How to apply a lua script to another game exe?

[Byronic]

Be carefull, Noob Question!

Hello, I need help on how to make a lua script for Fifa 16 working on another game exe version, other than it was applied?
I hope the Question is understandable. Here is the longer Version: I have an Cheat Table with an working lua script for Fifa 16
Game exe 1.0.5 from 07/2016. I wanna have that script working on the first Fifa 16 exe 1.0.0.
It´s not a cracked Version or anything wrong with my Fifa 16 version. The reason is the 1.0.0 exe Version have a much better Gameplay than the newest exe.
I can´t ask the original Creator of the Fifa 16 Table because he left the soccergaming Forum where he posted his Table in 2019.
I am just a Member of Evoweb Fifa Forum where me and many others are playing with the Fifa 16 Version with the 1.0.0 exe.
If we could have this Cheat Table working on 1.0.0 would be awesome.
So if anybody kindly help me, having a link to an Tutorial or Description of my wish a whole Community would be thankful.

I never ever have an clue how to write an lua script or find adresses via Cheat Engine. But I am trying to find an solution.
I guess if you Guys reading my Post, it´s something like basic what I ask. I swear I googled before I write here in that great Forum, but I didn´t find an accurate answer, even on YT too.
I thought about messaging Aranaktu on Discord or here, but I fear he didn´t answer Questions to Fifa 16.

So thanks in Advance if the Pro´s give me at least a Tip!

Cheers

[ShyTwig16]

With no info all I can say is look at what is specific to the EXE version, and figure out how to make it specific to the version you're using.
You gave zero information on the script it self. No one can tell you how to fix something with no info on what's not working or what said thing is supposed to do in the first place. If I only tell you my house is not working, and ask you how to fix it; can you really tell me anything meaningful?
So here's my tips. Give as much information as possible. The minimum being to state how it supposed to work, vs why/how it's not working. It's a bunch of text not a car, so post the script. Would you ask a mechanic to fix your car without ever getting to see the the car/engine?

[SunBeam]

Please upload the 1.0.5 exe for which the table works, the cheat table itself and the 1.0.0 exe somewhere. So I should see 3 files in that archive. Then PM me or post the link here.

I am expecting the executable files not to be protected, not having Denuvo or other types of DRM technologies. If they do, then this exercise I am proposing cannot be done.

I do not own the game, am not interested in it (so don't offer to share the game), nor do I want to buy it just to solve one user's issue.

The proposal is I can compare the two binaries and fix the scripts in the table so they run on either version. I don't need the game running for that.

The above is the theory. Will see what the table contains, script-wise.

Let me know,
Sun

[Byronic]

First of all thank you very much for looking into my thread request at both of you! And yes you are right, my Post didn´t have enough Information for you. It was my first Post here in that Forum and I don´t know exactly how to report my Issue. My next Posts will be more useful.
I will upload now the Files at my Mega Account and put the link in here and also I PM you, Sun.

[Byronic]

Here is the link with the Lua Script, the CT itself and both Fifa 16 exe´s:

Subject: How to apply a lua script to another game exe?

Please upload the 1.0.5 exe for which the table works, the cheat table itself and the 1.0.0 exe somewhere. So I should see 3 files in that archive. Then PM me or post the link here.

I am expecting the executable files not to be protected, not having Denuvo or other types of DRM technologies. If they do, then this exercise I am proposing cannot be done.

I do not own the game, am not interested in it (so don't offer to share the game), nor do I want to buy it just to solve one user's issue.

The proposal is I can compare the two binaries and fix the scripts in the table so they run on either version. I don't need the game running for that.

The above is the theory. Will see what the table contains, script-wise.

Let me know,
Sun

Here is the link containing the Lua Script, the CT itself, and 2 Fifa 16 exe´s.

Just one thing what could be look strange when you check the Fifa 16 game exen: In Properties I noticed they are both Version 1.0.0. I don´t know why it says so? And also the non compatible Fifa 16 exe have written the Date June 2021 instead September 2015. I guess it´s because I unpack the Game a couple of days before. It´s not a cracked Game or illegal exes, wanna mentioned that extra!

I just wanna give all Information that could be helpful for you. But I am aware you are a pro and it might not needed to mention.

So thanks in Advance.

[Link]

[SunBeam]

...

Alright, I've taken a look and here are my observations:

1) 'fifa16.exe' from 'working Combination!' folder has Denuvo on it. Remember my previous post? I did say something there.

2) The same goes for 'exe which not work with the CT' folder, where the same executable has Denuvo on it.

Old or not, these games come with DRM. Especially since they're from EA.

3) The .lua file you exported separately has almost 2000 lines. Not everything in there has to be fixed, but.. if the way the functions were coded to depend on some offset -- say at some point one function needs to read data from 0x20 offset and in your older version, this offset is 0x18 -- then the rest would also have to be reviewed and fixed. And I wouldn't know what needs to be adjusted and why, as, like I said, I don't own it, don't wanna own it, don't play it, not my style of game.

So, in order for me to look at the two executables, I need dumps of each of them. What that means is this:

a) Get [Link] and install it.
b) Run 1.0.0.0 version of the game till main menu.
c) Alt-tab, then Start > type task exp and open Task Explorer (64-bit).
d) Scroll that list and find fifa16.exe.
e) Right-click it and Dump PE.

Repeat the above with the other executable and create and upload a new archive. Make sure to name each by version, so I know which is which (e.g.: fifa16_1_0_0_0_dumped.exe; fifa16_1_0_3_5_dumped.exe).

Why do I need the dumps? Because the original executables have the code packed. Namely, this code section is full with 00s:

(right-click the image > "Open image in new tab" to see it bigger)


(right-click the image > "Open image in new tab" to see it bigger)


We'll continue once I have what I asked for.

BR,
Sun

[Byronic]

Thank you so much, Sun. You are the only one who wanna help. I asked the same kind of help in 2 other Forums, but no reply till now.
Sorry for the late reply.
I will create the Dump now after installing the Software you are linked. Also thanks for the pictured Guide how to do. Without it I guess it would be a hard time for me without no knowledge of this Topic.
I will repeat to you when I have all the necessary Files.

Greetz
Thomas

[Byronic]

You told me the original exe is full of zeros. I wanna try to understand what you are talking. Does that mean if I would open the exe with Hexeditor, I would see only the zeros and no other "codes"?? So that could mean I would see more numbers ( Codes ) than the exe was not protected?

[Byronic]

I did the Dumps now.

[Link]

[notpikachu]

Mind if I joined the fun and see later if my offset is correct ?

offset

"fifa16.exe"+4E2A9B9 >>> "fifa16.exe"+4B6333D
"fifa16.exe"+50B1FD7 >>> "fifa16.exe"+4DA2DE6
"fifa16.exe"+44A056E >>> "fifa16.exe"+420FDDC
"fifa16.exe"+508A2F0 >>> "fifa16.exe"+4E8BFC0
"fifa16.exe"+4E28612 >>> "fifa16.exe"+4B6107E
"fifa16.exe"+5171C5B >>> "fifa16.exe"+4E5F34E
"fifa16.exe"+44A06A0 >>> "fifa16.exe"+4210410
"fifa16.exe"+4E5B5CC >>> "fifa16.exe"+4B9374C
"fifa16.exe"+4FE3E56 >>> "fifa16.exe"+4D1E206

[SunBeam]

Mind if I joined the fun and see later if my offset is correct ?

offset

"fifa16.exe"+4E2A9B9 >>> "fifa16.exe"+4B6333D
"fifa16.exe"+50B1FD7 >>> "fifa16.exe"+4DA2DE6
"fifa16.exe"+44A056E >>> "fifa16.exe"+420FDDC
"fifa16.exe"+508A2F0 >>> "fifa16.exe"+4E8BFC0
"fifa16.exe"+4E28612 >>> "fifa16.exe"+4B6107E
"fifa16.exe"+5171C5B >>> "fifa16.exe"+4E5F34E
"fifa16.exe"+44A06A0 >>> "fifa16.exe"+4210410
"fifa16.exe"+4E5B5CC >>> "fifa16.exe"+4B9374C
"fifa16.exe"+4FE3E56 >>> "fifa16.exe"+4D1E206

Sure thing, the more, the merrier Will attempt my version now and confirm.

EDIT: The FIFA Freestyle 16 1.0.3.5.LUA script lists several hardcoded addresses I could dig out, which match yours, except last 3 which you've probably not seen (they're used 2 times each; see below):

Code: Select all

[line 0792] "fifa16.exe"+4E2A9B9
[line 0816] "fifa16.exe"+50B1FD7
[line 0838] "fifa16.exe"+44A056E
[line 0857] "fifa16.exe"+508A2F0
[line 0881] "fifa16.exe"+4E28612
[line 0907] "fifa16.exe"+5171C5B
[line 0934] "fifa16.exe"+44A06A0
[line 0955] "fifa16.exe"+4E5B5CC
[line 0981] "fifa16.exe"+4FE3E56
[line 1044] 145016183
[line 1066] 145016183
[line 1048] 144D0303B
[line 1070] 144D0303B
[line 1051] 144D044CB
[line 1074] 144D044CB

Then there are also addresses in the table itself.

...

Do you use the content listed in the table at all?:



Or you only use this?:



Just so I know if I should ignore the cheat table GUI and just update the Lua script and that's that.

@notPikachu: Whoever did this doesn't know too much about ASM. Here's what I see at the first address: "fifa16.exe"+4E2A9B9:



Now.. whoever designed the table does this:

Code: Select all

            globalAlloc(skillmoveOccurs, 64,"fifa16.exe"+4E2A9B9)
            globalAlloc(skillmoveID, 4, "fifa16.exe"+4E2A9B9)
            label(returnhere)
            label(exit)



            skillmoveOccurs:

            mov r12d,eax
            mov [skillmoveID], r12d
            test ebp,ebp

            exit:
            jmp returnhere


            "fifa16.exe"+4E2A9B9:
            jmp skillmoveOccurs

The problem appears when these lines turn into a JMP:

Code: Select all

fifa16_1_0_0_0_Dumped.exe+4E2A9B9 - 41 89 C4              - mov r12d,eax
fifa16_1_0_0_0_Dumped.exe+4E2A9BC - 85 ED                 - test ebp,ebp

Apparently, there's no problem, because there are 5 bytes which would turn into a short JMP, also 5 bytes. Correct? But if you look at my picture above, see the green arrow that lands 1 line below the highlighted one? That means when those 5 bytes turn into a JMP, the jump above these lines will land on garbage code. Will land on last 2 bytes of the JMP Here:

Code: Select all

fifa16_1_0_0_0_Dumped.exe+4E2A9B2 - EB 08                 - jmp fifa16_1_0_0_0_Dumped.exe+4E2A9BC
fifa16_1_0_0_0_Dumped.exe+4E2A9B4 - 41 8B 6C D1 04        - mov ebp,[r9+rdx*8+04]
fifa16_1_0_0_0_Dumped.exe+4E2A9B9 - 41 89 C4              - mov r12d,eax
fifa16_1_0_0_0_Dumped.exe+4E2A9BC - 85 ED                 - test ebp,ebp

"fifa16_1_0_0_0_Dumped.exe+4E2A9B2 - EB 08 - jmp fifa16_1_0_0_0_Dumped.exe+4E2A9BC" that JMPs to "fifa16_1_0_0_0_Dumped.exe+4E2A9BC". If your hook address is "fifa16_1_0_0_0_Dumped.exe+4E2A9B9", then "mov r12d,eax" + "test ebp,ebp" turns into a JMP when you hook it.

e.g.: fifa16_1_0_0_0_Dumped.exe+4E2A9B9 - E9 x1 x2 x3 x4 - JMP hook

So now the JMP @ fifa16_1_0_0_0_Dumped.exe+4E2A9B2 jumps at "x3 x4" bytes Which overwrite "85 ED", the "test ebp,ebp" line. Which is utter crap. But hey, the request was "fix the script", not "fix the author's logic"...

BR,
Sun

[SunBeam]

...

Here's mine:

Code: Select all

[line 0792] "fifa16.exe"+4E2A9B9 >> "fifa16.exe"+4B6333D
[line 0816] "fifa16.exe"+50B1FD7 >> "fifa16.exe"+4DA2DE6
[line 0838] "fifa16.exe"+44A056E >> "fifa16.exe"+420FDDC
[line 0857] "fifa16.exe"+508A2F0 >> "fifa16.exe"+4E8BFC0
[line 0881] "fifa16.exe"+4E28612 >> "fifa16.exe"+4B6107E
[line 0907] "fifa16.exe"+5171C5B >> "fifa16.exe"+4E5F34E
[line 0934] "fifa16.exe"+44A06A0 >> "fifa16.exe"+4210410
[line 0955] "fifa16.exe"+4E5B5CC >> "fifa16.exe"+4B9374C
[line 0981] "fifa16.exe"+4FE3E56 >> "fifa16.exe"+4D1E206
[line 1044] 145016183 >> "fifa16.exe"+4D4FF06
[line 1066] 145016183
[line 1048] 144D0303B >> "fifa16.exe"+4B9CA8C
[line 1070] 144D0303B
[line 1051] 144D044CB >> "fifa16.exe"+4B9DEDB
[line 1074] 144D044CB

Yep. The same. Except last 3, like I said

[Byronic]

I don´t use the GUI, Sun! You don´t need to get busy with this.
I use only the Table content which are working with Vanilla Fifa 16 game. ( Of course just with exe 1.0.3.5 ). The GUI is for a special mod that no one uses. So sorry if I didn´t mentioned that you will face that useless GUI. Just forget it to mention.

The Script Author is someone from Soccergamingforum. If you say it´s bad written I believe you. I have no chance to either say thank you to him or Hey Man, but bad written Script.

[SunBeam]

I don´t use the GUI, Sun! You don´t need to get busy with this.
I use only the Table content which are working with Vanilla Fifa 16 game. ( Of course just with exe 1.0.3.5 ). The GUI is for a special mod that no one uses. So sorry if I didn´t mentioned that you will face that useless GUI. Just forget it to mention.

The Script Author is someone from Soccergamingforum. If you say it´s bad written I believe you. I have no chance to either say thank you to him or Hey Man, but bad written Script.

If you use just the table content itself (like in the pic I showed ya).. then there's no need to update the Lua script o_O.. correct?

Tell you what.. open that table, delete everything you don't use from that big list.. till only the items YOU USE remain there. This list:



Once you've removed everything you don't need, save the table (File > Save As...) and post it here.

BR,
Sun

[Byronic]

Ok, I start now what you said and delete unnecessary Tables. Will post the decreased Table than.
If it´s not necessary to update the Script itself than is my only wish to start the CT with the Fifa 16exe_1.0.0.0 yes. I just thought it would be necessary to update the whole long script and that would be the "Problem" why the CT didn´t work with the 1.0 exe. So you see now why I have posted my Thread "be careful, Noob question".
I just read in the description from the original Author that he always mentioned: "don´t ask me about a CT for the old 1.0 Fifa 16 exe".

Anyway, sounds to me a lot of time could saved when the Script didn´t must updated?!
Ok, I move on now to decrease the Tables Content.