Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


CETack, a visual trainer component library [Apr 14,2013]

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Source
View previous topic :: View next topic  
Author Message
Alice0725
Expert Cheater
Reputation: 10

Joined: 24 Jul 2012
Posts: 146

PostPosted: Wed Dec 05, 2012 12:53 am    Post subject: CETack, a visual trainer component library [Apr 14,2013] This post has 1 review(s) Reply with quote

CETack ----- A Game Trainer Framework, based on Cheat Engine

This post is only talk about CETackLCL, about the CETack.dll version to to this post. http://forum.cheatengine.org/viewtopic.php?t=559521


Download: http://sdrv.ms/Xbx8Tw

Guide and Examples:http://forum.cheatengine.org/viewtopic.php?p=5439248

Updates:
[Apr 13,2013]CETack 1.0.1.20(release)
Finally, the 1st release version.

1.Fixed: some stupid errors for FindAoB's address range in 64bit process.
2.Fixed: cannot Parse 64bit pointer.
3.cleaned:delete or converte some global var.,Get a more pure TackFunc.
4.Added:some small functions in tackfunc.pas.
5.Added:some more comments in soure file.
6.Tested:readmem,include,createthread,globalalloc aa commands.
7.Other small changes.
8.Updated: CETack.dll,CETackTester.exe. A real minisize (CEAutoassembler.dll) released.

[Mar 30,2013]CETack 1.0.0.18
1.Added:a second TTrainer.ReadValue, TTrainer.WriteValue,so it supports addrStr or real address(PtrUInt).
2.Changed:Add a 2nd param. for TTrainer.DoEditChange and TTrainer.DoEditUpdate,so they can accept
different type value, ex.:Byte,word,smallInt,shortInt,single,double,extended.....
3.Changed: Version Format. Using Lazarus's standard Pkg version format, (Major).(Minor).(Release).(rev. or build).



[Mar 14,2013]CETack 1.0.0.17
1.Fixed:SizeOf(var),not sizeof(ptr) in TTrainer.ReadValue and TTrainer.WriteValue.

[Mar 09,2013]CETack 1.0.0.16
1.Fixed:UserDefinedSymbol should be case insensitive.
2.Changed:Option popupMsgs of TTrainer.AutoAssemble to popupErrors.
3.Clean up TackFunc.aobscan.


[Feb 23,2013]CETack 1.0.0.15
1.Convert compile mode to objfpc from delphi(processhandler.pas and autoassembler.pas), and clean up.
2.Comment some unused vaviables and turn warnings off of const opcodes in assemblerunit.pas.


[Feb 15,2013]CETack 1.0.0.14
1.Changed:Like in CE.svn1635, Group autoassembler AOBscans and made registersymbol work with aobscan results.

[Feb 01,2013]CETack 1.0.0.13
1.Fixed:Trainer.LaunchGame supports utf8string.

[Jan 13,2013]CETack 1.0.0.11~12
1. Fixed: Works for winxp.

[Dec 28,2012] CETack 1.0.0.10
1. Fixed: some bugs about GetAddressFromSymbol.
2.Added:Lazarus' visual component library. This will make it totally easy to create a trainer.


[12/15/2012] important:

Fixed:skip last one byte check.

---------------------------------------------------------
About
1.Why its name is CETack?
If Cheat Engine is a beautiful house,then CETack is just a tack.
Most parts of CETack are just stolen from Cheat Engine 6.2.


2.What can CETack do?

CETack can make it very easy to create a standalone trainer.Actually,it's a
simplified Auto Assembler and trainer helper. Basically, it's for used in lazarus.
And there's a CETack.dll you can use, if you use an other IDE or language.

3.CETack Guide and Examples:
http://forum.cheatengine.org/viewtopic.php?p=5439248

4.Supported CEAA Commands:
(1)label
(2)alloc
(3)dealloc
(4)assert
(5)aobscan
(6)aobscanModule
(7)registersymbol
(8)unregistersymbol
(9)db,dw,dd,dq
(*)The others.Not tested yet!


5.If you want to say thanks, to Dark Byte and his greatest Cheat Engine.
If you've found bugs, goto "http://forum.cheatengine.org". Sometimes, I'll be there.

^_^ This is not an official library. Just a CE Forum member Alice0725's extracurricular work.
If some terrible things happened,you are on yourown.And do not blame CE, of course without me.


By Alice0725, 12/11/2012


_________________


Last edited by Alice0725 on Sat Apr 13, 2013 11:51 pm; edited 28 times in total
Back to top
View user's profile Send private message
SteveAndrew
Master Cheater
Reputation: 30

Joined: 02 Sep 2012
Posts: 323

PostPosted: Wed Dec 05, 2012 5:38 pm    Post subject: Reply with quote

Does AutoAssemble actually work in CETack?

I saw this line:
Code:

if Assemble(cea,false) then trainer.Enabled:= false;


But to Assemble is not the same as to Auto Assemble!

From the looks of it it just uses pointers? Or can it actually inject scripts as well?

Have you taken a look at how far I've gotten in working on something similar?
http://forum.cheatengine.org/viewtopic.php?p=5433719#5433719

Except its only goal is a working Auto Assembler which is seperate from CE and using the very latest CE's source as a base so it can assemble anything CE 6.2 can assemble!

So check it out if you haven't! The work of getting through all the compiling errors (I surprised I actually made it through lol) which happen when you separate the inner workings of CE from CE itself into a separate project, is done.

Now its just a matter of getting it working! Smile

_________________
Back to top
View user's profile Send private message
Alice0725
Expert Cheater
Reputation: 10

Joined: 24 Jul 2012
Posts: 146

PostPosted: Wed Dec 05, 2012 8:04 pm    Post subject: Reply with quote

SteveAndrew wrote:
Does AutoAssemble actually work in CETack?

I saw this line:
Code:

if Assemble(cea,false) then trainer.Enabled:= false;


But to Assemble is not the same as to Auto Assemble!

From the looks of it it just uses pointers? Or can it actually inject scripts as well?

Have you taken a look at how far I've gotten in working on something similar?
http://forum.cheatengine.org/viewtopic.php?p=5433719#5433719

Except its only goal is a working Auto Assembler which is seperate from CE and using the very latest CE's source as a base so it can assemble anything CE 6.2 can assemble!

So check it out if you haven't! The work of getting through all the compiling errors (I surprised I actually made it through lol) which happen when you separate the inner workings of CE from CE itself into a separate project, is done.

Now its just a matter of getting it working! Smile



Ok, I've upload this RE5.Tack project . You can download it. And I think It's very easy to compile 'CETack' as a dll.

Quote:
http://sdrv.ms/WKysKq


Actually, It is Autoassemble, I'm just lazy. But, as I've rewrite symbolhandler.pas, so it cant' get a address form a process symbol(I mean API address.Have a todo)Here is the TTrainer code.
Code:
function TTrainer.Assemble(aascript:TStrings;enable:boolean=true):boolean;
var
  cea:TStringList;
begin
  cea:=TStringList.create;
  cea.AddStrings(aascript);
  try
    result:=AutoAssemble(gamePhd,cea,enable);
  except
    result:=false;
  end;
end;

Back to top
View user's profile Send private message
SteveAndrew
Master Cheater
Reputation: 30

Joined: 02 Sep 2012
Posts: 323

PostPosted: Fri Dec 07, 2012 1:44 pm    Post subject: Reply with quote

Alice0725 wrote:
SteveAndrew wrote:
Does AutoAssemble actually work in CETack?

I saw this line:
Code:

if Assemble(cea,false) then trainer.Enabled:= false;


But to Assemble is not the same as to Auto Assemble!

From the looks of it it just uses pointers? Or can it actually inject scripts as well?

Have you taken a look at how far I've gotten in working on something similar?
http://forum.cheatengine.org/viewtopic.php?p=5433719#5433719

Except its only goal is a working Auto Assembler which is seperate from CE and using the very latest CE's source as a base so it can assemble anything CE 6.2 can assemble!

So check it out if you haven't! The work of getting through all the compiling errors (I surprised I actually made it through lol) which happen when you separate the inner workings of CE from CE itself into a separate project, is done.

Now its just a matter of getting it working! Smile



Ok, I've upload this RE5.Tack project . You can download it. And I think It's very easy to compile 'CETack' as a dll.

Quote:
http://sdrv.ms/WKysKq


Actually, It is Autoassemble, I'm just lazy. But, as I've rewrite symbolhandler.pas, so it cant' get a address form a process symbol(I mean API address.Have a todo)Here is the TTrainer code.
Code:
function TTrainer.Assemble(aascript:TStrings;enable:boolean=true):boolean;
var
  cea:TStringList;
begin
  cea:=TStringList.create;
  cea.AddStrings(aascript);
  try
    result:=AutoAssemble(gamePhd,cea,enable);
  except
    result:=false;
  end;
end;



Alice! That is a really nice job there that you have done! It actually does work (for the most part) and you've shown that you don't have to include (or use) that much of ce's files and code for it to work! Or at least not as much as I had included (I think that's where I went wrong with mine)

Yes it is easy to take what you've done and put it into a DLL so it could be used with your any language of your choice (That can dynamically load a dll and call its exports), and I've done just that:
EDIT: Fixed the memory leak Dark Byte was talking about. It now only creates the 'scriptstrings' stringlist once, so its not a memory leak anymore.
Code:

library DLLTack;

{$mode DELPHI}

uses windows,sysutils,Interfaces, classes, TackTrainer;

type CETackDLL=class(TTrainer);
var TackDLL: CETackDLL;
    scriptstrings: TStrings; //global variable now instead of local

function AutoAssembleIt (Script: PChar; EnableOrDisable: Boolean): Boolean; stdcall;
begin
     scriptstrings.text:=Script; //This sets it properly! Thanks Dark Byte :)
     Result:=TackDLL.AutoAssemble(scriptstrings,EnableOrDisable);
end;

function AttachToProcessByName(ProcName: PChar): Handle; stdcall;
begin
     if ProcName = nil then //if null/nil passed as process name then target self.
     begin
       TackDLL.GamePid:=GetCurrentProcessId;
       TackDLL.gamePhd:=-1;
     end
     else
     TackDLL.GetGamePidByName(ProcName);
     if TackDLL.gamePid>0 then
     begin
       TackDLL.OpenGameProcess();
       Result:= TackDLL.gamePhd;
     end;
end;

function AttachToProcessByWindow(windowclass: PChar; windowname: PChar): Handle; stdcall;
begin
     TackDLL.GetGamePidByWindow(windowclass, windowname);
     if TackDLL.gamePid>0 then
     begin
       TackDLL.OpenGameProcess();
       Result:=TackDLL.gamePhd;
     end;
end;

function GetAddressForSymbolName(symbolname: PChar): ptrUint; stdcall;
begin
     //Result:=TackDLL.TackSymbol.symHandler.getAddressFromName(symbolname);
     //not quite right...
     OutputDebugStringA('Not yet implemented!');
     Result:=0;
end;

function SetValueForSymbolName(symbolname: PChar; newvalue: ptrUint): integer; stdcall;
begin
     OutputDebugStringA('Not yet implemented!');
     Result:=0;
end;

exports

  AutoAssembleIt name 'AutoAssembleIt',
  AttachToProcessByName name 'AttachToProcessByName',
  AttachToProcessByWindow name 'AttachToProcessByWindow',
  GetAddressForSymbolName name 'GetAddressForSymbolName',
  SetValueForSymbolName name 'SetValueForSymbolName';

begin
scriptstrings:=tstringlist.create; //only create a string list once now...
TackDLL:=CETackDLL.Create;
TackDLL.Enabled:=true;
TackDLL.checked:=true;
//Select current process by default
TackDLL.GamePid:=GetCurrentProcessId;
TackDLL.gamePhd:=-1;
end.


There's two ways to use it, you can build an executable and attach to some process, before assembling a script for it. Or you can build a DLL and have it target self since your trainer is a dll trainer.

This gets injected into your target game or application which you are going to assemble for. It then loads the DLLTack dll and calls and optionally calls AttachToProcessByName passing NULL as the parameter to set target to self (default behaviour anyway). Finally with the target set, calls to 'AutoAssembleIt' can be made while specifying a script to execute passed in as a c style char array, and whether to execute the enable or the disable part of it.

And it works quite well! I tested it on with an AOB scan script for a real game and from C++ code and loading 1 dll, Auto Assembler has been made into an interface that almost any language can work with! Smile
[b]
Although as you said you have a 'todo' list, I think I see what you mean. What I noticed the script I was testing which called a WinAPI did not work.(MessageBoxA, OutputDebugStringA,etc) It fails to execute. So it isn't properly getting the addresses of those WinAPI's to properly assemble it. If you manually write the address of the API to call (ex. Call 77725F69 instead of Call MessageBoxA) then it assembles properly and actually executes correctly. So it can be fixed, and should be APIs are important to use sometimes in some scripts.


Also there's not really any way to get addresses from symbol names, or vice versa as that would also be cool to work (the dll has two functions for it) so that after assembling a script you could interact with it from your trainer more than just calling the enable/disable part of a script.

Anyway you did a great job piecing this together Alice! So thanks for getting it right! These details can be fixed but its mainly working and I think it can assemble basically anything you throw at it! (It seems only when WinAPIs are used in a script then it fails)

So a quick overview of how the DLL version of CETack can be used:

1. Load the DLLTack dll from wherever it may be. (embed it and dump it out, or load it from memory [like forcedinjectionplugin])
Code:

HMODULE AutoAssemblerDll = LoadLibraryA("C:\\lazarus\\Projects\\DLLTack\\DLLTack.dll");


2. Get Address to exports you will use
Code:

if(AutoAssemblerDll)
   {
      OutputDebugStringA("Successfully loaded the AA dll...");
      AUTOASSEMBLE AutoAssemble = (AUTOASSEMBLE)GetProcAddress(AutoAssemblerDll, "AutoAssembleIt");
      ATTACHTOPROCESSNAME AttachToProcessName = (ATTACHTOPROCESSNAME)GetProcAddress(AutoAssemblerDll, "AttachToProcessByName");
      ATTACHTOPROCESSWINDOW AttachToProcessWindow = (ATTACHTOPROCESSWINDOW)GetProcAddress(AutoAssemblerDll, "AttachToProcessByWindow");


C\C++ definitions for those:
Code:

typedef bool *(*AUTOASSEMBLE)(char *script, bool enabledisable);
typedef bool *(*ATTACHTOPROCESSNAME)(char *processname);
typedef bool *(*ATTACHTOPROCESSWINDOW)(char *classname, char *windowname);


3. Call one of the attach functions to attach to a certain process if working externally, or target self if working internally, then call 'AutoAssembleIt' exported function to assemble and inject your script!

Code:

char *Script = "[enable]\r\n[disable]\r\n";
bool EnableOrDisable = 1; //1 == enable, 0 == disable

AutoAssemble(Script, EnableOrDisable);


With the example DLL code using the Auto Assembler, its worth noting that its meant to be injected into the target process that's why it can target self, because its already inside the target. Either use CE to inject it into the target process or make a quick custom loader that does it.

Of course you can always go the other route and build an exe just as easily if you knew which process to inject into you also know which one to target. The code is literally the same except you dont ever target self always target another process.

DLLTack itself (Pascal)and the example C\C++ dll code (which uses DLLTack) can be found here:
(Source files only, will need to compile them yourself into binaries)
Updated to latest version with fixed memory leak

http://www.sendspace.com/file/1gnly5
http://www56.zippyshare.com/v/33321873/file.html
http://www.megafileupload.com/en/file/377703/DLLTackWithCppExample-zip.html

Surprised

_________________


Last edited by SteveAndrew on Sat Dec 08, 2012 3:57 am; edited 2 times in total
Back to top
View user's profile Send private message
Alice0725
Expert Cheater
Reputation: 10

Joined: 24 Jul 2012
Posts: 146

PostPosted: Fri Dec 07, 2012 9:10 pm    Post subject: Reply with quote

[quote="SteveAndrew"][quote="Alice0725"]
SteveAndrew wrote:
......
With the example DLL code using the Auto Assembler, its worth noting that its meant to be injected into the target process that's why it can target self, because its already inside the target. Either use CE to inject it into the target process or make a quick custom loader that does it.

Of course you can always go the other route and build an exe just as easily if you knew which process to inject into you also know which one to target. The code is literally the same except you dont ever target self always target another process.

Surprised



Thank you very much ,Steve! It's just one page about how to write a library in official 'Free Pascal Language Reference Guide' ,and no example. Your explanation makes me understand lots of it.
Back to top
View user's profile Send private message
Alice0725
Expert Cheater
Reputation: 10

Joined: 24 Jul 2012
Posts: 146

PostPosted: Sat Dec 15, 2012 1:57 am    Post subject: Reply with quote

important:12/15/2012

Fixed:skip last one byte check.

This is an aobscan error, it will skip the last one byte check.
In TackFunc.QS():
Code:

while j <= bufferSize-aobSize do
begin
   for i:=0 to (aobSize-1) do
   begin
      if(aob[i]=-1)or(aob[i]=buffer[i+j]) then
   continue
      else break;
   end;
    { Fixed: Even if last one byte is diff., i+1=aobsize too.
    }
    if (i+1=aobSize) and (aob[i]=buffer[i+j])
    then  Exit(j)
    else  j:= j+shift[Buffer[j+aobSize]];

end; //end of while
Back to top
View user's profile Send private message
Alice0725
Expert Cheater
Reputation: 10

Joined: 24 Jul 2012
Posts: 146

PostPosted: Sat Feb 23, 2013 4:50 am    Post subject: Reply with quote

Update:
[Feb 23,2013]CETack 1.0.15 beta
1.Convert compile mode to objfpc from delphi(processhandler.pas and autoassembler.pas), and clean up.
2.Comment some unused vaviables and turn warnings off of const opcodes in assemblerunit.pas.


If you used or want to use CETack to make a trainer, Download this version and some examples from: http://sdrv.ms/UTy2pe

_________________
Back to top
View user's profile Send private message
unknown_k
Expert Cheater
Reputation: 5

Joined: 24 May 2011
Posts: 211

PostPosted: Thu Feb 28, 2013 3:35 am    Post subject: Reply with quote

Nice project!

I think I found a glitch. (and I got my testing-purpose-only trainer finally working w00t)

How to reproduce:
1. ProcessName: yes, WindowClass: no, WindowName: yes
2. Start the trainer first (or only)
3. Trainer: that does not compute. Twisted Evil

Keep up the good work!!!
Back to top
View user's profile Send private message
Alice0725
Expert Cheater
Reputation: 10

Joined: 24 Jul 2012
Posts: 146

PostPosted: Thu Feb 28, 2013 8:13 am    Post subject: Reply with quote

unknown_k wrote:
Nice project!

I think I found a glitch. (and I got my testing-purpose-only trainer finally working w00t)

How to reproduce:
1. ProcessName: yes, WindowClass: no, WindowName: yes
2. Start the trainer first (or only)
3. Trainer: that does not compute. Twisted Evil

Keep up the good work!!!


That's because the other window has the same WindowName.Especially , system's explorer.exe, example:when open a folder "Sleeping Dogs", then window name of explorer.exe will be "Sleeping Dogs"(if not check show full path in title bar). So, if you want to use the GetProcessIDByWindow(), you should alway set the WindowClass. Otherwise, only use the processName.

Here's how the trainer get game process id:
1. Find the game by processName, if did , skip the windowName and windowClass and return the ID.
2. If not, it will find the game by window.

You can check this "TackTrainer.GetGameProcessId" in CETack/TackTrainer.pas.

_________________
Back to top
View user's profile Send private message
unknown_k
Expert Cheater
Reputation: 5

Joined: 24 May 2011
Posts: 211

PostPosted: Thu Feb 28, 2013 11:19 am    Post subject: Reply with quote

Code:

<some boring lines of pascal code was here>


EDIT: I just realize simple is best.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Source All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites