Cheat Engine / Lua e Asm

Published: 2020-04-22, Updated: 2020-06-24

Exemplos

Links

Funções do cheat engine

Mudar cor de uma label depois de um tempo

control_setVisible(trainer.messageLbl, true)
control_setCaption(trainer.messageLbl, string.format("%d items updated !", #itemsList))
trainer.messageLbl.Font.Color = "0x30a03e" -- verde limao
createThread(function(threadObj)
  sleep(500)
  trainer.messageLbl.Font.Color = "0x9a2626" -- "clDefault"
end);

Criar uma thread do pascal para executar em paralelo

createThread(function(threadObj)
--  while (not threadObj.Terminated) do
--  end
  sleep(500)
  trainer.messageLbl.Font.Color = "0x9a2626" -- "clDefault"
end);

Mudar texto de uma label programaticamente

control_setCaption(trainer.messageLbl, "Some text!")

Injetar a DLL do lua na JVM para poder rodar scripts

javaInjectAgent()

Listar todas as classes da JVM atual

javaInjectAgent()
local classes = java_getLoadedClasses()

for k, v in pairs(classes) do
  if(
   v.signature:find("^Ljava") == nil
   and v.signature:find("^Lsun") == nil
   and v.signature:find("^%Ljdk") == nil
   and v.signature:find("^%[Ljava") == nil
   and v.signature:find("^%[Lsun") == nil
   and v.signature:find("^%[%[Ljava") == nil
   and v.signature:find("^%[%[Lsun") == nil
  ) then
    print(v.signature)
  end
end

Listar campos de uma classe

javaInjectAgent()

function listClassFields(clazzName)
  local vclass = java_findClass(clazzName)
  if (vclass == nil or vclass == 0) then
    print("class not found: " .. clazzName)
    return
  end
  local all_fields = java_getClassFields(vclass)
  for k,v in pairs(all_fields) do
      print(string.format("name=%s, signature=%s, generic=%s", v.name, v.signature, v.generic))
--        [name] => c
--        [signature] => Lorg/apache/logging/log4j/Logger;
--        [generic] =>
--        [jfieldid] => 803128640
  end
end

print("Fields:")
listClassFields("Lex001/Player;")

Listar instâncias de uma classe

javaInjectAgent()

local clazz = java_findClass("[Lben;");
local instances = java_findAllObjectsFromClass(clazz);

print(string.format("instances=%d", #instances))

Listar todos os campos de uma classe e seus conteudos

javaInjectAgent()

function printObject(clazz, instance)
  local fields = java_getClassFields(clazz)
-- print(string.format("fields=%d", #fields))
  for k, field in pairs(fields) do
    local fieldValue = java_getField(instance, field.jfieldid, field.signature)
    print(string.format("%s %s = %s",  field.signature, field.name, tostring(fieldValue)))
  end
  print("\n")
end

local clazz = java_findClass("[Lben;");
local instances = java_findAllObjectsFromClass(clazz);
local len = math.min(100, #instances)

print(string.format("clazz=%s, instances=%d, len=%d", tostring(clazz), #instances, len))
for i=1, len do
--for k, instance in pairs(instances) do
  printObject(clazz, instances[i])
end

Pegar valores de um campo das instancias de uma classe

javaInjectAgent()

function getFieldIdByFieldName(vclass, field_name)
  local all_fields = java_getClassFields(vclass);
  for k,v in pairs(all_fields) do
    if(field_name == v.name) then
      return v.jfieldid
    end
  end
  return 0;
end

local clazz = java_findClass("Lben;");
local instances = java_findAllObjectsFromClass(clazz);
local fieldId = getFieldIdByFieldName(clazz, "d")

for k, instance in pairs(instances) do
  print(string.format("value=%s", tostring(java_getField(instance, fieldId, "I"))))
end

Pegando instâncias de uma classe java e printando o campo dela chamado health

function getFieldIdByFieldName(vclass, field_name)
  local all_fields = java_getClassFields(vclass);
  for k,v in pairs(all_fields) do
    if(field_name == v.name) then
      return v.jfieldid
    end
  end
  return 0;
end

local vclass = java_findClass("Lex001/Player;");
local objs = java_findAllObjectsFromClass(vclass);
local healthFieldId = getFieldIdByFieldName(vclass, "health");

print(string.format("objs=%s, length=%d", tostring(objs), #objs))
for k,v in pairs(objs) do
  local maxHunger = java_getField(v, healthFieldId, "I")
  print(string.format(
    "k=%s, v=%s, type=%s, addr=%x, maxHunger=%d",
    k, v, type(v), v, maxHunger
  ))
end

-- objs=table: 0000000011C40650, length=2 
-- k=1, v=658958168, type=number, addr=2746e758, maxHunger=99 
-- k=2, v=658958176, type=number, addr=2746e760, maxHunger=100

Listar metodos de uma classe

local cm=java_getClassMethods(java_findClass("Lbei;"))
print("|")
for i=1,#cm do
	print("||", cm[i].name)
end

Rodar um método

local playerClass = java_findClass("Lex002/Player;");
local instances = java_findAllObjectsFromClass(playerClass)
local getHealthMethod = java_findMethod(playerClass, "getHealth")
arg = {}
local healthFromMethod = java_invokeMethod(instances[1], getHealthMethod)
print(string.format("health=%d, healthFromMethod=%d", health, healthFromMethod))

Misturar LUA com ASM

{$lua}
-- This is Lua code.
print('Hello')
if memrec then
  print('This is memoryrecord '..memrec.description)
end
{$asm}
// This is Auto Assembler code
00123ABC:
  db 90 90 90

{$lua}
if not getAddressSafe('symbol') then
  return [[aobscan(...)
  registerSymbol('symbol')]]
end
{$asm}

Fazendo assembler apenas com lua

First execute this lua code so the function is available Code:

function myscript()
local MySymbol = Whateveryoudotogetthesymbolbytesasanaob()
local mystring = "01 02 03 ff ab cd ef "..MySymbol.." 04 05 06 07 08"

autoAssemble([[
  AOBScan(aobMoney, ]]..mystring..[[

  aobMoney:
   nop
   nop
   nop
   nop
]]
end

function UndoMyScript()
--some code that disables it
end

Then write an aa script like this Code:

[enable]
LuaCall(myscript())

[disable]
LuaCall(UndoMyScript())

Fazer evaluate de expressão Cheat Engine

readInteger("[[[[[[[[[witcher3.exe + 028F3F60] +0] +18] +20] +40] +40] + 1c0] +10] +28]")
getAddress("[[[[[[[[[witcher3.exe + 028F3F60] +0] +18] +20] +40] +40] + 1c0] +10] +28]")

Referências

cheat engine commands, asm commands, lua commands, cheat engine lua, lua cheat engine, lua bookmarks


Lua Bookmarks Isolamento Acústico de Parede / Orçamento

Comments