Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Speedhack error: user32.dll CE v7.3

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
LaSauvage
How do I cheat?
Reputation: 0

Joined: 30 Nov 2021
Posts: 2

PostPosted: Tue Nov 30, 2021 5:06 am    Post subject: Speedhack error: user32.dll CE v7.3 Reply with quote

Hello everyone, I need a bit of help, and I'm making a post rather than necro-ing an old one.

I updated cheat engine to version 7.3, and I was trying to use it to speed a chrome game, but I found myself with the error "unable to open user32.dll"
(see attached image)

I looked around, and found a few solutions, all rather old, but I tried them nonetheless.
I tried to start everything as admin.
I tried downloading the forcedinjection plugins, but I could not install them (error: plugin could not be loaded: 126)
I'm unsure about the no sandbox option, it apparently is unsafe to run chrome with this option, so I haven't tried it yet.

I'm wondering if there is a more recent solution (aside from potentially the sandbox thing) to this problem?

Thanks in advance!



Sans titre.png
 Description:
 Filesize:  14.05 KB
 Viewed:  11477 Time(s)

Sans titre.png


Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Wed Dec 01, 2021 6:48 am    Post subject: Reply with quote

Try this lua script before enabling speedhack

Code:


function getOriginalCodeAndFiller(address)
  local original,filler

  if type(address)~='number' then
    address=getAddressSafe(address)
  end

  if address==nil then
    return nil, 'invalid address'
  end

  local sl=createStringList()
  local d=createDisassembler()
  local size=0
  while size<5 do
    d.disassemble(address)
    local ldd=d.LastDisassembleData
    local inst=ldd.opcode..' '..ldd.parameters
    sl.add(inst)
    size=size+#ldd.bytes
    address=address+#ldd.bytes
  end

  original=sl.Text
  if size-5>0 then
    filler=string.format("nop %x", size-5)
  else
    filler=''
  end

  sl.destroy()
  d.destroy()
  return original,filler
end


function hookSpeedFunctions()
  if speedhack and speedhack.processid==getOpenedProcessID() then
    messageDialog('Can not re-enable speedhack on the same process twice', mtError, mbOK)
    return false
  end

  local result, data=autoAssemble([[
    alloc(speedhack_wantedspeed,4)
    registersymbol(speedhack_wantedspeed)
    speedhack_wantedspeed:
    dd (float)1

    alloc(cespinlock,32)
    cespinlock:
    lock bts [rcx],0 //on linux change to rdi
    jc cespinlock_wait
    ret
    cespinlock_wait:
    pause
    jmp cespinlock

{$c}

    typedef struct _cecs
    {
      volatile int locked;
      volatile int threadid;
      volatile int lockcount;
    } cecs, *Pcecs;

    extern void cespinlock(int *lock);
    extern int getCurrentThreadID();

    void csenter(cecs *cs)
    {
      if ((cs->locked) && (cs->threadid==getCurrentThreadID()))
      {
        cs->lockcount++;
        return;
      }

      cespinlock(&cs->locked);
      cs->threadid=getCurrentThreadID();
      cs->lockcount++;
    }

    void csleave(cecs *cs)
    {
      cs->lockcount--;
      if (cs->lockcount==0)
      {
        cs->threadid=0;
        cs->locked=0;
      }

    }

{$asm}

  ]])

  if not result then
    messageDialog(data)
    return
  end

  local gtcaddress=getAddressSafe('kernel32.gettickcount64')
  if gtcaddress==nil then
    waitforExports()
    gtcaddress=getAddressSafe('kernel32.gettickcount64')

    if (gtcaddress==nil) then
      reinitializeSymbolhandler()
      gtcaddress=getAddressSafe('kernel32.gettickcount64')
      if (gtcaddress==nil) then
        messageDialog('Failure finding kernel32.gettickcount64', mtError, mbOK)
        return false
      end
    end
  end


  local originalcode,filler=getOriginalCodeAndFiller(gtcaddress)

  if originalcode then


  --speedhack does not disable. Just sets speed to 1 when done

    local s=string.format([[
alloc(gtc_originalcode,64,"kernel32.gettickcount64")
label(gtc_returnhere)
label(gtchook_exit)

{$c}
#include <stddef.h>
//#include <celib.h>
typedef struct _cecs
{
  volatile int locked;
  volatile int threadid;
  volatile int lockcount;
} cecs, *Pcecs;



uint64_t gtc_originalcode(void);
float gtc_speed=1.0f;
uint64_t gtc_initialtime=0;
uint64_t gtc_initialoffset=0;
cecs gtc_cs;

extern float speedhack_wantedspeed;
extern void csenter(cecs *cs);


uint64_t new_gettickcount(void)
{
  uint64_t newtime;

  uint64_t currenttime=gtc_originalcode();
  float wantedspeed=speedhack_wantedspeed; //small issue with tcc where you can not compare against extern directly

  csenter(&gtc_cs);

  if (gtc_initialtime==0)
  {
    gtc_initialtime=currenttime;
    gtc_initialoffset=currenttime;
  }

  newtime=(currenttime-gtc_initialtime)*gtc_speed;
  newtime=newtime+gtc_initialoffset; //don't put in in the calculation above, as it gets converted to float, and truncated

  if (gtc_speed!=wantedspeed)
  {
    //the user wants to change the speed
    gtc_initialoffset=newtime;
    gtc_initialtime=currenttime;
    gtc_speed=speedhack_wantedspeed;
  }



  csleave(&gtc_cs);


  return newtime;

}
{$asm}


gtc_originalcode:
%s

gtchook_exit:
jmp gtc_returnhere

kernel32.gettickcount64:
jmp new_gettickcount
%s

gtc_returnhere:


kernel32.timeGetTime:
jmp new_gettickcount

kernel32.getTickCount:
jmp new_gettickcount

]],originalcode, filler)

    local result, data=autoAssemble(s)
    if result then
      print("gettickcount hook success")
    else
      print("gettickcount hook failure")
    end
  end;


--queryPerformanceCounter
  local qpcaddress=getAddressSafe('ntdll.RtlQueryPerformanceCounter')
  if qpcaddress==nil then
    waitforExports()
    qpcaddress=getAddressSafe('ntdll.RtlQueryPerformanceCounter')

    if (qpcaddress==nil) then
      reinitializeSymbolhandler()
      qpcaddress=getAddressSafe('ntdll.RtlQueryPerformanceCounter')
      if (qpcaddress==nil) then
        messageDialog('Failure finding kernel32.gettickcount64', mtError, mbOK)
        return false
      end
    end
  end


  local originalcode,filler=getOriginalCodeAndFiller(qpcaddress)

  if originalcode then


  --speedhack does not disable. Just sets speed to 1 when done

    local s=string.format([[
alloc(qpc_originalcode,64,"ntdll.RtlQueryPerformanceCounter")
label(qpc_returnhere)
label(qpchook_exit)

{$c}
#include <stddef.h>
//#include <celib.h>
typedef struct _cecs
{
  volatile int locked;
  volatile int threadid;
  volatile int lockcount;
} cecs, *Pcecs;


int qpc_originalcode(uint64_t *count);
float qpc_speed=1.0f;
uint64_t qpc_initialtime=0;
uint64_t qpc_initialoffset=0;
cecs qpc_cs;

extern float speedhack_wantedspeed;
extern void csenter(cecs *cs);


int new_RtlQueryPerformanceCounter(uint64_t *count)
{
  uint64_t newtime;

  uint64_t currenttime;

  int result=qpc_originalcode(&currenttime);

  float wantedspeed=speedhack_wantedspeed; //small issue with tcc where you can not compare against extern directly

  csenter(&qpc_cs);

  if (qpc_initialtime==0)
  {
    qpc_initialtime=currenttime;
    qpc_initialoffset=currenttime;
  }

  newtime=(currenttime-qpc_initialtime)*qpc_speed;

  newtime+=qpc_initialoffset;
  if (qpc_speed!=wantedspeed)
  {
    //the user wants to change the speed
    qpc_initialoffset=newtime;
    qpc_initialtime=currenttime;
    qpc_speed=speedhack_wantedspeed;
  }

  csleave(&qpc_cs);

  *count=newtime;

  return result;

}
{$asm}


qpc_originalcode:
%s

qpchook_exit:
jmp qpc_returnhere

ntdll.RtlQueryPerformanceCounter:
jmp new_RtlQueryPerformanceCounter
%s

qpc_returnhere:


]],originalcode, filler)

    local result2, data2=autoAssemble(s)
    if result2 then
      print("RtlQueryPerformanceCounter hook success")
    else
      print("RtlQueryPerformanceCounter hook failure: "..data2)
      print(s)
    end
  end;

  if result or result2 then
    speedhack={}
    speedhack.processid=getOpenedProcessID()
  end
  return result or result2
end

MainForm.cbSpeedhack.OnChange=function(s)
  if s.Checked then
    --print("enabling speedhack")
    local canEnable=(speedhack and speedhack.processid==getOpenedProcessID()) or hookSpeedFunctions()

    if canEnable then
      MainForm.Panel14.Visible=true
      MainForm.btnSetSpeedhack2.OnClick=function(b)
        if speedhack and speedhack.processid==getOpenedProcessID() then
          writeFloat("speedhack_wantedspeed", tonumber(MainForm.editSH2.Text))
        end
      end
    else
      s.Checked=false
    end
  else
    --print("disabling speedhack")
    if speedhack and speedhack.processid==getOpenedProcessHandle() then
      writeFloat("speedhack_wantedspeed", 1)
    end

    MainForm.Panel14.Visible=false
  end
end

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
LaSauvage
How do I cheat?
Reputation: 0

Joined: 30 Nov 2021
Posts: 2

PostPosted: Thu Dec 02, 2021 6:16 am    Post subject: Reply with quote

[quote="Dark Byte"]Try this lua script before enabling speedhack[/quote]

I hope I did this right, I went ctrl+alt+L to get the script window, copy pasted, and executed
And I got a new error, but speedhack still won't turn on
screenshot of the error message joined to this message



error after lua.png
 Description:
 Filesize:  29.03 KB
 Viewed:  11312 Time(s)

error after lua.png


Back to top
View user's profile Send private message
bakaba
How do I cheat?
Reputation: 0

Joined: 02 Sep 2023
Posts: 1

PostPosted: Sat Sep 02, 2023 5:28 am    Post subject: Reply with quote

Have to answer this thread so other people see (searching online redirects here)

In your about:config menu, there's an option called security.sandbox.content.win32k-disable -> Switch it to "false".

Hope this works.
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Sun Sep 03, 2023 12:34 am    Post subject: Reply with quote

CE 7.5.1 should also work a lot better as there's no dll to inject anymore. It's all based on this script, but improved (also the ccode generated is more stable now)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites