 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
kickclock
Advanced Cheater
![]() Reputation: 0
Joined: 15 Jan 2008
Posts: 73
|
 Posted: Sun Dec 11, 2011 9:08 pm Post subject: help me for my first lua script |
 |
|
i'm new in lua
this is my first lua script , it's not work.
how to fix it ?thanks .
it's an AAscript ,and use VEH debugger ,change register EIP to jmp into the alloc memory.
| Code: | l_script=[[
assert(pal5.exe+2bd494,e8 d7 b1 ff ff)
loadlibrary(myscriptengine.dll)
globalalloc(myhook_getscript,0x1000)
define(exit,myhook_getscript+200)
define(pointer,Pal5.exe+20910AC)
define(temp1,myhook_getscript+0f00)
define(dllname,myhook_getscript+800)
define(dllproc1,myhook_getscript+820)
dllname:
db 'myscriptengine.dll'
dd 0
dllproc1:
db 'getscript'
dd 0
exit:
popad
jmp Pal5.exe+2A5530
myhook_getscript:
call Pal5.exe+2A5e70
pushad
push dllname
call GetModuleHandleA
push dllproc1
push eax
call GetProcAddress
mov [temp1],eax
push 1
call ShowCursor
push [pointer]
call [temp1]
mov eax,[eax]
mov ecx,[eax+4]
test ecx,ecx
je exit
mov esi,[eax]
mov edi,[pointer]
repe movsb
mov [edi],0
jmp exit
]]
--//Pal5.exe+2A552b:
--//jmp myhook_getscript
autoAssemble(l_script)
debug.debugProcess(2)
reinitializeSymbolhandler()
debug_setBreakpoint("Pal5.exe+2A552b",1,)
function debugger_onBreakpoint()
debug.changingregister(eip,myhook_getscript)
debug.debug_continueFromBreakpoint(co_run)
end |
_________________
Love CE |
|
| Back to top |
|
 |
atom0s
Moderator
 Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
| Posted: Sun Dec 11, 2011 11:10 pm Post subject: |
|
|
I wrote this using Minesweeper as an example, so you will need to adjust some parts of this to suite your needs but it works.
| Code: |
--[[
change_eip - EIP Register Changer Example
------------------------------------------------------------
(c) 2011 atom0s [aka Wiccaan]
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
]]--
change_eip =
{
bBreakpointSet = false, -- To prevent multiple calls..
cave_address = nil, -- Cave address..
script = -- Script to execute..
[[
registersymbol(cave)
alloc(cave,1024)
cave:
pushad
mov [01005194], 999
popad
jmp 01003474
]]
};
---------------------------------------------------------------------------
-- func : onOpenProcess
-- desc : Called when Cheat Engine attaches to a process.
---------------------------------------------------------------------------
function onOpenProcess( procid )
change_eip:Start();
end
---------------------------------------------------------------------------
-- func : debugger_onBreakpoint
-- desc : Called when Cheat Engine hits a breakpoint.
---------------------------------------------------------------------------
function debugger_onBreakpoint()
-- Set EIP to our cave..
EIP = change_eip.cave_address;
return 1;
end
---------------------------------------------------------------------------
-- func : change_eip:Start
-- desc : Called when Cheat Engine attaches to a process.
---------------------------------------------------------------------------
function change_eip:Start()
if( self.bBreakpointSet == true ) then
return;
end
self.bBreakpointSet = true;
-- Start debugger and set breakpoint..
debugProcess( 0 );
debug_setBreakpoint( "0100346E" ); -- CHANGE THIS!!
-- Initialize script..
local bReturn = autoAssemble( self.script );
self.cave_address = getAddress("cave");
-- Reinitialize symbols..
reinitializeSymbolhandler();
return true;
end
|
Be sure to change the script to yours, as well as change the breakpoint address. It uses the symbol name 'cave' to know where to set EIP to, so name your 'cave' in your script as cave.
_________________
- Retired. |
|
| Back to top |
|
|
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25807
Location: The netherlands
|
| Posted: Mon Dec 12, 2011 12:38 am Post subject: |
|
|
For the original poster:
why do you have debug. in front of some functions ?Have you defined them yourself ?
Also, debug_setBreakpoint("Pal5.exe+2A552b",1,) looks like a syntax error to me
Try this instead:
| Code: |
function debugger_onBreakpoint()
EIP=getAddress("myhook_getscript")
debug_continueFromBreakpoint(co_run)
end
reinitializeSymbolhandler()
autoAssemble(l_script)
debugProcess(2)
debug_setBreakpoint("Pal5.exe+2A552b")
|
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
kickclock
Advanced Cheater
![]() Reputation: 0
Joined: 15 Jan 2008
Posts: 73
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
