TheyCallMeTim13 Wiki Contributor Reputation: 50 Joined: 24 Feb 2017 Posts: 976 Location: Pluto
|
Posted: Thu Mar 02, 2017 1:14 am Post subject: I2 Cheat Engine Auto Assembler Script Template Generator |
|
|
I2 CE Auto Assembler Script Template Generator
No longer supported see
Auto Assembler Template Engine ("compiled templates")
A CEA file template system and memory record creator.
Version: 1.1.7
Forked Version of:
"customAOBInjectionTemplates.lua":
Posting Author: mgr.inz.Player
"Custom Lua Script Templates.lua":
Posting Author: predprey
"aamaker.lua":
Posting Author: GH*master
The Doc String.
Code: | --[====================================================================================================================[
I2 Cheat Engine Auto Assembler Script Template Generator.
And memory record creator.
Version: 1.1.7
1.0.1:
* First release.
1.0.2:
* I2 Template Changes.
1.0.3:
* I2 Template Changes.
1.0.4:
* I2 Template Changes.
1.0.5:
* I2 Template Changes.
* I2 Template Memory Record Changes.
* Removed I2 templates menu section, menu items now in main section.
* Moved main form menu items form "miExtra", to "miTemplates".
1.1.1:
* I2 Template Changes.
* I2 Template Memory Record Changes.
* Fixed template AOB signature function.
* Added "Get byte scan signature info" context menu option to memory view form.
* Fixed memory record template items setting "OffsetText" and "Offset".
* Added CE's "translate" function to the local translate function.
* Fixed address errors with "module+offset", now giving proper "module+offset".
* Added bring Cheat Engine to front on adding memory records option.
* Added "AskToAddToTable" option for templates.
* Added "AddToMainOnly" for template menu item creation on only the main form.
1.1.2:
* Fixed error with "getModuleAndOffsetFromAddress" if no process is hooked.
* Fixed pointer offset conversion error.
1.1.3:
* Added Hook Setup form to allow input of hook name address and generate aob option.
* Injection point is now input address, defaults to greatest line in memory view form.
* Aob is now selected lines in memory view form.
* Aob offset calculated form injection point and aob start address.
* Added "AOBAddress" and "AOBOffset" template tags.
* I2 Template Changes.
* I2 Template Memory Record Changes
1.1.4:
* Added enter key default for ok button on hook setup form.
* Added escape key default for cancel button on hook setup form.
* Fixed original code offset padding.
* Added "BaseAddressOffsetValue" template key.
* I2 Template Changes.
* Added "{$strict}" to all ASM templates.
* Fixed scripts not being added to open auto assembler form (sorry, forgot about this one).
* Added documentation on new features, setting, and template keys.
1.1.5:
* Added more documentation.
* Put Aob memory view signature scan in threaded function call.
1.1.6:
* Generation of Memory View form pop-up menu template items under a sub-menu,
to allow short keys to work from Memory View form.
* Fixed error with empty check having OR and not an AND as needed.
1.1.7:
* Fix I2 memory record error.
* Moved Template values for, AOB with Values; To be setup for aligned packed instructions
* I2 Template Changes.
* Changed "getMainForm()" to "MainForm".
* Changed Hook Setup form, moved the address input to the top.
Author: Matt - TheyCallMeTim13 - MattI2.com
Forked Version of:
"customAOBInjectionTemplates.lua":
Posting Author: mgr.inz.Player
* http://forum.cheatengine.org/viewtopic.php?t=588038
"Custom Lua Script Templates.lua":
Posting Author: predprey
* http://forum.cheatengine.org/viewtopic.php?t=595096
"aamaker.lua":
Posting Author: GH*master
* http://forum.cheatengine.org/viewtopic.php?t=587401
Features:
- Allows for adding templates as tables or in a directory structure.
- Load templates function can be called multiple time to allow for standard and game specific templates.
- Allows for template tables to have memory records generated along with the template script.
- Memory record string settings are parsed for template keys.
- Template table structure sets the menu item structure created.
- Generic place holder key replacement though standard input forms.
- A Standard header can be set for use in templates.
- Gets the file version of the process's executable, for use in templates.
- Set the amount of data collected and put in injection information.
- Generate byte scan signature from selection of memory view form for AOB templates; or
generate byte scan signature from address, plus instruction minimum, for AOB templates.
See: "UseMemoryViewFormSelectionForAOBSignature" in settings.
* NOTE: Scan is preformed on generated scan signature filled with wild cards.
- Generate byte scan signature from selection of memory view form to be printed only.
