Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


How to properly call a function?

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
Birdi
Expert Cheater
Reputation: 0

Joined: 08 Jun 2020
Posts: 122
Location: Migrating

PostPosted: Mon Apr 05, 2021 3:53 am    Post subject: How to properly call a function? Reply with quote

I'm trying to set up some scripts to help the player enable normally level-specific modifiers in this game.

As it is, the only way to alter the modifiers themselves are with Code injection or use of a Developer Console. Finding each address is very simple with the help of the console, but I'd like to be able to change them without having to attach it every time (and easier for other users).

I'm wondering how to call the relevant functions when a script is enabled, and still change each modifier? This being either the function the game runs normally when loading a level that has a modifier on it, or the function that runs when the UE4 command is entered via the console, if that's possible?

I read a few things about createthread, but every attempt I've made crashes the game; either I'm not calling the start of the function properly or I'm doing something wrong entirely.

I'd be fine using Pointers for these if they didn't require injection.
Otherwise, can I use an AA/Lua script to create a pointer to this dynamic address and still modify it? Still kinda new with stuff like this
Back to top
View user's profile Send private message Visit poster's website
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Mon Apr 05, 2021 11:24 am    Post subject: Reply with quote

You'd need to look through the function you're calling and note every memory/register access external to the function- i.e. an access to something that wasn't initialized by the function itself.
This could be a parameter, a global, or a pointer. Parameters are easy to find and set (well, they should be). Mutable globals are becoming less common, and you probably won't have to worry about setting those to anything special. Pointers might be trouble as there's a million ways they could go wrong (e.g. a parameter is a pointer to some object, callers pass it a pointer to something on the stack, no easy way for you to know how to initialize such an object yourself especially if the object has pointers elsewhere).

Look at how the game calls the function and try to mimic it as best you can. Also make sure you're adhering to the calling convention in use- probably MS x64 ABI, but compilers can do anything with non-external functions.

Some functions are easier to call than others. Try ultimap to find calls.

Edit: This might be an XY problem. Try using the pointer scanner or code injection (search "injection copy") if you want to reliably find an address - both are likely easier than calling a function yourself.

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
Birdi
Expert Cheater
Reputation: 0

Joined: 08 Jun 2020
Posts: 122
Location: Migrating

PostPosted: Mon Apr 05, 2021 6:09 pm    Post subject: Reply with quote

I already use "Injection Copy" to find some addresses in this table, but my problem after that is being able to automatically write a value to the relevant address when the script is enabled.

As an example, I have a few visual trackers for things like the Mode/Difficulty/RNG Seed. I also have a section that lets the player choose these settings using Symbols, but it only forces these settings during the loading screen, where it matters (this is fine).

My current problem is that I'd like to have the user choose a setting for these modifiers and immediately set them, rather than wait to inject the code that's ran when it triggers normally. Simply changing the value in the table itself won't have any effect; it requires injection to take effect, or the use of the Console as mentioned above.

The goal is to be able to turn on any of these modifiers as the user sees fit for any level, rather than just levels that already have them. This is why I thought I might need to call the relevant function, but it may be beyond me at this point :<



I understand it likely can't be done since getting the pointed address requires it to be written to at least once, using this method, yeah? Would a good Aob signature be better, if possible (not explored yet)?

In this way, somehow finding the function call from the Console command should be the best solution, I think? If you have better ideas, I'd love to hear them; all input appreciated.
Back to top
View user's profile Send private message Visit poster's website
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Mon Apr 05, 2021 9:01 pm    Post subject: Reply with quote

Birdi wrote:
my problem after that is being able to automatically write a value to the relevant address when the script is enabled.
That's possible with Lua, but you'll need to wait for the injection to run for the symbol to be populated.
Code:
[ENABLE]
aobscan(UniqueInjectionPointName,...)
alloc(newmem,2048)
globalalloc(MySpecialAddress,8)

newmem:
  mov [MySpecialAddress],rax
  // original code
  mov [rax+2C],ecx
  jmp return

UniqueInjectionPointName:
  jmp newmem
  nop...
return:

{$lua}
if syntaxcheck then return end

local t = createTimer()
t.Interval = 500
t.OnTimer = function(t)
  if not memrec.Enabled then t.destroy() end
  local p = readPointer('MySpecialAddress')
  if p ~= 0 then
    -- symbol got initialized; write value
    writeInteger(p+0x2c,7)
    t.destroy()
  end
end
{$asm}
[DISABLE]
...
Edit: in hindsight, you could also just do this in the code injection... oh well; Lua is fun anyway.
If you can't find a good injection point that accesses the address you want, try finding a better injection point that accesses a pointer to the address you want (doesn't need to be a static pointer).

Birdi wrote:
I also have a section that lets the player choose these settings using Symbols, but it only forces these settings during the loading screen
You can copy the address in the code injection and use that address to write values whenever you want. Using the example above, add a new address, check the pointer checkbox, base address MySpecialAddress, offset 2c.
_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
Birdi
Expert Cheater
Reputation: 0

Joined: 08 Jun 2020
Posts: 122
Location: Migrating

PostPosted: Tue Apr 06, 2021 2:47 am    Post subject: Reply with quote

I gave it a shot and it reflects in the table, but similarly to as if you edit it manually it does not reflect in-game.. I guess for now I'll keep searching for a way to call the functions that are tied to the console commands.

Thanks for the help Penguin, I still learned something Smile
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites