Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Need help on creating a "trainer"

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
alexisoko
How do I cheat?
Reputation: 0

Joined: 23 Jan 2018
Posts: 6

PostPosted: Tue Jan 23, 2018 2:03 am    Post subject: Need help on creating a "trainer" Reply with quote

Hello, I'm new in making trainer with Cheat Engine and i would like to know if what i want to do is possible


So when we lunch the trainer it detect if WindowsEntryPoint is open
if not the traineer close with a popup message saying open the game


If the game is open, this trainer as 1 button saying "Activate"

When we activate the button it search all float value of 10.00

after that it change all value found to 1500

and thats it, so tell me if its possible, at i said i am ne if you have some tutorial related to what i want to do tell me them Smile


( And also i ma french sorry for my english error that i can do )
Back to top
View user's profile Send private message
Corroder
Grandmaster Cheater Supreme
Reputation: 75

Joined: 10 Apr 2015
Posts: 1667

PostPosted: Tue Jan 23, 2018 3:41 am    Post subject: Reply with quote

I am not sure the script below is post on correct forum section because this is Lua scripting, but here is a example :

Code:
function my_game_attach(timer)
 if getProcessIDFromProcessName("GameName,exe") ~= nil then    -- tested with 'notepad.exe'
  object_destroy(timer)
  openProcess("notepad.exe")
  l2.caption = 'Game process opened'
 else
  t.Destroy()
  showMessage('Game not open. Please open the game and re-open this trainer')
  closeTrainer()
 end
end

t=createTimer(nil);
timer_setInterval(t,10)
timer_onTimer(t,my_game_attach)

function closeTrainer()
 closeCE()
 return caFree
end

function findDoubleValueAndReplace(findValue, replaceWith)   --- not sure 10.00 and 1500 type are floating value
 memscan = createMemScan()
 foundlist = createFoundList(memscan)
 protectionflags = "-W*X-C"

  memscan.firstScan(soExactValue, vtDouble, rtTruncated, findValue, nil,
               "0","7fffffff",protectionflags,
               fsmAligned,"4",
               false, false, false, false)
  memscan.waitTillDone()

  foundlist.initialize()
   for i=0,foundlist.Count-1 do
    fullAccess(  getAddress(foundlist.Address[i])  , 8)
    writeDouble(  foundlist.Address[i], replaceWith)
   end
 sleep(50)
 foundlist.destroy()
 sleep(50)
 memscan.destroy()
end

function lets_do_it()
  findDoubleValueAndReplace(10.00, 1500)
end


---- Make Form and stuffs

f = createForm(true)
f.Width = 200
f.Height = 200
f.BorderStyle = 'Single'
f.Position ='poScreenCenter'
f.Caption = 'My Trainer'

l1 = createLabel(f)
l1.left = 10
l1.top = 10
l1.font.size = 14
l1.font.name = 'Arial'
l1.font.style = 'fsBold'
l1.font.color = '0x327C5F'  --- Green
l1.caption = 'Game Name'

l2 = createLabel(f)
l2.left = 10
l2.top = l1.height+ 10
l2.font.size = 10
l2.font.name = 'Arial'
l2.font.style = 'fsBold'
l2.font.color = '0x327C5F'   --- 0xEE1717 = Red, if game not open
l2.caption = 'Waiting...'

b1 = createButton(f)
b1.top = l2.top + l2.height + 25
b1.width = 100
b1.height = 30
b1.left = (f.width - b1.width) / 2
b1.caption = 'My Hack'

b2 = createButton(f)
b2.top = b1.top + b1.height + 10
b2.width = 100
b2.height = 30
b2.left = (f.width - b2.width) / 2
b2.caption = 'Exit'

b1.onClick = lets_do_it
b2.onClick = closeTrainer

_________________
Stealing Code From Stolen Code...
And Admit It.. Hmmm....Typically LOL
Back to top
View user's profile Send private message
alexisoko
How do I cheat?
Reputation: 0

Joined: 23 Jan 2018
Posts: 6

PostPosted: Tue Jan 23, 2018 7:17 am    Post subject: Reply with quote

Corroder wrote:
I am not sure the script below is post on correct forum section because this is Lua scripting, but here is a example :

Code:
function my_game_attach(timer)
 if getProcessIDFromProcessName("GameName,exe") ~= nil then    -- tested with 'notepad.exe'
  object_destroy(timer)
  openProcess("notepad.exe")
  l2.caption = 'Game process opened'
 else
  t.Destroy()
  showMessage('Game not open. Please open the game and re-open this trainer')
  closeTrainer()
 end
end

t=createTimer(nil);
timer_setInterval(t,10)
timer_onTimer(t,my_game_attach)

function closeTrainer()
 closeCE()
 return caFree
end

function findDoubleValueAndReplace(findValue, replaceWith)   --- not sure 10.00 and 1500 type are floating value
 memscan = createMemScan()
 foundlist = createFoundList(memscan)
 protectionflags = "-W*X-C"

  memscan.firstScan(soExactValue, vtDouble, rtTruncated, findValue, nil,
               "0","7fffffff",protectionflags,
               fsmAligned,"4",
               false, false, false, false)
  memscan.waitTillDone()

  foundlist.initialize()
   for i=0,foundlist.Count-1 do
    fullAccess(  getAddress(foundlist.Address[i])  , 8)
    writeDouble(  foundlist.Address[i], replaceWith)
   end
 sleep(50)
 foundlist.destroy()
 sleep(50)
 memscan.destroy()
end

function lets_do_it()
  findDoubleValueAndReplace(10.00, 1500)
end


---- Make Form and stuffs

f = createForm(true)
f.Width = 200
f.Height = 200
f.BorderStyle = 'Single'
f.Position ='poScreenCenter'
f.Caption = 'My Trainer'

l1 = createLabel(f)
l1.left = 10
l1.top = 10
l1.font.size = 14
l1.font.name = 'Arial'
l1.font.style = 'fsBold'
l1.font.color = '0x327C5F'  --- Green
l1.caption = 'Game Name'

l2 = createLabel(f)
l2.left = 10
l2.top = l1.height+ 10
l2.font.size = 10
l2.font.name = 'Arial'
l2.font.style = 'fsBold'
l2.font.color = '0x327C5F'   --- 0xEE1717 = Red, if game not open
l2.caption = 'Waiting...'

b1 = createButton(f)
b1.top = l2.top + l2.height + 25
b1.width = 100
b1.height = 30
b1.left = (f.width - b1.width) / 2
b1.caption = 'My Hack'

b2 = createButton(f)
b2.top = b1.top + b1.height + 10
b2.width = 100
b2.height = 30
b2.left = (f.width - b2.width) / 2
b2.caption = 'Exit'

b1.onClick = lets_do_it
b2.onClick = closeTrainer


Oh great thanks ! how do i use lua code in cheat engine for make the trainer ? ( Sorry i'm very new ^^ )
Back to top
View user's profile Send private message
FreeER
Grandmaster Cheater Supreme
Reputation: 53

Joined: 09 Aug 2013
Posts: 1091

PostPosted: Tue Jan 23, 2018 7:18 am    Post subject: This post has 1 review(s) Reply with quote

sure see above (though it scans doubles not floats and I've no idea why it's scanning non-writable memory (generally code) with -W instead of writable with +W), but why not just tell people to do that?

It's really not that hard to do manually, it's much easier to say "change all float 10 to 1500" (perhaps with a few screenshots or a 30 second video) than to create a trainer, and people get to learn something which might motivate them to learning a lot more on their own... I could understand if you wanted it to be just a part of several other things (or just for your own learning) but if that's literally all you want...


Last edited by FreeER on Tue Jan 23, 2018 7:47 am; edited 1 time in total
Back to top
View user's profile Send private message
alexisoko
How do I cheat?
Reputation: 0

Joined: 23 Jan 2018
Posts: 6

PostPosted: Tue Jan 23, 2018 7:36 am    Post subject: Reply with quote

FreeER wrote:
sure see above (though it scans doubles not floats and I've no idea why it's scanning non-writable memory (generally code) with -W instead of writable with +W), but why not just tell people to do that?

It's really not that hard to do manually, it's much easier to say "change all float 10 to 1500" (perhaps with a few screenshots or a 30 second video) than to create a trainer, and people get to learn something which might motivate them to learning a lot more on their own... I could understand if you wanted it to be just a part of several other things but if that's literally all it's doing...


Well i'm already doing it bye changing all value but i want to share it with ly friend that don't know how to use Cheat engine ^^
Thats why i wanted to make a simple trainer that as just one button ^^
Back to top
View user's profile Send private message
FreeER
Grandmaster Cheater Supreme
Reputation: 53

Joined: 09 Aug 2013
Posts: 1091

PostPosted: Tue Jan 23, 2018 7:50 am    Post subject: Reply with quote

Sure, but wouldn't it be better to teach your friend a 30 second thing rather than baby them with one click magic? I've gone that route with people before and generally they end up thinking you can do literally anything and get annoyed when you don't because they have no idea what's actually going on.... just a suggestion, sometimes simpler for the user is not actually better for anyone Smile
Back to top
View user's profile Send private message
Corroder
Grandmaster Cheater Supreme
Reputation: 75

Joined: 10 Apr 2015
Posts: 1667

PostPosted: Tue Jan 23, 2018 8:07 am    Post subject: Reply with quote

FreeER wrote:
sure see above (though it scans doubles not floats and I've no idea why it's scanning non-writable memory (generally code) with -W instead of writable with +W), but why not just tell people to do that?
...


Sure, that iis why I add comment on my script "--- not sure 10.00 and 1500 type are floating value.." and I think no function "search" for float value, but common use "findValue(float)" to find float value memory region.
I believe it's more easier using AA code to do it. And just because I am weak with AA code then I hope someone should provide a better function to do find and replace float value in "function findDoubleValueAndReplace(findValue, replaceWith)" and could change the function name to "function findFloatValueAndReplace(findValue, replaceWith)"...


@alexisoko :
Quote:
Oh great thanks ! how do i use lua code in cheat engine for make the trainer ? ( Sorry i'm very new ^^ )


in CE menu > Table > Show Cheat Table Lua Script

and write your code there (example : you can copy my code above and paste there, and next click execute)
last, if everything fine then you can save your code as a CT file or CETRAINER.

_________________
Stealing Code From Stolen Code...
And Admit It.. Hmmm....Typically LOL
Back to top
View user's profile Send private message
alexisoko
How do I cheat?
Reputation: 0

Joined: 23 Jan 2018
Posts: 6

PostPosted: Tue Jan 23, 2018 8:24 am    Post subject: Reply with quote

Corroder wrote:
FreeER wrote:
sure see above (though it scans doubles not floats and I've no idea why it's scanning non-writable memory (generally code) with -W instead of writable with +W), but why not just tell people to do that?
...


Sure, that iis why I add comment on my script "--- not sure 10.00 and 1500 type are floating value.." and I think no function "search" for float value, but common use "findValue(float)" to find float value memory region.
I believe it's more easier using AA code to do it. And just because I am weak with AA code then I hope someone should provide a better function to do find and replace float value in "function findDoubleValueAndReplace(findValue, replaceWith)" and could change the function name to "function findFloatValueAndReplace(findValue, replaceWith)"...


@alexisoko :
Quote:
Oh great thanks ! how do i use lua code in cheat engine for make the trainer ? ( Sorry i'm very new ^^ )


in CE menu > Table > Show Cheat Table Lua Script

and write your code there (example : you can copy my code above and paste there, and next click execute)
last, if everything fine then you can save your code as a CT file or CETRAINER.