* NOTE: Scan is preformed on generated scan signature filled with wild cards.
Example:
--- Start ---
Game Title: Dishonored
Game Version: 1.0.0.0
Process: Dishonored.exe
Process Address: 00400000
Start Address:
Dishonored.AK::SoundEngine::StartOutputCapture+706CB
00AB427B
End Address:
Dishonored.AK::SoundEngine::StartOutputCapture+706EA
00AB429A
Test byte signature:
8Bxxxxxxxxxx8Bxxxxxxxxxx83xxxxxx8Dxxxxxx89xxxx83xxxx74xx8Bxxxx8Dxxxx
Found: 2
Test byte signature is NOT unique.
--- End ---
Example:
--- Start ---
Game Title: Tutorial-i386
Game Version: GAME_VERSION
Process: Tutorial-i386.exe
Process Address: 00400000
Start Address:
Tutorial-i386.exe+24B5F
00424B5F
End Address:
Tutorial-i386.exe+24BAB
00424BAB
Test byte signature:
8Bxxxxxxxxxx8Bxxxx89xx8Bxxxx8Bxxxxxxxxxx8Bxx3Bxxxx74xxEBxx8Bxxxx ... Trimmed for documentation
Test byte signature is unique.
--- End ---
For the default templates see:
- CE Form >> Ctrl+M >> Ctrl+A >> Menu >> Templates
- CE Form >> Main Menu >> Templates
To add templates use:
local TemplatesTable = {
...
}
I2CEAutoAssemblerScriptTemplates.loadTemplates(TemplatesTable)
To add templates from a directory:
I2CEAutoAssemblerScriptTemplates.loadTemplatesDirectory([[x:\SomeOddDirectory]])
Install / Setup Method 1:
- Put file in CE autorun folder.
Install / Setup Method 2:
- Put in CE lua folder (it isn't created by default).
And in a file in the CE autorun folder import and add tables.
Example:
local TemplatesTable = {
...
}
local I2CEAASTG = require 'pluginI2CEAutoAssemblerScriptTemplateGenerator'
---- You could rename the file if you go this route.
I2CEAASTG.loadTemplates(TemplatesTable)
Settings:
UserNameEnvKey : string - Environment variable key for user name.
i.e.: 'CE_USERNAME' or 'HEYBUDDYWHATSTHENAME'
UserName : string - Used for overriding the system's user name from environment ('USERNAME').
** See 'Environment Variable Keys' to override that way.
DateFormat : string - Lua date format string.
AddMainSeperator : boolean - Set to true to have a separator added to the menu before adding
template menu items.
InjectionInfoCount : integer - The number of lines before and after injection point in injection info.
i.e.: 10 will generate 21 lines of disassembler output.
10 before (addresses less then injection address)
1 injection point
10 after (addresses greater then injection address)
PlaceHolderKey : string - The Place holder key used in templates for generic replacement prompts.
** See: 'Template Place Holders' for more info.
AutoLoad : boolean - Set to false to stop auto loading of templates.
TemplatesDirectory : string - The templates directory to use.
** *** Template files use a unique format, (my change to template files matched with json files for
settings) so this should be in a unique spot (IT CAN CLASH with other template generators
if in same folder).
NopASM : string - ASM for nops.
i.e.: 'nop' or 'Nop' or 'nop //// No Operation'
* There is a separate template key for nops as data bytes. (i.e.: 'db 90 90 90')
AddI2Templates : Set to "false" to disable adding of I2 templates
MemoryViewFormByteSignatureScanInfoDescription : Memory view form context menu
byte signature scan info description.
MemoryViewFormByteSignatureScanInfoShortcut : Memory view form context menu
byte signature scan info short cut string.
AOBScanByteLengthMin : The min number of bytes that will be accepted with out being prompted for approval.
* This is to stop from accidentally scanning for to few bytes
(in large games this can that a little while).
* But will prompt for approval to allow for scanning
(in smaller games scanning for 5 bytes is not a problem).
* NOTE: Scan is preformed on generated scan signature filled with wild cards.
AOBSignatureLength : integer - The minimum number of bytes for AOB signatures.
UseMemoryViewFormSelectionForAOBSignature : Set to true to use memory view form selection instead
of "AOBSignatureLength" plus selected address.
BringCheatEngineToFrontOnCreateMemoryRecords : Set to true to bring Cheat Engine from to front on adding
memory records to table.
Template Options: Table of settings for template generating.
Required Options:
DisplayString : string - The menu display string.
Bound Required Options: One or the other.
* TemplateString : string - The template string to use.
TemplateFile : string - The file path of the template.
*** Do not use multi extension files. (still figuring this one out)
i.e.: 'AOB_Injection.template.cea'
Instead try:
'AOB_Injection-template.cea '
Name : string - The name of the template.
*** Used in menu item creation, also in injection information and logging.
GetAddress : boolean - Set to true to be prompted for an address.
* Address is pulled from disassembler view form selection. So this is a formality.
IsFullHook : boolean - Set to true to have no less then 5 bytes for a full jump.
GetHookName : boolean - Set to true to be prompted for a hook name.
* All template hook keys will be empty strings if not set to true.
HookTag : string - The tag to use for prompts.
i.e.: 'Hook', 'Hack', 'Cheat', 'Exploit', or what have you.
AppendHookTag : boolean - Set to true to have the hook tag appended to the hook name.
Unless the hook tag is already in the hook name.
FixInputData : boolean - Set to true to fix sloppy input data.
* Only affects hook name.
* Title cases and removes spaces from input.
GetAOBSignature : boolean - Set to true to have an aob signature generated.
Memory Records: : table - Table of settings for generating template memory records
to add to cheat table.
* See: 'Template Memory Records'
MemoryRecordsIncludeScript : boolean - Set to true for prompt to say memory records include script.
NopPaddingLeft : string - The leading padding for nops lines.
i.e.: '\t\t'
OriginalCodePaddingLeft : string - The leading padding for the original code lines.
i.e.: '\t\t'
LineEnd : string - The line end string. (i.e.: '\n' or '\r\n')
LineComment : string - The line comment string. (i.e.: '////' or '//')
InjectionInfoCommentType : integer:CommentTypes : The injection info comment type.
Shortcut : Set to short-cut keys string to use for template menu item.
i.e.: 'ctrl+0'
AskToAddToTable : set to false to suppress asking to add memory records to table.
Note: Must set to false to suppress asking to add memory records to table,
else asked by default.
AddToMainOnly : Set to true to have menu items for template only added to the main form.
Example Table:
Templates = {
Name = 'I2CEATemplates',
SectionDisplayString = 'I2 CEA Templates',
SectionName = 'miI2CEATemplatesSection',
{
DisplayString = 'Address Injection',
GetAddress = true,
GetHookName = true,
HookTag = 'Cheat',
AppendHookTag = true,
TemplateString = I2_TEMPLATE_ADDRESS_INJECTION,
MemoryRecordsIncludeScript = true,
MemoryRecords = {
{
Description = '${HookName} ()->',
Type = vtAutoAssembler,
Color = Colors.Teal,
},
{
Description = '_[== ${HookName} ==]_',
IsGroupHeader = true,
MemoryRecords = {
{
Description = 'inj${HookNameParsed}',
Address = 'inj${HookNameParsed}',
Color = Colors.Red,
Type = vtByteArray,
Aob = {
Size = 0,
},
ShowAsHex = true,
},
},
},
},
},
}
Template Memory Records: Table of settings for memory record generating.
ID : integer - Unique ID
Description : string - The description of the memory record
Address : string - The interpretable address string.
OffsetCount : integer - The number of offsets. Set to 0 for a normal address
Offset[] : array - integer - Array to access each offset
OffsetText[] : array - string - Array to access each offset using the interpretable text style
Type : ValueType - The variable type of this record. See vtByte to vtCustom
** *** Set to 'pointer' for a type value of vtQword or vtDword based on pointer size.
i.e.: Type = 'POINTER',
* If the type is vtString then the following properties are available:
String : table - Table with key value pairs.
Size : integer - Number of characters in the string
Unicode : boolean
* If the type is vtBinary then the following properties are available
Binary : table - Table with key value pairs.
Startbit : integer - First bit to start reading from
Size : integer - Number of bits
* If the type is vtByteArray then the following properties are available
Aob : table - Table with key value pairs.
Size : integer - Number of bytes
Script : String - If the type is vtAutoAssembler this will contain the auto assembler script
** *** If the type is vtAutoAssembler and no script is set the parsed template will be used.
CustomTypeName : string - If the type is vtCustomType this will contain the name of the CustomType
Value : string - The value in string form.
Active : boolean - Set to true to activate/freeze, false to deactivate/unfreeze
Color : integer
ShowAsHex : boolean - Self explanatory
ShowAsSigned : boolean - Self explanatory
AllowIncrease : boolean - Allow value increasing, unfreeze will reset it to false
AllowDecrease : boolean - Allow value decreasing, unfreeze will reset it to false
Collapsed : boolean - Set to true to collapse this record or false to expand it.
Use expand/collapse methods for recursive operations.
HotkeyCount : integer - Number of hot-keys attached to this memory record
Hotkey[] : array - Array to index the hot-keys
DontSave : boolean - Don't save this memoryrecord and it's children
Async : boolean - Set to true if activating this entry will be asynchronious. (only for AA/Lua scripts)
Collapsed : boolean - Set to true to collapse this record or false to expand it. Use expand/collapse methods for recursive operations.
OnActivate : function(memoryrecord, before, currentstate)
: boolean - The function to call when the memoryrecord will change
(or changed) Active to true. If before is true, not returning true
will cause the activation to stop.
OnDeactivate : function(memoryrecord, before, currentstate)
: boolean - The function to call when the memoryrecord will change
(or changed) Active to false. If before is true, not returning true
will cause the deactivation to stop.
OnDestroy : function()
: Called when the memoryrecord is destroyed.
options : Memory record options.
i.e.: "[moHideChildren]"
"[moHideChildren, moActivateChildrenAsWell, moDeactivateChildrenAsWell, " ..
"moRecursiveSetValue, moAllowManualCollapseAndExpand, moManualExpandCollapse]"
Example Table:
MemoryRecords = {
{
Description = '_[== ${HookName} ==]_',
IsGroupHeader = true,
Async = true,
MemoryRecords = {
{
Description = 'inj${HookNameParsed}',
Address = 'inj${HookNameParsed}',
Color = Colors.Red,
Type = vtByteArray,
Aob = {
Size = 0,
},
ShowAsHex = true,
options = "[moHideChildren]",
},
},
},
{
Description = 'flg${HookNameParsed}IsAssembled',
Address = 'flg${HookNameParsed}IsAssembled',
Color = Colors.Olive,
Type = vtByte,
DropDownList = {
Text = '0:Not Assembled\n1:Assembled\n',
},
DropDownReadOnly = true, ---- Disallow manual user input
DropDownDescriptionOnly = true, ---- Only show the description part
DisplayAsDropDownListItem = true, ---- Make the record display values like the dropdownlist
},
{
Description = 'inj${HookNameParsed}',
Address = 'inj${HookNameParsed}',
Color = Colors.Red,
Type = vtByteArray,
Aob = {
Size = 0,
},
ShowAsHex = true,
},
{
Description = '${BaseAddressOffset} - ',
Color = Colors.Black,
Type = vtDword,
ShowAsHex = false,
OffsetText = {
'${BaseAddressOffset}',
},
Address = 'ptr${HookNameParsed}',
}
}
Template Keys:
- Keys to be used in templates and memory record strings.
format:
${TemplateKey}
ProcessName - The process name.
ProcessAddress - The process address.
Module - The address's module, if it is in a module.
ModuleAddress - The address's module address, if it is in a module.
ModuleSize - The address's module size, if it is in a module.
ModuleBitSize - The address's module bit size, if it is in a module.
i.e.: '(x32)' or '(x64)'
ModuleStr - Will be set to the word 'Module' if the address is in a module.
* Used with aob scan.
i.e.: 'aobScan${ModuleStr}(...'
ModuleDecl - Will be set to the module name with a comma in front, if the address is in a module.
* Used with aob scans, and memory allocation.
i.e.: 'alloc(SomeUserSymbol, 0x400${ModuleDecl})'
Address - The address, will be in module with offset format, if the address is in a module.
* Pulled from disassembler view form selection.
AddressHex - The address in hex format, length is based on pointer size.
Date - The current date.
Author - The detected user name.
*** Set global 'CE_USERNAME', or environment variable 'CE_USERNAME', to override
the windows user name.
HookTag - The hook tag word.
i.e.: 'Hook', 'Hack', 'Cheat', 'Exploit', or what have you.
HookName - The, human readable, hook name.
i.e.: 'Ammo DEC Hook', or 'Ammo DEC'
HookNameBase - The hook name with out the hook tag appended.
* Even if 'AppendHookTag' is set to 'true'.
* If 'AppendHookTag' is set to 'false' it will be the same as 'HookName'.
HookNameParsed - The, machine readable, hook name.
i.e.: 'AmmoDECHook', or 'AmmoDEC'
HookNameParsedBase - The parsed hook name with out the hook tag appended.
* Even if 'AppendHookTag' is set to 'true'.
* If 'AppendHookTag' is set to 'false' it will be the same as 'HookNameParsed'.
AOBBytes - AOB byte signature string.
