| 
			
				|  | Cheat Engine The Official Site of Cheat Engine
 
 
 |  
 
	
		| View previous topic :: View next topic |  
		| Author | Message |  
		| kitesan Expert Cheater
 
 ![]() Reputation: 0 
 Joined: 01 May 2014
 Posts: 124
 
 
 | 
			
				|  Posted: Thu Feb 19, 2015 2:08 pm    Post subject: Module inject |   |  
				| 
 |  
				| how to inject a module with a lua script? |  |  
		| Back to top |  |  
		|  |  
		| atom0s Moderator
 
  Reputation: 205 
 Joined: 25 Jan 2006
 Posts: 8587
 Location: 127.0.0.1
 
 | 
			
				|  Posted: Thu Feb 19, 2015 3:04 pm    Post subject: |   |  
				| 
 |  
				|  	  | Code: |  	  | injectDLL(filename): Injects a dll, and returns true on success | 
 _________________
 
 - Retired. |  |  
		| Back to top |  |  
		|  |  
		| kitesan Expert Cheater
 
 ![]() Reputation: 0 
 Joined: 01 May 2014
 Posts: 124
 
 
 | 
			
				|  Posted: Sat Feb 21, 2015 8:06 am    Post subject: |   |  
				| 
 |  
				| actually i wanted to inject a exe (its module) into a process (to duplicate the original exe module). in short a exe injector coded in c vb or lua |  |  
		| Back to top |  |  
		|  |  
		| SteveAndrew Master Cheater
 
  Reputation: 30 
 Joined: 02 Sep 2012
 Posts: 323
 
 
 | 
			
				|  Posted: Sat Feb 21, 2015 4:46 pm    Post subject: |   |  
				| 
 |  
				| Umm... what? lol you can't inject an exe into an exe! You're going to have to clarify what you mean or what you're trying to do, as their probably is a way to do what you want, but it's probably not how you're thinking it'll work. _________________
 
 |  |  
		| Back to top |  |  
		|  |  
		| kitesan Expert Cheater
 
 ![]() Reputation: 0 
 Joined: 01 May 2014
 Posts: 124
 
 
 | 
			
				|  Posted: Sat Feb 21, 2015 6:49 pm    Post subject: |   |  
				| 
 |  
				| i have to make a copy of the main module of Far Cry 4 and inject the copy in the game so i have the same module two times |  |  
		| Back to top |  |  
		|  |  
		| SteveAndrew Master Cheater
 
  Reputation: 30 
 Joined: 02 Sep 2012
 Posts: 323
 
 
 | 
			
				|  Posted: Sat Feb 21, 2015 7:09 pm    Post subject: |   |  
				| 
 |  
				| Oh okay see that makes more sense now. What you need to do is not inject a second game into the first, but instead make a copy of the entire region of memory the game takes up. This is to bypass a CRC check or something right? 
 Either save the memory region with CE and use the loadbinary function of Auto Assembler or Lua, or create a copy of the memory "on-the-fly" with AA or Lua (obviously executed before enabling any cheats)
 
 Then your script to bypass the crc will point the check to your copy of the memory instead of the original.
 
 
   _________________
 
 |  |  
		| Back to top |  |  
		|  |  
		| kitesan Expert Cheater
 
 ![]() Reputation: 0 
 Joined: 01 May 2014
 Posts: 124
 
 
 | 
			
				|  Posted: Sat Feb 21, 2015 9:03 pm    Post subject: |   |  
				| 
 |  
				| thank alot |  |  
		| Back to top |  |  
		|  |  
		| kitesan Expert Cheater
 
 ![]() Reputation: 0 
 Joined: 01 May 2014
 Posts: 124
 
 
 | 
			
				|  Posted: Sun Feb 22, 2015 5:32 am    Post subject: |   |  
				| 
 |  
				| little question , functions like VirtualAlloc and VirtualAllocEx can be used in 64bit applications and how to ? |  |  
		| Back to top |  |  
		|  |  
		| SteveAndrew Master Cheater
 
  Reputation: 30 
 Joined: 02 Sep 2012
 Posts: 323
 
 
 | 
			
				|  Posted: Mon Feb 23, 2015 10:21 am    Post subject: |   |  
				| 
 |  
				| You compile as 64-bit and it just works   
 Or in ASM You pass the parameters/arguments via registers+stack instead of just the stack. If you're doing a Lua or AA script though it can allocate memory for you more easily with 'alloc(memorycopy,123456)' where '123456' is the size in bytes, or Lua: 'allocateSharedMemory(name, size)'
 
 I'd recommend just allocating it that way, but if you insist on calling VirtualAlloc instead of using CE's features:
 
 "Integer values are passed (in order left to right) in RCX, RDX, R8, and R9. Arguments five and higher are passed on the stack. All arguments are right-justified in registers. This is done so the callee can ignore the upper bits of the register if need be and can access only the portion of the register necessary.
 Floating-point and double-precision arguments are passed in XMM0 – XMM3 (up to 4) with the integer slot (RCX, RDX, R8, and R9) that would normally be used for that cardinal slot being ignored (see example) and vice versa."
 Parameter Passing: https://msdn.microsoft.com/en-us/library/zthk2dkh.aspx
 x64 Calling Convention: https://msdn.microsoft.com/en-us/library/ms235286.aspx
 
 So something like:
 
  	  | Code: |  	  | [enable]
 alloc(Alloc64,1024)
 label(pMemoryCopy)
 label(Exit)
 registersymbol(Alloc64)
 registersymbol(pMemoryCopy)
 createthread(Alloc64)
 
 Alloc64:
 push rbp
 mov rbp,rsp
 and rsp,fffffff0
 sub rsp,60
 
 xor rcx,rcx //mov rcx,0; optional parameter 'lpAddress'
 mov rdx,#123456 //Size Of Memory Allocation / Bypass Area
 mov r8,1000 //MEM_COMMIT
 mov r9,40 //PAGE_EXECUTE_READWRITE
 call kernel32.VirtualAlloc
 test rax,rax
 je Exit //jmp is followed if allocation failed
 mov [pMemoryCopy],rax
 
 //mov rax,[pMemoryCopy] //well it's already in rax ;)
 mov rbx,FarCry4.exe+1000
 mov rcx,#123456 //Size Of FarCry4 Bypass Area
 @@:
 mov dl,[rbx]
 mov [rax],dl
 inc rax
 inc rbx
 dec rcx
 jne @b
 
 { //This would deallocate it, but you need it around don't you? :D
 mov rcx,[pMemoryCopy] //pointer to memory to be free'd
 xor rdx,rdx //must be zero if MEM_RELEASE
 mov r8,8000 //MEM_RELEASE
 call kernel32.VirtualFree
 }
 
 Exit:
 mov rsp,rbp
 pop rbp
 ret
 
 pMemoryCopy:
 dd 0
 
 [disable]
 
 dealloc(Alloc64)
 unregistersymbol(Alloc64)
 unregistersymbol(pMemoryCopy)
 
 | 
 
 
   _________________
 
 |  |  
		| Back to top |  |  
		|  |  
		| kitesan Expert Cheater
 
 ![]() Reputation: 0 
 Joined: 01 May 2014
 Posts: 124
 
 
 | 
			
				|  Posted: Mon Feb 23, 2015 10:50 am    Post subject: |   |  
				| 
 |  
				| I don't know how to thank you enough |  |  
		| Back to top |  |  
		|  |  
		| kitesan Expert Cheater
 
 ![]() Reputation: 0 
 Joined: 01 May 2014
 Posts: 124
 
 
 | 
			
				|  Posted: Mon Feb 23, 2015 6:50 pm    Post subject: |   |  
				| 
 |  
				| last question , once you make a copy of the memory , how do you link the file of your copy (.CEM) to your table when you use for example Loadbinary(Copy, Copy.CEM)? and how to get as return point the address of that region? very last question , how to give the process handle to allocateSharedMemory(name, size)?
 |  |  
		| Back to top |  |  
		|  |  
		| SteveAndrew Master Cheater
 
  Reputation: 30 
 Joined: 02 Sep 2012
 Posts: 323
 
 
 | 
			
				|  Posted: Tue Feb 24, 2015 7:11 am    Post subject: |     |  
				| 
 |  
				|  	  | kitesan wrote: |  	  | last question , once you make a copy of the memory , how do you link the file of your copy (.CEM) to your table when you use for example Loadbinary(Copy, Copy.CEM)? and how to get as return point the address of that region? very last question , how to give the process handle to allocateSharedMemory(name, size)?
 | 
 
 Hmmm... Well this is odd. You're supposed to have the .CEM file in the same directory as the .CT file is saved in, and loadbinary should load it. First I had to save my .CT and then re-open it before it would recognize that the .CEM file was indeed there, and so I didn't get a file not found error anymore. However it still wouldn't let me enable my script no matter what I tried. Even by providing the full path, it knew the file was there when syntax checking after editing the script but still wouldn't let it be ticked / enabled. I even tried putting the .CEM in the same directory as the game, but that didn't work either.
 
 It was always easy to use before, perhaps in CE 6.4 it's broken? I'll find out about it.
 
 Anyway by using the Lua equivalent I managed to work around that issue: "readRegionFromFile"
 
 One issue though is there doesn't seem to be a "releaseSharedMemory" and Lua seems to execute when you finish editing a script as well as when enabling it, so you could end up allocating a lot of memory and not ever free it while getting your script working the way you want!
 
 By the way you did have "don't include Cheat Engine header" ticked right?
 
   
 Still have the "MemCopy.CEM" or whatever you named it in the same directory as where the .CT is saved:
 
 
  	  | Code: |  	  | [enable]
 {$lua}
 unregisterSymbol("pMemoryCopy") --unregister if already registered, so we don't get stuck unable to enable
 copyAddress=allocateSharedMemory("MemoryCopy",123456) --allocate memory for copy
 readRegionFromFile("MemCopy.CEM",copyAddress) --read file into memory for copy
 registerSymbol("pMemoryCopy",copyAddress) --register it as a symbol so you can use it in Auto Assembler
 
 {$asm}
 {
 alloc(CRCBypass,1024)
 <--
 CRC Bypass Code Here
 -->
 }
 
 [disable]
 
 //dealloc(CRCBypass)
 unregistersymbol(pMemoryCopy)
 
 | 
 
 As for giving allocateSharedMemory a proccess handle, I don't think you can do that: (From CE's help 'Script engine' page)
 
  	  | Code: |  	  | allocateSharedMemory(name, size):
 Creates a shared memory object of the given size if it doesn't exist yet. If size is not given and there is no shared region with this name then the default size
 of 4096 is used
 It then maps this shared memory block into the currently targeted process. It returns the address of mapped region in the target process
 
 | 
 
 
 Or make the copy upon enabling the script (rather than having a pre-made copy "MemCopy.CEM")
 
  	  | Code: |  	  | [enable]
 alloc(MakeCopyThread,1024)
 alloc(pMemoryCopy,123456)
 label(MakeCopy)
 registersymbol(pMemoryCopy)
 createthread(MakeCopyThread)
 
 MakeCopyThread:
 push rbp
 mov rbp,rsp
 and rsp,fffffff0
 sub rsp,20
 
 mov rax,pMemoryCopy //used CE to allocate this time :D
 mov rbx,FC4.dll //start of bypass area
 mov rcx,#123456 //Size Of FarCry4 Bypass Area
 MakeCopy:
 mov dl,[rbx]
 mov [rax],dl
 inc rax
 inc rbx
 dec rcx
 jne MakeCopy
 
 mov rsp,rbp
 pop rbp
 ret
 pMemoryCopy:
 dq 0
 
 {
 <--
 CRC Bypass Code Here
 -->
 }
 
 
 [disable]
 
 dealloc(MakeCopyThread)
 unregistersymbol(pMemoryCopy)
 
 | 
 _________________
 
 |  |  
		| Back to top |  |  
		|  |  
		| kitesan Expert Cheater
 
 ![]() Reputation: 0 
 Joined: 01 May 2014
 Posts: 124
 
 
 | 
			
				|  Posted: Tue Feb 24, 2015 9:55 am    Post subject: |   |  
				| 
 |  
				| You are an angel. |  |  
		| Back to top |  |  
		|  |  
		|  |  
  
	| 
 
 | You cannot post new topics in this forum You cannot reply to topics in this forum
 You cannot edit your posts in this forum
 You cannot delete your posts in this forum
 You cannot vote in polls in this forum
 You cannot attach files in this forum
 You can download files in this forum
 
 |  |