 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
AylinCE
Grandmaster Cheater Supreme
 Reputation: 37
Joined: 16 Feb 2017
Posts: 1532
|
 Posted: Tue Nov 20, 2018 5:55 am Post subject: How is the subframe process ID assigned? |
 |
|
Some games do not broadcast from the Flash player process.
So much so; In his own process of name, he is not broadcasting.
It uses a subframe and
The browser has a broadcast process that can be seen from the "Task Manager".
Below are a few examples and a visual:
Bottom frame: https:// akamaihd. net/
Bottom frame: https:// king. com/
Bottom frame: https:// playwar. io/
I take codes from within these processes.
But it takes time to mark the right process on the trainer.
Can we do shorter and point shoot selection coding?
Note: These processes are also in Trainer and CE
From the bottom of the Process List 2-3. happening during.
So when chrome.exe is selected, it detects the first one in the list,
but the correct process, 2nd or 3rd chrome.exe!
thanks in advance for your vast ideas
| Description: |
|
| Filesize: |
389.92 KB |
| Viewed: |
6387 Time(s) |
|
_________________
|
|
| Back to top |
|
 |
ParkourPenguin
I post too much
 Reputation: 152
Joined: 06 Jul 2014
Posts: 4711
|
| Posted: Tue Nov 20, 2018 9:20 am Post subject: |
|
|
Look through processes for flash player dlls (e.g. CreateToolhelp32Snapshot) and use Lua to attach to those.
Seems like Lua can do all of this w/ getProcesslist and enumModules, so it shouldn't be too hard.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
AylinCE
Grandmaster Cheater Supreme
Reputation: 37
Joined: 16 Feb 2017
Posts: 1532
|
| Posted: Tue Nov 20, 2018 12:31 pm Post subject: |
|
|
| ParkourPenguin wrote: | Look through processes for flash player dlls (e.g. CreateToolhelp32Snapshot) and use Lua to attach to those.
Seems like Lua can do all of this w/ getProcesslist and enumModules, so it shouldn't be too hard. |
Thanks. I researched and;
I usually had C # or C ++ coding examples.
(Or the subject of the title, I perceive it)
I'm not a master of CE Trainer yet.
There is an example below.
To use this in the trainer
my editing skills will remain weak.
a more aid, can I get?
Again thanks..
Code:
| Code: | Written: Cardinal;
PidHandle: integer;
PidID: integer;
ContinueLoop: BOOL;
FSnapshotHandle: THandle;
FProcessEntry32: TProcessEntry32;
Temp: Integer;
ProcessId: DWORD;
HandleWindow: THandle;
ThreadID: Cardinal; |
Use this function for get the process id.
Code:
| Code: | Function GetProcessID(Const ExeFileName: string; var ProcessId: integer;Const ProcessNo :Integer = 1): boolean;
begin
result := false;
temp:=1;
FSnapshotHandle := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
FProcessEntry32.dwSize := Sizeof(FProcessEntry32);
ContinueLoop := Process32First(FSnapshotHandle, FProcessEntry32);
while integer(ContinueLoop) <> 0 do
begin
if (StrIComp(PChar(ExtractFileName(FProcessEntry32.szExeFile)), PChar(ExeFileName)) = 0)
or (StrIComp(FProcessEntry32.szExeFile, PChar(ExeFileName)) = 0) then
begin
If Temp = ProcessNo then
begin
ProcessId:= FProcessEntry32.th32ProcessID;
result := true;
break;
end else inc(Temp);
end;
ContinueLoop := Process32Next(FSnapshotHandle, FProcessEntry32);
end;
CloseHandle(FSnapshotHandle);
end; |
And use this for write the process memory.
