| View previous topic :: View next topic |
| Author |
Message |
Freiza
Grandmaster Cheater
 Reputation: 22
Joined: 28 Jun 2010
Posts: 662
|
 Posted: Tue Apr 03, 2012 12:20 am Post subject: how to log values? |
 |
|
I want to print all the value of [ebx+08] and ebx to lua console and to a text file.
1015C194 - 89 53 08 - mov [ebx+08],edx
And how to implement writefile in AA?
SetFilePointer(datafile, 0, 0, FILE_END);
WriteFile(datafile,text, strlen(text), &dwBytesWritten, 0);
_________________
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25807
Location: The netherlands
|
| Posted: Tue Apr 03, 2012 5:08 am Post subject: |
|
|
You'll also need CreateFile and CloseHandle
anyhow, these api's use the stdcall calling convention, so you push the values in the reverse order (or you decrease esp and write the values into the stack in the correct order)
so:
| Code: |
push valuethatfile_endmeans
push 0
push 0
push datafilehandle
call SetFilePointer
|
and
| Code: |
push 0
push ebx //ebx contains the address of the location you wish to store byteswritten
push ecx //ecx contains the number of bytes of the string
push eax //eax contains the address of the string
push datafilehandle
call WriteFile
|
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Freiza
Grandmaster Cheater
Reputation: 22
Joined: 28 Jun 2010
Posts: 662
|
| Posted: Tue Apr 03, 2012 5:12 am Post subject: |
|
|
And what about this:
I want to print all the value of [ebx+08] and ebx to lua console and to a text file.
1015C194 - 89 53 08 - mov [ebx+08],edx
I want to implement this is lua. I mean this code is executed 100 times per second. I want to log all the value to file and to lua console using Lua scripting
_________________
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25807
Location: The netherlands
|
| Posted: Tue Apr 03, 2012 5:19 am Post subject: |
|
|
Just write the values using writefile (write ebx and the value of ebx+8 to memory and then call writebyte with a size of 8 on that block)
then when you feel like it you can use lua to open that file and read the contents and display it on the screen
Alternatively, check out this topic: http://forum.cheatengine.org/viewtopic.php?t=550108 and don't use writefile at all, and use readInteger instead of readString
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Freiza
Grandmaster Cheater
Reputation: 22
Joined: 28 Jun 2010
Posts: 662
|
| Posted: Tue Apr 03, 2012 8:49 am Post subject: |
|
|
| Code: |
alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit)
label(bytewritten) // ------------------------------------------ (4)
label(texty)
label(filename)
globalalloc(filehandle,4)
filename:
db 'freiza.txt',0 //------------------------------------(2)
bytewritten:
dd 0
texty:
db 'cheat engine',13,10,0 // ------------------------------------- (1)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
originalcode:
mov [ebx+0C],eax
//*********************createfile*************************************
pushad
pushfd
push 0
push 0x80
push 0x00000002
push 0
push 0x00000003
push 0x10000000
push filename
call CreateFile //------------------------------ (5)
mov [filehandle],eax
//*******************writefile*********************************************
push 0
push dword ptr [bytewritten] // --------------------------( 4 )
push ecx // what should i write here? --------------------------(3)
push [texty]
push [filehandle]
call WriteFile
popfd
popad
exit:
jmp returnhere
"Painkiller.exe"+44459:
jmp newmem
returnhere:
|
Please answer:
Numbers are marked in the code.
(1) I want a newline after it writes. Is it correct.
(2) "c:\freiza.txt" is correct or "c:\\freiza.txt"
(3) How do I use sizeof operator here?
(4) Should I use label(bytewritten) or globalalloc(bytewritten,100) ?
(5) Call CreateFile cannot be compiled?
(6) Is there any other mistakes?
_________________
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25807
Location: The netherlands
|
| Posted: Tue Apr 03, 2012 9:10 am Post subject: |
|
|
First: stop assuming you're going to write a textfile
Read the binary file back later on and ONLY THEN parse it as text
1: no, 0d,0a is a newline, but for a binary this is useless and will cause interpretation problems later on (alignment issues)
2: just one \
3: For text you first do a counting function first to count how many bytes there are in the array till you hit a 0 terminator. In your case for the header, it's 14 (0e)
In case of binary, just 4(address) or 8 (address+value)
4: neither, just alloc
5: use CreateFileA
6: as I mentioned, don't assume you're going to write clearly readable text. Just write data, interpretation can be done later on
You could of course make use of calls to "itoa", but that will complicate things a lot more
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Freiza
Grandmaster Cheater
Reputation: 22
Joined: 28 Jun 2010
Posts: 662
|
| Posted: Tue Apr 03, 2012 10:13 am Post subject: |
|
|
| Code: |
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit)
alloc(variable,4)
variable:
dd (int)-999
alloc(bytewritten,4)
label(filename)
globalalloc(filehandle,4)
filename:
db 'c:\freiza.txt',0
bytewritten:
dd 0
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
originalcode:
//**************CreateFile*************************************
pushad
pushfd
push 0
push 0x80
push 0x00000002
push 0
push 0x00000003
push 0x10000000
push [filename]
call CreateFileA
mov [filehandle],eax
popfd
popad
//***************End of CreateFile*******************************
sub [ebx+00000464],eax // original code
mov [variable],eax // storing eax in a variable
//*****************WriteFile*************************************
pushad
pushfd
push 0
push dword ptr [bytewritten]
push 4
push [variable]
push [filehandle]
call WriteFile
popfd
popad
//****************End Of WriteFile*********************************
exit:
jmp returnhere
"tutorial-i386.exe"+2276B:
jmp newmem
nop
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"tutorial-i386.exe"+2276B:
sub [ebx+00000464],eax
//Alt: db 29 83 64 04 00 00
|
Something is wrong program crashes?
please check yourself in tutorial-i386 yourself. Tutorial 1
Is this what you mean by binary File?
And Can we use C routines in AA?
_________________
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25807
Location: The netherlands
|
| Posted: Tue Apr 03, 2012 2:31 pm Post subject: |
|
|
Filename is the address of the string [filename] is the 4 byte value that the first 4 characters represent
With binary file i just mean a file that does not contain any readable text and only values stored binary instead of ascii
You can use c routines if the c library is loaded in memory(even ce's tutorial, written in pascal, has it loaded). itoa for example is just a simple function
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
atom0s
Moderator
 Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
| Posted: Tue Apr 03, 2012 2:48 pm Post subject: |
|
|
Going off your original post, and using Lua instead of AA.
Using Minesweeper as an example, here is where flags are used:
| Code: |
winmine.exe+346A - 8B 44 24 04 - mov eax,[esp+04]
winmine.exe+346E - 01 05 94510001 - add [winmine.exe+5194],eax
winmine.exe+3474 - E8 88F3FFFF - call winmine.exe+2801
|
So we would use the value of [winmine.exe+5194] and eax in this example to mimic what you want to do.
| Code: |
function debugger_onBreakpoint( )
-- Print out our wanted data..
local eaxVal = EAX;
local ptrVal = readInteger( "winmine.exe+5194" ) or -1;
print( string.format( "EAX Value: %d\r\nPTR Value: %d", eaxVal, ptrVal ) );
return 1;
end
-- Attach the debugger and set our breakpoint..
debugProcess();
debug_setBreakpoint( "winmine.exe+346E", nil, nil );
|
_________________
- Retired. |
|
| Back to top |
|
|
Freiza
Grandmaster Cheater
Reputation: 22
Joined: 28 Jun 2010
Posts: 662
|
| Posted: Tue Apr 03, 2012 3:52 pm Post subject: |
|
|
@DB
1) | Quote: | | With binary file i just mean a file that does not contain any readable text and only values stored binary instead of ascii |
Every Windows api uses binary file. There is nothing like text mode in Win32 api.
