|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
Yadastra How do I cheat? Reputation: 0
Joined: 25 Dec 2016 Posts: 3
|
Posted: Sun Dec 25, 2016 8:12 am Post subject: Simulate Keystroke in Assembly |
|
|
Hello,
I have a problem with my code. I want to simulate a keystroke but I only have the LUA-Command. How do I simulate this?
Is it possible to write a LUA Script that compares an Integer with ecx?
Code: | originalcode:
mov [rax],ecx
cmp ecx,(int)19
jge moreequal
jl less
moreequal:
//doKeyPress(50) // 2
// doKeyPress(32) // Space
jmp exit
less:
// doKeyPress(49) // 1
exit:
jmp returnhere |
|
|
Back to top |
|
|
mgr.inz.Player I post too much Reputation: 218
Joined: 07 Nov 2008 Posts: 4438 Location: W kraju nad Wisla. UTC+01:00
|
Posted: Sun Dec 25, 2016 4:13 pm Post subject: |
|
|
Lua script attached/embedded to AA script doesn't know anything about AA script. Doesn't know about used labels, symbols, allocs, overall size, and so on.
You have to treat embedded Lua scripts as standalone instructions normally executed in
- "Lua Script: Cheat Table" window
-or "Lua Engine" window
With one exception. If your script returns a string, that string (or multi-line string) will be used.
Remember, embedded Lua script is executed only once while activating/deactivating AA script.
People think that in this script value moved to [esi+00000368] will be random:
Code: | [ENABLE]
(...)
{$Lua}
return "mov cl,"..return string.format('%x', math.random(1,127) )
{$Asm}
mov byte ptr [esi+00000368],cl
(...) |
As you see, there is RNG used, it should return integer value between 1 and 127, converted to hex.
But, embedded Lua script is executed once while activating. CE will take what this embedded script returns. And then AA script will be changed (original script is untouched), analyzed, parsed, and then executed. For example like this.
Code: | [ENABLE]
(...)
mov cl,4e
mov byte ptr [esi+00000368],cl
(...) |
So, after activating, [esi+00000368] will get the same value over and over. After deactivating and activating again, another value...
To move data between AA script and Lua script, you have to use registered user symbol and timer:
Lua script:
Code: | function keystrokeTimerOnTimer()
local ECX_value = readInteger('ECX_value_registeredsymbol')
if ECX_value~=nil then
if ECX_value>=19 then
doKeyPress(50) -- 2
doKeyPress(32) -- Space
else
doKeyPress(49) -- 1
end
end
end
if keystrokeTimer==nil then
keystrokeTimer = createTimer(nil,true)
keystrokeTimer.Interval = 50
end
keystrokeTimer.OnTimer = keystrokeTimerOnTimer
keystrokeTimer.Enabled = true |
AA script
Code: | label(ECX_value_registeredsymbol)
registersymbol(ECX_value_registeredsymbol)
newmem:
(...)
originalcode:
mov [rax],ecx
mov [ECX_value_registeredsymbol],ecx
jmp returnhere
ECX_value_registeredsymbol:
dd 0 |
execute Lua script first, then AA script. It should work.
Now, as you see those two above can communicate.
And because you probably want everything in one AA script, here:
Code: | [ENABLE]
{$Lua}
function keystrokeTimerOnTimer()
local ECX_value = readInteger('ECX_value_registeredsymbol')
if ECX_value~=nil then
if ECX_value>=19 then
doKeyPress(50) -- 2
doKeyPress(32) -- Space
else
doKeyPress(49) -- 1
end
end
end
if keystrokeTimer==nil then
keystrokeTimer = createTimer(nil,true)
keystrokeTimer.Interval = 50
end
keystrokeTimer.OnTimer = keystrokeTimerOnTimer
keystrokeTimer.Enabled = true
{$Asm}
(...) // stuff you didn't provide (aobscan, alloc, label, etc. I assume you named new allocated memory as newmem)
label(ECX_value_registeredsymbol)
registersymbol(ECX_value_registeredsymbol)
newmem:
originalcode:
mov [rax],ecx
mov [ECX_value_registeredsymbol],ecx
jmp returnhere
ECX_value_registeredsymbol:
dd 0
(...) // stuff you didn't provide (injection point address with jmp newmem and nops)
[DISABLE]
{$Lua}
keystrokeTimer.Enabled = false
{$Asm}
(...) // stuff you didn't provide (disable by restoring original bytes, then dealloc, etc)
unregistersymbol(ECX_value_registeredsymbol)
|
_________________
|
|
Back to top |
|
|
Yadastra How do I cheat? Reputation: 0
Joined: 25 Dec 2016 Posts: 3
|
Posted: Mon Dec 26, 2016 9:41 am Post subject: |
|
|
Thank you very much.
But why does this not work?
Code: | [ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
registersymbol(blackjacknumber)
alloc(newmem,2048,"VCRUNTIME140.dll"+C45D)
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
mov [blackjacknumber],ecx
originalcode:
mov [rax],ecx
ret
mov ecx,[rdx]
cmp [blackjacknumber],(int)18
jge moreequal
jl less
moreequal:
{$Lua}
doKeyPress(32) -- Space
doKeyPress(50) -- 2
doKeyPress(32) -- Space
{$Asm}
jmp exit
weniger:
{$Lua}
doKeyPress(49) -- 1
{$Asm}
exit:
jmp returnhere
"VCRUNTIME140.dll"+C45D:
jmp newmem
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
unregistersymbol(blackjacknumber)
dealloc(newmem)
"VCRUNTIME140.dll"+C45D:
mov [rax],ecx
ret
mov ecx,[rdx]
//Alt: db 89 08 C3 8B 0A |
|
|
Back to top |
|
|
mgr.inz.Player I post too much Reputation: 218
Joined: 07 Nov 2008 Posts: 4438 Location: W kraju nad Wisla. UTC+01:00
|
Posted: Mon Dec 26, 2016 10:50 am Post subject: |
|
|
read my post again.
_________________
|
|
Back to top |
|
|
Yadastra How do I cheat? Reputation: 0
Joined: 25 Dec 2016 Posts: 3
|
Posted: Mon Dec 26, 2016 10:54 am Post subject: |
|
|
Oh sorry. I played around with the script and forgot the main part...
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|