Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Lua code injection not working on browser game

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
candyass
How do I cheat?
Reputation: 0

Joined: 30 Oct 2023
Posts: 3

PostPosted: Mon Oct 30, 2023 8:44 am    Post subject: Lua code injection not working on browser game Reply with quote

I cannot inject lua code from browser game using CE

I want to simulate mouse click using lua, but it's not working, even when i inject simple code like print, it still not injected

can someone help me how to do this, is there something different going when injecting lua code to browser games using CE


here's the code

loadlibrary(luaclient-x86_64.dll)
luacall(openLuaServer('CELUASERVER'))

CELUA_ServerName:
db 'CELUASERVER',0

{
//luacall call example:
//Make sure rsp is aligned on a 16-byte boundary when calling this function
mov rcx, addresstostringwithfunction //(The lua function will have access to the variable passed by name "parameter")
mov rdx, integervariableyouwishtopasstolua
sub rsp,20
call CELUA_ExecuteFunction // or CELUA_ExecuteFunctionAsync if you don't need GUI access or want to handle it yourself
add rsp,20

//------
//Alternate call by ref example:

mov ecx,[addresswithluafunctionidstored]
test ecx,ecx
jne short hasrefid

mov rcx,addresswithluafunctionname
call CELUA_GetFunctionReferenceFromName //Basically calls createRef(functionname) and returns the value
mov [addresswithluafunctionidstored],eax
mov ecx,eax

hasrefid:
mov edx,numberofparameterstopass
mov r8,addresswithparameterlist //could be the stack. e.g lea r8,[rsp+8]
mov [r8],param1
mov [r8+8],param2
mov [r8+c],param3
//...
mov r9,0 //0=no async, 1=async. Use async if you do not wish to update the GUI. Faster
call CELUA_ExecuteFunctionByReference

When done RAX will contain the result of the lua function
And as per 64-bit calling convention, RCX, RDX, R8, R9, R10, R11 may have been altered. So save/restore them beforehand
}
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048,"chrome.dll"+55796CF)
label(returnhere)
label(originalcode)
label(exit)

newmem: //this is allocated memory, you have read,write,execute access
//place your code here
{$luacode}
print("execute lua")
{$asm}

originalcode:
movsd [r9+03],xmm0

exit:
jmp returnhere

"chrome.dll"+55796CF:
jmp newmem
nop
returnhere:




[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"chrome.dll"+55796CF:
db F2 41 0F 11 41 03
//movsd [r9+03],xmm0
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 152

Joined: 06 Jul 2014
Posts: 4706

PostPosted: Mon Oct 30, 2023 9:38 am    Post subject: Reply with quote

No need for the "call CE Lua function" template. Use either the "Full injection" or the "AOB Injection" templates.

This works fine for me in the CE tutorial:
Code:
loadlibrary(luaclient-x86_64.dll)

define(address,"Tutorial-x86_64.exe"+2B4BC)
define(bytes,29 83 F8 07 00 00)

[ENABLE]
assert(address,bytes)
alloc(newmem,$1000,"Tutorial-x86_64.exe"+2B4BC)

label(return)

newmem:
{$luacode}
print'pressed the button'
{$asm}
  sub [rbx+000007F8],eax
  jmp return

address:
  jmp newmem
  nop
return:

[DISABLE]

address:
  db bytes
  // sub [rbx+000007F8],eax

dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: Tutorial-x86_64.exe+2B4BC

Tutorial-x86_64.exe+2B4AF: B9 05 00 00 00           - mov ecx,00000005
Tutorial-x86_64.exe+2B4B4: E8 57 47 FE FF           - call Tutorial-x86_64.exe+FC10
Tutorial-x86_64.exe+2B4B9: 83 C0 01                 - add eax,01
// ---------- INJECTING HERE ----------
Tutorial-x86_64.exe+2B4BC: 29 83 F8 07 00 00        - sub [rbx+000007F8],eax
// ---------- DONE INJECTING  ----------
Tutorial-x86_64.exe+2B4C2: 48 8D 4D F8              - lea rcx,[rbp-08]
Tutorial-x86_64.exe+2B4C6: E8 45 DA FD FF           - call Tutorial-x86_64.exe+8F10
}
This prints the text when the "Hit me" button is pressed on step 2.

Are you sure the injection point is being executed?

_________________
I don't know where I'm going, but I'll figure it out when I get there.


Last edited by ParkourPenguin on Mon Oct 30, 2023 9:41 am; edited 1 time in total
Back to top
View user's profile Send private message
Famine
Cheater
Reputation: 0

Joined: 23 Oct 2023
Posts: 27
Location: A club where people wee on each other.

PostPosted: Mon Oct 30, 2023 9:40 am    Post subject: Reply with quote

While this approach can work for some games, it's essential to understand that not all games can be manipulated this way. Also, browser games often run in a sandboxed environment, making it more challenging to inject external code.

Here are some steps to consider and issues to address when attempting to inject Lua code into a browser game:

Verify Browser Compatibility: Ensure that the browser you are using is compatible with the tools you are using for code injection. Some browsers are more secure and restrict external code execution.

Sandboxed Environment: Browser games typically run in a sandboxed environment, limiting external code execution for security reasons. Injecting code into a browser game may not be possible, or it may require more advanced techniques.

Game's Technology Stack: The effectiveness of code injection depends on the technology used to build the game. Games built with technologies like WebGL, Unity, or WebAssembly may have different ways of interacting with the game code.

Debugging Tools: If you're using Cheat Engine, make sure it's correctly configured to attach to the browser process where the game is running. This might involve specifying the correct process name or ID.

Lua Compatibility: Ensure that the Lua environment in the game allows for external code execution. Not all Lua implementations are compatible with external code injection.

Security Measures: The browser may have security features that prevent external code execution. Make sure your browser is not blocking the execution of injected code.

Browser Extensions: Some browser extensions, such as script blockers, might interfere with code injection. Disable or configure these extensions if necessary.

Game Updates: Game updates or changes to the website's code can break your code injection. Ensure your Lua injection code is compatible with the current version of the game.

Anti-Cheat Systems: Be aware that many online games employ anti-cheat systems that can detect and block code injection attempts. Alternate Techniques: If direct code injection doesn't work, you may need to explore other methods, such as reverse engineering the game or using browser developer tools to inspect and manipulate game elements.

_________________
LeFiXER wrote:
You probably should read the replies to make sure someone else hasn't already mentioned what you are about to say. It gives the impression that you are ignorant of other members in this community.
Back to top
View user's profile Send private message
candyass
How do I cheat?
Reputation: 0

Joined: 30 Oct 2023
Posts: 3

PostPosted: Mon Oct 30, 2023 10:39 am    Post subject: Reply with quote

ParkourPenguin wrote:
No need for the "call CE Lua function" template. Use either the "Full injection" or the "AOB Injection" templates.

This works fine for me in the CE tutorial:
Code:
loadlibrary(luaclient-x86_64.dll)

define(address,"Tutorial-x86_64.exe"+2B4BC)
define(bytes,29 83 F8 07 00 00)

[ENABLE]
assert(address,bytes)
alloc(newmem,$1000,"Tutorial-x86_64.exe"+2B4BC)

label(return)

newmem:
{$luacode}
print'pressed the button'
{$asm}
  sub [rbx+000007F8],eax
  jmp return

address:
  jmp newmem
  nop
return:

[DISABLE]

address:
  db bytes
  // sub [rbx+000007F8],eax

dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: Tutorial-x86_64.exe+2B4BC

Tutorial-x86_64.exe+2B4AF: B9 05 00 00 00           - mov ecx,00000005
Tutorial-x86_64.exe+2B4B4: E8 57 47 FE FF           - call Tutorial-x86_64.exe+FC10
Tutorial-x86_64.exe+2B4B9: 83 C0 01                 - add eax,01
// ---------- INJECTING HERE ----------
Tutorial-x86_64.exe+2B4BC: 29 83 F8 07 00 00        - sub [rbx+000007F8],eax
// ---------- DONE INJECTING  ----------
Tutorial-x86_64.exe+2B4C2: 48 8D 4D F8              - lea rcx,[rbp-08]
Tutorial-x86_64.exe+2B4C6: E8 45 DA FD FF           - call Tutorial-x86_64.exe+8F10
}
This prints the text when the "Hit me" button is pressed on step 2.

Are you sure the injection point is being executed?









thank you for your response, I tried the tutorial & some .exe games it works
but for game that is run on browser, lua injection doesn't work

by the way I am still able to change value on address & asm injection, because I want to simulate mouse clicks, I don't know how to do that using asm, so I want to use lua


I was hoping I can add instruction for mouse click without modifying any game value
I am a newbie using CE & I dont know how to do that besides using lua injection
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 152

Joined: 06 Jul 2014
Posts: 4706

PostPosted: Mon Oct 30, 2023 11:27 am    Post subject: Reply with quote

The only thing I can think of is that the game isn't executing the injection point. e.g. in the tutorial, you have to click on the "Hit me" button for the {$luacode} to run. It won't magically run on its own.

Do you need to use {$luacode}? Could you do what you want in the main Lua script?

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
candyass
How do I cheat?
Reputation: 0

Joined: 30 Oct 2023
Posts: 3

PostPosted: Mon Nov 06, 2023 3:26 am    Post subject: Reply with quote

ParkourPenguin wrote:
The only thing I can think of is that the game isn't executing the injection point. e.g. in the tutorial, you have to click on the "Hit me" button for the {$luacode} to run. It won't magically run on its own.

Do you need to use {$luacode}? Could you do what you want in the main Lua script?






Sorry for the late response, after checking I figure out the problem is that, cheat engine cannot load dll on browser game, so lua injection doesn't work
Back to top
View user's profile Send private message
panraven
Grandmaster Cheater
Reputation: 62

Joined: 01 Oct 2008
Posts: 958

PostPosted: Mon Nov 06, 2023 5:17 am    Post subject: Reply with quote

Not sure if it helpful, I start chrome with command in <WIN>-R
Code:

chrome -allow-third-party-modules -no-sandbox -incognito

it open a single window/tab chrome without my previously opened tabs/windows (probably most other setting).
It should be able to make the command to a shortcut
I've not test the effects of the flags (esp. -allow-third-party-modules
Quote:
// Allows third party modules to inject by disabling the BINARY_SIGNATURE
// mitigation policy on Win10+. Also has other effects in ELF.
const char kAllowThirdPartyModules[] = "allow-third-party-modules";
).
Here are some (likely not all) switch/flag for chromium (not necessarily work for chrome on specific platform) https://github.com/chromium/chromium/blob/8db392c0bb274ecf5b9eb42365b4e1c2e719aa49/sandbox/policy/switches.cc#L97
Behave similarly in another chromium browser (Vivaldi)
Code:

"<path_to>\vivaldi.exe" -allow-third-party-modules -no-sandbox -incognito


updated:
more chromium flags (it is auto-updated, so current?):
https://peter.sh/experiments/chromium-command-line-switches/

_________________
- Retarded.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites