 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
mgr.inz.Player
I post too much
 Reputation: 219
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
 Posted: Fri Dec 02, 2011 8:52 pm Post subject: Altering functions(class methods), procedures inside CE. |
 |
|
Hi Dark Byte.
I'm interested in making small plugin. But I better learn on examples. Lets say I want to alter this function: (btw. look at this):
TScanner.CustomIncreasedValueByPercentage
like this:
| Quote: | function TScanner.CustomIncreasedValueByPercentage(newvalue,oldvalue: pointer): boolean;
begin
result:=(customType.ConvertDataToInteger(newvalue)>trunc(customType.ConvertDataToInteger(oldvalue)+
customType.ConvertDataToInteger(oldvalue)^*svalue)) and (customType.ConvertDataToInteger(newvalue)<trunc(customType.ConvertDataToInteger(oldvalue)+customType.ConvertDataToInteger(oldvalue)*svalue2));
end; |
So, I ask you to do minimum version of the Unit1.pas file (inside example-lazarus folder) and Lazarus Project.
(pretty please?  )
I know there should be this
| Code: | uses windows, LCLIntf,sysutils, classes,ComCtrls,dialogs,
NewKernelHandler, math, SyncObjs
, windows7taskbar,SaveFirstScan, savedscanhandler, autoassembler, symbolhandler,
CEFuncProc,shellapi, customtypehandler,lua,lualib,lauxlib, LuaHandler, fileaccess,
forms,StdCtrls,ExtCtrls; |
(more or less)
And I must import many files from Cheat Engine project.
Is it possible to alter TMainForm.UpdateScanType procedure with plugin?
_________________
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 465
Joined: 09 May 2003
Posts: 25522
Location: The netherlands
|
| Posted: Sat Dec 03, 2011 2:40 am Post subject: |
|
|
Not with the plugin. But you can use lua to hide the old vartype , scantype, firstscan/nextscan components on mainform and replace them with your own
Well, you could of course do an aobscan for that function and hook it to a function in your own dll, but the chance that that just fails when I make a change (like just recompiling) is quite big
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
mgr.inz.Player
I post too much
Reputation: 219
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Sat Dec 03, 2011 9:19 am Post subject: |
|
|
| Dark Byte wrote: | Not with the plugin(....)
(...)you could of course do an aobscan for that function and hook it to a function in your own dll, but the chance that that just fails when I make a change (like just recompiling) is quite big |
OK. But if my plugin will be only for particular CE version; should work. So I will distribute DLL with EXE (cheatengine-i386_for_plugin.exe)
For now, I only changed CE source. (this is why I wanted to try make a plugin)
Diff file for CE source (diff , diff mirror)
I added this:
alloc(treatAsFloat,1) - Custom type is treated as float type (pnlfloat is visible, rounding enabled, search result aren't saved when NaN or Infinite)
alloc(fastScanAlignSize,4) - Now alignsize do not depend on bytesize
Tested above modifications. Assassin's Creed Brotherhood hero position structure:
float placeholder0 // Always 1.0 (0x3f800000) (not hanging)
float placeholder1 // Always 0.0 (0x00000000)
float X // player X pos
float Y // player Y pos
float Z // player Z pos, always bigger than (-1000); probably always bigger than (-50)
float placeholder2 // Always 1.0 (0x3f800000)
placeholder0 offset 0x00
placeholder1 offset 0x04
placeholder2 offset 0x14
Z offset 0x10
Bytesize is 24. Alignsize is 4 (this is why I made fastscanalignsize)
So, if eax is an address that contains the bytes, then:
cmp dword ptr [eax+00],(float)1
jne SKIP
cmp dword ptr [eax+04],0
jne SKIP
cmp dword ptr [eax+14],(float)1
jne SKIP
and [eax+10] is smaller than -1000 or NaN, then SKIP
SKIP returns this: EAX=0xFFFFFFFF (NaN)
Whole AA custom type script I use:
| Code: | alloc(TypeName,256)
alloc(ByteSize,4)
alloc(treatAsFloat,1)
alloc(fastScanAlignSize,4)
alloc(ConvertRoutine,1024)
alloc(ConvertBackRoutine,1024)
label(TEMPVAL)
label(SKIP)
TypeName:
db 'AC:B Z coordinate',0
ByteSize:
dd (int)24 // struct has 20 bytes
fastScanAlignSize:
dd 4
ConvertRoutine:
push ebp
mov ebp,esp
mov eax,[ebp+8] //place the address that contains the bytes into eax
cmp dword ptr [eax],(float)1
jne SKIP
cmp dword ptr [eax+04],0
jne SKIP
cmp dword ptr [eax+14],(float)1
jne SKIP
finit
push eax // save EAX
push (int)-1000 // Z coordinate is always bigger than -1000
fld [eax+10]
ficomp dword ptr [esp]
fstsw word ptr [esp]
fwait
pop eax // get status word
sahf // transfer status word to CPU's flag register
pop eax // restore original EAX
jpe SKIP // NaN, skip
jb SKIP // less than -1000, SKIP
mov eax,dword ptr [eax+10] //get value
pop ebp
ret 4
SKIP:
mov eax,7fffffff // set NaN, easy to filter out
pop ebp
ret 4
TEMPVAL:
dd 0
ConvertBackRoutine:
push ebp
mov ebp,esp
push eax
push ebx
mov eax,[ebp+8] //load the value into eax
mov ebx,[ebp+c] //load the address into ebx
mov [ebx+10],eax //write the value into the address
pop ebx
pop eax
pop ebp
ret 8
|
Then I searched custom type float(AC:B Z coordinate) increased, decreased. (I got ~40 results after third scan, instead >1000 after 11th scan when only float)
Modifications aren't finished, functions CreateTypeFromLuaScript, registerCustomTypeLua, registerCustomTypeAutoAssembler.
EDIT:
updated diff files. I forgot to use customType.ConvertDataToInteger inside TScanner.GenericSaveResult function.
_________________
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
