Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Lua script not working properly inside trainer

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
mrally2
Cheater
Reputation: 0

Joined: 01 Apr 2020
Posts: 43

PostPosted: Tue Sep 21, 2021 8:51 am    Post subject: Lua script not working properly inside trainer Reply with quote

I have this function in my lua script:

Code:

function topcCheck()
    if readPointer("[cshook]") ~= nil then
        if readInteger(readInteger("[cshook]")+0xD7) == 878670437 and --er_4
           readInteger("[cshook]+0xB4") == 845099568 then --02_2
           autoAssemble([[
              0121D23B:
              nop
              nop
              nop
           ]])
        else
           autoAssemble([[
              0121D23B:
              cmp [esi],dx
           ]])
        end
    end
end


It seems that the ASM parts get skipped somehow cause it works fine in the CT (everything gets enabled without errors). I experience the same behavior when using memoryrecord_freeze on a separate script that does the same thing.
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25252
Location: The netherlands

PostPosted: Tue Sep 21, 2021 11:57 am    Post subject: Reply with quote

is cshook valid at the time your script runs?
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
mrally2
Cheater
Reputation: 0

Joined: 01 Apr 2020
Posts: 43

PostPosted: Tue Sep 21, 2021 5:57 pm    Post subject: Reply with quote

Dark Byte wrote:
is cshook valid at the time your script runs?
I run a timer on the function so it's checking the pointer constantly. But as I said, when enabling the script in the CT works fine.
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 137

Joined: 06 Jul 2014
Posts: 4250

PostPosted: Tue Sep 21, 2021 10:49 pm    Post subject: Reply with quote

What does the script in the CT look like? (the one that works fine)

Put some print statements in the code to see what's going on. e.g. is readPointer("[cshook]") always nil? Does the condition of the second if statement always evaluate to false?

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25252
Location: The netherlands

PostPosted: Wed Sep 22, 2021 1:54 am    Post subject: Reply with quote

perhaps you do the hook code too early before the game is fully loaded
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
mrally2
Cheater
Reputation: 0

Joined: 01 Apr 2020
Posts: 43

PostPosted: Wed Sep 22, 2021 12:30 pm    Post subject: Reply with quote

ParkourPenguin wrote:
What does the script in the CT look like? (the one that works fine)

Put some print statements in the code to see what's going on. e.g. is readPointer("[cshook]") always nil? Does the condition of the second if statement always evaluate to false?


So, this is how the ASM script looks like:
Code:

[ENABLE]
alloc(newmem,2048)
alloc(cshook,$500)
registersymbol(cshook)
label(returnhere)
label(originalcode)
label(exit)

newmem: //this is allocated memory, you have read,write,execute access
push ebx
lea ebx,[esi+48]
mov [cshook],ebx
pop ebx
jmp originalcode

originalcode:
mov ecx,[esi+48]
push 00

exit:
jmp returnhere

"Need for Speed The Run.exe"+48D46C:
jmp newmem
returnhere:

[DISABLE]
dealloc(*)
unregistersymbol(*)
"Need for Speed The Run.exe"+48D46C:
mov ecx,[esi+48]
push 00


And this is how the entire lua script from earlier looks like:

Code:

{$lua}
getLuaEngine().cbShowOnPrint.Checked=false
getLuaEngine().hide()
[ENABLE]
print "TOP Check Enabled"

function topcCheck()
    if readPointer("[cshook]") ~= nil then
        if readInteger(readInteger("[cshook]")+0xD7) == 878670437 and --er_4
           readInteger("[cshook]+0xB4") == 845099568 then --02_2
           autoAssemble([[
              0121D23B:
              nop
              nop
              nop
           ]])
        else
           autoAssemble([[
              0121D23B:
              cmp [esi],dx
           ]])
        end
    end
end

topc = createTimer(nil)
timer_onTimer(topc,topcCheck)
timer_setInterval(topc, 100)
timer_setEnabled(topc, true)

[DISABLE]
timer_setEnabled(topc, false)
print "TOP Check Disabled"


To test this properly I decided to put some showMessage in the form script and delete the LUA script from above entirely to put it there:

Code:

function attach()
  GameID = getProcessIDFromProcessName("Need For Speed The Run.exe")
  if GameID ~= getOpenedProcessID() and GameID ~= nil then
    openProcess("Need For Speed The Run.exe")
  end
end

t = createTimer(nil, false)
timer_onTimer(t, attach)
timer_setInterval(t, 500)
timer_setEnabled(t, true)

--///////////////// DEBUG ADDITION //////////////////////
function topcCheck()
    if readPointer("[cshook]") ~= nil then
        if readInteger(readInteger("[cshook]")+0xD7) == 878670437 and --er_4
           readInteger("[cshook]+0xB4") == 845099568 then --02_2
           showMessage("cshook is NOT NULL & the statement IS TRUE")
           autoAssemble([[
              0121D23B:
              nop
              nop
              nop
           ]])
        else
           showMessage("cshook is NOT NULL & the statement IS FALSE")
           autoAssemble([[
              0121D23B:
              cmp [esi],dx
           ]])
        end
    else
        showMessage("cshook IS NULL")
    end
end

topc = createTimer(nil)
timer_onTimer(topc,topcCheck)
timer_setInterval(topc, 1000)
timer_setEnabled(topc, true)


So, indeed cshook is NULL from the start until I enable the scripts with the hotkey I assigned, then after hitting the key to enable them and loading the game event it shows up as you well guessed "cshook is NOT NULL & the statement IS FALSE" which is not possible since enabling the scripts the same way but in the raw CT works all fine. To make things more clear, this script is used to bypass a crash.

Dark Byte wrote:
perhaps you do the hook code too early before the game is fully loaded
I don’t believe this is the case since enabling the scripts at the same spot (when the intro videos are showing up), the raw CT works fine every time but the trainer doesn't.[/code]
Back to top
View user's profile Send private message
mrally2
Cheater
Reputation: 0

Joined: 01 Apr 2020
Posts: 43

PostPosted: Sat Sep 25, 2021 4:56 pm    Post subject: Reply with quote

It seems that CE cannot inject the bytes in the static (protected) memory region even though the trainer is executed with admin rights by default. Any ideas on how to fix this?
Back to top
View user's profile Send private message
Birdi
Expert Cheater
Reputation: 0

Joined: 08 Jun 2020
Posts: 122
Location: Migrating

PostPosted: Sat Sep 25, 2021 7:12 pm    Post subject: Reply with quote

Try using the FullAccess() function.
_________________
Trying to learn!

Add me on Discord if you want hands-on help: Birdi#0007
Back to top
View user's profile Send private message Visit poster's website
mrally2
Cheater
Reputation: 0

Joined: 01 Apr 2020
Posts: 43

PostPosted: Sun Sep 26, 2021 5:49 am    Post subject: Reply with quote

Birdi wrote:
Try using the FullAccess() function.
I’ve set fullAccess(0x0121D23B,0x4) right before the topcCheck function but doesnt seem to do anything. Then I’ve found this browsing the forum:

Code:

dbk_initialize()
dbk_useKernelmodeOpenProcess()
dbk_useKernelmodeProcessMemoryAccess()
if getOpenedProcessID()~=0 then
  openProcess(getOpenedProcessID())
end
dbk_writesIgnoreWriteProtection(true)


Setting this inside the form script, debugger gets enabled but moments after BSOD appears.
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25252
Location: The netherlands

PostPosted: Sun Sep 26, 2021 7:46 am    Post subject: Reply with quote

after the process has been opened start a 10 second timer

then open the process with ce (again)

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
mrally2
Cheater
Reputation: 0

Joined: 01 Apr 2020
Posts: 43

PostPosted: Sun Sep 26, 2021 12:10 pm    Post subject: Reply with quote

Dark Byte wrote:
after the process has been opened start a 10 second timer

then open the process with ce (again)
I’d like a solution that doesn’t require the user to have CE installed on their end. I’m doing all of this in a custom compiled 7.3 version.
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25252
Location: The netherlands

PostPosted: Sun Sep 26, 2021 1:40 pm    Post subject: Reply with quote

then automate the waiting, with something like a timer
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
mrally2
Cheater
Reputation: 0

Joined: 01 Apr 2020
Posts: 43

PostPosted: Wed Sep 29, 2021 9:13 am    Post subject: Reply with quote

Dark Byte wrote:
then automate the waiting, with something like a timer
I modified the attach function to do that:

Code:

function attach()
  GameID = getProcessIDFromProcessName("Need For Speed The Run.exe")
  if GameID ~= getOpenedProcessID() and GameID ~= nil then
    openProcess("Need For Speed The Run.exe")
    sleep(10)
    openProcess("Need For Speed The Run.exe")
    timer_setEnabled(t, false)
  end
end


Has the same exact result. It doesn't change the opcode at the address but the rest of the scripts in the trainer work fine (I have other ASM scripts in the trainer and those work fine). Again, not sure why it doesn't change that specific opcode neither using ASM nor LUA.
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25252
Location: The netherlands

PostPosted: Wed Sep 29, 2021 9:30 am    Post subject: Reply with quote

try sleep(10000) instead for 10 seconds
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
mrally2
Cheater
Reputation: 0

Joined: 01 Apr 2020
Posts: 43

PostPosted: Wed Sep 29, 2021 3:44 pm    Post subject: Reply with quote

Dark Byte wrote:
try sleep(10000) instead for 10 seconds
same behaviour.

EDIT: cshook doesn’t have the correct address when is being enabled within the trainer, therefore the fault is in the ASM script and not LUA.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites