Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Lua function call using Auto Assembler

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Tutorials -> Auto Assembler tutorials
View previous topic :: View next topic  
Author Message
Dark Byte
Site Admin
Reputation: 384

Joined: 09 May 2003
Posts: 23080
Location: The netherlands

PostPosted: Tue Sep 22, 2020 4:07 am    Post subject: Lua function call using Auto Assembler Reply with quote

This code will hook the "Hit me" button in the 64-bit tutorial and call a lua function which shows information about the click, and then manipulate the state before continuing



Code:

loadlibrary(luaclient-x86_64.dll)
luacall(openLuaServer('CELUASERVER'))

CELUA_ServerName:
db 'CELUASERVER',0

[ENABLE]

{$lua}
function luahook_tutorial_step2_click(addressOfDecrease, addressBeingAccessed)
  print(string.format("luahook_tutorial_step2_click. Writing to %.8x. addressOfDecrease=%.8x",addressBeingAccessed,addressOfDecrease))
  print(string.format("old decrease amount was %d", readInteger(addressOfDecrease)))
  writeInteger(addressOfDecrease,-1) --change the decrease to -1.  value--1 = value+1

  print(string.format("new decrease amount is %d", readInteger(addressOfDecrease)))

  return 123; --returns 123, which would be the value of rax upon return. (Alternatively, I could have coded it so the new decrease value is fetched from RAX)
end

{$asm}

//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048,"Tutorial-x86_64.exe"+2B08C)
alloc(luafunctionid,4)
alloc(luafunctionname,256)
label(returnhere)
label(originalcode)
label(exit)

luafunctionname:
db 'luahook_tutorial_step2_click',0

newmem: //this is allocated memory, you have read,write,execute access
//place your code here

//save the state (stack is already aligned so not needed to realign, just allocate space)
sub rsp,20+a*8 //20 for 32 byte scractspace for the function, 4*8 for storing rax and rbx and pointers to them, 6*8 to store rcx,rdx,r8,r9,r10 and r11

//rsp to rsp+1f is used as scratchspace for functions

//store parameters you might be interested in
mov [rsp+20],rax
mov [rsp+28],rbx

//setup parameter space:
lea rax,[rsp+20]
mov [rsp+30],rax

//need to keep the stack aligned, and might as well use it to store the address being accessed
lea rax,[rbx+7f0]
mov [rsp+38],rax


//store these registers as they may get changed:
mov [rsp+40],rcx
mov [rsp+48],rdx
mov [rsp+50],r8
mov [rsp+58],r9
mov [rsp+60],r10
mov [rsp+68],r11

//now the lua call part
mov ecx,[luafunctionid] //check if the functionid is obtained
test ecx,ecx
jne short hasrefid

//no, obtain the ID

mov rcx,luafunctionname
call CELUA_GetFunctionReferenceFromName  //Basically calls createRef(functionname) and returns the value
mov [luafunctionid],eax
mov ecx,eax  //functionid

hasrefid: //there is a functionID to use
//at this point ecx contains the functionid
mov edx,2 //only the addresses of RAX and RBX are to be passed. So 2
lea r8,[rsp+30] //the addresses to RAX and RBX are at RSP+30
mov r9,0 //0=no async, 1=async.  Use async if you do not wish to update the GUI. Faster
call CELUA_ExecuteFunctionByReference

//function returned. You could check the returnvalue in rax, but in this case I don't care
//restore the registers
mov rax,[rsp+20] //restore rax. this could have been changed by the lua code using a writeInteger on parameter 1
mov rbx,[rsp+28] //restore rbx (though likely not changed)

//restore the changed registers
mov rcx,[rsp+40]
mov rdx,[rsp+48]
mov r8,[rsp+50]
mov r9,[rsp+58]
mov r10,[rsp+60]
mov r11,[rsp+68]

add rsp,20+a*8
//and now call the original code

originalcode:
sub [rbx+000007F0],rax


exit:
jmp returnhere

"Tutorial-x86_64.exe"+2B08C:
jmp newmem
nop
returnhere:


 
 
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"Tutorial-x86_64.exe"+2B08C:
sub [rbx+000007F0],eax
//Alt: db 29 83 F0 07 00 00

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Tutorials -> Auto Assembler tutorials All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites