| View previous topic :: View next topic |
| Author |
Message |
ostacro
Newbie cheater
![]() Reputation: 0
Joined: 17 Aug 2011
Posts: 11
Location: Croatia
|
 Posted: Sat Jan 07, 2012 2:14 pm Post subject: how to return old value after disabling cheat?? |
 |
|
So there goes my question, how to return old value after disabling cheat??
For example I have 100 gold, and after enabling cheat i have constant 1000 golds, however after I disable cheat I want to have only old 100 golds, not 1000 which are decreasing.
I was thinking to make it in ASM if it is posible thats why I didnt post it to "Cheat Engine Lua Scripting"
Something like you can do in C, after enabling cheat remember old value then change it constantly to 1000 then before disabling just put back old value.
I just dont know how to make computer remember old value and put it back when I want it?
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25812
Location: The netherlands
|
| Posted: Sat Jan 07, 2012 4:27 pm Post subject: |
|
|
I'm assuming your cheat is an auto assembler script with a [enable] and [disable] section only
Add this to your script:
In enable:
| Code: |
alloc(originalvalueforscriptX,4) //this name must be unique throughout CE
registersymbol(originalvalueforscriptX)
originalvalueforscriptX:
dd #100 //let's initialize it to a default of 100, just in case the routine that sets it is not done (0 HP is probably not what you want)
alloc(lastknownaddressofvalueforscriptX,4) //also unique
lastknownaddressofvalueforscriptX:
dd 0
alloc(hasSavedValue,4)
hasSavedValue:
dd 0
//.... at in your code injection before you edit the health, but you have the address
label(hasBeenSaved)
pushfd
cmp [hasSavedValue],0
jne hasBeenSaved
//use assembler code to write the current health value into originalvalueforscriptX
//e.g:
//push eax
//lea eax,[esi+1228] //get the address if it's a pointer like thing
//mov eax,[eax] //get the value the address contains
//mov [originalvalueforscriptX],eax
//pop eax
mov [hasSavedValue],1
hasBeenSaved:
popfd
//don't forget to write the address of health to lastknownaddressofvalueforscriptX as well
|
and in disable:
| Code: |
lastknownaddressofvalueforscriptX:
readmem(originalvalueforscriptX,4) //restore the original value
dealloc(lastknownaddressofvalueforscriptX)
dealloc(hasSavedValue)
dealloc(originalvalueforscriptX)
|
Alternatively, leave your script enabled, but let the controls of it being enabled/disabled in another entry, then when enabled sets a value to 1 and disabled back to 0. (Still requires some coding for storing the original value)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
ostacro
Newbie cheater
![]() Reputation: 0
Joined: 17 Aug 2011
Posts: 11
Location: Croatia
|
| Posted: Sun Jan 08, 2012 7:31 am Post subject: |
|
|
No wonder I couldn't figured out tnx man 
errrr, what I am doing wrong...
alloc(lastknownaddressofvalueforscriptX,4) //also unique
lastknownaddressofvalueforscriptX:
dd ["GameDLL_x86.dll"+00A4B604+ec]
"Error in line 14 (dd ["GameDLL_x86.dll"+00A4B604+ec]): This instruction cannot be compiled."
same thing...
lea eax,["GameDLL_x86.dll"+00A4B604+ec]
"This instruction cannot be compiled."
dafuq???
Maybe cause its pointer or what...
anyway this command from my original script works:
mov ["GameDLL_x86.dll"+00A4B604+ec],1
so I guess it is syntax error and not wrong pointer error?
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25812
Location: The netherlands
|
| Posted: Sun Jan 08, 2012 12:26 pm Post subject: |
|
|
Oh, you wish to use pointers. That is a lot easier, but won't work with DD
Just a question: What is the notation in ce's add window because this can be rewritten to:
["GameDLL_x86.dll"+A4B6F0]
anyhow, for use with a pointer do:
| Code: |
lastknownaddressofvalueforscriptX:
readmem(["GameDLL_x86.dll"+00A4B604+ec]+0, 4)
|
But really no need to get the address when working with pointers
Instead you can just get the value:
| Code: |
OriginalValue:
readmem([["GameDLL_x86.dll"+00A4B604+ec]+0]+0, 4)
|
and restore the value you'd do:
| Code: |
[["GameDLL_x86.dll"+00A4B604+ec]+0]+0:
readmem(OriginalValue,4)
|
Also, if it's a normal cheat entry (so not aa script) CTRL+Z will undo your last edit to the value
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
ostacro
Newbie cheater
![]() Reputation: 0
Joined: 17 Aug 2011
Posts: 11
Location: Croatia
|
| Posted: Mon Jan 09, 2012 8:03 am Post subject: |
|
|
Well now he is saying
| Code: | originalHBvalue:
readmem(["GameDLL_x86.dll"+00A4B604+ec], 64)
Error in line 7. The memory at "GameDLL_x86.dll"+00A4B604+ec could not be fully read |
I have even tried
| Code: | originalHBvalue:
readmem([20529B48], 64) |
which is first address of value you can find using CE scanning options, still getting "could not be fully read"
Its a float so I did expand him to 64 bytes, also ran CE and the game with admin rights + put FULLACCESS command for that adress...shut down any script, address that could interfere with him however no luck
In my simplistic version of script which dont have save options both "GameDLL_x86.dll"+00A4B604+ec and 20529B48 working fine.
Its great problem cause in this trainer it doesn't matter will it start from cheat value or original value but for some future RTS or RPG trainers I plan to make, matters big time
|
|
| Back to top |
|
|
DrNOP
Newbie cheater
![]() Reputation: 0
Joined: 21 Apr 2014
Posts: 19
|
| Posted: Wed Apr 23, 2014 5:34 pm Post subject: |
|
|
picking up this old thread, because I cannot solve the problem 
I can't get past the problem "Invalid address for ReadMem" in the [DISABLE] section.
Basically, what I want to achieve is using aobscan with wildcards and restoring the correct value afterwards.
My particular script looks like this (stripped down to the essence):
| Code: |
[ENABLE]
alloc(myHandler1, 256)
label(continue1)
aobscan( myHook1, 89 86 * * 00 00 )
// label( myHook1 )
registersymbol( myHook1 ) // register for [DISABLE]
label(originalbytes)
registersymbol(originalbytes)
myHook1:
jmp myHandler1
nop
continue1:
myHandler1:
jmp continue1
originalbytes:
readmem(myHook1, 6) //store the original bytes
[DISABLE]
myHook1:
// restore original bytes
readmem(originalbytes, 6) // <== ERROR
// db 89 86 C4 07 00 00
unregistersymbol(myHook1)
unregistersymbol(originalbytes)
dealloc( myHandler1 )
|
what am I doing wrong? Is there a method to restore the correct bytes?
|
|
| Back to top |
|
|
mgr.inz.Player
I post too much
 Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Thu Apr 24, 2014 10:25 am Post subject: |
|
|
Add/assign empty AA script (ENABLE and DISABLE sections must be empty)
Then, open that AA script and paste the code and confirm with OK button. You will got different message, just press "Yes" button.
_________________
|
|
| Back to top |
|
|
DrNOP
Newbie cheater
![]() Reputation: 0
Joined: 21 Apr 2014
Posts: 19
|
| Posted: Thu Apr 24, 2014 2:59 pm Post subject: |
|
|
| mgr.inz.Player wrote: | Add/assign empty AA script (ENABLE and DISABLE sections must be empty)
Then, open that AA script and paste the code and confirm with OK button. You will got different message, just press "Yes" button. |
sorry, I don't quite get it 
Ok, in Memory Viewer, I create an empty AA script (Tools | Auto Assemble)
In the Auto Assemble, I choose File | Assign to current cheat table
CE then comes up with
| Quote: | | The code needs an [ENABLE] and a [DISABLE] section if you want to use this script as a table entry |
If I paste the code I posted, I get the same error message:
| Quote: | | Error in line 27 (readmem(originalbytes, 6)) :Invalid address for ReadMem |
with no YES | NO button (only OK)
Could you please elaborate?
|
|
| Back to top |
|
|
mgr.inz.Player
I post too much
Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Thu Apr 24, 2014 3:13 pm Post subject: |
|
|
You got the answer:
| Code: | | The code needs an [ENABLE] and a [DISABLE] section if you want to use this script as a table entry |
So, add those two by hand or from menu "template -> framework code"
then Assign to current cheat table, then open script and paste your code.
This is why I wrote: "(ENABLE and DISABLE sections must be empty) "
and not: "whole script must be empty".
_________________
|
|
| Back to top |
|
|
DrNOP
Newbie cheater
![]() Reputation: 0
Joined: 21 Apr 2014
Posts: 19
|
| Posted: Thu Apr 24, 2014 6:13 pm Post subject: |
|
|
I see.
That way I can enter the script, but each time I save it, the alarming error message pops up.
The script works correctly then, however.
It's still quite unsettling.
I don't like to ignore error messages, especially when they relate to asm code that can crash everything, as we all know 
Maybe DarkByte should take care of this, because scanning with wildcards is a very useful feature that makes scripts more flexible and robust..
|
|
| Back to top |
|
|
mgr.inz.Player
I post too much
Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Fri Apr 25, 2014 8:24 am Post subject: |
|
|
| DrNOP wrote: | | Maybe DarkByte should take care of this, because scanning with wildcards is a very useful feature that makes scripts more flexible and robust.. |
Syntaxchecker has been fixed. You have to wait for next CE or compile it yourself (source code is available, and it is GPL/Artistic License).
_________________
|
|
| Back to top |
|
|
DrNOP
Newbie cheater
![]() Reputation: 0
Joined: 21 Apr 2014
Posts: 19
|
| Posted: Fri Apr 25, 2014 4:35 pm Post subject: |
|
|
| mgr.inz.Player wrote: | | Syntaxchecker has been fixed. You have to wait for next CE or compile it yourself (source code is available, and it is GPL/Artistic License). |
great, thanks.
BTW I had to change something before I was able to compile it:
| Quote: | DBK32functions.pas(1140,10) Error: function header doesn't match the previous declaration "WriteProcessMemory64(LongWord,QWord,Pointer,LongWord,var LongWord):LongBool; StdCall;"
|
(changed declaration to BaseAddress:uint64)
So great that this amazing program is written in Pascal, and the source is published.
When I first used CE, I was wondering how such a complex program can be written in C without crashing all the time. Then I saw the reason why it's so stable
|
|
| Back to top |
|
|
mgr.inz.Player
I post too much
Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Fri Apr 25, 2014 5:09 pm Post subject: |
|
|
@DrNOP, which Lazarus are you using?
I see there is new version "Lazarus 1.2.2 FPC 2.6.4", released two days ago.
DarkByte currently uses "Lazarus 1.2 FPC 2.6.2" from March.
Note1: I personally use "Lazarus 1.3 FPC 2.7.1". I downloaded Lazarus source from SVN and FPC source from SVN and I compiled them. Why? Because apparently FPC 2.7.1 from SVN has fixed SEH support for 64bit binaries.
Note2: Also, FPC 2.6.4 (and FPC 2.7.1) doesn't compile "pure" CE source. I have to adapt CE source code.
_________________
|
|
| Back to top |
|
|
DrNOP
Newbie cheater
![]() Reputation: 0
Joined: 21 Apr 2014
Posts: 19
|
| Posted: Fri Apr 25, 2014 8:25 pm Post subject: |
|
|
| mgr.inz.Player wrote: | @DrNOP, which Lazarus are you using?
I see there is new version "Lazarus 1.2.2 FPC 2.6.4", released two days ago. |
yes, that's the one I use. I installed Lazarus for the first time; innately, I'm a Delphian
It's a pity I can't compile CE with Delphi, because of all the Lazarus-specific units.
|
|
| Back to top |
|
|
mgr.inz.Player
I post too much
Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Sat Apr 26, 2014 4:39 am Post subject: |
|
|
The last Delphi I was using is Delphi 6 
Back to topic. If you want to compile CE with newest stable Lazarus, and you got this error: DBK32functions.pas(1140,10)
Just change that function (not the function header) from this:
function WriteProcessMemory64(hProcess:THANDLE;BaseAddress:qword;lpBuffer:pointer;nSize:DWORD;var NumberOfBytesWritten:DWORD):BOOL; stdcall;
to this:
function WriteProcessMemory64(hProcess:THANDLE;BaseAddress:uint64;lpBuffer:pointer;nSize:DWORD;var NumberOfBytesWritten:DWORD):BOOL; stdcall;
You probably will got other errors (I didn't test it with 2.6.4). Current FPC2.7.1 from SVN doesn't know what to to with "assigned(GetThreadSelectorEntry)" and "assigned(IsValidHandle)"
_________________
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