Code:
| Code: | Function WriteByte(Address: Cardinal; ChangeValues: Byte) : boolean;
Begin
Result := false;
if GetProcessID('ProcessGame.extension', PidID, 1) = true then
Begin
PidHandle:= OpenProcess(PROCESS_ALL_ACCESS,False,PidId);
Result := WriteProcessMemory(PidHandle, Pointer(Address), @ChangeValues, SizeOf(ChangeValues), Written);
Closehandle(PidHandle);
End;
End; |
Finally... test it:
Code:
| Code: | procedure TForm1.Button4Click(Sender: TObject);
begin
if WriteByte($00487340,$90) = false then
ShowMessage('WriteMemory Failed :(')
else
ShowMessage('WriteMemory sucess! :D');
end; |
_________________
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 152
Joined: 06 Jul 2014
Posts: 4711
|
| Posted: Tue Nov 20, 2018 1:22 pm Post subject: |
|
|
Example Lua code:
| Code: | local flashPIDs = {}
for pid, name in pairs(getProcesslist()) do
if name == 'chrome.exe' then
local flash_found = false
for _,t in ipairs(enumModules(pid)) do
if t.Name == 'pepflashplayer.dll' then
flash_found = true
break
end
end
if flash_found then
flashPIDs[#flashPIDs+1] = pid
end
end
end
for _,v in ipairs(flashPIDs) do
print(v)
end
|
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
AylinCE
Grandmaster Cheater Supreme
Reputation: 37
Joined: 16 Feb 2017
Posts: 1532
|
| Posted: Tue Nov 20, 2018 4:10 pm Post subject: |
|
|
| ParkourPenguin wrote: | | Example Lua code: |
Please, if possible in the following code:
'Subframe' or '.io', '.net', '.com'
How can I show descriptions like?
These are the windows that appear when the Flash player is not present.
Maybe 'webGL' or 'Hotmal5' are broadcasts!
In the following code, in the window that the button opens,
In the middle there is '<...>', it can be reflected here.
Is this possible?
ie 'to reflect the lower window?
| Code: | local form = createForm(true);
form.width = 320;
form.height = 150;
form.position = poScreenCenter
local button = createButton(form)
control_setCaption(button, [[BrowserList]])
control_setPosition(button, 97,15)
button.width = 116
button.height = 36
--button.OnClick = buttonClickFirstClick
local label = createLabel(form)
control_setPosition(label, 32,70)
label.width = 264
label.height = 27
label.alignment = taCenter
function pidDialog(doPid,autoSelectFirst,pn,dn)
autoSelectFirst = autoSelectFirst or false
local plugname = type(pn)=='table' and pn or {"iexplore","flashplayerplugin","plugin-container","opera","chrome","awesomium_process","torch","dragon","maxthon","palemoon","safari" }
local dllname = type(dn)=='table' and dn or {"flash","unity" }
-- local taskname = type(tn)=='table' and tn or {".com",".io",".net" }
if type(pn)=='string' then table.insert(plugname,pn) end
if type(dn)=='string' then table.insert(dllname,dn) end
-- if type(tn)=='string' then table.insert(taskname,tn) end
local indexOf = function(s,m) for i=1,#m do if string.find(string.lower(s),string.lower(m[i]),1,true) then return i end end end -- cave insensitive find
local function tmerge(t,o,...) for k,v in pairs(o) do t[k]=v end if select('#',...)>0 then return tmerge(t,...) else return t end end
local function callLater(f,...)
local a,n = {...},select('#',...)
local t = tmerge(createTimer(),{Interval=1,Enabled=true,OnTimer=function(sender) sender.Enabled=false sender.Destroy() f(unpack(a,1,n)) end})
return t
end
local function parseProc(i,s)
local dll=' ... '
for pid,name in string.gmatch(s,'([0-9A-F]+)-(.*)') do
local weight,pid = 0,tonumber(pid,16)
for _,v in ipairs(plugname) do
if indexOf(name,plugname) then
weight = weight + 1
local m = enumModules(pid)
for i=1,#m do
local ix = indexOf(m[i].Name,dllname)
if ix then
weight = weight + 1
dll = dllname[ix]
break
end
end
break
end
end
return {pid=pid,desc=string.format('%5d %04X <%5s> %s',pid,pid,string.sub(dll.." ",1,5):upper(),name),name=name,w=weight+i/2048,dll=dll}
end
end
local FP = createForm(false)
tmerge(FP,{FormStyle='fsStayOnTop',AutoSize=true,BorderWidth=4,Color=0x00ffff,Position='poScreenCenter',BorderStyle='bsToolWindow',Caption='Double Click to Select'})
local LB = createListBox(FP)
tmerge(LB,{MultiSelect=false,AutoSize=true,Color=0xfff00f})
local cs = LB.Constraints
tmerge(cs,{MinHeight=80,MinWidth=320})
local fn = LB.Font
tmerge(fn,{Color=0x030303,Name='Courier New',Height=-12,Style='[bsBold]'})
LB.OnDblClick = function()
local idx,PID,NAME = LB.ItemIndex,nil,''
if idx >= 0 then
DESC = LB.Items[idx]
for pid,pID,task,name in string.gmatch(DESC,"([0-9]+) ([0-9A-F]+) <.*> (.*)") do
PID = tonumber(pid,10)
NAME = name
end
end
if PID ~= nil then callLater(doPid,PID,NAME,DESC) end
FP.close()
end -- LB.OnDblClick
FP.OnClose = function() FP.destroy(); FP = nil end
getProcesslist(LB.Items)
local plist = {}
for i=1,LB.Items.getCount() do
table.insert(plist,parseProc(i,LB.Items[i-1]))
end
table.sort(plist,function(a,b) return a.w > b.w end)
local currProcId = getOpenedProcessID()
for i=1,LB.Items.getCount() do
LB.Items.setString(i-1,plist[i].desc)
if plist[i].pid == currProcId then LB.setItemIndex(i-1) end
if i==1 and autoSelectFirst == true or type(autoSelectFirst)=='string' and indexOf(plist[i].dll,{autoSelectFirst}) ~=nil then
LB.setItemIndex(i-1) LB.OnDblClick() return
end
end
FP.show()
end
button.OnClick = function()
pidDialog(function(pid,name)
openProcess(pid)
label.Caption = (string.format('%s %04X-%s %s',"PID:",pid,name,'ON!'))
end,'.io') -- flash
end |
_________________
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 152
Joined: 06 Jul 2014
Posts: 4711
|
| Posted: Tue Nov 20, 2018 4:59 pm Post subject: |
|
|
If you're asking to show descriptions like the chrome task manager, you'd have to figure out how chrome manages those descriptions.
Why not just automatically detect and attach to the correct process?
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
AylinCE
Grandmaster Cheater Supreme
Reputation: 37
Joined: 16 Feb 2017
Posts: 1532
|
| Posted: Tue Nov 20, 2018 7:03 pm Post subject: |
|
|
| ParkourPenguin wrote: | | Why not just automatically detect and attach to the correct process? |
The correct process is a 'Subframe' and
automatic search finds the first and main window.
To understand the correct process, you need to open the 'Task Manager' and look at it.
This is the 2nd or 3rd place in the CE Process List.
And we can do all these operations,
but the user does not enter into this trouble.
Maybe you can do AutoAttact with direct Url?
If you can find .exe, .dll, how can we find .com or .io?
still crazy questions in my mind! 
I've researched Chrome and Github, but the results are over me.
Thanks for your time
_________________
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 152
Joined: 06 Jul 2014
Posts: 4711
|
| Posted: Tue Nov 20, 2018 9:59 pm Post subject: |
|
|
Are you not trying to target a flash game? If you are, I already gave you a solution. The code I wrote will find the correct process to target.
| Aylin wrote: | Maybe you can do AutoAttact with direct Url?
If you can find .exe, .dll, how can we find .com or .io? |
Yes, it's possible to tell which url a process has open, if any. However, you shouldn't try this. Whatever method you use will probably break with any update to the browser, and looking at which processes have a flash player dll loaded should be better in just about every regard.
Also, modules (i.e. exe and dll files) are completely different from URLs, in case you were implying the contrary.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
atom0s
Moderator
 Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
| Posted: Wed Nov 21, 2018 2:14 pm Post subject: |
|
|
You can disable the multiple-process setup of Chrome by disabling the sandbox feature forcing everything into a single process to make things easier as well. Launch Chrome with the argument: --no-sandbox
_________________
- Retired. |
|
| Back to top |
|
|
AylinCE
Grandmaster Cheater Supreme
Reputation: 37
Joined: 16 Feb 2017
Posts: 1532
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