AOBMessage - Used if more then one match was found.
** Adds a new line character if there is a message.
i.e.: '\n// Matches Found: 25'
AOBOffset - The AOBs calculated offset from injection point.
This will include a '+' or '-'.
AOBAddress - The address of the AOB starting point.
OriginalCode - The original code (pulled from disassembler view form)
OriginalBytes - The original bytes (pulled from disassembler view form)
InstNOPS - Nops matching the original number of bytes.
InstNOP90S - Nops, in data byte format, matching the original number of bytes.
i.e.: 'db 90 90 90'
NOPS - Used if nops are needed.
NOP90S - Used if nops are needed.
InjectionInfo - The injection information collected (the commented out disassembler output).
CEVersion - Cheat Engine's version.
PointerSize - The processes pointer size.
i.e.: x32 PointerSize is 4 and x64 PointerSize is 8.
PointerFtmStr - The processes pointer format string. (for lua use in templates)
i.e.: x32 PointerFtmStr is '%08X' and x64 PointerFtmStr is '%016X'.
PointerWordSize - The processes pointer declaration word.
i.e.: x32 PointerWordSize is 'dd' and x64 PointerWordSize is 'dq'.
PointerDefault - The processes pointer declaration with integer 0 value.
i.e.: x32 PointerWordSize is 'dd 0' and x64 PointerWordSize is 'dq 0'.
PointerDefaultFull - The processes pointer declaration with hex 0 value.
i.e.: x32 PointerDefaultFull is 'dd 00000000' and
x64 PointerDefaultFull is 'dq 0000000000000000'.
GameTitle - The game title. (See: 'Global Variables' for overriding process based value)
GameVersion - The game version. (See: 'Global Variables' for overriding determined value)
BaseAddressRegistry - Registry pulled form original code of the first line (uses lua matching).
BaseAddressOffset - Offset for registry pulled form original code of the first line (uses lua matching).
* Looks for most instructions followed by brackets with a registry and offset. Kinda works!
i.e.: mov eax,[rsi+10]
BaseAddressRegistry will be 'rsi'
BaseAddressOffset will be '+10'
BaseAddressOffsetValue - The decimal value of the offset for registry pulled form original code.
Templates:
Key Format:
${TemplateKey}
Example:
${Header}
define(bytes, ${OriginalBytes})
define(address, ${Address})
////
//// ------------------------------ ENABLE ------------------------------
[ENABLE]
assert(address, bytes)
////
//// ---------- Injection Point ----------
address:
${InstNOPS}
////
//// ------------------------------ DISABLE ------------------------------
[DISABLE]
////
//// ---------- Injection Point ----------
address:
db bytes
${InjectionInfo}
Template Place Holders:
- User will be prompted for replacement of key words (every thing after place holder key).
* Key words are striped of underscores and title cased before prompt.
i.e.:
PlaceHolder_Some_Value -> "Some Value"
PlaceHolder_the_ultimate_question -> "The Ultimate Question"
Key Start:
PlaceHolder_
Example:
${Header}
define(bytes, ${OriginalBytes})
define(address, ${Address})
////
//// ------------------------------ ENABLE ------------------------------
[ENABLE]
assert(address, bytes)
////
//// ---------- Injection Point ----------
address:
mov [${BaseAddressRegistry}${BaseAddressOffset}],${PlaceHolder_Push_Value_In_Hex}
////
//// ------------------------------ DISABLE ------------------------------
[DISABLE]
////
//// ---------- Injection Point ----------
address:
db bytes
${InjectionInfo}
Template Files:
- Template files can be just a CEA file or they can have a settings and template section
** *** Must be just a CEA file, or have '[SETTINGS]' then '[TEMPLATE]' section in that order.
i.e.:
| Good | Good | Good | Bad |
|---------------|---------------|---------------|---------------|
| [SETTINGS] | [TEMPLATE] | ... | [TEMPLATE] |
| ... | ... | ... | ... |
| [TEMPLATE] | ... | ... | [SETTINGS] |
| ... | ... | ... | ... |
|---------------|---------------|---------------|---------------|
CEA Files:
- The standard CEA format with templates keys, caption add menu section will be determinate by
file name and directory.
i.e.: 'some_template.cea' -> 'Some Template' - (Templates Menu)
i.e.: 'some_section\some_template.cea' -> 'Some Template' - 'Some Section' (miSomeSection)
Settings:
- Only allows basic setting (no nested settings at this point ?? json).
** *** Settings and template section keys must be the only thing on that line.
Template:
- The template to use (reads to end of file).
** *** Template and settings section keys must be the only thing on that line.
Example:
[SETTINGS]
DisplayString = 'Some Template'
GetAddress = true
GetHookName = true
GetAOBSignature = true
[TEMPLATE]
[ENABLE]
{$lua}
print('I Have The Power!!')
[DISABLE]
{$lua}
print('Op, its gone.')
Global Variables:
GAME_TITLE - The game title.
* If not set process name with out extension will be used.
** Manually set in table lua files, if needed.
GAME_VERSION - The game version.
* If not set value from 'getFileVersion' on the first module will be used.
** Manually set in table lua files, if needed.
Global Variables (Overridden by Settings):
[[ global - setting ]]
CE_USERNAME - UserName
I2CEAASTG_AUTO_LOAD - AutoLoad
I2CEAASTG_TEMPLATES_DIRECTORY - TemplatesDirectory
I2CEAASTG_NOP_ASM - NopASM
I2CEAASTG_TEMPLATE_MARKER_LINE - TemplateMarkerLine
I2CEAASTG_HEADER - TemplateHeader
I2CEAASTG_AOB_SCAN_BYTE_MIN - AOBScanByteLengthMin
I2CEAASTG_AOB_SIGNATURE_LENGHT - AOBSignatureLength
Global Variables (Overridden by Template Options):
[[ global - template option ]]
I2CEAASTG_HOOK_TAG - HookTag
I2CEAASTG_NOP_PADDING_LEFT - NopPaddingLeft
I2CEAASTG_ORIGINAL_CODE_PADDING_LEFT - OriginalCodePaddingLeft
I2CEAASTG_LINE_END - LineEnd
I2CEAASTG_LINE_COMMENT - LineComment
I2CEAASTG_INJ_INFO_COMMENT_TYPE - InjectionInfoCommentType
Environment Variable Keys: (Overridden by global variables)
CE_USERNAME - The name used for 'Author' template key.
]====================================================================================================================]--
|
So this template header:
Code: | {
Process : ${ProcessName} - ${ModuleBitSize}
Module : ${Module} - ${ModuleSize}
Game Title : ${GameTitle}
Game Version : ${GameVersion}
CE Version : ${CEVersion}
Script Version : 0.0.1
Date : ${Date}
Author : ${Author}
Name : ${HookNameParsed}
${HookName}
} |
With this template:
Code: | ${Header}
define(address, ${Address})
define(bytes, ${OriginalBytes})
////
//// ------------------------------ ENABLE ------------------------------
[ENABLE]
aobScan${ModuleStr}(aob${HookNameParsed}${ModuleDecl}, ${AOBBytes})${AOBMessage}
define(inj${HookNameParsed}, aob${HookNameParsed})
assert(inj${HookNameParsed}, bytes)
registerSymbol(inj${HookNameParsed})
alloc(mem${HookNameParsed}, 0x400, inj${HookNameParsed})
label(ptr${HookNameParsed})
registerSymbol(ptr${HookNameParsed})
label(n_code)
label(o_code)
label(exit)
label(return)
mem${HookNameParsed}:
ptr${HookNameParsed}:
${PointerDefault}
n_code:
//mov [ptr${HookNameParsed}],${BaseAddressRegistry}
o_code:
${OriginalCode}
exit:
jmp return
////
//// ---------- Injection Point ----------
inj${HookNameParsed}:
jmp n_code${NOPS}
return:
////
//// ------------------------------ DISABLE ------------------------------
[DISABLE]
////
//// ---------- Injection Point ----------
inj${HookNameParsed}:
db bytes
unregisterSymbol(inj${HookNameParsed})
unregisterSymbol(ptr${HookNameParsed})
dealloc(mem${HookNameParsed})
${InjectionInfo} |
Will output a script like this:
Code: | {
Process : Tutorial-x86_64.exe - (x64)
Module : Tutorial-x86_64.exe - 00000000002DA000
Game Title : Tutorial-x86_64
Game Version : GAME_VERSION
CE Version : 6.7
Script Version : 0.0.1
Date : 01/09/18
Author : TheyCallMeTim13
Name : ExampleHook
Example Hook
}
define(address, Tutorial-x86_64.exe+2C122)
define(bytes, 48 8B 8B 70 07 00 00)
////
//// ------------------------------ ENABLE ------------------------------
[ENABLE]
aobScanModule(aobExampleHook, Tutorial-x86_64.exe, 48xxxxxxxxxxxxE8xxxxxxxxxx48xxxxE8xxxxxxxx48xxxxxx48xxxxxxxxxx00xx00xx00xx00xx00xx00xx00xx00xxxx)
//// AOB Matches Found: 9
define(injExampleHook, aobExampleHook)
assert(injExampleHook, bytes)
registerSymbol(injExampleHook)
alloc(memExampleHook, 0x400, injExampleHook)
label(ptrExampleHook)
registerSymbol(ptrExampleHook)
label(n_code)
label(o_code)
label(exit)
label(return)
memExampleHook:
ptrExampleHook:
dq 0
n_code:
//mov [ptrExampleHook],rbx
o_code:
mov rcx,[rbx+00000770]
exit:
jmp return
////
//// ---------- Injection Point ----------
injExampleHook:
jmp n_code
nop
nop
return:
////
//// ------------------------------ DISABLE ------------------------------
[DISABLE]
////
//// ---------- Injection Point ----------
injExampleHook:
db bytes
unregisterSymbol(injExampleHook)
unregisterSymbol(ptrExampleHook)
dealloc(memExampleHook)
{
//// Injection Point: Tutorial-x86_64.exe+2C122 - 000000010002C122
//// Process: Tutorial-x86_64.exe - 0000000100000000
//// Module: Tutorial-x86_64.exe - 0000000100000000
Tutorial-x86_64.exe+2C0AB: 0F87 7D000000 - ja 10002C12E
Tutorial-x86_64.exe+2C0B1: 48 8D 05 D0111D00 - lea rax,[1001FD288] [00000A0D]
Tutorial-x86_64.exe+2C0B8: 48 89 45 E8 - mov [rbp-18],rax
Tutorial-x86_64.exe+2C0BC: 48 C7 45 E0 0B000000 - mov [rbp-20],0000000B
Tutorial-x86_64.exe+2C0C4: 4C 8D 45 E0 - lea r8,[rbp-20]
Tutorial-x86_64.exe+2C0C8: 48 8B 15 F9261700 - mov rdx,[10019E7C8] [001FCC78]
Tutorial-x86_64.exe+2C0CF: 48 8D 4D F0 - lea rcx,[rbp-10]
Tutorial-x86_64.exe+2C0D3: 49 B9 0000000000000000 - mov r9,0000000000000000
Tutorial-x86_64.exe+2C0DD: E8 2EC00100 - call 100048110
Tutorial-x86_64.exe+2C0E2: 48 8B 4D F0 - mov rcx,[rbp-10]
Tutorial-x86_64.exe+2C0E6: E8 D5D21200 - call 1001593C0
Tutorial-x86_64.exe+2C0EB: 48 8B 05 46111D00 - mov rax,[1001FD238] [(double)100.0000]
Tutorial-x86_64.exe+2C0F2: 48 89 83 C0070000 - mov [rbx+000007C0],rax
Tutorial-x86_64.exe+2C0F9: C7 44 24 20 04000000 - mov [rsp+20],00000004
Tutorial-x86_64.exe+2C101: F2 0F10 8B C0070000 - movsd xmm1,[rbx+000007C0]
Tutorial-x86_64.exe+2C109: 48 8D 4D F8 - lea rcx,[rbp-08]
Tutorial-x86_64.exe+2C10D: 41 B9 04000000 - mov r9d,00000004
Tutorial-x86_64.exe+2C113: 41 B8 00000000 - mov r8d,00000000
Tutorial-x86_64.exe+2C119: E8 B2DE0100 - call 100049FD0
Tutorial-x86_64.exe+2C11E: 48 8B 55 F8 - mov rdx,[rbp-08]
//// INJECTING START ----------------------------------------------------------
Tutorial-x86_64.exe+2C122: 48 8B 8B 70070000 - mov rcx,[rbx+00000770]
//// INJECTING END ----------------------------------------------------------
Tutorial-x86_64.exe+2C129: E8 029C0800 - call 1000B5D30
Tutorial-x86_64.exe+2C12E: 90 - nop
Tutorial-x86_64.exe+2C12F: 48 89 E9 - mov rcx,rbp
Tutorial-x86_64.exe+2C132: E8 99FEFFFF - call 10002BFD0
Tutorial-x86_64.exe+2C137: 48 8B 5D C8 - mov rbx,[rbp-38]
Tutorial-x86_64.exe+2C13B: 48 8D 65 00 - lea rsp,[rbp+00]
Tutorial-x86_64.exe+2C13F: 5D - pop rbp
Tutorial-x86_64.exe+2C140: C3 - ret
Tutorial-x86_64.exe+2C141: 00 00 - add [rax],al
Tutorial-x86_64.exe+2C143: 00 00 - add [rax],al
Tutorial-x86_64.exe+2C145: 00 00 - add [rax],al
Tutorial-x86_64.exe+2C147: 00 00 - add [rax],al
Tutorial-x86_64.exe+2C149: 00 00 - add [rax],al
Tutorial-x86_64.exe+2C14B: 00 00 - add [rax],al
Tutorial-x86_64.exe+2C14D: 00 00 - add [rax],al
Tutorial-x86_64.exe+2C14F: 00 53 48 - add [rbx+48],dl
Tutorial-x86_64.exe+2C152: 8D 64 24 E0 - lea esp,[rsp-20]
Tutorial-x86_64.exe+2C156: 48 89 CB - mov rbx,rcx
Tutorial-x86_64.exe+2C159: F3 0F10 83 B8070000 - movss xmm0,[rbx+000007B8]
Tutorial-x86_64.exe+2C161: 0F2F 05 28111D00 - comiss xmm0,[1001FD290] [(float)5000.0000]
//// Template: I2CEA_AOBFullInjection
//// Generated with: I2 Cheat Engine Auto Assembler Script Template Generator
//// Code Happy, Code Freely, Be Awesome.
} |
And this memory record table:
Code: | {
{
Description = '${HookName} ()->',
Type = vtAutoAssembler,
Color = I2_MR_SCRIPT_COLOR,
},
{
Description = I2_TEMPLATE_MR_GROUP_HEADER,
IsGroupHeader = true,
options = "[moHideChildren]",
MemoryRecords = {
{
Description = 'inj${HookNameParsed}',
Address = 'inj${HookNameParsed}',
Color = Colors.Red,
Type = vtByteArray,
Aob = {
Size = 0,
},
ShowAsHex = true,
},
{
Description = 'ptr${HookNameParsed}',
Address = 'ptr${HookNameParsed}',
Color = Colors.Grey,
Type = 'pointer',
ShowAsHex = true,
MemoryRecords = {
{
Description = '${BaseAddressOffset} - ',
Color = Colors.Black,
Type = vtDword,
ShowAsHex = false,
OffsetText = {
'${BaseAddressOffset}',
},
Address = 'ptr${HookNameParsed}',
},
{
Description = '${BaseAddressOffset} - ',
Color = Colors.Black,
Type = vtSingle,
ShowAsHex = false,
OffsetText = {
'${BaseAddressOffset}',
},
Address = 'ptr${HookNameParsed}',
},
},
},
},
},
} |
Will create memory records like this:
Code: | <?xml version="1.0" encoding="utf-8"?>
<CheatTable>
<CheatEntries>
<CheatEntry>
<ID>28</ID>
<Description>"_[ Example Hook ]_"</Description>
<Options moHideChildren="1"/>
<LastState Value="" RealAddress="00000000"/>
<GroupHeader>1</GroupHeader>
<CheatEntries>
<CheatEntry>
<ID>29</ID>
<Description>"injExampleHook"</Description>
<LastState Value="" RealAddress="00000000"/>
<ShowAsHex>1</ShowAsHex>
<Color>0000FF</Color>
<VariableType>Array of byte</VariableType>
<ByteLength>0</ByteLength>
<Address>injExampleHook</Address>
</CheatEntry>
<CheatEntry>
<ID>30</ID>
<Description>"ptrExampleHook"</Description>
<ShowAsHex>1</ShowAsHex>
<Color>808080</Color>
<VariableType>8 Bytes</VariableType>
<Address>ptrExampleHook</Address>
<CheatEntries>
<CheatEntry>
<ID>31</ID>
<Description>"+00000770 - "</Description>
<Color>000000</Color>
<VariableType>4 Bytes</VariableType>
<Address>ptrExampleHook</Address>
<Offsets>
<Offset>302</Offset>
</Offsets>
</CheatEntry>
<CheatEntry>
<ID>32</ID>
<Description>"+00000770 - "</Description>
<Color>000000</Color>
<VariableType>Float</VariableType>
<Address>ptrExampleHook</Address>
<Offsets>
<Offset>302</Offset>
</Offsets>
</CheatEntry>
</CheatEntries>
</CheatEntry>
</CheatEntries>
</CheatEntry>
</CheatEntries>
</CheatTable> |
_________________ wiki.CheatEngine.org - Tutorials
OpenCheatTables.org
Last edited by TheyCallMeTim13 on Tue Dec 21, 2021 8:42 am; edited 36 times in total
|
|