Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


CE Autoassembler: Printing values out

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
Menoetius
Cheater
Reputation: 0

Joined: 01 Jul 2018
Posts: 29

PostPosted: Fri Jul 27, 2018 8:34 pm    Post subject: CE Autoassembler: Printing values out Reply with quote

Just want to know if there's any way either directly or with a workaround to print out values anywhere that CE reads.

>>print esp
cmp [esp+964],A7
je mycode
jmp code

Something akin to that. If anyone knows, thank you kindly for your info and help.

_________________
Big Gun
#1
Shoot the Hell Outta You
Back to top
View user's profile Send private message
FreeER
Grandmaster Cheater Supreme
Reputation: 53

Joined: 09 Aug 2013
Posts: 1091

PostPosted: Fri Jul 27, 2018 8:37 pm    Post subject: Reply with quote

Code:
setBreakpoint(address, function()
  print(ESP, readInteger(ESP+0x964))
  debug_continueFromBreakpoint(co_run)
end)

_________________
https://github.com/FreeER/ has a few CE related repos
Back to top
View user's profile Send private message
Menoetius
Cheater
Reputation: 0

Joined: 01 Jul 2018
Posts: 29

PostPosted: Sat Jul 28, 2018 1:29 am    Post subject: Reply with quote

I'm gonna assume that's lua so I'd shove it somewhere in the autoassembler like this

Code:

aobscanmodule(INJECT,Risk of Rain.exe,89 94 81 C0 00 00 00) // should be unique
alloc(newmem,$1000)
alloc(cdMax,$4)
alloc(cdAut0,$4)

label(code)
label(return)
alloc(myCool,$500)

cdAut0:
db 00 00 02 6C

cdMax:
db FF FF FF FF

newmem:
  {$lua}
  setBreakpoint(INJECT)
  print(ESP, readInteger(ESP+0x964))
  debug_continueFromBreakpoint(co_run)
  end)
  {$lua}
  cmp [ebp+8B8],cdAut0
  je myCool
  jmp code

myCool:
  cmp [ebp+8C4],264
  jne code
  mov [edx],cdMax
  jmp code

code:
  mov [ecx+eax*4+000000C0],edx
  jmp return

INJECT:
  jmp newmem
  nop
  nop
return:
registersymbol(INJECT)



Dunno what I should do with function(), according to wiki.cheatengine. org/index.php?title=Lua:debug_setBreakpoint it can be a string or a function. I believe another lua function, but it appears I may be able to omit it. Thanks for letting me know lua CAN read directly from memory, didn't know if I had to do some conversions or global vars. Anyways I can't seem to get the above lua code functioning in asm, maybe I need to import something so it recognizes the AOB as an address?

Reason I'm requesting the print out mem that you kindly provided is because the program always crashes on cmp, and I'm unsure if I'm writing it wrong, or there's no esp+964 value to compare with.

Thanks for the assistance my man. If one could point out the mistake I'm making in the cmp that crashes the exe, that would also be greatly appreciated. c:

EDIT: I remedied the cmp by using ESP instead of EBP for the stack reference and holy cow it twerks.
EDIT2:Well now it's back to crashing lmao
EDIT3:I can get it to function with a xor edx,edx but I'm really interested on how to make it work when I manually put a value in there
Code:

{ Game   : Risk of Rain.exe
  Version:
  Date   : 2018-07-28
  Author : Mexon

  This script does blah blah blah
}

[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat

 
 
aobscanmodule(INJECT,Risk of Rain.exe,89 94 81 C0 00 00 00) // should be unique
alloc(newmem,$1000)
alloc(cdMax,$4)
alloc(cdAut0,$4)
alloc(cdAut1,$4)

label(code)
label(return)
alloc(myCool,$500)

cdAut0:
db 00 00 02 6C

cdMax:
db FF FF FF FF

newmem:
  cmp [ESP+97C],26C     //ESP+97C  ebp+8B8
  je myCool
  jmp code

myCool:
  mov [edx],FFFFFFFF
  jmp code

code:
  mov [ecx+eax*4+000000C0],edx
  jmp return

INJECT:
  jmp newmem
  nop
  nop
return:
registersymbol(INJECT)

[DISABLE]
//code from here till the end of the code will be used to disable the cheat
INJECT:
  db 89 94 81 C0 00 00 00

unregistersymbol(INJECT)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "Risk of Rain.exe"+355AD

"Risk of Rain.exe"+3559A: CC                       -  int 3
"Risk of Rain.exe"+3559B: CC                       -  int 3
"Risk of Rain.exe"+3559C: CC                       -  int 3
"Risk of Rain.exe"+3559D: CC                       -  int 3
"Risk of Rain.exe"+3559E: CC                       -  int 3
"Risk of Rain.exe"+3559F: CC                       -  int 3
"Risk of Rain.exe"+355A0: 8B 44 24 04              -  mov eax,[esp+04]
"Risk of Rain.exe"+355A4: 83 F8 0B                 -  cmp eax,0B
"Risk of Rain.exe"+355A7: 77 0B                    -  ja "Risk of Rain.exe"+355B4
"Risk of Rain.exe"+355A9: 8B 54 24 08              -  mov edx,[esp+08]
// ---------- INJECTING HERE ----------
"Risk of Rain.exe"+355AD: 89 94 81 C0 00 00 00     -  mov [ecx+eax*4+000000C0],edx
// ---------- DONE INJECTING  ----------
"Risk of Rain.exe"+355B4: C2 08 00                 -  ret 0008
"Risk of Rain.exe"+355B7: CC                       -  int 3
"Risk of Rain.exe"+355B8: CC                       -  int 3
"Risk of Rain.exe"+355B9: CC                       -  int 3
"Risk of Rain.exe"+355BA: CC                       -  int 3
"Risk of Rain.exe"+355BB: CC                       -  int 3
"Risk of Rain.exe"+355BC: CC                       -  int 3
"Risk of Rain.exe"+355BD: CC                       -  int 3
"Risk of Rain.exe"+355BE: CC                       -  int 3
"Risk of Rain.exe"+355BF: CC                       -  int 3
}

_________________
Big Gun
#1
Shoot the Hell Outta You
Back to top
View user's profile Send private message
FreeER
Grandmaster Cheater Supreme
Reputation: 53

Joined: 09 Aug 2013
Posts: 1091

PostPosted: Sat Jul 28, 2018 6:55 am    Post subject: Reply with quote

mov [edx],FFFFFFFF
You do realize that's how tell the computer to take the value in edx as an address, and set it to FFFFFFFF (aka -1). Right?

While what I assume is the original code is just moving edx into something else which does not imply that edx stores an address aka is a pointer

Did you perhaps mean to change edx rather than what it "points" to using
mov edx, -1 or mov edx, FFFFFFFF


as for the lua, "function() ... end" is how you can pass an anonymous/unnamed/closure/lambda function to another function. So you'd do nothing "with" it, you'd just paste it as is. However, the {$lua} blocks in AA scripts are really more meta-scripting, they don't run in place with the assembly code, they are run before any of the other AA code (so aobscans aren't done and labels are meaningless) and if it returns a string that string is used as AA code in place of the {$lua} block (eg. return ('nop\n'):rep(300) to put 300 nops in the code without typing them all lol).

While there's a template to call lua code from assembly and a lua extension that makes it a bit easier in this case there's really no need to do that if it's just for debugging, you can just run the code from the lua engine (ctrl+shift+alt+L from the main CE window, or just ctrl+L from the memory viewer, or it's tools menu) after getting the real address or using 'INJECT' (with the quotes) if you can enable the script without it immediately crashing to tell it to use the address associated with the symbol INJECT


edit: also, it should probably be debug_setBreakpoint not just setBreakpoint... my bad.

_________________
https://github.com/FreeER/ has a few CE related repos
Back to top
View user's profile Send private message
Menoetius
Cheater
Reputation: 0

Joined: 01 Jul 2018
Posts: 29

PostPosted: Thu Aug 02, 2018 3:27 pm    Post subject: Reply with quote

Yeh I figured out the assembly part, really wasn't too important or complex. I've still been unable to discern how to print values out mid assembly. If anyone has any further suggestions I'd be quite grateful.
_________________
Big Gun
#1
Shoot the Hell Outta You
Back to top
View user's profile Send private message
bonparadorn
How do I cheat?
Reputation: 0

Joined: 09 Apr 2012
Posts: 3

PostPosted: Mon Mar 21, 2022 5:11 am    Post subject: Reply with quote

Code:
setBreakpoint(INJECT)

This command cannot compile?
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Mon Mar 21, 2022 10:24 am    Post subject: Reply with quote

{$luacode} is a thing that exists now.
https://forum.cheatengine.org/viewtopic.php?t=618134

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites