| View previous topic :: View next topic |
| Author |
Message |
Alice0725
Expert Cheater
 Reputation: 11
Joined: 24 Jul 2012
Posts: 145
|
 Posted: Fri Nov 16, 2012 12:08 am Post subject: How to use winapi function in CE script engine? |
 |
|
| I think using "find_window" is better than using "filename" to find game's process. So, I want to use winapi.find_window in ce script?Well, it seems like that winapi does not work.
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 458
Joined: 09 May 2003
Posts: 25281
Location: The netherlands
|
| Posted: Fri Nov 16, 2012 6:53 am Post subject: |
|
|
Perhaps you can find a lua extension that adds this.
The Alien lua library might be of use here.
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 458
Joined: 09 May 2003
Posts: 25281
Location: The netherlands
|
| Posted: Sat Nov 17, 2012 9:36 pm Post subject: |
|
|
If you're using 32-bit ce you can use this:
http://cheatengine.org/temp/celua_alien.rar
just extract it to your cheat engine dir, and then you can do
an example of showing a messagebox:
| Code: |
require("alien")
user32=alien.load("user32.dll")
MessageBoxA = user32.MessageBoxA
MessageBoxA:types{abi = 'stdcall', ret = 'long', 'long', 'string', 'string', 'long' }
MessageBoxA(0, "BLA", "BLA", 0)
|
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Alice0725
Expert Cheater
Reputation: 11
Joined: 24 Jul 2012
Posts: 145
|
| Posted: Sat Nov 17, 2012 10:43 pm Post subject: |
|
|
I think should do that in CE .
As:
1.A running game must have a window.Mostly,different versions have the same class name and window name.Somebody like me may change the game's filename. I would like to change "Walking Dead" from walkingdead101.exe to walkingdead.exe.
2.When making a table, CE have to open game's process, then CE get that Game windows's class name and window name ,then save this to xml file.When we make a trainer , we do not have to get them mannually.
|
|
| Back to top |
|
|
DaSpamer
Grandmaster Cheater Supreme
 Reputation: 52
Joined: 13 Sep 2011
Posts: 1578
|
| Posted: Tue Nov 20, 2012 1:18 pm Post subject: |
|
|
Good suggestion :p..
you press attach button and then asking user to press at the game/flash/window/wateve.. and then it'll return message that it been attached :p.
_________________
|
|
| Back to top |
|
|
atom0s
Moderator
 Reputation: 198
Joined: 25 Jan 2006
Posts: 8517
Location: 127.0.0.1
|
| Posted: Tue Nov 20, 2012 3:02 pm Post subject: |
|
|
| Alice0725 wrote: | I think should do that in CE .
As:
1.A running game must have a window.Mostly,different versions have the same class name and window name.Somebody like me may change the game's filename. I would like to change "Walking Dead" from walkingdead101.exe to walkingdead.exe.
2.When making a table, CE have to open game's process, then CE get that Game windows's class name and window name ,then save this to xml file.When we make a trainer , we do not have to get them mannually. |
You're better off using the process name than the window class or title. An application can easily change its class and/or window name to eliminate the ability of FindWindow to easily locate it. A process name isn't as easily changed though and is typically not able to be changed at runtime.
You can use Cheat Engines auto-attach feature to attach to the process automatically as well.
_________________
- Retired. |
|
| Back to top |
|
|
ablonevn
Advanced Cheater
![]() Reputation: 1
Joined: 02 Oct 2011
Posts: 59
|
| Posted: Sat Jan 12, 2013 3:20 am Post subject: Re: How to use winapi function in CE script engine? |
|
|
| Alice0725 wrote: | | I think using "find_window" is better than using "filename" to find game's process. So, I want to use winapi.find_window in ce script?Well, it seems like that winapi does not work. |
yes, here i'm share you thing i'm lerned from db yesterday.
| Code: |
function findwindow()
script=[[
alloc(fwnd,2048)
registersymbol(fwnd)
label(wndname)
registersymbol(wndname)
label(hwnd)
registersymbol(hwnd)
fwnd:
lea eax,[wndname]
push eax
lea eax,[classname]
push eax
call findwindowa //findwindoww
mov [hwnd],eax
ret 4
hwnd:
dd 0
classname:
db 0 dup(100)
wndname:
db 0 dup(100)
]]
autoAssemble(script);
writeStringLocal(getAddress("wndname"),"tutorial-i386");
autoAssemble("createthread(fwnd)");
sleep(1000);--wait thread finish
hwnd=readIntegerLocal(getAddress(hwnd))
end
|
i donot test it,yet but i'm believing this is the way without alient library 
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 458
Joined: 09 May 2003
Posts: 25281
Location: The netherlands
|
| Posted: Sat Jan 12, 2013 5:42 am Post subject: |
|
|
Add a ",true" after the autoassemble scripts, or remove the Local part from readInteger and writeString
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Alice0725
Expert Cheater
Reputation: 11
Joined: 24 Jul 2012
Posts: 145
|
| Posted: Sat Jan 12, 2013 10:30 am Post subject: |
|
|
Nice! It works with CE-i386 
But don't know why CE-x64 crashed.
| Description: |
|
| Filesize: |
25.06 KB |
| Viewed: |
17285 Time(s) |
|
| Description: |
| Attach CE itself. Find window of "Tutorial-i386.exe". |
|
Download |
| Filename: |
FindWindow.CT |
| Filesize: |
2.71 KB |
| Downloaded: |
1137 Time(s) |
|
|
| Back to top |
|
|
mgr.inz.Player
I post too much
 Reputation: 218
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Sat Jan 12, 2013 11:31 am Post subject: |
|
|
@Alice0725
"But don't know why CE-x64 crashed."
Different calling convention.
_________________
|
|
| Back to top |
|
|
ablonevn
Advanced Cheater
![]() Reputation: 1
Joined: 02 Oct 2011
Posts: 59
|
| Posted: Sun Jan 13, 2013 1:58 am Post subject: |
|
|
| mgr.inz.Player wrote: | @Alice0725
"But don't know why CE-x64 crashed."
Different calling convention. |
i donot known, on 64 bit, the "ret 4" will be "ret 8" on thread calling. and if the calling for "findwindowa" using "fastcall" style then re-change parameter.
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 458
Joined: 09 May 2003
Posts: 25281
Location: The netherlands
|
| Posted: Sun Jan 13, 2013 4:30 am Post subject: |
|
|
64-bit uses microsoft's fastcall mechanism yes (not compatible with gnu's fastcall which uses different registers and doesn't use the stack)
anyhow, first allocate room for the parameters on the stack, always at least 32 bytes, but don't fill the parameters in the stack you just created, that'd be stupid...
Fill in the parameters in the integers in RCX, RDX, R8, R9.
If you use more than 4 integers, place it in the stack (not on stack spot 0 to 3, but start at 4)
For floating points use xmm0 to xmm3.
More info: http://msdn.microsoft.com/en-US/library/zthk2dkh%28v=vs.80%29.aspx
Anyhow, I still maintain that it's a lot easier to just inject and execute this code inside the target process instead of inside cheat engine.
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
ablonevn
Advanced Cheater
![]() Reputation: 1
Joined: 02 Oct 2011
Posts: 59
|
| Posted: Sun Jan 13, 2013 9:49 am Post subject: |
|
|
| Dark Byte wrote: |
Anyhow, I still maintain that it's a lot easier to just inject and execute this code inside the target process instead of inside cheat engine. |
no, the target process not visible yet, he just calling findwindow to get processID
|
|
| Back to top |
|
|
mgr.inz.Player
I post too much
Reputation: 218
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Mon Jan 14, 2013 11:20 am Post subject: |
 |
|
Example
autoAssemble("createthread(playit)",true)
32bit:
| Code: |
alloc(playit,2048)
registersymbol(playit)
playit:
push fdwSound
push 0
push pszSound
call winmm.PlaySoundA
ret |
64bit:
| Code: |
alloc(playit,2048)
registersymbol(playit)
playit:
push rbp
mov rbp,rsp
sub rsp,30
mov r8d,fdwSound
mov rdx,0
mov rcx,pszSound
call winmm.PlaySoundA
leave
ret |
_________________
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
