|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
LaSauvage How do I cheat? Reputation: 0
Joined: 30 Nov 2021 Posts: 2
|
Posted: Tue Nov 30, 2021 5:06 am Post subject: Speedhack error: user32.dll CE v7.3 |
|
|
Hello everyone, I need a bit of help, and I'm making a post rather than necro-ing an old one.
I updated cheat engine to version 7.3, and I was trying to use it to speed a chrome game, but I found myself with the error "unable to open user32.dll"
(see attached image)
I looked around, and found a few solutions, all rather old, but I tried them nonetheless.
I tried to start everything as admin.
I tried downloading the forcedinjection plugins, but I could not install them (error: plugin could not be loaded: 126)
I'm unsure about the no sandbox option, it apparently is unsafe to run chrome with this option, so I haven't tried it yet.
I'm wondering if there is a more recent solution (aside from potentially the sandbox thing) to this problem?
Thanks in advance!
Description: |
|
Filesize: |
14.05 KB |
Viewed: |
11546 Time(s) |
|
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25287 Location: The netherlands
|
Posted: Wed Dec 01, 2021 6:48 am Post subject: |
|
|
Try this lua script before enabling speedhack
Code: |
function getOriginalCodeAndFiller(address)
local original,filler
if type(address)~='number' then
address=getAddressSafe(address)
end
if address==nil then
return nil, 'invalid address'
end
local sl=createStringList()
local d=createDisassembler()
local size=0
while size<5 do
d.disassemble(address)
local ldd=d.LastDisassembleData
local inst=ldd.opcode..' '..ldd.parameters
sl.add(inst)
size=size+#ldd.bytes
address=address+#ldd.bytes
end
original=sl.Text
if size-5>0 then
filler=string.format("nop %x", size-5)
else
filler=''
end
sl.destroy()
d.destroy()
return original,filler
end
function hookSpeedFunctions()
if speedhack and speedhack.processid==getOpenedProcessID() then
messageDialog('Can not re-enable speedhack on the same process twice', mtError, mbOK)
return false
end
local result, data=autoAssemble([[
alloc(speedhack_wantedspeed,4)
registersymbol(speedhack_wantedspeed)
speedhack_wantedspeed:
dd (float)1
alloc(cespinlock,32)
cespinlock:
lock bts [rcx],0 //on linux change to rdi
jc cespinlock_wait
ret
cespinlock_wait:
pause
jmp cespinlock
{$c}
typedef struct _cecs
{
volatile int locked;
volatile int threadid;
volatile int lockcount;
} cecs, *Pcecs;
extern void cespinlock(int *lock);
extern int getCurrentThreadID();
void csenter(cecs *cs)
{
if ((cs->locked) && (cs->threadid==getCurrentThreadID()))
{
cs->lockcount++;
return;
}
cespinlock(&cs->locked);
cs->threadid=getCurrentThreadID();
cs->lockcount++;
}
void csleave(cecs *cs)
{
cs->lockcount--;
if (cs->lockcount==0)
{
cs->threadid=0;
cs->locked=0;
}
}
{$asm}
]])
if not result then
messageDialog(data)
return
end
local gtcaddress=getAddressSafe('kernel32.gettickcount64')
if gtcaddress==nil then
waitforExports()
gtcaddress=getAddressSafe('kernel32.gettickcount64')
if (gtcaddress==nil) then
reinitializeSymbolhandler()
gtcaddress=getAddressSafe('kernel32.gettickcount64')
if (gtcaddress==nil) then
messageDialog('Failure finding kernel32.gettickcount64', mtError, mbOK)
return false
end
end
end
local originalcode,filler=getOriginalCodeAndFiller(gtcaddress)
if originalcode then
--speedhack does not disable. Just sets speed to 1 when done
local s=string.format([[
alloc(gtc_originalcode,64,"kernel32.gettickcount64")
label(gtc_returnhere)
label(gtchook_exit)
{$c}
#include <stddef.h>
//#include <celib.h>
typedef struct _cecs
{
volatile int locked;
volatile int threadid;
volatile int lockcount;
} cecs, *Pcecs;
uint64_t gtc_originalcode(void);
float gtc_speed=1.0f;
uint64_t gtc_initialtime=0;
uint64_t gtc_initialoffset=0;
cecs gtc_cs;
extern float speedhack_wantedspeed;
extern void csenter(cecs *cs);
uint64_t new_gettickcount(void)
{
uint64_t newtime;
uint64_t currenttime=gtc_originalcode();
float wantedspeed=speedhack_wantedspeed; //small issue with tcc where you can not compare against extern directly
csenter(>c_cs);
if (gtc_initialtime==0)
{
gtc_initialtime=currenttime;
gtc_initialoffset=currenttime;
}
newtime=(currenttime-gtc_initialtime)*gtc_speed;
newtime=newtime+gtc_initialoffset; //don't put in in the calculation above, as it gets converted to float, and truncated
if (gtc_speed!=wantedspeed)
{
//the user wants to change the speed
gtc_initialoffset=newtime;
gtc_initialtime=currenttime;
gtc_speed=speedhack_wantedspeed;
