|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
Lynxz Gaming Expert Cheater Reputation: 4
Joined: 01 Jul 2017 Posts: 208 Location: help
|
Posted: Thu Aug 17, 2017 3:34 am Post subject: How to change process caption using Lua Script? |
|
|
any idea? i want to add more option to my trainer XD |
|
Back to top |
|
|
FreeER Grandmaster Cheater Supreme Reputation: 53
Joined: 09 Aug 2013 Posts: 1091
|
Posted: Thu Aug 17, 2017 9:12 am Post subject: |
|
|
Use the lua autoassemble command to run something like this:
Code: | //x86 code
alloc(setWindowTextMem,1000)
[ENABLE]
label(set)
label(new)
label(old)
label(fail)
label(failMsg)
label(cleanup)
registerSymbol(set)
setWindowTextMem:
failMsg:
db 'No window found!',0
new:
db 'Hello Kitty',0
old:
db 'Cheat Engine Tutorial v3.4',0
set:
push old // lpWindowName
push 0 // lpClassName (NULL)
call USER32.FindWindowA
test eax,eax
je fail // if eax = 0 quit now
// otherwise we got a non-null HWND to the tutorial window
push new // lpString
push eax // hWnd
call USER32.SetWindowTextA
jmp cleanup
fail:
push 0 // uType MB_OK
push 0 // lpCaption (NULL, default to "Error")
push failMsg // lpText
push 0 // hWnd (NULL, no owner)
call USER32.MessageBoxA
cleanup:
// http://www.cheatengine.org/forum/viewtopic.php?p=5682784&sid=0820319213699ee4b25e403d6f7035a0
// cleanup and exit
pop eax // pop return address of this thread into eax
// push arguments (cdecl so reverse order)
push 8000 // MEM_RELEASE
push 0 // dwSize
push setWindowTextMem // lpAddress
// jmp instead of call so VirtualFree returns to kill this thread gracefully
push eax // push return address of this thread
jmp kernel32.VirtualFree // jmp to VirtualFree
createThread(set)
// lua (stdcall): executeCode(set)
[DISABLE]
unregisterSymbol(set) |
If you want to get really fancy with lua then you can use executeCode to call a function with a pointer to the params somewhere in memory and let it call SetWindowTextA eg. (tested in lua engine window)
Code: | local script = [[// again, x86 code
[ENABLE]
alloc(setWindowTextMem,1000)
registersymbol(setWindowTextMem)
label(fail)
setWindowTextMem:
mov ebx, [ebp+8] // pointer to args
push [ebx] // window name
push 0 // lpClassName
call FindWindowA
test eax,eax
je fail // both findwindow and setwindow ret 0 on fail
push [ebx+4] // new caption
push eax // hWnd
call SetWindowTextA
fail:
ret 4 // stdcall so func must pop arg
[DISABLE]
unregistersymbol(setWindowTextMem)
dealloc(setWindowTextMem)
]]
local success, di = autoAssemble(script)
print(('success: %s'):format(success))
if success then
-- assuming all these allocs work fine
local params = allocateMemory(8)
local name = 'Cheat Engine Tutorial v3.4'
local newname = 'Hello Kitty'
if false then name,newname = newname, name end -- testing
local asmname = allocateMemory(#name+1)
local asmnewname = allocateMemory(#newname+1)
writeString(asmname, name)
writeString(asmnewname, newname)
writeInteger(params, asmname)
writeInteger(params+4, asmnewname)
local res = executeCode('setWindowTextMem', params)
if res == 0 then print('Failed to find and change caption') end
autoAssemble(script,di)
deAlloc(asmname)
deAlloc(asmnewname)
deAlloc(params)
end
|
I believe a lua version of findWindow was added since I created that script (or I simply didn't know about it at the time, who knows) so it could be simplified a bit to take just the whnd and new caption and immediately calling setWindowTextA instead. There also seems to be a lua function for getWindowCaption which would prevent hardcoding the caption (or creating a way to call getWindowText yourself), edit: ah looks like both ...Caption and ...ClassName require the window handle which you don't have yet....
Of course if you're making a trainer in C++ or something then you should be able to call windows' api functions directly. |
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Thu Aug 17, 2017 4:44 pm Post subject: |
|
|
there may also be a wm_settext message you can use with sendmessage _________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
FreeER Grandmaster Cheater Supreme Reputation: 53
Joined: 09 Aug 2013 Posts: 1091
|
Posted: Thu Aug 17, 2017 6:04 pm Post subject: |
|
|
hm, DB could you explain why this isn't working on the tutorial, to my understanding it should (CE 6.7, Win 10 version 1703 build 15063.540 wouldn't really expect the OS to matter but. I'm not the expert lol)
Code: | -- https://msdn.microsoft.com/en-us/library/windows/desktop/ms632644(v=vs.85).aspx
local WM_SETTEXT = 0xC
local name = 'Cheat Engine Tutorial v3.4'
local hwnd = findWindow(nil,name)
assert(hwnd ~= 0, 'Failed to get window with caption ' .. name)
local newCaption = 'Hello Kitty'
local cstr = allocateMemory(#newCaption+1)
assert(cstr ~= nil,'failed to allocate mem for 0-terminated caption')
writeString(cstr, newCaption)
-- https://msdn.microsoft.com/en-us/library/ms912676.aspx
local res = sendMessage(hwnd,WM_SETTEXT, 0, cstr)
print('res: ' .. tostring(res))
deAlloc(cstr) -- I assume windows should copy the sring
local theNewCaption = getWindowCaption(hwnd)
print(('new caption is "%s"'):format(theNewCaption))
|
if it succeeds at all (which seems a bit random...) I get
new caption is ""
Of course, I tried not deallocating the mem as well as writing cstr to memory and passing the address of that (pointer to pointer) and that didn't work either |
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 138
Joined: 06 Jul 2014 Posts: 4275
|
Posted: Thu Aug 17, 2017 6:35 pm Post subject: |
|
|
allocateMemory and writeString do their job in the targeted process, not CE's process. CE sends the message, so windows uses CE's memory.
See this topic for more examples. _________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
FreeER Grandmaster Cheater Supreme Reputation: 53
Joined: 09 Aug 2013 Posts: 1091
|
Posted: Thu Aug 17, 2017 10:12 pm Post subject: |
|
|
Ah, thanks ParkourPenguin!
The thought that it was CE sending the message and therefore referencing CE's memory never crossed my mind! |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|