| View previous topic :: View next topic |
| Author |
Message |
k4sh
Cheater
![]() Reputation: 0
Joined: 01 Mar 2016
Posts: 28
|
 Posted: Fri Mar 25, 2016 8:34 am Post subject: |
 |
|
Ok so i didn't get all  .
Sorry, i didn't program in machine language since a long long time ago from now.
I'm a little bit rusted.
Thank you for updated script. Will have a look later.
|
|
| Back to top |
|
 |
mgr.inz.Player
I post too much
 Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Fri Mar 25, 2016 9:09 am Post subject: |
|
|
Because readInteger treats 32bit integers as unsigned (in CE6.4, as signed), this is not enough:
| Code: | | offset = readInteger(addressOfOffset) |
In CE there's no readSignedInteger() function, we have to write it... or adjust the value.
The proper way:
| Code: | offset = readInteger(addressOfOffset)
if offset>0x7fffffff then offset=offset-0x100000000 end |
_________________
|
|
| Back to top |
|
|
k4sh
Cheater
![]() Reputation: 0
Joined: 01 Mar 2016
Posts: 28
|
| Posted: Sat Mar 26, 2016 11:22 am Post subject: |
|
|
I got finally your script to work.
I added registersymbol to width and height address so that i may use it later in my game's scripts.
here is the script i wrote :
| Code: |
[ENABLE]
{$lua}
function registerPointerBase(address)
if address==' 00000000' then return end
unregisterSymbol('ptrBase')
unregisterSymbol('gameWidth')
unregisterSymbol('gameHeight')
local offset=readInteger(address..'+6')
if offset>0x7fffffff then offset=offset-0x100000000 end
registerSymbol('ptrBase',tonumber(address,16)+10+offset)
registerSymbol('gameWidth',readPointer(readPointer('ptrBase')+0x68)+0x40)
registerSymbol('gameHeight',readPointer(readPointer('ptrBase')+0x68)+0x44)
end
{$asm}
aobscan(searchPointerBase,8D6F01488B05xxxxxxxx488B0CF8488B014889F2FF5010)
LuaCall(registerPointerBase('searchPointerBase'))
[DISABLE]
unregisterSymbol(ptrBase)
unregisterSymbol(gameWidth)
unregisterSymbol(gameHeight)
|
Maybe not the best way to do it but it's working now and will be used.
Many thanks mgr.inz.Player for your patience.
|
|
| Back to top |
|
|
mgr.inz.Player
I post too much
Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Sun Mar 27, 2016 5:16 am Post subject: |
|
|
| Code: | [ENABLE]
{$lua}
function registerPointerBase(address)
if address==' 00000000' then return end
unregisterSymbol('ptrBase')
unregisterSymbol('gameWidth')
unregisterSymbol('gameHeight')
local offset=readInteger(address..'+6')
if offset>0x7fffffff then offset=offset-0x100000000 end
registerSymbol('ptrBase',tonumber(address,16)+10+offset)
registerSymbol('gameWidth',readInteger('[ptrBase]+68')+0x40)
registerSymbol('gameHeight',readInteger('[ptrBase]+68')+0x44)
end
{$asm}
aobscan(searchPointerBase,8D6F01488B05xxxxxxxx488B0CF8488B014889F2FF5010)
LuaCall(registerPointerBase('searchPointerBase'))
[DISABLE]
unregisterSymbol(ptrBase)
unregisterSymbol(gameWidth)
unregisterSymbol(gameHeight)
|
_________________
|
|
| Back to top |
|
|
k4sh
Cheater
![]() Reputation: 0
Joined: 01 Mar 2016
Posts: 28
|
| Posted: Sun Mar 27, 2016 11:03 am Post subject: |
|
|
For my pointers, readQword is better
| Code: |
registerSymbol('gameWidth',readQword('[ptrBase]+68')+0x40)
registerSymbol('gameHeight',readQword('[ptrBase]+68')+0x44)
|
|
|
| Back to top |
|
|
mgr.inz.Player
I post too much
Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Sun Mar 27, 2016 3:33 pm Post subject: |
|
|
Right, I really should start changing my habits. I tested it on 64bit process... But, that process is still using 32bit addressing...
This should be OK.
| Code: | | registerSymbol('gameWidth',readPointer('[ptrBase]+68')+0x40) |
Good catch.
_________________
Last edited by mgr.inz.Player on Sun Mar 27, 2016 3:34 pm; edited 1 time in total |
|
| Back to top |
|
|
k4sh
Cheater
![]() Reputation: 0
Joined: 01 Mar 2016
Posts: 28
|
| Posted: Sun Mar 27, 2016 3:33 pm Post subject: |
|
|
I'm trying now to access an allocated target at the begining of my CT
| Code: | [ENABLE]
alloc(X_Ratio,4)
registerSymbol(X_Ratio)
{$lua}
function somefunction(somearg)
some code
<=== How can i write integer in X_Ratio here (writeInteger('X_Ratio',somevalue) doesn't work here)
some code
end
{$asm}
LuaCall(somefunction(somearg)) |
It seems that when my function is called, the X_Ratio is not yet registered so that nothing is possible with this address.
I can however, when the script is activated, access in Lua window this target.
|
|
| Back to top |
|
|
mgr.inz.Player
I post too much
Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Sun Mar 27, 2016 3:39 pm Post subject: |
|
|
While enabling the script, CE will take common part and ENABLE part
While disabling the script, CE will take common part and DISABLE part
| Code: | //common part
[enable]
//enable part
[disable]
//disable part
|
or
| Code: | //common part
[disable]
//disable part
[enable]
//enable part
|
Then CE executes Lua blocks first (code between {$lua}{$asm} tags, can be more than one).
Then it is doing aobscans.
Then it is doing the rest. (LuaCall, allocating, etc.)
_________________
|
|
| Back to top |
|
|
k4sh
Cheater
![]() Reputation: 0
Joined: 01 Mar 2016
Posts: 28
|
| Posted: Sun Mar 27, 2016 3:46 pm Post subject: |
|
|
| So there is no way to allocate and register first before executing luaCall ?
|
|
| Back to top |
|
|
mgr.inz.Player
I post too much
Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Sun Mar 27, 2016 3:57 pm Post subject: |
|
|
You can initialize with this line:
| Code: | [ENABLE]
alloc(X_Ratio,4)
registerSymbol(X_Ratio)
X_Ratio:
dd #1500
...
...
|
Or if you want to initialize it from Lua script when AA script is just enabled...
Lets say you have memory record with above script. And its description is "myScript"
You will have to use OnActivate method.
Add this to "Cheat Table Lua Script" or between {lua} {asm} blocks
| Code: | al=getAddressList()
myMR=al.getMemoryRecordByDescription("myScript")
myMR.OnActivate = function (memrec, before)
if before then return true end
writeInteger('X_Ratio', 128)
end |
_________________
|
|
| Back to top |
|
|
k4sh
Cheater
![]() Reputation: 0
Joined: 01 Mar 2016
Posts: 28
|
| Posted: Sun Mar 27, 2016 5:14 pm Post subject: |
|
|
Again big thanks to you.
I found a post with a function to allocate memory in lua but it is not possible to deallocate that memory in disable section.
So your 2nd solution will do perfecty the trick.
Now, i can make my hack for that game more efficient.
|
|
| Back to top |
|
|
k4sh
Cheater
![]() Reputation: 0
Joined: 01 Mar 2016
Posts: 28
|
| Posted: Tue Mar 29, 2016 2:04 pm Post subject: |
|
|
well, that's me again.
I would like to call a lua function in an injection i made.
Here is the code injected for the luacall :
| Code: |
loadlibrary(luaclient-x86_64.dll)
luacall(openLuaServer('CELUASERVER'))
globalalloc(luainit, 128)
globalalloc(LuaFunctionCall, 128)
label(luainit_exit)
globalalloc(luaserverinitialized, 8)
globalalloc(luaservername, 12)
luaservername:
db 'CELUASERVER',0
luainit:
sub rsp,8 //local scratchspace (and alignment)
cmp [luaserverinitialized],0
jne luainit_exit
sub rsp,20 //allocate 32 bytes scratchspace for CELUA_Initialize
mov rcx,luaservername
call CELUA_Initialize //this function is defined in the luaclient dll
add rsp,20
mov [luaserverinitialized],eax
luainit_exit:
add rsp,8 //undo local scratchspace
ret
LuaFunctionCall:
sub rsp,8 //private scratchspace for this function
mov [rsp+10],rcx //save address with function into pre-allocated scratchspace
mov [rsp+18],rdx //save integer val
sub rsp,20 //allocate 32 bytes of "shadow space" for the callee (not needed here, but good practice)
call luainit
add rsp,20
mov rcx,[esp+10] //restore address of function
mov rdx,[esp+18] //restore value
sub rsp,20
call CELUA_ExecuteFunction //this function is defined in the luaclient dll
add rsp,20
add rsp,8 //undo scratchpace (alignment fix) you can also combine it into add rsp,28
ret
|
And here is the code injected
| Code: |
change_Resolution:
mov rcx,[rax+rdi*8] <== original code
mov rax,[rcx] <== original code
push rcx <== dunno if i have to do it but in any case ...
mov rcx, setnewxyratios
sub rsp,20
call LuaFunctionCall <=== contains the function's name
add rsp,20
pop rcx
jmp return_2
|
problem is that when my code is injected i get the following code.
Obviously that makes my game crash.
I just can't figure out what's wrong with my script.
| Description: |
|
| Filesize: |
5.63 KB |
| Viewed: |
6483 Time(s) |
|
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