}
csleave(>c_cs);
return newtime;
}
{$asm}
gtc_originalcode:
%s
gtchook_exit:
jmp gtc_returnhere
kernel32.gettickcount64:
jmp new_gettickcount
%s
gtc_returnhere:
kernel32.timeGetTime:
jmp new_gettickcount
kernel32.getTickCount:
jmp new_gettickcount
]],originalcode, filler)
local result, data=autoAssemble(s)
if result then
print("gettickcount hook success")
else
print("gettickcount hook failure")
end
end;
--queryPerformanceCounter
local qpcaddress=getAddressSafe('ntdll.RtlQueryPerformanceCounter')
if qpcaddress==nil then
waitforExports()
qpcaddress=getAddressSafe('ntdll.RtlQueryPerformanceCounter')
if (qpcaddress==nil) then
reinitializeSymbolhandler()
qpcaddress=getAddressSafe('ntdll.RtlQueryPerformanceCounter')
if (qpcaddress==nil) then
messageDialog('Failure finding kernel32.gettickcount64', mtError, mbOK)
return false
end
end
end
local originalcode,filler=getOriginalCodeAndFiller(qpcaddress)
if originalcode then
--speedhack does not disable. Just sets speed to 1 when done
local s=string.format([[
alloc(qpc_originalcode,64,"ntdll.RtlQueryPerformanceCounter")
label(qpc_returnhere)
label(qpchook_exit)
{$c}
#include <stddef.h>
//#include <celib.h>
typedef struct _cecs
{
volatile int locked;
volatile int threadid;
volatile int lockcount;
} cecs, *Pcecs;
int qpc_originalcode(uint64_t *count);
float qpc_speed=1.0f;
uint64_t qpc_initialtime=0;
uint64_t qpc_initialoffset=0;
cecs qpc_cs;
extern float speedhack_wantedspeed;
extern void csenter(cecs *cs);
int new_RtlQueryPerformanceCounter(uint64_t *count)
{
uint64_t newtime;
uint64_t currenttime;
int result=qpc_originalcode(¤ttime);
float wantedspeed=speedhack_wantedspeed; //small issue with tcc where you can not compare against extern directly
csenter(&qpc_cs);
if (qpc_initialtime==0)
{
qpc_initialtime=currenttime;
qpc_initialoffset=currenttime;
}
newtime=(currenttime-qpc_initialtime)*qpc_speed;
newtime+=qpc_initialoffset;
if (qpc_speed!=wantedspeed)
{
//the user wants to change the speed
qpc_initialoffset=newtime;
qpc_initialtime=currenttime;
qpc_speed=speedhack_wantedspeed;
}
csleave(&qpc_cs);
*count=newtime;
return result;
}
{$asm}
qpc_originalcode:
%s
qpchook_exit:
jmp qpc_returnhere
ntdll.RtlQueryPerformanceCounter:
jmp new_RtlQueryPerformanceCounter
%s
qpc_returnhere:
]],originalcode, filler)
local result2, data2=autoAssemble(s)
if result2 then
print("RtlQueryPerformanceCounter hook success")
else
print("RtlQueryPerformanceCounter hook failure: "..data2)
print(s)
end
end;
if result or result2 then
speedhack={}
speedhack.processid=getOpenedProcessID()
end
return result or result2
end
MainForm.cbSpeedhack.OnChange=function(s)
if s.Checked then
--print("enabling speedhack")
local canEnable=(speedhack and speedhack.processid==getOpenedProcessID()) or hookSpeedFunctions()
if canEnable then
MainForm.Panel14.Visible=true
MainForm.btnSetSpeedhack2.OnClick=function(b)
if speedhack and speedhack.processid==getOpenedProcessID() then
writeFloat("speedhack_wantedspeed", tonumber(MainForm.editSH2.Text))
end
end
else
s.Checked=false
end
else
--print("disabling speedhack")
if speedhack and speedhack.processid==getOpenedProcessHandle() then
writeFloat("speedhack_wantedspeed", 1)
end
MainForm.Panel14.Visible=false
end
end
|
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
LaSauvage How do I cheat? Reputation: 0
Joined: 30 Nov 2021 Posts: 2
|
Posted: Thu Dec 02, 2021 6:16 am Post subject: |
|
|
[quote="Dark Byte"]Try this lua script before enabling speedhack[/quote]
I hope I did this right, I went ctrl+alt+L to get the script window, copy pasted, and executed
And I got a new error, but speedhack still won't turn on
screenshot of the error message joined to this message
Description: |
|
Filesize: |
29.03 KB |
Viewed: |
11381 Time(s) |
|
|
|
Back to top |
|
|
bakaba How do I cheat? Reputation: 0
Joined: 02 Sep 2023 Posts: 1
|
Posted: Sat Sep 02, 2023 5:28 am Post subject: |
|
|
Have to answer this thread so other people see (searching online redirects here)
In your about:config menu, there's an option called security.sandbox.content.win32k-disable -> Switch it to "false".
Hope this works.
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25287 Location: The netherlands
|
Posted: Sun Sep 03, 2023 12:34 am Post subject: |
|
|
CE 7.5.1 should also work a lot better as there's no dll to inject anymore. It's all based on this script, but improved (also the ccode generated is more stable now)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|