| View previous topic :: View next topic |
| Author |
Message |
Mohsen
Advanced Cheater
![]() Reputation: 1
Joined: 04 Apr 2013
Posts: 69
Location: PE
|
 Posted: Fri Apr 05, 2013 9:14 am Post subject: Is there a way to call windows API from your trainer ? |
 |
|
How to call windows API or any dll which is inside your trainer folder functions.
For example I want to use GetTickCount64 inside kernel32.dll in my AA.
|
|
| Back to top |
|
 |
TsTg
Master Cheater
 Reputation: 5
Joined: 12 Dec 2012
Posts: 340
Location: Somewhere....
|
| Posted: Fri Apr 05, 2013 10:51 am Post subject: |
|
|
| Code: |
Alloc(Mem,1000)
[Enable]
Label(MyTickCount)
Mem:
call GetTickCount64
Mov dword [MyTickCount],eax
ret
MyTickCount:
add [eax],al //empty value (0)
add [eax],al
CreateThread(Mem)
[DISABLE]
Mem:
ret
|
|
|
| Back to top |
|
|
Mohsen
Advanced Cheater
![]() Reputation: 1
Joined: 04 Apr 2013
Posts: 69
Location: PE
|
| Posted: Fri Apr 05, 2013 11:06 am Post subject: Subject |
|
|
Thanks however I didn't mean only GetTickCount..
I want the general way to call exported functions from any dll.
Anyway good point. Thanks for shedding some light 
|
|
| Back to top |
|
|
TsTg
Master Cheater
Reputation: 5
Joined: 12 Dec 2012
Posts: 340
Location: Somewhere....
|
| Posted: Fri Apr 05, 2013 12:03 pm Post subject: |
|
|
as you see in the script, allocate a memory, push the function parameters to the stack, then call the function name, if the dll is not loaded in the process, you can add LOADLIBRARY command to the script (so Cheat Engine will load the dll for you).
| Code: |
LOADLIBRARY(YOUR DLL PATH HERE-->Example: C\TEST\MyDLL.dll)
[ENABLE]
//Your cheat code here
//.
//.
//.
//.
pushad //Copy original registers
pushfd //-------
push eax //the function first parameter
push ebx //another paramter
push 100 //another parameter
Call MyDLL.MyFunction //Call the 'MyFunction' procedure
popfd //restore original registers
popad//-----
//continue your cheat code
//.
//.
//.
|
or instead, use LoadLibraryA and GetProcAddress functions first, then use call dword [The Address Returned from GetProcAddress],
either you then run that into a separate thread (Using Createthread command), or adding the call to your cheat code.
|
|
| Back to top |
|
|
Mohsen
Advanced Cheater
![]() Reputation: 1
Joined: 04 Apr 2013
Posts: 69
Location: PE
|
| Posted: Fri Apr 05, 2013 1:17 pm Post subject: nosubje |
|
|
Simple, Complete.
Thanks for your brilliant answer
|
|
| Back to top |
|
|
Gniarf
Grandmaster Cheater Supreme
![]() Reputation: 43
Joined: 12 Mar 2012
Posts: 1285
|
| Posted: Fri Apr 05, 2013 1:31 pm Post subject: |
|
|
@TsTg:
| TsTg wrote: | | Code: |
MyTickCount:
add [eax],al //empty value (0)
add [eax],al
|
|
You can use "dd 0" (Data Dword) instead of 2*add [eax],al to store 0 over a 32 bit int. dd will store a dword with the specified value, db a byte, dq a qword, and dw a word. Strings are best stored with "db 'Blah',0" .
Aside that GetTickCount64 returns a 64bit value, in edx:eax. But since we usually make comparisons over short periods of time (less than 1190 hours), the edx part isn't always useful. 
|
|
| Back to top |
|
|
TsTg
Master Cheater
Reputation: 5
Joined: 12 Dec 2012
Posts: 340
Location: Somewhere....
|
| Posted: Fri Apr 05, 2013 2:44 pm Post subject: |
|
|
@Mohsen:
| Mohsen wrote: | Simple, Complete.
Thanks for your brilliant answer |
You're welcome
@Gniarf:
| Gniarf wrote: |
You can use "dd 0" (Data Dword) instead of 2*add [eax],al to store 0 over a 32 bit int. dd will store a dword with the specified value, db a byte, dq a qword, and dw a word. Strings are best stored with "db 'Blah',0" .
Aside that GetTickCount64 returns a 64bit value, in edx:eax. But since we usually make comparisons over short periods of time (less than 1190 hours), the edx part isn't always useful. |
thanks for those info .
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