So my code is by default in binary mode.
2) | Quote: | | Filename is the address of the string [filename] is the 4 byte value that the first 4 characters represent |
I donot understand why you wrote this?
I think "push [filename]" is correct.
@"is the 4 byte value that the first 4 characters represent"
But I think filename is 4 byte address to the first character. And it represents the entire string.
3) | Quote: | | You can use c routines if the c library is loaded in memory(even ce's tutorial, written in pascal, has it loaded). itoa for example is just a simple function |
How do I load it? (Sorry, But you know I am a noob)
4) Why my program is not working? Did you test that?
@Wiccaan
Thank you. But DB already told me that. I just want to learn api hook instead of custom debugger_onBreakpoint.
_________________
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25807
Location: The netherlands
|
| Posted: Tue Apr 03, 2012 3:59 pm Post subject: |
 |
|
2 use filename instead of [filename] else createfile will try to access an address that does not exist
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Freiza
Grandmaster Cheater
Reputation: 22
Joined: 28 Jun 2010
Posts: 662
|
| Posted: Tue Apr 03, 2012 4:27 pm Post subject: |
|
|
File is not being created when the code is executed ([filename]-> filename done)
and
When I tried to see what is happening behind the scene using break and trace the program crashed.
Please copy paste the code in CE and attach tutorial i386 and run yourself. It will give you a good idea why the code is not working.
_________________
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25807
Location: The netherlands
|
| Posted: Tue Apr 03, 2012 4:46 pm Post subject: |
|
|
You haven't allocated memory for filename.
What you're doing now is write the filename after "variable", which is only 4 bytes
bytewritten comes after variable, so the initialization of that will overwrite the first part of the string
allocate memory for filename first if you don't want this to happen, or place the definition of filename somewhere else (or make variable bigger)
I recommend instead of label do
| Code: |
alloc(filename,128)
|
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Freiza
Grandmaster Cheater
Reputation: 22
Joined: 28 Jun 2010
Posts: 662
|
| Posted: Tue Apr 03, 2012 5:42 pm Post subject: |
|
|
File created but empty, Nothing is logged onto the file.
| Code: |
//**************CreateFile*************************************
pushad
pushfd
push 0 //htemplate null
push 0x80 // file_attribute-normal
push 0x00000004 // Open_always
push 0 // security null
push 0x00000003 // 0x00000001 | 0x00000002 = 3 (shared mode read | write)
push 0x10000000 { Public Const GENERIC_ALL As Int32 = &H10000000 (from msdn) and #define GENERIC_ALL (0x10000000L) from other sources.}
push filename
call CreateFileA
mov [filehandle],eax
popfd
popad
//***************End of CreateFile*******************************
sub [ebx+00000464],eax // original code
mov [variable],eax // storing eax in a variable
//*****************WriteFile*************************************
pushad
pushfd
push 0 // bounded buffer, synchronization .. Not used.
push dword ptr [bytewritten] //useless for me. stores
push 4 //size in bytes, 4 bytes here coz each address is 4 byte long
push [variable] //LPCVoid buffer, I doubt here is the culprit.
push [filehandle]
call WriteFile
cmp eax,0
jnz here
mov dword ptr [test],333
here:
push [filehandle]
call CloseHandle
popfd
popad
|
writefile fails? I checked test is set to 333.
3)
| Quote: | | You can use c routines if the c library is loaded in memory(even ce's tutorial, written in pascal, has it loaded). itoa for example is just a simple function |
How do I load it?
_________________
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25807
Location: The netherlands
|
| Posted: Tue Apr 03, 2012 5:49 pm Post subject: |
|
|
| Code: |
push dword ptr [bytewritten]
|
writefile needs the address of bytewritten, not the value
so:
also
writefile needs the address of the variable, not the value
3: loadlibrary on msvcrt.dll , but itoa is also located in ntdll.dll
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
