Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Call for executing LUA in Cheat Engine from game code

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Lua Scripting
View previous topic :: View next topic  
Author Message
jgoemat
Master Cheater
Reputation: 22

Joined: 25 Sep 2011
Posts: 252

PostPosted: Wed Jun 13, 2018 5:00 pm    Post subject: Call for executing LUA in Cheat Engine from game code Reply with quote

I love the ability to call lua code in CE from the games, just did some testing and the async is like 50k calls/second and the others 10-15k. I want to write an AA override so you can do calls like this:

Code:
CELUA_ASYNC(MyFunction, eax, [ebp+08], esi)


I think I have it figured out, I just want to know if anyone can think of any issues with how I'm doing it. I'd allocate global storage for '__celua_initialized__' if it wasn't already allocated and contained valid information, I'm thinking a magic number to check... Then it would execute a script like this:

Code:
loadlibrary(luaclient-i386.dll)
luacall(openLuaServer('CELUASERVER'))

__celua_initialized__:
  dd 0               // result will go here, should be FFFFFFFF on success
  dd 1234567f        // magic number
  db 'CELUASERVER',0 // server name

__celua_initialized__+100:
  // code

  push __celua_initialized__+8    // server name
  call CELUA_Initialize
  mov [__celua_initialized__],eax // save result
  ret

CREATETHREAD(__celua_initialized__+100)


Then it would do the same for the function name, with a memory area like '__celua_FUNCTION_MyFunction__'. Calling '__celua_FUNCTION_MyFunction__+100' will return the function reference in eax, or 0 if it couldn't be found. This only has to be assembled for the function once, even if the lua function is called in multiple AA scripts.

Code:
__celua_FUNCTION_MyFunction__:
  dd 0               // result will go here, should be non-zero on success
  dd 1234567f        // magic number
  db 'MyFunction',0  // function name

__celua_FUNCTION_MyFunction__+100:
  // code

  cmp [__celua_FUNCTION_MyFunction__],0
  jne @F
  cmp [__celua_initialized__],ffffffff
  jne @F
  push __celua_FUNCTION_MyFunction__+8    // function name
  call CELUA_GetFunctionReferenceFromName
  mov [__celua_FUNCTION_MyFunction__],eax // save result
  ret
@@:
  mov eax, [__celua_FUNCTION_MyFunction__]
  ret


Then it would return the code to inject in each script to call the function. Since lua has already done the allocations, the symbols should be there. This is the actual code that would be returned by 'CELUA_async(MyFunction, eax, [ebp+08], esi)'

Code:
// -------------------- BEGIN RETURNED CODE --------------------
  // push registers and flags
  pushad
  pushfd

  // push parameters first, calls may change registers
  push eax         // arg1
  push [ebp+08]// arg2
  push esi          // arg3

  // find function reference, 0 means not found or not initialized
  call __celua_FUNCTION_MyFunction__+100
  test eax,eax
  jz @F

  mov ecx, esp  // save pointer to arg3 on the stack to pass as parameters
  push 1        // async
  push ecx      // pointer to parameters (on stack)
  push 3        // number of parameters
  push eax      // function reference
  // this handles removing those 4 values from the stack
  call CELUA_ExecuteFunctionByReference

  @@:
  add esp,0c       // pop off args from stack
  mov [esp+20],eax // store return value in eax that will be popped by popad
  popfd
  popad
// -------------------- END RETURNED CODE --------------------


It shouldn't change the values of the flags or any registers except EAX which has the return value. The CREATETHREAD will try to call the initialize right away, but it will be called when attempting to get the function reference if it hasn't been already. The function reference should only be found once...

Does anyone see any issues with doing it like this?
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Thu Jun 14, 2018 1:43 am    Post subject: Reply with quote

seems about right (though missing 64-bit code)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
jgoemat
Master Cheater
Reputation: 22

Joined: 25 Sep 2011
Posts: 252

PostPosted: Fri Jun 15, 2018 6:31 pm    Post subject: Reply with quote

Well, have the i386 version done, working on 64 bit... You can try it out with this:

Code:
{$lua}
function TestCELUA(...)
  local args = {...}
  print('TestCELUA called...')
  for i,v in ipairs(args) do
    print('  arg '..tostring(i)..' is '..string.format('0x%x', v))
  end
end
{$asm}

globalalloc(test_celua,$1000)
test_celua:
CELUA_ASYNC(TestCELUA, eax, esi, 1234)
ret
CREATETHREAD(test_celua)



CELUA.lua
 Description:
Table script for CELUA_XXX calls

Download
 Filename:  CELUA.lua
 Filesize:  13.34 KB
 Downloaded:  271 Time(s)

Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Lua Scripting All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites