheatName%
%nopLines%
return_%cheatName%:
<<ENABLE_END>>

<<DISABLE>>
aob_%cheatName%%aobAdjust%:
  db %originalBytes%

unregistersymbol(aob_%cheatName%)
dealloc(newmem_%cheatName%)
<<DISABLE_END>>




It will generate something like this:
Code:
// Game   : game.exe
// Version:
// Date   :
// Author : mgr.inz.Player
[ENABLE]
aobscanmodule(aob_itemQuantity,game.exe,48 63 40 3C 48 8D 04 03)
registersymbol(aob_itemQuantity)
alloc(newmem_itemQuantity,1024,game.exe)
label(return_itemQuantity)

newmem_itemQuantity:
  movsxd  rax,dword ptr [rax+3C]
  lea rax,[rbx+rax]
  jmp return_itemQuantity

aob_itemQuantity:
  jmp newmem_itemQuantity
  nop
  nop
  nop
return_itemQuantity:
[DISABLE]
aob_itemQuantity:
  db 48 63 40 3C 48 8D 04 03

unregistersymbol(aob_itemQuantity)
dealloc(newmem_itemQuantity)



customAOBInjectionTemplates.lua
 Description:
Version 1.3.6

Download
 Filename:  customAOBInjectionTemplates.lua
 Filesize:  21.54 KB
 Downloaded:  2090 Time(s)


customAOBInjectionTemplates.lua
 Description:
Version 1.3.4

Download
 Filename:  customAOBInjectionTemplates.lua
 Filesize:  17.54 KB
 Downloaded:  1346 Time(s)


customAOBInjectionTemplates.lua
 Description:
Version 1.3.3

Download
 Filename:  customAOBInjectionTemplates.lua
 Filesize:  15.63 KB
 Downloaded:  1275 Time(s)


customAOBInjectionTemplates.lua
 Description:
Version 1.3.2

Download
 Filename:  customAOBInjectionTemplates.lua
 Filesize:  15.29 KB
 Downloaded:  3217 Time(s)


customAOBInjectionTemplates.lua
 Description:
Version 1.2

Download
 Filename:  customAOBInjectionTemplates.lua
 Filesize:  13.17 KB
 Downloaded:  3422 Time(s)


_________________


Last edited by mgr.inz.Player on Sun Dec 01, 2019 2:40 pm; edited 27 times in total
Back to top
View user's profile Send private message MSN Messenger
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Sun Feb 28, 2016 4:27 pm    Post subject: Reply with quote

YES!!!!!!! This is amazing! This is going to save me soooo much time. Thank you!
Back to top
View user's profile Send private message
akumakuja28
Master Cheater
Reputation: 16

Joined: 28 Jun 2015
Posts: 432

PostPosted: Sun Feb 28, 2016 5:44 pm    Post subject: Reply with quote

No more Notepad replace all. I dont know how you come up with this stuff. This is really useful thanks mgr.
_________________
Back to top
View user's profile Send private message
danrevella
Master Cheater
Reputation: 2

Joined: 11 Jun 2008
Posts: 290

PostPosted: Mon Feb 29, 2016 5:07 am    Post subject: Reply with quote

An excellent works, as always!!!

An excellent idea to open this section: "lua extension"

The only problem is that my lua-autorun folder become so grow, and I'm worry for incompatibility from the various version.....
Back to top
View user's profile Send private message
mgr.inz.Player
I post too much
Reputation: 217

Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00

PostPosted: Mon Feb 29, 2016 6:32 am    Post subject: Reply with quote

"my lua-autorun folder become so grow"
Currently I have 14 lua extensions created by me. Some of them aren't ready for a release. All of them are in autorun folder. Don't have any problems.


"I'm worry for incompatibility from the various version"
Now authors can easily find their threads and update the scripts.


Also, I hope this time authors will get more feedback for extension they created.

Maybe someone finally will upload mp3 which doesn't work with my "playing MP3 files with CE [extended playSound function]"

_________________
Back to top
View user's profile Send private message MSN Messenger
mgr.inz.Player
I post too much
Reputation: 217

Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00

PostPosted: Tue Mar 01, 2016 6:12 am    Post subject: This post has 1 review(s) Reply with quote

Changes:

those are without indentation now:
%originalCodeLines%, %nopLines%

with indent:
%_originalCodeLines%, %_nopLines%


new keyword:
%db90s% - e.g. it will be db 90 90 90 when %nopLines% contains three "nop"

_________________
Back to top
View user's profile Send private message MSN Messenger
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Tue Mar 01, 2016 10:02 am    Post subject: Reply with quote

Yes! This is so great! Thank you, mgr.inz.Player!

I just tested this. It works great. I noticed that if no nop's are required, and %db90s% is used, then the script will contain an empty line, unlike the other methods. Is it possible to fix this?

Also, I think 'test' 'Test' and 'TEST' should be added to the 'bad name' list, as it could mess up some scripts.

Another +rep coming soon...

Big thanks!

EDIT:
In my script, I tried replacing the bad name for INJECT with test:

Code:
  ::setValidname::
  while cheatName=='test' or cheatName=='' do
    cheatName=inputQuery('Caution!', 'Ugly name. Change it.', cheatName) or ''
    cheatName=cheatName:gsub('%s','') -- remove spaces
  end
    while cheatName=='Test' or cheatName=='' do
    cheatName=inputQuery('Caution!', 'Ugly name. Change it.', cheatName) or ''
    cheatName=cheatName:gsub('%s','') -- remove spaces
  end
    while cheatName=='TEST' or cheatName=='' do
    cheatName=inputQuery('Caution!', 'Ugly name. Change it.', cheatName) or ''
    cheatName=cheatName:gsub('%s','') -- remove spaces
  end


No matter which version of test I try, the plugin works as it should for the first two attempts. On the third attempt, for some reason, the plugin allows the bad name to be processed. I don't know why. This is true, regardless of the order that I choose. I should note that these are consecutive, back-to-back attempts (i.e. tried one, received the error...tried another one in the same window, on the same attempt, received the error...tried a third time, in the same window, on the same attempt, and it went through).

Thanks, again!

EDIT2:
Regarding the last issue, simplifying the code as follows, fixes the problem:

Code:
  ::setValidname::
  while cheatName=='test' or cheatName=='Test' or cheatName=='TEST' or cheatName=='' do
    cheatName=inputQuery('Caution!', 'Ugly name. Change it.', cheatName) or ''
    cheatName=cheatName:gsub('%s','') -- remove spaces
  end


I should have tested more. (sorry)

Thanks!
Back to top
View user's profile Send private message
mgr.inz.Player
I post too much
Reputation: 217

Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00

PostPosted: Tue Mar 01, 2016 5:34 pm    Post subject: This post has 1 review(s) Reply with quote

I've taken your suggestions into account. Try the new version.
_________________
Back to top
View user's profile Send private message MSN Messenger
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Tue Mar 01, 2016 5:42 pm    Post subject: Reply with quote

So awesome! Thank you! Very Happy
Back to top
View user's profile Send private message
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Fri Mar 04, 2016 4:15 pm    Post subject: Reply with quote

I have another request. Very Happy

Now that I am writing more templates, I realize that we need more control. Would it be possible to have additional keywords:

Code:
%register%
%registeroffset%
%registeroffset+n%


With this, we can:

Code:
cmp [%cheatName%_address],esi       ////////// %register%

Code:
push eax
mov eax,[esi+30]       ////////// [%registeroffset%]
mov [x_c],eax
mov eax,[esi+34]       ////////// [%registeroffset+4%]
mov [y_c],eax
mov eax,[esi+38]       ////////// [%registeroffset+8%]
mov [z_c],eax
pop eax


I imagine it would work the same if the offset happened to be negative.

Is this possible?

Thanks!
Back to top
View user's profile Send private message
mgr.inz.Player
I post too much
Reputation: 217

Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00

PostPosted: Sat Mar 05, 2016 6:20 am    Post subject: This post has 1 review(s) Reply with quote

I think %regsOffset% would be enough.

e.g. %regsOffset% will be esi+30

then those
mov eax,[%regsOffset%]
...
mov eax,[%regsOffset%+4]

became those:
mov eax,[esi+30]
...
mov eax,[esi+30+4] // cheatengine will change it to esi+34

(updated)

_________________
Back to top
View user's profile Send private message MSN Messenger
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Sat Mar 05, 2016 12:45 pm    Post subject: Reply with quote

Yes! Of course...I wasn't thinking about that. This is so great! Thanks!

%regsOffset% still uses the brackets, so %regsOffset%+8 is written like this:

Code:
[esi+30]+8


Which works, but I wasn't aware that it would work like that. So...

Code:
mov [esi+30]+8,eax


Works. I guess I assumed that it would need to be:

Code:
mov [esi+30+8],eax


??

Also, I noticed a problem. If the AOB signature cannot be found, no script is generated. I think, it should behave as CE does, and still generate the script, that way we can manually fix it but still have a script to work off of.

This is the best plugin! More +reps forthcoming.
Back to top
View user's profile Send private message
mgr.inz.Player
I post too much
Reputation: 217

Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00

PostPosted: Sat Mar 05, 2016 2:07 pm    Post subject: Reply with quote

Sorry about that. I uploaded file from wrong folder.
Try it now.

_________________
Back to top
View user's profile Send private message MSN Messenger
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Sat Mar 05, 2016 2:43 pm    Post subject: Reply with quote

Great work! Thanks!

Regarding the failed AOB signature, I just commented out that part so that the script will still generate. Very Happy
Back to top
View user's profile Send private message
mgr.inz.Player
I post too much
Reputation: 217

Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00

PostPosted: Sun Mar 06, 2016 9:41 am    Post subject: Reply with quote

The next step will be adding my own signature (pattern) generator (of course based on built-in disassembler output).
_________________
Back to top
View user's profile Send private message MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Extensions All times are GMT - 6 Hours
Goto page 1, 2, 3, 4, 5, 6, 7  Next
Page 1 of 7

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites