Cheat Form

Section's for general approaches on hacking various options in games. No online-related discussions/posts OR warez!
Post Reply
TimFun13
Expert Cheater
Expert Cheater
Posts: 1354
Joined: Fri Mar 03, 2017 12:31 am
Reputation: 6

Cheat Form

Post by TimFun13 »

[Link]

Creating a Form - GUI

Before starting any GUI layout I find it best to just draw a basic layout on some graph paper or in a drawing program. Since we're going to use the CE Form creation GUI, we don't need to be exact so just a basic drawing will work. One thing to keep in mind is resizing, so good use of panels and anchoring is the best way when using a GUI layout tool like CE's.



[Link]



But before starting a trainer we need to talk about what game we'll be make it for, for simplicity let's make one for the CE tutorial.





The form

To start a new form, select Table then Create form.

[Link]



You should see a new form and some tool windows that will open.

[Link]



So let's start with some of the form properties.

Caption: The control's text. Value: My Cheats DefaultMonitor: Not really sure what this does, but setting it to "dmMainForm" sounds good; and this doesn't seem to be required. Value: dmMainForm Height: The control's height (vertical size). Value: 400 Name: The control's name. Value: CheatForm Position: The form's start position type. Value: poMainFormCenter Width: The control's width (horizontal size). Value: 600 [Link]





Main panels

So let's add some panels to start with. After adding two panels let's edit the first one. To add a control just use the Form Designer and hover over the buttons to find out what controls they'll add.



BevelOuter: Outer border bevel type, controls how the outer border looks. Value: bvLowered Caption: Value: Name: Value: ImagePanel Width: Value: 200 Now let's edit the second one.

Caption: Value: Name: Value: MainPanel So now let's setup the anchors for the ImagePanel. This one I want to stay the same width when the form is resized so I will only anchor it to the form on the top, left, and bottom.



To open the anchors form, select the control and click the Anchors property and then click the ... button.

[Link]



Let's setup the anchor form for the ImagePanel like this.

[Link]



Now let's setup the anchor form for the MainPanel like this.

[Link]





You should have a form that looks like this (the red text is added in MS paint).

[Link]





Main image and about button

So now let's add an Image and an about button, I will go ahead and add a button. But the image has an OnClick event that I will use to make it act like a button so the about button can be left out just anchor the bottom of the image to the ImagePanel.



So let's add the button and the image to the image panel.



For the button let's set it up like this.

Caption: Value: About Name: Value: AboutButton

And for the button let's setup the anchors like this.

[Link]





On the image we only need to set the name to start with.

Name: Value: MainIamge Let's set the anchors for the MainImage like this.

[Link]



Let's set the Picture property, select it and click the ... button like before, and click the Load button to open an open file dialog. Then just select an image form your file system, note that you may want to size the image to best fit the MainImage. This will add the image data to the form data.





Adding Events

Now let's setup some OnClick events for the image and button. So on the Object Inspector form select the Events tab, then select the OnClick event and click the ... button. This will create a function and bind the event to it.

[Link]



It should open the Lua script form with a new function like this, depending on the controls name (and event).

Code: Select all

function AboutButtonClick(sender)

end


Now for the MainImage use the OnClick event's drop-down to select the function you created for the AboutButton. We'll add some code to this latter, after creating an about form.





Cheat Panels

Now inside the MainPanel let's add some cheat panels.



For the first one let's anchor it to the MaiPanel at the sides and top. Then set it up like this.

BevelOuter: Value: bvNone Caption: Value: Name: Value: Cheat1Panel [Link]





Then let's add a toggle box and anchor it to all sides of the cheat panel. And set it up like this.

Caption: Value: Step 2 Hook Name: Value: Cheat1ToggleBox [Link]





Now let's auto create a function for the OnChange event for the Cheat1ToggleBox. Remember to do this you select the events tab then click the ...button for the OnChange event. It should create a function like this.

Code: Select all

function Cheat1ToggleBoxChange(sender)

end




Remaining cheat panels

Now let's select the Cheat1Panel on the form, you may need to first select it in the Object Inspector form then click the control on the form. Then just press Ctrl+C to copy the control then click the MainPanel and press Ctrl+V to paste a copy. Then edit the properties for the panel and the toggle so the names are Cheat2Panel and Cheat2ToggleBox; and the caption for the toggle box to "Step 3 Hook".



Then select the Cheat2Panel in the Object Inspector and drag it to the MainPanel so it becomes nested under it as a child control.



Then edit the anchors for the Cheat2Panel, edit the top anchor like this.



[Link]



Then set the OnChange event for the toggle box.



Now just do this tell you get to Cheat7... and Step 8 Hook, and just set the top anchor sibling to the previous cheat panel. So 2 to 1, 3 to 2, 4 to 3, and so on.





Editable value

Now let's setup a cheat panel like the others, but then disable the left anchor for the toggle box then click and drag the left side to make room for an edit box. Then add an edit box on the left of the Cheat8Panel, and let's set the edit box name and text properties.

Name: Value: Cheat8Edit Text: Value: 5000 Width: Value: 75 Then anchor the edit box like the toggle box; to the top, right, and bottom. With to the cheat panel as the sibling.



Then set the left anchor for the toggle box like this.

[Link]



And then create an OnChange event for the toggle box.





An "All Hooks" toggle box

Now let's setup a cheat panel like the others, then set the names as CheatAll... And set the text for the toggle box to "All Hooks", and create an OnChange event for it.



More with the Form

Form Constraints

Now we can size the form the figure out what kind of minimum and maximum sizes to set for the form. Let's set the Constraints MinHeight and MinWidth.

[Link]



Form events

Now let's add some events for the form; OnClose, and FormShow.

Code: Select all

function FormShow(sender)

end

function FormClose(sender)
 return caHide --Possible options: caHide, caFree, caMinimize, caNone
end


Saving the form

Then on the form designer tool window select File->Save in the menu and save the form as "CheatForm.FRM".

Now close the tool windows and the form, and save the cheat table. Then select Table->CheatForm->Restore and show, and it should show the form.

[Link]





Adding code for the cheat form

Now for the fun part. Let's add some code to the events. You should have a script like this so far.

Code: Select all

--
---- Form
function FormShow(sender)

end

function FormClose(sender)
 return caHide --Possible options: caHide, caFree, caMinimize, caNone
end

---- About button
function AboutButtonClick(sender)

end

---- All
function CheatAllToggleBoxChange(sender)

end

---- Step 2
function Cheat1ToggleBoxChange(sender)

end

---- Step 3
function Cheat2ToggleBoxChange(sender)

end

---- Step 4
function Cheat3ToggleBoxChange(sender)

end

---- Step 5
function Cheat4ToggleBoxChange(sender)

end

---- Step 6
function Cheat5ToggleBoxChange(sender)

end

---- Step 7
function Cheat6ToggleBoxChange(sender)

end

---- Step 8
function Cheat7ToggleBoxChange(sender)

end

---- Step 9
function Cheat8ToggleBoxChange(sender)

end
Let's start by adding some variables and a function to help with enabling the cheats.

Code: Select all

PROCESS_NAME = 'Tutorial-i386.exe'
local AboutText = [[Author: TIMMY
This is a tutorial cheat form made for the Cheat Engine tutorial ("Tutorial-i386.exe").
]]

local disableInfo = {}
local autoAttachTimer = nil
local autoAttachTimerInterval = 100
local autoAttachTimerTicks = 0
local autoAttachTimerTickMax = 5000

local function enableCheat(sender, script)
 local assembled = false
 if sender.Checked then
 assembled, disableInfo[sender.Name] = autoAssemble(script)
 if not assembled then
 -- disableInfo[sender.Name] = nil
 sender.Checked = false
 end
 elseif disableInfo[sender.Name] ~= nil then
 assembled, disableInfo[sender.Name] = autoAssemble(script, disableInfo[sender.Name])
 if assembled then
 disableInfo[sender.Name] = nil
 end
 end
 return assembled
end
Now let's setup those form events.

Code: Select all

--
---- Form
function FormShow(sender)
 local function autoAttachTimer_tick(timer)
 if autoAttachTimerTickMax > 0 and autoAttachTimerTicks >= autoAttachTimerTickMax then
 timer.destroy()
 end
 if getProcessIDFromProcessName(PROCESS_NAME) ~= nil then
 timer.destroy()
 openProcess(PROCESS_NAME)
 end
 autoAttachTimerTicks = autoAttachTimerTicks + 1
 end
 autoAttachTimer = createTimer(MainForm)
 autoAttachTimer.Interval = autoAttachTimerInterval
 autoAttachTimer.OnTimer = autoAttachTimer_tick
end

function FormClose(sender)
 ----
 ---- comment this out when editing the form
 closeCE()
 return caFree --Possible options: caHide, caFree, caMinimize, caNone
 ----
 ---- uncomment this when editing the form
 -- return caHide --Possible options: caHide, caFree, caMinimize, caNone
end
So for the about button let's just start with a simple string that will be printed.

Code: Select all

---- About button
function AboutButtonClick(sender)
 print(AboutText)
end
Now for the cheats. So we'll just pass sender and a script to enableCheat.

Code: Select all

---- All
function CheatAllToggleBoxChange(sender)
 if CheatForm ~= nil then
 CheatForm.Cheat1ToggleBox.Checked = sender.Checked
 CheatForm.Cheat2ToggleBox.Checked = sender.Checked
 CheatForm.Cheat3ToggleBox.Checked = sender.Checked
 CheatForm.Cheat4ToggleBox.Checked = sender.Checked
 CheatForm.Cheat5ToggleBox.Checked = sender.Checked
 CheatForm.Cheat6ToggleBox.Checked = sender.Checked
 CheatForm.Cheat7ToggleBox.Checked = sender.Checked
 CheatForm.Cheat8ToggleBox.Checked = sender.Checked
 CheatForm.Cheat1ToggleBox.Enabled = not sender.Checked
 CheatForm.Cheat2ToggleBox.Enabled = not sender.Checked
 CheatForm.Cheat3ToggleBox.Enabled = not sender.Checked
 CheatForm.Cheat4ToggleBox.Enabled = not sender.Checked
 CheatForm.Cheat5ToggleBox.Enabled = not sender.Checked
 CheatForm.Cheat6ToggleBox.Enabled = not sender.Checked
 CheatForm.Cheat7ToggleBox.Enabled = not sender.Checked
 CheatForm.Cheat8ToggleBox.Enabled = not sender.Checked
 CheatForm.Cheat8Edit.Enabled = not sender.Checked
 end
end

---- Step 2
function Cheat1ToggleBoxChange(sender)
 enableCheat(sender, [[{$STRICT}
define(address, Tutorial-i386.exe+23B00)
define(step2Bytes, 89 83 80 04 00 00)
[ENABLE]
aobScanModule(aobStep2Hook, Tutorial-i386.exe, 8Dxxxx8Bxxxxxxxxxx29xx89xxxxxxxxxx8DxxxxE8xxxxxxxx8Bxxxx8BxxxxxxxxxxE8xxxxxxxx83xxxxxxxxxxxx)
define(injStep2Hook, aobStep2Hook+B)
assert(injStep2Hook, step2Bytes)
registerSymbol(injStep2Hook)

alloc(memStep2Hook, 0x400, injStep2Hook)

label(ptrStep2Hook)
registerSymbol(ptrStep2Hook)

label(step2n_code)
label(step2o_code)
label(step2exit)
label(step2return)

memStep2Hook:
 ptrStep2Hook:
 dd 0
 align 10 CC
 step2n_code:
 mov [ptrStep2Hook],ebx
 mov eax,(int)1000
 step2o_code:
 mov [ebx+00000480],eax
 step2exit:
 jmp step2return

injStep2Hook:
 jmp step2n_code
 nop
 step2return:

[DISABLE]
injStep2Hook:
 db step2Bytes

unregisterSymbol(injStep2Hook)
unregisterSymbol(ptrStep2Hook)
dealloc(memStep2Hook)
]])
end

---- Step 3
function Cheat2ToggleBoxChange(sender)
 enableCheat(sender, [[{$STRICT}
define(address, Tutorial-i386.exe+23FE1)
define(step3OldBytes, 83 C0 01 89 C3 29)
 // add eax,01
 // mov ebx,eax
 // sub // sub [esi+00000484],ebx
define(step3NewBytes, BB 88 13 00 00 89)
 // mov ebx,00001388 // mov ebx,(int)5000
 // mov // mov [esi+00000484],ebx

[ENABLE]
aobScanModule(aobStep3Hook, Tutorial-i386.exe, 83xxxx89xx29xxxxxxxxxx8Bxxxxxxxxxx8Dxxxxxxxxxx8BxxxxxxxxxxE8xxxxxxxx83xxxxxxxxxxxx)
define(injStep3Hook, aobStep3Hook)
assert(injStep3Hook, step3OldBytes)
registerSymbol(injStep3Hook)

injStep3Hook:
 db step3NewBytes

[DISABLE]
injStep3Hook:
 db step3OldBytes

unregisterSymbol(injStep3Hook)
]])
end

---- Step 4
function Cheat3ToggleBoxChange(sender)
 enableCheat(sender, [[{$STRICT}
define(address, Tutorial-i386.exe+2481F)
define(step4Bytes, D9 9E 94 04 00 00)

[ENABLE]
aobScanModule(aobStep4Hook, Tutorial-i386.exe, DBxxxxDBxxxxxxxxD9xxxxD9xxxxD8xxxxxxxxxxD9xxxxxxxxxxFFxxxxxxxxxx8DxxxxxxB9xxxxxxxxBAxxxxxxxxB8xxxxxxxx)
define(injStep4Hook, aobStep4Hook+14)
assert(injStep4Hook, step4Bytes)
registerSymbol(injStep4Hook)

alloc(memStep4Hook, 0x400, injStep4Hook)

label(ptrStep4Hook)
registerSymbol(ptrStep4Hook)

label(step4n_code)
label(step4o_code)
label(step4exit)
label(step4return)

memStep4Hook:
 dq (double)5000
 align 10 CC
 ptrStep4Hook:
 dd 0
 align 10 CC
 step4n_code:
 mov [ptrStep4Hook],esi
 fstp st(0)
 mov [esi+494],(float)5000
 fld qword ptr [memStep4Hook]
 fstp qword ptr [esi+498]
 step4o_code:
 // fstp dword ptr [esi+00000494]
 step4exit:
 jmp step4return

injStep4Hook:
 jmp step4n_code
 nop
 step4return:

[DISABLE]
injStep4Hook:
 db step4Bytes

unregisterSymbol(injStep4Hook)
unregisterSymbol(ptrStep4Hook)
dealloc(memStep4Hook)
]])
end

---- Step 5
function Cheat4ToggleBoxChange(sender)
 enableCheat(sender, [[{$STRICT}
define(address, Tutorial-i386.exe+24AE8)
define(step5Bytes, 89 10)

[ENABLE]
aobScanModule(aobStep5Hook, Tutorial-i386.exe, 8Bxxxx8Bxxxxxxxxxx8Bxxxx89xx8Bxxxx8Bxxxxxxxxxx8Bxx3Bxxxx)
define(injStep5Hook, aobStep5Hook+C)
assert(injStep5Hook, step5Bytes)
registerSymbol(injStep5Hook)

injStep5Hook:
 db 90 90

[DISABLE]
injStep5Hook:
 db step5Bytes

unregisterSymbol(injStep5Hook)
]])
end

---- Step 6
function Cheat5ToggleBoxChange(sender)
 enableCheat(sender, [[{$STRICT}
define(address, Tutorial-i386.exe+24F01)
define(step6Bytes, 89 02)

[ENABLE]
aobScanModule(aobStep6Hook, Tutorial-i386.exe, 8Bxxxx3Bxxxx74xxEBxx8Bxxxxxxxxxx8Bxxxx89xxA1xxxxxxxx8Bxx3Bxxxx)
define(injStep6Hook, aobStep6Hook+13)
assert(injStep6Hook, step6Bytes)
registerSymbol(injStep6Hook)

injStep6Hook:
 db 90 90

[DISABLE]
injStep6Hook:
 db step6Bytes

unregisterSymbol(injStep6Hook)
]])
end

---- Step 7
function Cheat6ToggleBoxChange(sender)
 enableCheat(sender, [[{$STRICT}
define(address, Tutorial-i386.exe+2553D)
define(step7OldBytes, 83 AB 78 04 00 00 01)
 // sub dword ptr [ebx+00000478],01
define(step7NewBytes, 83 83 78 04 00 00 02)
 // add dword ptr [ebx+00000478],02

[ENABLE]
aobScanModule(aobStep7Hook, Tutorial-i386.exe, 8Bxxxxxxxxxx83xxxxxxxxxxxx8Bxxxxxxxxxx8DxxxxE8xxxxxxxx8Bxxxx8BxxxxxxxxxxE8xxxxxxxx8Bxxxxxxxxxx)
define(injStep7Hook, aobStep7Hook+6)
assert(injStep7Hook, step7OldBytes)
registerSymbol(injStep7Hook)

injStep7Hook:
 db step7NewBytes

[DISABLE]
injStep7Hook:
 db step7OldBytes

unregisterSymbol(injStep7Hook)
]])
end

---- Step 8
function Cheat7ToggleBoxChange(sender)
 enableCheat(sender, [[{$STRICT}
define(address2, Tutorial-i386.exe+26108)
define(step8WrtBytes, 89 42 18 8B 45 DC)

[ENABLE]
aobScanModule(aobStep8WrtHook, Tutorial-i386.exe, 8Bxxxx89xxxx8Bxxxx8Bxxxx8DxxxxE8xxxxxxxx8Bxxxx8Bxxxx8Bxxxxxxxxxx)
define(injStep8WrtHook, aobStep8WrtHook+3)
assert(injStep8WrtHook, step8WrtBytes)
registerSymbol(injStep8WrtHook)

alloc(memStep8WrtHook, 0x400, injStep8WrtHook)

label(ptrStep8WrtHook)
registerSymbol(ptrStep8WrtHook)

label(step8wrtn_code)
label(step8wrto_code)
label(step8wrtexit)
label(step8wrtreturn)

memStep8WrtHook:
 ptrStep8WrtHook:
 dd 0
 align 10 CC
 step8wrtn_code:
 mov [ptrStep8WrtHook],edx
 mov eax,(int)5000
 step8wrto_code:
 mov [edx+18],eax
 mov eax,[ebp-24]
 step8wrtexit:
 jmp step8wrtreturn

injStep8WrtHook:
 jmp step8wrtn_code
 nop
 step8wrtreturn:

[DISABLE]
injStep8WrtHook:
 db step8WrtBytes

unregisterSymbol(injStep8WrtHook)
unregisterSymbol(ptrStep8WrtHook)
dealloc(memStep8WrtHook)
]])
end

---- All
function Cheat8ToggleBoxChange(sender)
 local script = [[{$STRICT}
define(address, Tutorial-i386.exe+26534)
define(step9Bytes, 8B 45 FC 89 43 04)

[ENABLE]
aobScanModule(aobStep9Hook, Tutorial-i386.exe, 8Bxxxx89xxxx8Bxxxx89xxxxxxxxD9xxxxxxxxxxxxxx7Axx75xx8Bxxxx)
define(injStep9Hook, aobStep9Hook+6)
assert(injStep9Hook, step9Bytes)
registerSymbol(injStep9Hook)

alloc(memStep9Hook, 0x400, injStep9Hook)

label(ptrStep9Hook)
registerSymbol(ptrStep9Hook)

label(step9n_code)
label(step9o_code)
label(step9exit)
label(step9return)

memStep9Hook:
 ptrStep9Hook:
 dd 0
 dd 0
 align 10 CC
 step9n_code:
 pushfd
 cmp [ebx+10],1
 jne @f
 mov eax,(float)${Value}
 jmp step9o_code
 @@:
 mov eax,0
 step9o_code:
 // mov eax,[ebp-04]
 mov [ebx+04],eax
 step9exit:
 popfd
 jmp step9return

injStep9Hook:
 jmp step9n_code
 nop
 step9return:

[DISABLE]
injStep9Hook:
 db step9Bytes

unregisterSymbol(injStep9Hook)
unregisterSymbol(ptrStep9Hook)
dealloc(memStep9Hook)
]]
 enableCheat(sender, script:gsub('${Value}', CheatForm.Cheat8Edit.Text))
 CheatForm.Cheat8Edit.Enabled = not sender.Checked
end


Showing the form

Then we just need to hide the CE main form and show the cheat form, but we'll want to use a timer to hide the forms.

Code: Select all

CheatForm.Show()
timer = createTimer(MainForm)
timer.Interval = 50
timer.OnTimer = function(timer)
 timer.destroy()
 hideAllCEWindows()
end


The full script

Code: Select all

PROCESS_NAME = 'Tutorial-i386.exe'
local AboutText = [[Author: TIMMY
This is a tutorial cheat form made for the Cheat Engine tutorial ("Tutorial-i386.exe").
]]

local disableInfo = {}

local autoAttachTimer = nil
local autoAttachTimerInterval = 100
local autoAttachTimerTicks = 0
local autoAttachTimerTickMax = 5000


local function enableCheat(sender, script)
 local assembled = false
 if sender.Checked then
 assembled, disableInfo[sender.Name] = autoAssemble(script)
 if not assembled then
 -- disableInfo[sender.Name] = nil
 sender.Checked = false
 end
 elseif disableInfo[sender.Name] ~= nil then
 assembled, disableInfo[sender.Name] = autoAssemble(script, disableInfo[sender.Name])
 if assembled then
 disableInfo[sender.Name] = nil
 end
 end
 return assembled
end


--
---- Form
function FormShow(sender)
 local function autoAttachTimer_tick(timer)
 if autoAttachTimerTickMax > 0 and autoAttachTimerTicks >= autoAttachTimerTickMax then
 timer.destroy()
 end
 if getProcessIDFromProcessName(PROCESS_NAME) ~= nil then
 timer.destroy()
 openProcess(PROCESS_NAME)
 end
 autoAttachTimerTicks = autoAttachTimerTicks + 1
 end
 autoAttachTimer = createTimer(MainForm)
 autoAttachTimer.Interval = autoAttachTimerInterval
 autoAttachTimer.OnTimer = autoAttachTimer_tick
end

function FormClose(sender)
 ----
 ---- comment this out when editing the form
 closeCE()
 return caFree --Possible options: caHide, caFree, caMinimize, caNone
 ----
 ---- uncomment this when editing the form
 -- return caHide --Possible options: caHide, caFree, caMinimize, caNone
end


---- About button
function AboutButtonClick(sender)
 print(AboutText)
end

---- All
function CheatAllToggleBoxChange(sender)
 if CheatForm ~= nil then
 CheatForm.Cheat1ToggleBox.Checked = sender.Checked
 CheatForm.Cheat2ToggleBox.Checked = sender.Checked
 CheatForm.Cheat3ToggleBox.Checked = sender.Checked
 CheatForm.Cheat4ToggleBox.Checked = sender.Checked
 CheatForm.Cheat5ToggleBox.Checked = sender.Checked
 CheatForm.Cheat6ToggleBox.Checked = sender.Checked
 CheatForm.Cheat7ToggleBox.Checked = sender.Checked
 CheatForm.Cheat8ToggleBox.Checked = sender.Checked
 CheatForm.Cheat1ToggleBox.Enabled = not sender.Checked
 CheatForm.Cheat2ToggleBox.Enabled = not sender.Checked
 CheatForm.Cheat3ToggleBox.Enabled = not sender.Checked
 CheatForm.Cheat4ToggleBox.Enabled = not sender.Checked
 CheatForm.Cheat5ToggleBox.Enabled = not sender.Checked
 CheatForm.Cheat6ToggleBox.Enabled = not sender.Checked
 CheatForm.Cheat7ToggleBox.Enabled = not sender.Checked
 CheatForm.Cheat8ToggleBox.Enabled = not sender.Checked
 CheatForm.Cheat8Edit.Enabled = not sender.Checked
 end
end

---- Step 2
function Cheat1ToggleBoxChange(sender)
 enableCheat(sender, [[{$STRICT}
define(address, Tutorial-i386.exe+23B00)
define(step2Bytes, 89 83 80 04 00 00)

[ENABLE]
aobScanModule(aobStep2Hook, Tutorial-i386.exe, 8Dxxxx8Bxxxxxxxxxx29xx89xxxxxxxxxx8DxxxxE8xxxxxxxx8Bxxxx8BxxxxxxxxxxE8xxxxxxxx83xxxxxxxxxxxx)
define(injStep2Hook, aobStep2Hook+B)
assert(injStep2Hook, step2Bytes)
registerSymbol(injStep2Hook)

alloc(memStep2Hook, 0x400, injStep2Hook)

label(ptrStep2Hook)
registerSymbol(ptrStep2Hook)

label(step2n_code)
label(step2o_code)
label(step2exit)
label(step2return)

memStep2Hook:
 ptrStep2Hook:
 dd 0
 align 10 CC
 step2n_code:
 mov [ptrStep2Hook],ebx
 mov eax,(int)1000
 step2o_code:
 mov [ebx+00000480],eax
 step2exit:
 jmp step2return

injStep2Hook:
 jmp step2n_code
 nop
 step2return:

[DISABLE]
injStep2Hook:
 db step2Bytes

unregisterSymbol(injStep2Hook)
unregisterSymbol(ptrStep2Hook)
dealloc(memStep2Hook)
]])
end

---- Step 3
function Cheat2ToggleBoxChange(sender)
 enableCheat(sender, [[{$STRICT}
define(address, Tutorial-i386.exe+23FE1)
define(step3OldBytes, 83 C0 01 89 C3 29)
 // add eax,01
 // mov ebx,eax
 // sub // sub [esi+00000484],ebx
define(step3NewBytes, BB 88 13 00 00 89)
 // mov ebx,00001388 // mov ebx,(int)5000
 // mov // mov [esi+00000484],ebx

[ENABLE]
aobScanModule(aobStep3Hook, Tutorial-i386.exe, 83xxxx89xx29xxxxxxxxxx8Bxxxxxxxxxx8Dxxxxxxxxxx8BxxxxxxxxxxE8xxxxxxxx83xxxxxxxxxxxx)
define(injStep3Hook, aobStep3Hook)
assert(injStep3Hook, step3OldBytes)
registerSymbol(injStep3Hook)

injStep3Hook:
 db step3NewBytes

[DISABLE]
injStep3Hook:
 db step3OldBytes

unregisterSymbol(injStep3Hook)
]])
end

---- Step 4
function Cheat3ToggleBoxChange(sender)
 enableCheat(sender, [[{$STRICT}
define(address, Tutorial-i386.exe+2481F)
define(step4Bytes, D9 9E 94 04 00 00)

[ENABLE]
aobScanModule(aobStep4Hook, Tutorial-i386.exe, DBxxxxDBxxxxxxxxD9xxxxD9xxxxD8xxxxxxxxxxD9xxxxxxxxxxFFxxxxxxxxxx8DxxxxxxB9xxxxxxxxBAxxxxxxxxB8xxxxxxxx)
define(injStep4Hook, aobStep4Hook+14)
assert(injStep4Hook, step4Bytes)
registerSymbol(injStep4Hook)

alloc(memStep4Hook, 0x400, injStep4Hook)

label(ptrStep4Hook)
registerSymbol(ptrStep4Hook)

label(step4n_code)
label(step4o_code)
label(step4exit)
label(step4return)

memStep4Hook:
 dq (double)5000
 align 10 CC
 ptrStep4Hook:
 dd 0
 align 10 CC
 step4n_code:
 mov [ptrStep4Hook],esi
 fstp st(0)
 mov [esi+494],(float)5000
 fld qword ptr [memStep4Hook]
 fstp qword ptr [esi+498]
 step4o_code:
 // fstp dword ptr [esi+00000494]
 step4exit:
 jmp step4return

injStep4Hook:
 jmp step4n_code
 nop
 step4return:

[DISABLE]
injStep4Hook:
 db step4Bytes

unregisterSymbol(injStep4Hook)
unregisterSymbol(ptrStep4Hook)
dealloc(memStep4Hook)
]])
end

---- Step 5
function Cheat4ToggleBoxChange(sender)
 enableCheat(sender, [[{$STRICT}
define(address, Tutorial-i386.exe+24AE8)
define(step5Bytes, 89 10)

[ENABLE]
aobScanModule(aobStep5Hook, Tutorial-i386.exe, 8Bxxxx8Bxxxxxxxxxx8Bxxxx89xx8Bxxxx8Bxxxxxxxxxx8Bxx3Bxxxx)
define(injStep5Hook, aobStep5Hook+C)
assert(injStep5Hook, step5Bytes)
registerSymbol(injStep5Hook)

injStep5Hook:
 db 90 90

[DISABLE]
injStep5Hook:
 db step5Bytes

unregisterSymbol(injStep5Hook)
]])
end

---- Step 6
function Cheat5ToggleBoxChange(sender)
 enableCheat(sender, [[{$STRICT}
define(address, Tutorial-i386.exe+24F01)
define(step6Bytes, 89 02)

[ENABLE]
aobScanModule(aobStep6Hook, Tutorial-i386.exe, 8Bxxxx3Bxxxx74xxEBxx8Bxxxxxxxxxx8Bxxxx89xxA1xxxxxxxx8Bxx3Bxxxx)
define(injStep6Hook, aobStep6Hook+13)
assert(injStep6Hook, step6Bytes)
registerSymbol(injStep6Hook)

injStep6Hook:
 db 90 90

[DISABLE]
injStep6Hook:
 db step6Bytes

unregisterSymbol(injStep6Hook)
]])
end

---- Step 7
function Cheat6ToggleBoxChange(sender)
 enableCheat(sender, [[{$STRICT}
define(address, Tutorial-i386.exe+2553D)
define(step7OldBytes, 83 AB 78 04 00 00 01)
 // sub dword ptr [ebx+00000478],01
define(step7NewBytes, 83 83 78 04 00 00 02)
 // add dword ptr [ebx+00000478],02

[ENABLE]
aobScanModule(aobStep7Hook, Tutorial-i386.exe, 8Bxxxxxxxxxx83xxxxxxxxxxxx8Bxxxxxxxxxx8DxxxxE8xxxxxxxx8Bxxxx8BxxxxxxxxxxE8xxxxxxxx8Bxxxxxxxxxx)
define(injStep7Hook, aobStep7Hook+6)
assert(injStep7Hook, step7OldBytes)
registerSymbol(injStep7Hook)

injStep7Hook:
 db step7NewBytes

[DISABLE]
injStep7Hook:
 db step7OldBytes

unregisterSymbol(injStep7Hook)
]])
end

---- Step 8
function Cheat7ToggleBoxChange(sender)
 enableCheat(sender, [[{$STRICT}
define(address2, Tutorial-i386.exe+26108)
define(step8WrtBytes, 89 42 18 8B 45 DC)

[ENABLE]
aobScanModule(aobStep8WrtHook, Tutorial-i386.exe, 8Bxxxx89xxxx8Bxxxx8Bxxxx8DxxxxE8xxxxxxxx8Bxxxx8Bxxxx8Bxxxxxxxxxx)
define(injStep8WrtHook, aobStep8WrtHook+3)
assert(injStep8WrtHook, step8WrtBytes)
registerSymbol(injStep8WrtHook)

alloc(memStep8WrtHook, 0x400, injStep8WrtHook)

label(ptrStep8WrtHook)
registerSymbol(ptrStep8WrtHook)

label(step8wrtn_code)
label(step8wrto_code)
label(step8wrtexit)
label(step8wrtreturn)

memStep8WrtHook:
 ptrStep8WrtHook:
 dd 0
 align 10 CC
 step8wrtn_code:
 mov [ptrStep8WrtHook],edx
 mov eax,(int)5000
 step8wrto_code:
 mov [edx+18],eax
 mov eax,[ebp-24]
 step8wrtexit:
 jmp step8wrtreturn

injStep8WrtHook:
 jmp step8wrtn_code
 nop
 step8wrtreturn:

[DISABLE]
injStep8WrtHook:
 db step8WrtBytes

unregisterSymbol(injStep8WrtHook)
unregisterSymbol(ptrStep8WrtHook)
dealloc(memStep8WrtHook)
]])
end

---- All
function Cheat8ToggleBoxChange(sender)
 local script = [[{$STRICT}
define(address, Tutorial-i386.exe+26534)
define(step9Bytes, 8B 45 FC 89 43 04)

[ENABLE]
aobScanModule(aobStep9Hook, Tutorial-i386.exe, 8Bxxxx89xxxx8Bxxxx89xxxxxxxxD9xxxxxxxxxxxxxx7Axx75xx8Bxxxx)
define(injStep9Hook, aobStep9Hook+6)
assert(injStep9Hook, step9Bytes)
registerSymbol(injStep9Hook)

alloc(memStep9Hook, 0x400, injStep9Hook)

label(ptrStep9Hook)
registerSymbol(ptrStep9Hook)

label(step9n_code)
label(step9o_code)
label(step9exit)
label(step9return)

memStep9Hook:
 ptrStep9Hook:
 dd 0
 dd 0
 align 10 CC
 step9n_code:
 pushfd
 cmp [ebx+10],1
 jne @f
 mov eax,(float)${Value}
 jmp step9o_code
 @@:
 mov eax,0
 step9o_code:
 // mov eax,[ebp-04]
 mov [ebx+04],eax
 step9exit:
 popfd
 jmp step9return

injStep9Hook:
 jmp step9n_code
 nop
 step9return:

[DISABLE]
injStep9Hook:
 db step9Bytes

unregisterSymbol(injStep9Hook)
unregisterSymbol(ptrStep9Hook)
dealloc(memStep9Hook)
]]
 enableCheat(sender, script:gsub('${Value}', CheatForm.Cheat8Edit.Text))
 CheatForm.Cheat8Edit.Enabled = not sender.Checked
end

CheatForm.Show()
timer = createTimer(MainForm)
timer.Interval = 50
timer.OnTimer = function(timer)
 timer.destroy()
 hideAllCEWindows()
end
And that's a basic cheat form for the Cheat Engine tutorial (x32).







See Also
  • [Link]
  • [Link]
  • [Link]
  • [Link]
  • [Link]
  • [Link]
  • [Link]
  • [Link]
  • [Link]
  • [Link]
  • [Link]

Post Reply

Who is online

Users browsing this forum: No registered users