How to make conditional codes?

Want Cheat Engine to do something specific and no idea how to do that, ask here. (From simple scripts to full trainers and extensions)
Post Reply
Marconeto
Noobzor
Noobzor
Posts: 10
Joined: Tue May 19, 2020 4:38 am
Reputation: 0

How to make conditional codes?

Post by Marconeto »

Came across a very useful conditional code once, but I couldn't get it to work. The original post belongs to Meiyoh and the answer to ParkourPenguin:
----------------------------------------------------
-Meiyoh

How to make conditional codes

Say

If value on address 12345678 equal to 2C then execute code / cheat
if Value on address 12345678 less than 2C then execute code / cheat

etc

You know what I mean.
Thanks.

-ParkourPenguin
[ENABLE]
alloc(newmem, 100)
label(lessthan)
label(return)

registersymbol(newmem)

newmem:
mov eax, 12345678
cmp [eax],2C
jl lessthan
jne return
//code to execute if they're equal
//example:
luacall(equalCheat())
jmp return
lessthan:
//code to execute if value at 12345678 is less than 2C
//example:
luacall(lessThanCheat())
return:

[DISABLE]
unregistersymbol(newmem)
dealloc(newmem)
----------------------------------------------------

My problem is with the "luacall" procedure. I've made a code to show as an example of what I want to do: (Eg. game: Battle For Wesnoth)
[ENABLE]
alloc(newmem,1024)
label(returnhere)
label(originalcode)
label(exit)

newmem:
cmp [[[["wesnoth.exe"+01165DB8]+20]+28]+F0],#15 //A pointer. If the value is not equal to 15 it jumps to original code, but what I want is a procedure to make the value increase until it reaches 15 and then stop by jumping to the original code.
jne originalcode
inc [edx+000000F0]
mov eax,[edx+000000F0]

originalcode:
mov eax,[edx+000000F0]

exit:
jmp returnhere

"wesnoth.exe"+946B17:
jmp newmem
nop
returnhere:


[DISABLE]
dealloc(newmem)
"wesnoth.exe"+946B17:
mov eax,[edx+000000F0]
//Alt: db 8B 82 F0 00 00 00
In this code the player moves increases only when the value pointed is equal to 15, which means the code remains inactive (originalcode) till it reaches 15. When the pointed value is equal 15, then it will increase only once to 16 and stop.
I want to know if there's a way to make the moves increase 'till it reaches 15 and then stop, but using full code injection instead of lua. Lets say
cmp [[[["wesnoth.exe"+01165DB8]+20]+28]+F0], < 0xF


Like the ParkourPenguin said: when using lua we have something like this:
bytes = readBytes(adrs,1)
if bytes == 0xF then
--do cheats here
elseif bytes < 0xF then
--do cheats here
end
If the only way is by using "luacall" procedure, then what should I put between the brackets? Every time I write something I get an "error in line". Could anyone create a code injection structure using the one I posted as an example? Thanks.

TimFun13
Expert Cheater
Expert Cheater
Posts: 1354
Joined: Fri Mar 03, 2017 12:31 am
Reputation: 6

Re: How to make conditional codes?

Post by TimFun13 »

Marconeto wrote:
Tue Feb 16, 2021 7:49 pm
...
In the first bit of code, you would need to iterate through the pointer manually. As cmp [[[["wesnoth.exe"+01165DB8]+20]+28]+F0],#15 isn't proper ASM.

So something like:

Code: Select all

//...
mov eax,["wesnoth.exe"+01165DB8]
test eax,eax
jz originalcode

mov eax,[eax+20]
test eax,eax
jz originalcode

mov eax,[eax+28]
test eax,eax
jz originalcode
cmp byte ptr [eax+F0],(int)15 // if it's not a byte value you can just remove the "byte ptr" part.
//...
But keep in mind that the only reason we don't need to push and pop EAX is because EAX is set later in the script.

As for the Lua you can just replace or set "adrs" to the string in the ASM script.
So something like this:

Code: Select all

adrs = '[[[["wesnoth.exe"+01165DB8]+20]+28]+F0]'
bytes = readBytes(adrs,1)
-- If it's not a byte value replace "readBytes" with "readInteger" and remove the second peramater.
-- i.e.: readInteger(adrs)
if bytes == 15 then
--do cheats here
elseif bytes < 15 then
--do cheats here
end

User avatar
SunBeam
RCE Fanatics
RCE Fanatics
Posts: 4665
Joined: Sun Feb 04, 2018 7:16 pm
Reputation: 4186

Re: How to make conditional codes?

Post by SunBeam »

ShyTwig16 wrote:
Mon Feb 22, 2021 3:58 am
But keep in mind that the only reason we don't need to push and pop EAX is because EAX is set later in the script.
You can pick another injection point, it's not mandatory to do it exactly on the instruction that does the read or write. You can hook underneath it, 1-2 lines further, as long as the registers don't change much and you can make use of them (e.g.: if ecx contains an address you use in your script and 1-2 lines below this gets overwritten, then you can't use ecx anymore). In general, I look at what happens to my register AFTER the hook :) That allows me to pick 1-2-3 that I know after the hook will get overwritten by the game anyway. So then I don't need to do push/pop, I just use them directly :P

sbryzl
Expert Cheater
Expert Cheater
Posts: 143
Joined: Sat Mar 04, 2017 4:47 am
Reputation: 90

Re: How to make conditional codes?

Post by sbryzl »

It may be ok to step through pointer iterations using asm but I try to avoid it since ti could lead to an access violation. Another way is to just let cheat engine assign the pointer value to a variable and if the pointer would be an access violation the script won't even activate.

Code: Select all

[ENABLE]
alloc(newmem,1024)
label(returnhere)
label(originalcode)
label(exit)

label(value15)
registersymbol(value15)

newmem:
cmp value15,#15 //A pointer. If the value is not equal to 15 it jumps to original code, but what I want is a procedure to make the value increase until it reaches 15 and then stop by jumping to the original code.
jne originalcode
inc [edx+000000F0]
mov eax,[edx+000000F0]

originalcode:
mov eax,[edx+000000F0]

exit:
jmp returnhere

[[[["wesnoth.exe"+01165DB8]+20]+28]+F0]:
value15:



"wesnoth.exe"+946B17:
jmp newmem
nop
returnhere:


[DISABLE]

unregistersymbol(value15)

dealloc(newmem)
"wesnoth.exe"+946B17:
mov eax,[edx+000000F0]
//Alt: db 8B 82 F0 00 00 00

Post Reply

Who is online

Users browsing this forum: No registered users