 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
mg_01
Cheater
![]() Reputation: 0
Joined: 28 Jan 2018
Posts: 41
|
 Posted: Sat Jul 25, 2020 11:55 pm Post subject: Running Multiple Loops in one Lua Instance? |
 |
|
I wanted to run a while-loop, have it finish, then run another one right after it.
Right now, the 2nd loops begins where the first one began, not where it finished:
https://pastebin.com/rU0NJ7AG
I want to run Script 2 right after, and where Script 1 leaves off. Right now, Script 1 runs, then resets position -- and then Script 2 runs twice. I tried adding lines 95-97 to make sure the current values are the last values from Script1, but Script 2 just resets everything.
I get the feeling that the Lua thread is not clearing out the initial values it started with from the execution of Script1. I tried using resetLuaState, but it didn't work.
Also, sorry for adding to the topic, I didn't want to make a whole new one -- but is there a way to access "What writes to this address" through Lua? I have a pointer that always gets accessed by 1 address that I NOP out.
I've tried using AOB scans for those opcode bytes, but they are never consistent enough. I would like to always write 0x90 0x90 to the first opcode that accesses my pointer.
Edit: the fix to my initial problem was duplicating these: | Code: | --Read current values
fovCurr = readFloat(fovPointer) -- readFloat for FOV
xPosCurr = readFloat(xPosPointer) -- readFloat for X_POS
xRotCurr = readFloat(xRotPointer) -- readFloat for X_ROT
yPosCurr = readFloat(yPosPointer) -- readFloat for Y_POS
yRotCurr = readFloat(yRotPointer) -- readFloat for Y_ROT
zNOPCurr = readFloat(zNOPPointer) -- readFloat for Z_NOP
zSptCurr = readFloat(zSptPointer) -- readFloat for Z_Spt
--zPOSCurr = readFloat(zPosPointer) -- readFloat for Z_POS |
so that the second iteration of the script had its own values to cleanly reference on initiation. |
|
| Back to top |
|
 |
ParkourPenguin
I post too much
 Reputation: 152
Joined: 06 Jul 2014
Posts: 4719
|
| Posted: Sun Jul 26, 2020 11:02 am Post subject: |
|
|
2nd part - something like this:
https://forum.cheatengine.org/viewtopic.php?p=5732011#5732011
Read the bytes and make sure it's the instruction you meant to overwrite, and remove the breakpoint after it's been written.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
mg_01
Cheater
![]() Reputation: 0
Joined: 28 Jan 2018
Posts: 41
|
| Posted: Sun Jul 26, 2020 2:27 pm Post subject: |
|
|
Oh, thanks. Sorry, but it's too complicated for me -- I'm trying to figure out how to approach it:
| Code: | function nopAndWrite(address, value, size)
if not size then size = 4 end
debug_setBreakpoint(address, size, bptWrite, bpmDebugRegister, function()
local ip = getPreviousOpcode(targetIs64Bit() and RIP or EIP)
local t = {}
for i = 1, getInstructionSize(ip) do
t[i] = 0x90
end
writeBytes(ip, t)
writeInteger(address, value)
debug_continueFromBreakpoint(co_run)
return 0
end)
writeInteger(address, value)
end |
Like for my case, I know:
*If I press F6 on the pointer, and go to "Find what writes the address pointed at by this pointer". I get 1 result per-pointer (i have 3 in total)
*my original bytes are always 0x89, 0x11
*Because of save states, the address that writes is different every frame, so I have to find the new one every time unless I'm constantly reloading from one save state.
Would I need something like:
| Code: |
yPosPointer = ("[pcsx2.exe+026983F4]+F50")
yRotPointer = ("[pcsx2.exe+026983F4]+F98")
zNOPPointer = ("[pcsx2.exe+026983F4]+FF4")
function nopAndWrite(address, value, size)
if not size then size = 4 end
debug_setBreakpoint(yPosPointer, 4, bptWrite, bpmDebugRegister, function()
|
For each of them? Sorry, I don't know how to fill this out for what I need.
I'm currently using an AA script with AOBs that i fill in, but I need to find the AOBs every frame:
| Code: | [ENABLE]
{$lua}
myY = AOBScan("89 11 EB 14 0F B6 C0 29 C1 8B 04 85 10 66 25 03 81 E9 00 00 00 80 FF D0 F3 0F 10 15 C0 55 E4 02")
writeBytes(myY[0],0x90,0x90)
writeBytes(myY[1],0x90,0x90)
myZ = AOBScan("89 11 EB 14 0F B6 C0 29 C1 8B 04 85 10 66 25 03 81 E9 00 00 00 80 FF D0 C7 05 78 59 E4 02 BC 31 12 00")
writeBytes(myZ[0],0x90,0x90)
{$asm}
[DISABLE]
{$lua}
writeBytes(myY[0],0x89,0x11)
writeBytes(myY[1],0x89,0x11)
writeBytes(myZ[0],0x89,0x11)
zSptPointer = ("[pcsx2.exe+026983F8]")
writeFloat(zSptPointer,0)
{$asm}
|
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 152
Joined: 06 Jul 2014
Posts: 4719
|
| Posted: Sun Jul 26, 2020 3:46 pm Post subject: |
|
|
Get rid of the code that's not relevant to you (i.e. anything with "value" in it):
| Code: | function nopWatch(address, size)
if not size then size = 4 end
debug_setBreakpoint(address, size, bptWrite, bpmDebugRegister, function()
local ip = getPreviousOpcode(targetIs64Bit() and RIP or EIP)
local t = {}
for i = 1, getInstructionSize(ip) do
t[i] = 0x90
end
writeBytes(ip, t)
debug_continueFromBreakpoint(co_run)
return 0
end)
end |
This code is mostly self explanatory, but only if you know how break-on-write breakpoints work.
Data breakpoints (write or access) use a hardware breakpoint to function well (x86 debug register). They are triggered after an instruction writes or accesses memory at an address of a given size (1, 2, 4, or 8). When it is triggered, the instruction pointer (RIP/EIP) will be pointing to the instruction after the one that accessed the address.
So, when the breakpoint gets triggered: get the address of the previous instruction, fill a table with a number of nop bytes equal to that instruction's size, and write them to the address of that instruction.
Keep in mind there are only 4 hardware breakpoints available.
To start:
| Code: | nopWatch(yPosPointer, 4)
nopWatch(yRotPointer, 4)
nopWatch(zNOPPointer, 4) |
To stop:
| Code: | debug_removeBreakpoint(yPosPointer)
debug_removeBreakpoint(yRotPointer)
debug_removeBreakpoint(zNOPPointer) |
If you want to revert replacing instructions with nops, you'll need to copy the address you nopped (possibly as well as the original bytes).
See celua.txt for more information on functions used (debug_setBreakpoint, getInstructionSize, etc.)
(the "correct" way of doing what you're doing is to change the code being JIT compiled; however, that's far easier said than done for a beginner)
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
mg_01
Cheater
![]() Reputation: 0
Joined: 28 Jan 2018
Posts: 41
|
| Posted: Mon Jul 27, 2020 10:16 am Post subject: |
|
|
Thanks for the detailed reply-back. However, I think I figured out how to write the AOBs for my pointers. I've been testing it, and it seems to work now.
Imma save this, and try it if I need it. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
