Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


programming with cheat engine

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Tutorials
View previous topic :: View next topic  
Author Message
OldCheatEngineUser
Whateven rank
Reputation: 8

Joined: 01 Feb 2016
Posts: 862

PostPosted: Mon Jan 29, 2018 10:57 pm    Post subject: programming with cheat engine This post has 1 review(s) Reply with quote

Code:
{
Author: OldCheatEngineUser
Website: forum.cheatengine.org
About: just inject it in a 32-bit process and enjoy!
}

define(ok,06)

[enable]

alloc(asm,$100)
registersymbol(asm)
createthread(asm)

asm:
push 30
call User32.MessageBeep
push 4
push "mTitle"
push "mMsg"
push 0
call User32.MessageBoxA
cmp al,"ok"
jnz "nMain"
yMain:
push 40
call User32.MessageBeep
push 0
push "yTitle"
push "yMsg"
push 0
call User32.MessageBoxA
ret
nMain:
push 10
call User32.MessageBeep
push 0
push "nTitle"
push "nMsg"
push 0
call User32.MessageBoxA
ret

mTitle:
db 'CheatEngine Says . . .', 0
mMsg:
db 'Hey!' 0D0A  'You Are Enjoying Right?' 0D0A 'I Mean Using The AutoAssembler', 0

yTitle:
db 'Oh Sweet!', 0
yMsg:
db 'Play Around With Me!', 0

nTitle:
db 77 74 66 3F 00
nMsg:
db 46 75 63 6B 20 4F 66 66 21 00

[disable]

unregistersymbol(asm)
dealloc(asm)

_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
patched cheat engine tutorials
Memory Hacker


Last edited by OldCheatEngineUser on Tue Jan 30, 2018 9:43 pm; edited 1 time in total
Back to top
View user's profile Send private message Visit poster's website
Corroder
Master Cheater
Reputation: 9

Joined: 10 Apr 2015
Posts: 489

PostPosted: Tue Jan 30, 2018 2:52 am    Post subject: Reply with quote

How about 64 bit app ?
_________________
Singapore Sling + Johnnie Walker + Some Peanuts....
Back to top
View user's profile Send private message
FreeER
Grandmaster Cheater
Reputation: 23

Joined: 09 Aug 2013
Posts: 617

PostPosted: Tue Jan 30, 2018 9:19 am    Post subject: Reply with quote

Yeah, that's one problem with assembly. You have to write it twice for x86 and x64. Hence the invention of languages where you can compile an x86 dll and an x64 dll from the same source (if it's trivial or you coded it properly)

Though I didn't actually realize you could refer to labels with "s around them lol

anyways, here's an x64 version
Code:
{
Author: OldCheatEngineUser (modified for x64 by FreeER)
Website: forum.cheatengine.org
About: just inject it in a 64-bit process and enjoy!
}

define(ok,06)

[enable]
alloc(asm,$100)
registersymbol(asm)
createthread(asm)

asm:
  mov r9, 4
  mov r8, "mTitle"
  mov rdx, "mMsg"
  mov rcx, 0
  // 32 bytes of shadow space, must be 16 byte aligned
  mov rbp, rsp
  and rsp, -10 // FFFFFFFFFFFFFFF0
  sub rsp, 20
  call User32.MessageBoxA
  mov rsp, rbp
  cmp al,"ok"
  jnz "nMain"
yMain:
  mov r9, 0
  mov r8, "yTitle"
  mov rdx, "yMsg"
  mov rcx, 0

  mov rbp, rsp
  and rsp, -10
  sub rsp, 20
  call User32.MessageBoxA
  mov rsp, rbp
  ret
nMain:
  mov r9, 0
  mov r8, "nTitle"
  mov rdx, "nMsg"
  mov rcx, 0

  mov rbp, rsp
  and rsp, -10
  sub rsp, 20
  call User32.MessageBoxA
  mov rsp, rbp
  ret

mTitle:
db 'CheatEngine Says . . .', 0
mMsg:
db 'Hey!' 0D0A  'You Are Enjoying Right?' 0D0A 'I Mean Using The AutoAssembler', 0

yTitle:
db 'Oh Sweet!', 0
yMsg:
db 'Play Around With Me!', 0

nTitle:
db 77 74 66 3F 00
nMsg:
db 46 75 63 6B 20 4F 66 66 21 00

[disable]
unregistersymbol(asm)
dealloc(asm)


Last edited by FreeER on Tue Jan 30, 2018 9:56 am; edited 1 time in total
Back to top
View user's profile Send private message
OldCheatEngineUser
Whateven rank
Reputation: 8

Joined: 01 Feb 2016
Posts: 862

PostPosted: Tue Jan 30, 2018 9:55 am    Post subject: Reply with quote

lol Free, thanks for that.

dQuotes dont mean anything in CE, i just used them them for visual purpose.

you can say:

db "00" "01" "05" "19"

or anything really haha, so yeah visual purpose.

_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
patched cheat engine tutorials
Memory Hacker
Back to top
View user's profile Send private message Visit poster's website
Corroder
Master Cheater
Reputation: 9

Joined: 10 Apr 2015
Posts: 489

PostPosted: Tue Jan 30, 2018 7:30 pm    Post subject: Reply with quote

Thanks FreeER...great job., but
found an error :

line 15 : (move r9, 4) : This instruction can't be compiled

_________________
Singapore Sling + Johnnie Walker + Some Peanuts....
Back to top
View user's profile Send private message
FreeER
Grandmaster Cheater
Reputation: 23

Joined: 09 Aug 2013
Posts: 617

PostPosted: Tue Jan 30, 2018 7:45 pm    Post subject: Reply with quote

@Corroder Make sure you're attached to a 64 bit process because "mov r9, 4" is certainly a valid instruction (and if you search for "move" you'll find it's not in the script so it's not that typo either lol)
Back to top
View user's profile Send private message
OldCheatEngineUser
Whateven rank
Reputation: 8

Joined: 01 Feb 2016
Posts: 862

PostPosted: Tue Jan 30, 2018 9:43 pm    Post subject: Reply with quote

update:
- added 3 different sounds, each box have one.

_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
patched cheat engine tutorials
Memory Hacker
Back to top
View user's profile Send private message Visit poster's website
FreeER
Grandmaster Cheater
Reputation: 23

Joined: 09 Aug 2013
Posts: 617

PostPosted: Tue Jan 30, 2018 10:20 pm    Post subject: Reply with quote

Well now that's kind of begging for something more flexible lmao

note: this will save CE's default activate and deactivate sounds to your "My Cheat Tables" folder, they're the only wavs I felt I could guarantee having access to (and I wanted to demo that actual file paths would work, not just a few system sounds).

Also note that it requires loading a library, at least for the tutorial. Not sure how common winmm might be lol

Code:
{
Author: OldCheatEngineUser
Website: forum.cheatengine.org
About: just inject it in a 32-bit process and enjoy!
}
luacall(findTableFile('Deactivate').saveToFile('Deactivate.wav'))
luacall(findTableFile('Activate').saveToFile('Activate.wav'))
define(ok,06)
LoadLibrary(Winmm.dll)
[enable]

alloc(asm,$100)
registersymbol(asm)
createthread(asm)

asm:
push 20001 // SND_ASYNC|SND_FILENAME
push 0
push sound1
call PlaySoundA
push 4
push "mTitle"
push "mMsg"
push 0
call User32.MessageBoxA
cmp al,"ok"
jnz "nMain"
yMain:
push 20001 // SND_ASYNC|SND_FILENAME
push 0
push sound2
call PlaySoundA
push 0
push "yTitle"
push "yMsg"
push 0
call User32.MessageBoxA
ret
nMain:
push 10001 // SND_ASYNC|SND_ALIAS
push 0
push sound3
call PlaySoundA
push 0
push "nTitle"
push "nMsg"
push 0
call User32.MessageBoxA
ret

sound1:
  db 'Activate.wav',0
sound2:
  db 'Deactivate.wav',0
sound3:
  db 'SystemExit',0

mTitle:
db 'CheatEngine Says . . .', 0
mMsg:
db 'Hey!' 0D0A  'You Are Enjoying Right?' 0D0A 'I Mean Using The AutoAssembler', 0

yTitle:
db 'Oh Sweet!', 0
yMsg:
db 'Play Around With Me!', 0

nTitle:
db 77 74 66 3F 00
nMsg:
db 46 75 63 6B 20 4F 66 66 21 00

[disable]

unregistersymbol(asm)
dealloc(asm)
Back to top
View user's profile Send private message
OldCheatEngineUser
Whateven rank
Reputation: 8

Joined: 01 Feb 2016
Posts: 862

PostPosted: Tue Jan 30, 2018 10:40 pm    Post subject: Reply with quote

lol awesome, it loads windows shutdown sound.
i could create custom sounds tho, but it will be waste of time.

_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
patched cheat engine tutorials
Memory Hacker
Back to top
View user's profile Send private message Visit poster's website
TheyCallMeTim13
Wiki Contributor
Reputation: 8

Joined: 24 Feb 2017
Posts: 267
Location: Right Here Buddy.

PostPosted: Tue Jan 30, 2018 11:18 pm    Post subject: Reply with quote

Is there any kinda of standard way to hook a processes GUI/Forms library, or would you need to know the libraries api and/or reverse a given library.
_________________
A: What manner of man are you that can summon up fire without flint or tinder?
T: I... am an enchanter.
Back to top
View user's profile Send private message
OldCheatEngineUser
Whateven rank
Reputation: 8

Joined: 01 Feb 2016
Posts: 862

PostPosted: Tue Jan 30, 2018 11:34 pm    Post subject: Reply with quote

reversing a library takes lot of time since every function call other functions from other libraries, and at the end of this calling process most of the functions call kernel library and ntdll.

but i believe knowing the libraries and api's is enough tho, you still can create your own libraries and/or use other libraries for gui things.

about creating forms or dialogs in other running processes, as long as that process created an entry point in that specific dll then you can hook their functions.

(this is what i know so far, so maybe someone have more technical details than me)

_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
patched cheat engine tutorials
Memory Hacker
Back to top
View user's profile Send private message Visit poster's website
FreeER
Grandmaster Cheater
Reputation: 23

Joined: 09 Aug 2013
Posts: 617

PostPosted: Wed Jan 31, 2018 6:27 am    Post subject: Reply with quote

(disclaimer: I really haven't messed with gui stuff, it's rarely of any interest to me beyond visually looking for clues as to the values I should scan for)

You'd definitely need to figure out the GUI API/Library used. Most large games don't use one. Well, they do but they roll their own or it comes with the game engine which is probably custom made. Even when they do use something they'll likely customize some of the functions to fit their needs so that can occasionally change things Smile

But if they happen to use a library where you have access (to at least the documentation), then you should be able to create a dll based on that and inject it into the process (probably have to use function pointers rather than relying on the linker/windows to replace addresses for you on load though), and if you can do it in a dll you could eventually do it in asm if you so desired lol Smile
Back to top
View user's profile Send private message
OldCheatEngineUser
Whateven rank
Reputation: 8

Joined: 01 Feb 2016
Posts: 862

PostPosted: Wed Jan 31, 2018 12:28 pm    Post subject: Reply with quote

FreeER wrote: custom made.

i like custom things

lol

_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
patched cheat engine tutorials
Memory Hacker
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Tutorials All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites