 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
darmy
How do I cheat?
![]() Reputation: 0
Joined: 23 Nov 2023
Posts: 6
|
 Posted: Thu Nov 23, 2023 5:50 pm Post subject: Trouble with Symbols Not Updating in Cheat Engine via Lua Sc |
 |
|
Hello,
I'm experiencing issues with my Lua script in Cheat Engine, where symbols I add to a custom symbol list aren't being reflected in Cheat Engine's memory viewer or other tools.
Key Points:
Goal: Add symbols to Cheat Engine's symbol list dynamically when a process is opened.
Script Process: Retrieves module names, addresses, and sizes; adds them as symbols using symbols.addSymbol.
Issue: Despite successful script execution and correct symbol printing, Cheat Engine does not show these symbols in its internal list.
Attempts to Resolve:
Used symbols.register() and reinitializeSymbolhandler(true).
Applied registerSymbol directly for symbol registration.
No errors in script execution, but symbols aren't accessible in Cheat Engine.
Need advice on ensuring the symbols update correctly in Cheat Engine. Any help is appreciated!
| Code: | symbols = createSymbolList();
symbols.register();
function onOpenProcess(pid)
symbols.unregister();
symbols = createSymbolList();
symbols.register();
reinitializeSymbolhandler();
if (pid == 4) then
return;
end
local proc = dbk_getPEProcess(pid);
printf("proc: %08X", proc);
local peb = readQword(proc + 0x550);
printf("peb: %08X", peb);
local ldr = readQword(peb + 0x18);
printf("ldr: %08X", ldr);
local index = readQword(ldr + 0x10);
printf("index: %08X\n", index);
for i = 1, 150 do
local mod = readQword(index);
printf("mod: %08X", mod);
local name = readString(readQword(mod + 0x58 + 0x8), readSmallInteger(mod + 0x58), true);
printf("name: %s", name);
local base = readQword(mod + 0x30);
printf("base: %08X", base);
local size = readInteger(mod + 0x40);
printf("size: %04X\n", size);
symbols.addModule(name, "", base, size, true);
index = readQword(mod);
end
local name = readString(proc + 0x5A8, 15);
print("name:", name);
local base = readQword(proc + 0x520);
printf("base: %08X", base);
local size = readQword(proc + 0x498);
printf("size: %04X", size);
symbols.addModule(name, "", base, size);
reinitializeSymbolhandler(true);
print("finished!");
end |
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 471
Joined: 09 May 2003
Posts: 25814
Location: The netherlands
|
| Posted: Thu Nov 23, 2023 6:03 pm Post subject: |
|
|
your script only seems to be adding modules, no symbols
in memoryview, is view->show module addresses checked?
e.g: this code works:
| Code: |
sl=createSymbolList()
sl.register()
sl.addModule('bla.dat','',0x200000000,65536,true)
printf("%x", getAddress('bla.dat+1234'))
|
and it shows up in the disassembler and hexview
It's also recommended to do proces open code inside MainForm.OnProcessOpened: function(processid, processhandle, caption) as OnOpenProcess can get called multiple times and from non UI threads
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
darmy
How do I cheat?
![]() Reputation: 0
Joined: 23 Nov 2023
Posts: 6
|
| Posted: Thu Nov 23, 2023 6:11 pm Post subject: |
|
|
| Dark Byte wrote: | your script only seems to be adding modules, no symbols
in memoryview, is view->show module addresses checked?
e.g: this code works:
| Code: |
sl=createSymbolList()
sl.register()
sl.addModule('bla.dat','',0x200000000,65536,true)
printf("%x", getAddress('bla.dat+1234'))
|
and it shows up in the disassembler and hexview
It's also recommended to do proces open code inside MainForm.OnProcessOpened: function(processid, processhandle, caption) as OnOpenProcess can get called multiple times and from non UI threads |
Yes of course, i also use a rebuilt version of CE, i don't know if it has anything to do with it, would make no sense but who knows.
Find this image to explain maybe the context : imgur gZ48GSY .png
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 471
Joined: 09 May 2003
Posts: 25814
Location: The netherlands
|
| Posted: Thu Nov 23, 2023 6:30 pm Post subject: |
|
|
The symbollist isn't an internal windows module list and doesn't affect the enumModules api that modulelistscan.lua uses to populate the module list
If you wish that specific list to show extra entries you'll need to edit modulelistscan.pas(it's in autorun) and add them in there
(you can use your symbols object and use symbols.getModuleList() and parse the results over to the combobox)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
darmy
How do I cheat?
![]() Reputation: 0
Joined: 23 Nov 2023
Posts: 6
|
| Posted: Thu Nov 23, 2023 7:02 pm Post subject: |
|
|
All right, thank you very much, i have now a "working" function but i also do have some problems.
My script is not returning all the modules i see in process hacker.
I only get a bunch of them and also i iterate through the same list each time ?
| Code: |
MainForm.OnProcessOpened = function(processid, processhandle, caption)
local sl = createSymbolList()
sl.register()
local proc = dbk_getPEProcess(processid)
local peb = readQword(proc + 0x550)
local ldr = readQword(peb + 0x18)
local index = readQword(ldr + 0x10)
for i = 1, 150 do
local mod = readQword(index)
if mod == nil or mod == 0 then break end
local name = readString(readQword(mod + 0x58 + 0x8), readSmallInteger(mod + 0x58), true)
local base = readQword(mod + 0x30)
local size = readInteger(mod + 0x40)
-- Debug print the module name, base, and size
--printf("Module name: %s\n Base: %08X\n Size: %X\n\n", name, base, size)
sl.addModule(name, '', base, size, true)
index = readQword(mod)
end
local processName = readString(proc + 0x5A8, 15)
local processBase = readQword(proc + 0x520)
local processSize = readQword(proc + 0x498)
sl.addModule(processName, '', processBase, processSize, true)
--printf("Modules from %s have been added to the symbol list\n", caption)
end
|
| Code: |
Module name: ntdll.dll
Base: 7FFD31A50000
Size: 1F8000
Module name: KERNELBASE.dll
Base: 7FFD2F580000
Size: 2F6000
...
Module name: ntdll.dll
Base: 7FFD31A50000
Size: 1F8000
Module name: KERNELBASE.dll
Base: 7FFD2F580000
Size: 2F6000
Module name: GDI32.dll
Base: 7FFD30BB0000
Size: 2C000
Module name: gdi32full.dll
Base: 7FFD2F880000
Size: 11A000
Module name: ucrtbase.dll
Base: 7FFD2F480000
Size: 100000
Module name: CRYPT32.dll
Base: 7FFD2F2F0000
Size: 15D000
Module name: msvcrt.dll
Base: 7FFD30BE0000
Size: 9E000
Module name: RPCRT4.dll
Base: 7FFD31470000
Size: 126000
Module name: combase.dll
Base: 7FFD2FFD0000
Size: 354000
Module name: ADVAPI32.dll
Base: 7FFD2FF20000
Size: AF000
Module name: SHELL32.dll
Base: 7FFD30330000
Size: 744000
Module name: gdiplus.dll
Base: 7FFD17750000
Size: 1A5000
Module name: WINHTTP.dll
Base: 7FFD26ED0000
Size: 10A000
Module name: IMM32.DLL
Base: 7FFD31980000
Size: 30000
Module name: windows.storage.dll
Base: 7FFD2D210000
Size: 79B000
Module name: SHCORE.dll
Base: 7FFD31800000
Size: AD000
Module name: ntmarta.dll
Base: 7FFD2E2D0000
Size: 33000
Module name: bcrypt.dll
Base: 7FFD2F9A0000
Size: 27000
Module name: VERSION.dll
Base: 7FFD28A10000
Size: A000
Module name: IPHLPAPI.DLL
Base: 7FFD2E570000
Size: 3B000
Module name: bcryptPrimitives.dll
Base: 7FFD2FA20000
Size: 82000
Module name: clbcatq.dll
Base: 7FFD30F70000
Size: A9000
Module name: wbemcomn.dll
Base: 7FFD23880000
Size: 90000
Module name: fastprox.dll
Base: 7FFD22700000
Size: 10B000
Module name: USERENV.dll
Base: 7FFD2F020000
Size: 2E000
Module name: OnDemandConnRouteHelper.dll
Base: 7FFD14500000
Size: 17000
Module name: mswsock.dll
Base: 7FFD2E8D0000
Size: 6A000
Module name: NSI.dll
Base: 7FFD31450000
Size: 8000
Module name: DNSAPI.dll
Base: 7FFD2E5B0000
Size: CA000
Module name: fwpuclnt.dll
Base: 7FFD260D0000
Size: 80000
Module name: mskeyprotect.dll
Base: 7FFD172B0000
Size: 15000
Module name: ncrypt.dll
Base: 7FFD2EBE0000
Size: 27000
Module name: DPAPI.DLL
Base: 7FFD2EF20000
Size: A000
Module name: rsaenh.dll
Base: 7FFD2E190000
Size: 34000
Module name: imagehlp.dll
Base: 7FFD31660000
Size: 1D000
Module name: cryptnet.dll
Base: 7FFD27800000
Size: 31000
Module name: CFGMGR32.dll
Base: 7FFD2F9D0000
Size: 4E000
Module name: sysdll_Win64_retail.dll
Base: 7FFD21270000
Size: 9000
Module name: amd_ags_x64.dll
Base: 7FFD20540000
Size: F000
Module name: ffx_fsr2_api_x64.dll
Base: 7FFCFE6C0000
Size: 15000
Module name: AVRT.dll
Base: 7FFD28A00000
Size: A000
Module name: dbgcore.DLL
Base: 7FFD0CEE0000
Size: 34000
Module name: inputhost.dll
Base: 7FFD0DA70000
Size: 152000
Module name: PROPSYS.dll
Base: 7FFD2AC00000
Size: F6000
Module name: CoreUIComponents.dll
Base: 7FFD2C470000
Size: 35B000
Module name: WTSAPI32.dll
Base: 7FFD29250000
Size: 14000
Module name: XeFX_Loader.dll
Base: 7FFD1D720000
Size: 10000
Module name: MFPlat.DLL
Base: 7FFD28F00000
Size: 1BB000
Module name: dhcpcsvc6.DLL
Base: 7FFD28440000
Size: 17000
Module name: Engine.BuildInfo.dll
Base: 7FFD07320000
Size: 7000
Module name: textinputframework.dll
Base: 7FFD0C4B0000
Size: FA000
Module name: IGO64.dll
Base: 7FFCA3E40000
Size: 160000
Module name: resourcepolicyclient.dll
Base: 7FFD2CC00000
Size: 14000
Module name: drvstore.dll
Base: 7FFD27490000
Size: 148000
Module name: D3D12Core.dll
Base: 7FFC43F80000
Size: 2E8000
Module name: nvldumdx.dll
Base: 7FFD16710000
Size: BC000
Module name: nvwgf2umx.dll
Base: 7FFD0F0E0000
Size: 5408000
Module name: UMPDC.dll
Base: 7FFD2E550000
Size: 12000
Module name: nvspcap64.dll
Base: 7FFCD3A70000
Size: 2D1000
Module name: dxilconv.dll
Base: 7FFC61940000
Size: 139000
Module name: twinapi.appcore.dll
Base: 7FFD27100000
Size: 207000
Module name: D3DCOMPILER_47.dll
Base: 7FFD2B070000
Size: 45D000
Module name: dxil.dll
Base: 7FFC54830000
Size: 12E000
Module name: AUDIOSES.DLL
Base: 7FFD290C0000
Size: 182000
Module name: HID.DLL
Base: 7FFD2D9B0000
Size: D000
Module name: dwmapi.dll
Base: 7FFD2CF00000
Size: 2F000
Module name: WindowManagementAPI.dll
Base: 7FFD17EF0000
Size: A1000
Module name: nil
Base: 00000000
Size: 0
Module name: ntdll.dll
Base: 7FFD31A50000
Size: 1F8000
Module name: KERNELBASE.dll
Base: 7FFD2F580000
Size: 2F6000
Module name: GDI32.dll
Base: 7FFD30BB0000
Size: 2C000
Module name: gdi32full.dll
Base: 7FFD2F880000
Size: 11A000
Module name: ucrtbase.dll
Base: 7FFD2F480000
Size: 100000
Module name: CRYPT32.dll
Base: 7FFD2F2F0000
Size: 15D000
Module name: msvcrt.dll
Base: 7FFD30BE0000
Size: 9E000
Module name: RPCRT4.dll
Base: 7FFD31470000
Size: 126000
Module name: combase.dll
Base: 7FFD2FFD0000
Size: 354000
Module name: ADVAPI32.dll
Base: 7FFD2FF20000
Size: AF000
Module name: SHELL32.dll
Base: 7FFD30330000
Size: 744000
Module name: gdiplus.dll
Base: 7FFD17750000
Size: 1A5000
Module name: WINHTTP.dll
Base: 7FFD26ED0000
Size: 10A000
Module name: IMM32.DLL
Base: 7FFD31980000
Size: 30000
Module name: windows.storage.dll
Base: 7FFD2D210000
Size: 79B000
Module name: SHCORE.dll
Base: 7FFD31800000
Size: AD000
Module name: ntmarta.dll
Base: 7FFD2E2D0000
Size: 33000
Module name: bcrypt.dll
Base: 7FFD2F9A0000
Size: 27000
Module name: VERSION.dll
Base: 7FFD28A10000
Size: A000
Module name: IPHLPAPI.DLL
Base: 7FFD2E570000
Size: 3B000
Module name: bcryptPrimitives.dll
Base: 7FFD2FA20000
Size: 82000
Module name: clbcatq.dll
Base: 7FFD30F70000
Size: A9000
Module name: wbemcomn.dll
Base: 7FFD23880000
Size: 90000
Module name: fastprox.dll
Base: 7FFD22700000
Size: 10B000
Module name: USERENV.dll
Base: 7FFD2F020000
Size: 2E000
Module name: OnDemandConnRouteHelper.dll
Base: 7FFD14500000
Size: 17000
Module name: mswsock.dll
Base: 7FFD2E8D0000
Size: 6A000
Module name: NSI.dll
Base: 7FFD31450000
Size: 8000
Module name: DNSAPI.dll
Base: 7FFD2E5B0000
Size: CA000
Module name: fwpuclnt.dll
Base: 7FFD260D0000
Size: 80000
Module name: mskeyprotect.dll
Base: 7FFD172B0000
Size: 15000
Module name: ncrypt.dll
Base: 7FFD2EBE0000
Size: 27000
Module name: DPAPI.DLL
Base: 7FFD2EF20000
Size: A000
Module name: rsaenh.dll
Base: 7FFD2E190000
Size: 34000
Module name: imagehlp.dll
Base: 7FFD31660000
Size: 1D000
Module name: cryptnet.dll
Base: 7FFD27800000
Size: 31000
Module name: CFGMGR32.dll
Base: 7FFD2F9D0000
Size: 4E000
Module name: sysdll_Win64_retail.dll
Base: 7FFD21270000
Size: 9000
Module name: amd_ags_x64.dll
Base: 7FFD20540000
Size: F000
Module name: ffx_fsr2_api_x64.dll
Base: 7FFCFE6C0000
Size: 15000
Module name: AVRT.dll
Base: 7FFD28A00000
Size: A000
Module name: dbgcore.DLL
Base: 7FFD0CEE0000
Size: 34000
Module name: inputhost.dll
Base: 7FFD0DA70000
Size: 152000
Module name: PROPSYS.dll
Base: 7FFD2AC00000
Size: F6000
Module name: CoreUIComponents.dll
Base: 7FFD2C470000
Size: 35B000
Module name: WTSAPI32.dll
Base: 7FFD29250000
Size: 14000
Module name: XeFX_Loader.dll
Base: 7FFD1D720000
Size: 10000
Module name: MFPlat.DLL
Base: 7FFD28F00000
Size: 1BB000
Module name: dhcpcsvc6.DLL
Base: 7FFD28440000
Size: 17000
Module name: Engine.BuildInfo.dll
Base: 7FFD07320000
Size: 7000
Module name: textinputframework.dll
Base: 7FFD0C4B0000
Size: FA000
Module name: IGO64.dll
Base: 7FFCA3E40000
Size: 160000
Module name: resourcepolicyclient.dll
Base: 7FFD2CC00000
Size: 14000
Module name: drvstore.dll
Base: 7FFD27490000
Size: 148000
Module name: D3D12Core.dll
Base: 7FFC43F80000
Size: 2E8000
Module name: nvldumdx.dll
Base: 7FFD16710000
Size: BC000
Module name: nvwgf2umx.dll
Base: 7FFD0F0E0000
Size: 5408000
Module name: UMPDC.dll
Base: 7FFD2E550000
Size: 12000
Module name: nvspcap64.dll
Base: 7FFCD3A70000
Size: 2D1000
Module name: dxilconv.dll
Base: 7FFC61940000
Size: 139000
Module name: twinapi.appcore.dll
Base: 7FFD27100000
Size: 207000
Module name: D3DCOMPILER_47.dll
Base: 7FFD2B070000
Size: 45D000
Module name: dxil.dll
Base: 7FFC54830000
Size: 12E000
Module name: AUDIOSES.DLL
Base: 7FFD290C0000
Size: 182000
Module name: HID.DLL
Base: 7FFD2D9B0000
Size: D000
Module name: dwmapi.dll
Base: 7FFD2CF00000
Size: 2F000
Module name: WindowManagementAPI.dll
Base: 7FFD17EF0000
Size: A1000
Module name: nil
Base: 00000000
Size: 0
Module name: ntdll.dll
Base: 7FFD31A50000
Size: 1F8000
Module name: KERNELBASE.dll
Base: 7FFD2F580000
Size: 2F6000
Module name: GDI32.dll
Base: 7FFD30BB0000
Size: 2C000
Module name: gdi32full.dll
Base: 7FFD2F880000
Size: 11A000
Module name: ucrtbase.dll
Base: 7FFD2F480000
Size: 100000
Module name: CRYPT32.dll
Base: 7FFD2F2F0000
Size: 15D000
Module name: msvcrt.dll
Base: 7FFD30BE0000
Size: 9E000
Module name: RPCRT4.dll
Base: 7FFD31470000
Size: 126000
Module name: combase.dll
Base: 7FFD2FFD0000
Size: 354000
Module name: ADVAPI32.dll
Base: 7FFD2FF20000
Size: AF000
Module name: SHELL32.dll
Base: 7FFD30330000
Size: 744000
Module name: gdiplus.dll
Base: 7FFD17750000
Size: 1A5000
Module name: WINHTTP.dll
Base: 7FFD26ED0000
Size: 10A000
Module name: IMM32.DLL
Base: 7FFD31980000
Size: 30000
Modules from 00006D9C-FC24.exe have been added to the symbol list
|
as you can see there is multiple iteration, multiple nil, do you have any idea why it is not parsing all the modules ?
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 471
Joined: 09 May 2003
Posts: 25814
Location: The netherlands
|
| Posted: Fri Nov 24, 2023 2:51 am Post subject: |
|
|
perhaps the list has been tampered with
try doing a scan for the MZ/PE header instead (align with last digits ending at 0000 )
and then parse the PE header for the image size
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