Okay thanks, also the app is not like a .exe its an app from the Windows Stpre and for select it in CE we have to selecte WindowsEntryPoint or something like that, how i do that because you'r code selecte a .exe app
Back to top
View user's profile Send private message
Corroder
Grandmaster Cheater Supreme
Reputation: 75

Joined: 10 Apr 2015
Posts: 1667

PostPosted: Tue Jan 23, 2018 8:46 am    Post subject: Reply with quote

alexisoko wrote:

Okay thanks, also the app is not like a .exe its an app from the Windows Stpre and for select it in CE we have to selecte WindowsEntryPoint or something like that, how i do that because you'r code selecte a .exe app


find that WindowsEntryPoint name. When you open it using CE, note the name of WindowsEntryPoint you attach to CE and try put the name to your script. Usually the entry point name is WinMain (on win 32 bit).

In C++ to retrieves the name of the executable file for the specified process with GetProcessImageFileName function, should be :

Code:
DWORD WINAPI GetProcessImageFileName(
  _In_  HANDLE hProcess,
  _Out_ LPTSTR lpImageFileName,
  _In_  DWORD  nSize
);


I don't know how to do that using Lua or CE.

_________________
Stealing Code From Stolen Code...
And Admit It.. Hmmm....Typically LOL
Back to top
View user's profile Send private message
alexisoko
How do I cheat?
Reputation: 0

Joined: 23 Jan 2018
Posts: 6

PostPosted: Tue Jan 23, 2018 9:09 am    Post subject: Reply with quote

Corroder wrote:
alexisoko wrote:

Okay thanks, also the app is not like a .exe its an app from the Windows Stpre and for select it in CE we have to selecte WindowsEntryPoint or something like that, how i do that because you'r code selecte a .exe app


find that WindowsEntryPoint name. When you open it using CE, note the name of WindowsEntryPoint you attach to CE and try put the name to your script. Usually the entry point name is WinMain (on win 32 bit).

In C++ to retrieves the name of the executable file for the specified process with GetProcessImageFileName function, should be :

Code:
DWORD WINAPI GetProcessImageFileName(
  _In_  HANDLE hProcess,
  _Out_ LPTSTR lpImageFileName,
  _In_  DWORD  nSize
);


I don't know how to do that using Lua or CE.


okay okay i will try
Back to top
View user's profile Send private message
FreeER
Grandmaster Cheater Supreme
Reputation: 53

Joined: 09 Aug 2013
Posts: 1091

PostPosted: Tue Jan 23, 2018 9:41 am    Post subject: Reply with quote

Quote:
not sure 10.00 and 1500 type are floating value
Of course 10 and 1500 can be floats, float and double are the same exact standard, the only difference is that floats are 32 bits rather than 64 (2x aka double) so support fewer decimal points of accuracy/precision than a double but those values are no where close to the limits....

Quote:
I think no function "search" for float
You can search for floats in exactly the same way as doubles simply by using vtSingle (aka single precision rather than double precision) instead of vtDouble. Anything the CE gui can search for memscan can search for, you just have to look at what the actual options are in celua.txt (or perhaps the wiki, TheyCallMeTim13 has been updating it)

Quote:
I believe it's more easier using AA code to do
There's no way to do it in AA code at all unless you write a memory scanner yourself, in assembly (or load a library and call or write lua code but at that point it's not really AA code). The closest thing you have is aobscan but that'd only find a single result.


Quote:
I hope someone should provide a better function

Code:
--[[
  Generic function to write a value to unknown variable type
  address - address to write to
  value   - value to write
  vt      - value type as vt* define (vtDword, vtSingle, etc.)
]]
function writeValue(address, value, vt)
  -- handle not having required arguments
  if not address or not value or not vt then return nil end
  local types = {
    [vtByte] = writeBytes,
    -- *smallInteger added in CE 6.7
    [vtWord] = writeSmallInteger or function(address, value) writeBytes(address, wordToByteTable(value)) end,
    [vtDword] = writeInteger,
    [vtQword] = writeQword,
    [vtSingle] = writeFloat,
    [vtDouble] = writeDouble,
    -- unsupported, require custom functions for one reason or another
    --[vtString]
    --[vtByteArray]
    --[vtGrouped],
    --[vtBinary],
  }
  local sizes = {
    [vtByte] = 1,
    [vtWord] = 2,
    [vtDword] = 4,
    [vtQword] = 8,
    [vtSingle] = 4,
    [vtDouble] = 8
  }
  local writeFunction = types[vt];
  if not writeFunction then return nil end
  local res = writeFunction(address, value)
  if res then return res end
  --[[
    if failed try making it writable and try again, unfortunately fullAccess will also make it executable as well...
    which can require the protectionflags to change to find it a second time... but to only make it writable
    would require creating a way to call VirtualProtect from lua, not particularly hard but.... maybe a little
    beyond the scope of this example, basically you'd use autoAssemble to setup a function which would take
    a pointer to the arguments in memory and call VirtualProect properly (of course, you'd need one for x86 and one for x64)
    and then have a lua function that would take the arguments, write them to some memory and use executeCode to
    call the assembled VirtualProect wrapper function with the address of that memory
  ]]
  fullAccess(address, sizes[vt])
  return writeFunction(address, value)
end


--[[
  function to scan for a value and replace all found instances of it
  findValue    - the value to find
  replaceValue - the value to replace the findValue with
  [findType]   - the value type of the value to find and write, defaults to 4 bytes / vtDword
  [protectionflags] - string to describe the type of memory to scan, options are
    W - writable, X - executable, C - copy on write, prefixed with
    + for required, - for not allowed, or * for ignored (same as not providing one)
    defaults to writable, non-executable, non-copy-on-write = "+W-X-C"
  [rounding] - rounding type, one of (in order of least values matched to most):
    rtRounded, rtExtremerounded, rtTruncated
    default: rtRounded
]]
function findValueAndReplace(findValue, replaceValue, findType, protectionflags, rounding)
  -- handle not having required arguments
  if not findValue or not replaceValue then return nil end
  -- default values
  findType = findType or vtDword
  protectionflags = protectionflags or "+W-X-C"
  rounding = rounding or rtRounded -- rtRounded is the most restrictive.

  -- do scan
  memscan = createMemScan()
  memscan.firstScan(soExactValue, findType, rounding, findValue, nil,
               "0", "7fffffffffffffff", protectionflags,
               fsmAligned,"4", false, false, false, false)
  memscan.OnScanDone = function(memscan)
    print('scan done')
    foundlist = createFoundList(memscan)
    foundlist.initialize()
    print(foundlist.Count)
    for i=0,foundlist.Count-1 do
      print('writing to', foundlist.Address[i])
      writeValue(foundlist.Address[i], replaceValue, findType)
    end
    sleep(50) -- not certain these are necessary but
    foundlist.deinitialize()
    foundlist.destroy()
    sleep(50) -- not certain these are necessary but
    memscan.destroy()
  end
  memscan.waitTillDone()
end





edit:
Quote:
In C++ to retrieves the name of the executable file for the specified process with GetProcessImageFileName function
CE sets the process variable to the name of the exectuable you attach to, though it also lets you get a table of all processes:
Code:
getProcesslist(): Returns a table with the processlist  (pid - name )


so you could also use getProcesslist()[getOpenedProcessID()] (those do not include any path however, just the actual name and extension)
Back to top
View user's profile Send private message
alexisoko
How do I cheat?
Reputation: 0

Joined: 23 Jan 2018
Posts: 6

PostPosted: Tue Jan 23, 2018 10:31 am    Post subject: Reply with quote

FreeER wrote:
Quote:
not sure 10.00 and 1500 type are floating value
Of course 10 and 1500 can be floats, float and double are the same exact standard, the only difference is that floats are 32 bits rather than 64 (2x aka double) so support fewer decimal points of accuracy/precision than a double but those values are no where close to the limits....

Quote:
I think no function "search" for float
You can search for floats in exactly the same way as doubles simply by using vtSingle (aka single precision rather than double precision) instead of vtDouble. Anything the CE gui can search for memscan can search for, you just have to look at what the actual options are in celua.txt (or perhaps the wiki, TheyCallMeTim13 has been updating it)

Quote:
I believe it's more easier using AA code to do
There's no way to do it in AA code at all unless you write a memory scanner yourself, in assembly (or load a library and call or write lua code but at that point it's not really AA code). The closest thing you have is aobscan but that'd only find a single result.


Quote:
I hope someone should provide a better function

Code:
--[[
  Generic function to write a value to unknown variable type
  address - address to write to
  value   - value to write
  vt      - value type as vt* define (vtDword, vtSingle, etc.)
]]
function writeValue(address, value, vt)
  -- handle not having required arguments
  if not address or not value or not vt then return nil end
  local types = {
    [vtByte] = writeBytes,
    -- *smallInteger added in CE 6.7
    [vtWord] = writeSmallInteger or function(address, value) writeBytes(address, wordToByteTable(value)) end,
    [vtDword] = writeInteger,
    [vtQword] = writeQword,
    [vtSingle] = writeFloat,
    [vtDouble] = writeDouble,
    -- unsupported, require custom functions for one reason or another
    --[vtString]
    --[vtByteArray]
    --[vtGrouped],
    --[vtBinary],
  }
  local sizes = {
    [vtByte] = 1,
    [vtWord] = 2,
    [vtDword] = 4,
    [vtQword] = 8,
    [vtSingle] = 4,
    [vtDouble] = 8
  }
  local writeFunction = types[vt];
  if not writeFunction then return nil end
  local res = writeFunction(address, value)
  if res then return res end
  --[[
    if failed try making it writable and try again, unfortunately fullAccess will also make it executable as well...
    which can require the protectionflags to change to find it a second time... but to only make it writable
    would require creating a way to call VirtualProtect from lua, not particularly hard but.... maybe a little
    beyond the scope of this example, basically you'd use autoAssemble to setup a function which would take
    a pointer to the arguments in memory and call VirtualProect properly (of course, you'd need one for x86 and one for x64)
    and then have a lua function that would take the arguments, write them to some memory and use executeCode to
    call the assembled VirtualProect wrapper function with the address of that memory
  ]]
  fullAccess(address, sizes[vt])
  return writeFunction(address, value)
end


--[[
  function to scan for a value and replace all found instances of it
  findValue    - the value to find
  replaceValue - the value to replace the findValue with
  [findType]   - the value type of the value to find and write, defaults to 4 bytes / vtDword
  [protectionflags] - string to describe the type of memory to scan, options are
    W - writable, X - executable, C - copy on write, prefixed with
    + for required, - for not allowed, or * for ignored (same as not providing one)
    defaults to writable, non-executable, non-copy-on-write = "+W-X-C"
  [rounding] - rounding type, one of (in order of least values matched to most):
    rtRounded, rtExtremerounded, rtTruncated
    default: rtRounded
]]
function findValueAndReplace(findValue, replaceValue, findType, protectionflags, rounding)
  -- handle not having required arguments
  if not findValue or not replaceValue then return nil end
  -- default values
  findType = findType or vtDword
  protectionflags = protectionflags or "+W-X-C"
  rounding = rounding or rtRounded -- rtRounded is the most restrictive.

  -- do scan
  memscan = createMemScan()
  memscan.firstScan(soExactValue, findType, rounding, findValue, nil,
               "0", "7fffffffffffffff", protectionflags,
               fsmAligned,"4", false, false, false, false)
  memscan.OnScanDone = function(memscan)
    print('scan done')
    foundlist = createFoundList(memscan)
    foundlist.initialize()
    print(foundlist.Count)
    for i=0,foundlist.Count-1 do
      print('writing to', foundlist.Address[i])
      writeValue(foundlist.Address[i], replaceValue, findType)
    end
    sleep(50) -- not certain these are necessary but
    foundlist.deinitialize()
    foundlist.destroy()
    sleep(50) -- not certain these are necessary but
    memscan.destroy()
  end
  memscan.waitTillDone()
end





edit:
Quote:
In C++ to retrieves the name of the executable file for the specified process with GetProcessImageFileName function
CE sets the process variable to the name of the exectuable you attach to, though it also lets you get a table of all processes:
Code:
getProcesslist(): Returns a table with the processlist  (pid - name )


so you could also use getProcesslist()[getOpenedProcessID()] (those do not include any path however, just the actual name and extension)


Well .. i thinks thanks but i don'tunderstand everything ( french ) can you do the full code so i can understand better ? Ty anyway for helping me
Back to top
View user's profile Send private message
TheyCallMeTim13
Wiki Contributor
Reputation: 50

Joined: 24 Feb 2017
Posts: 976
Location: Pluto

PostPosted: Tue Jan 23, 2018 4:46 pm    Post subject: Reply with quote

This is what I use to pull the file version for games, and here you can see how to get the path, but it only works with module based processes.
Code:

function getGameVersion()
   local modules = enumModules()
   if modules == nil or modules[1] == nil then return end
   return getFileVersion(modules[1].PathToFile)
end

_________________
Back to top
View user's profile Send private message Visit poster's website
Corroder
Grandmaster Cheater Supreme
Reputation: 75

Joined: 10 Apr 2015
Posts: 1667

PostPosted: Tue Jan 23, 2018 6:55 pm    Post subject: Reply with quote

FreeER wrote:
Quote:
not sure 10.00 and 1500 type are floating value
Of course 10 and 1500 can be floats, float and double are the same exact standard, the only difference is that floats are 32 bits rather than 64 (2x aka double) so support fewer decimal points of accuracy/precision than a double but those values are no where close to the limits....

Quote:
I think no function "search" for float
You can search for floats in exactly the same way as doubles simply by using vtSingle (aka single precision rather than double precision) instead of vtDouble. Anything the CE gui can search for memscan can search for, you just have to look at what the actual options are in celua.txt (or perhaps the wiki, TheyCallMeTim13 has been updating it)

Quote:
I believe it's more easier using AA code to do
There's no way to do it in AA code at all unless you write a memory scanner yourself, in assembly (or load a library and call or write lua code but at that point it's not really AA code). The closest thing you have is aobscan but that'd only find a single result.


Quote:
I hope someone should provide a better function

Code:
--[[
  Generic function to write a value to unknown variable type
  address - address to write to
  value   - value to write
  vt      - value type as vt* define (vtDword, vtSingle, etc.)
]]
function writeValue(address, value, vt)
  -- handle not having required arguments
  if not address or not value or not vt then return nil end
  local types = {
    [vtByte] = writeBytes,
    -- *smallInteger added in CE 6.7
    [vtWord] = writeSmallInteger or function(address, value) writeBytes(address, wordToByteTable(value)) end,
    [vtDword] = writeInteger,
    [vtQword] = writeQword,
    [vtSingle] = writeFloat,
    [vtDouble] = writeDouble,
    -- unsupported, require custom functions for one reason or another
    --[vtString]
    --[vtByteArray]
    --[vtGrouped],
    --[vtBinary],
  }
  local sizes = {
    [vtByte] = 1,
    [vtWord] = 2,
    [vtDword] = 4,
    [vtQword] = 8,
    [vtSingle] = 4,
    [vtDouble] = 8
  }
  local writeFunction = types[vt];
  if not writeFunction then return nil end
  local res = writeFunction(address, value)
  if res then return res end
  --[[
    if failed try making it writable and try again, unfortunately fullAccess will also make it executable as well...
    which can require the protectionflags to change to find it a second time... but to only make it writable
    would require creating a way to call VirtualProtect from lua, not particularly hard but.... maybe a little
    beyond the scope of this example, basically you'd use autoAssemble to setup a function which would take
    a pointer to the arguments in memory and call VirtualProect properly (of course, you'd need one for x86 and one for x64)
    and then have a lua function that would take the arguments, write them to some memory and use executeCode to
    call the assembled VirtualProect wrapper function with the address of that memory
  ]]
  fullAccess(address, sizes[vt])
  return writeFunction(address, value)
end


--[[
  function to scan for a value and replace all found instances of it
  findValue    - the value to find
  replaceValue - the value to replace the findValue with
  [findType]   - the value type of the value to find and write, defaults to 4 bytes / vtDword
  [protectionflags] - string to describe the type of memory to scan, options are
    W - writable, X - executable, C - copy on write, prefixed with
    + for required, - for not allowed, or * for ignored (same as not providing one)
    defaults to writable, non-executable, non-copy-on-write = "+W-X-C"
  [rounding] - rounding type, one of (in order of least values matched to most):
    rtRounded, rtExtremerounded, rtTruncated
    default: rtRounded
]]
function findValueAndReplace(findValue, replaceValue, findType, protectionflags, rounding)
  -- handle not having required arguments
  if not findValue or not replaceValue then return nil end
  -- default values
  findType = findType or vtDword
  protectionflags = protectionflags or "+W-X-C"
  rounding = rounding or rtRounded -- rtRounded is the most restrictive.

  -- do scan
  memscan = createMemScan()
  memscan.firstScan(soExactValue, findType, rounding, findValue, nil,
               "0", "7fffffffffffffff", protectionflags,
               fsmAligned,"4", false, false, false, false)
  memscan.OnScanDone = function(memscan)
    print('scan done')
    foundlist = createFoundList(memscan)
    foundlist.initialize()
    print(foundlist.Count)
    for i=0,foundlist.Count-1 do
      print('writing to', foundlist.Address[i])
      writeValue(foundlist.Address[i], replaceValue, findType)
    end
    sleep(50) -- not certain these are necessary but
    foundlist.deinitialize()
    foundlist.destroy()
    sleep(50) -- not certain these are necessary but
    memscan.destroy()
  end
  memscan.waitTillDone()
end





edit:
Quote:
In C++ to retrieves the name of the executable file for the specified process with GetProcessImageFileName function
CE sets the process variable to the name of the exectuable you attach to, though it also lets you get a table of all processes:
Code:
getProcesslist(): Returns a table with the processlist  (pid - name )


so you could also use getProcesslist()[getOpenedProcessID()] (those do not include any path however, just the actual name and extension)


Thank for depth explains mainly for general function "findValueAndReplace". Sp, now everyone can learn and understand these kind.

_________________
Stealing Code From Stolen Code...
And Admit It.. Hmmm....Typically LOL
Back to top
View user's profile Send private message
FreeER
Grandmaster Cheater Supreme
Reputation: 53

Joined: 09 Aug 2013
Posts: 1091

PostPosted: Tue Jan 23, 2018 9:05 pm    Post subject: Reply with quote

No problem Corroder hope you find it useful!

Though I wish people (not you specifically but it's happened several times in this topic already and it happens everywhere quite frequently) would stop quoting a huge post to make a tiny reply lmao. Yeah, I know that's just what CEF does by default but it makes reading through a topic later quite annoying (or just scrolling down to the bottom of a reply to see what the new information is) Very Happy
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites