today i want to share a little project by me. Its not complete but it may be useful for some other members here.
Its a little rebuild of Cheat Engine in the scriptlanguage AutoIt. It´s not hard to understand because i have tried to tidy up the source
Some guys will say that AutoIt is too slow to search for values. With this source i disagree. Its not so fast how Cheat Engine buts is also quick. This engine only search for array of bytes and string. I will add more later...
Some of you will ask now why i release this. I think it can helps you to make your trainer more efficiently because you can make a fast adress search. You can also use this if you dont want to use pointers for your trainers. But now i will give you the source:
Code:
#RequireAdmin #NoTrayIcon #region ;**** Directives created by AutoIt3Wrapper_GUI **** #AutoIt3Wrapper_Compression=4 #AutoIt3Wrapper_Res_requestedExecutionLevel=asInvoker #endregion ;**** Directives created by AutoIt3Wrapper_GUI **** #include <ComboConstants.au3> #include <EditConstants.au3> #include <WindowsConstants.au3> #include <StaticConstants.au3> #include <NomadMemory.au3> #include <String.au3> #include <GuiEdit.au3> #include <WinAPI.au3> Global $Open, $Process_Text _SEDEBUG() OnAutoItExitRegister("_Detach") Opt("GUIOnEventMode", 1) $hGUI = GUICreate("AutoIt CE rebuild by Applecode", 509, 316, -1, -1) GUISetOnEvent(-3, "_Exit") $Adress_Array = GUICtrlCreateEdit("", 4, 4, 209, 305, BitOR($GUI_SS_DEFAULT_EDIT, $ES_READONLY)) GUICtrlSetData(-1, "") $Scan_Button = GUICtrlCreateButton("Scan", 220, 4, 75, 25) $Text_Label = GUICtrlCreateLabel("Text:", 260, 40, 28, 17) $Text_Input = GUICtrlCreateInput("", 292, 36, 209, 21) $Value_Type_Label = GUICtrlCreateLabel("Value Type:", 228, 68, 58, 17) $Memory_Group = GUICtrlCreateGroup("Memory Scan Options", 220, 92, 281, 81) $Start_Label = GUICtrlCreateLabel("Start:", 228, 116, 29, 17) $Start_Adress_Input = GUICtrlCreateInput("0x00400000", 268, 116, 225, 21) $Stop_Label = GUICtrlCreateLabel("Stop:", 228, 148, 29, 17) $Stop_Adress_Input = GUICtrlCreateInput("0x0FFFFFFF", 268, 140, 225, 21) GUICtrlCreateGroup("", -99, -99, 1, 1) $Type_Combo = GUICtrlCreateCombo("String", 292, 64, 209, 25) GUICtrlSetData(-1, "Array of Byte") $Changer_Group = GUICtrlCreateGroup("Memorychanger", 220, 180, 281, 133) $Adress_Label = GUICtrlCreateLabel("Adress:", 244, 204, 39, 17) $Adress_Input = GUICtrlCreateInput("0x00000000", 292, 196, 201, 21) $Change_Label = GUICtrlCreateLabel("Change to:", 228, 228, 56, 17) $Change_To_Input = GUICtrlCreateInput("", 292, 220, 201, 21) $Type_Label = GUICtrlCreateLabel("Type:", 252, 252, 31, 17) $String_Combo = GUICtrlCreateCombo("String", 292, 248, 201, 25, BitOR($CBS_DROPDOWN, $CBS_AUTOHSCROLL)) GUICtrlSetData(-1, "Array of Byte") $Change_Button = GUICtrlCreateButton("Change", 228, 276, 259, 25) GUICtrlCreateGroup("", -99, -99, 1, 1) $Status_Label = GUICtrlCreateLabel("Waiting for S4 Client", 300, 8, 201, 17, $SS_CENTER) GUISetState(@SW_SHOW, $hGUI) GUICtrlSetOnEvent($Scan_Button, "_Scan") GUICtrlSetOnEvent($Change_Button, "_Change") AdlibRegister("_Process") While 1 Sleep(100) WEnd Func _Change() $Adress_Change = GUICtrlRead($Adress_Input) $Value_Change = GUICtrlRead($Change_To_Input) $Type_Change = GUICtrlRead($String_Combo) If $Type_Change = "String" = 1 Then $Char_Len = StringLen($Value_Change) + 1 _MemoryWrite($Adress_Change, $Open, $Value_Change, "char[" & $Char_Len & "]") ElseIf $Type_Change = "Array of Byte" = 1 Then $AoB_Len = StringLen($Value_Change) / 2 _MemoryWrite($Adress_Change, $Open, $Value_Change, "byte[" & $AoB_Len & "]") EndIf EndFunc ;==>_Change Func _Detach() _MemoryClose($Open) EndFunc ;==>_Detach Func _Scan() If ProcessExists($Process_Text) > 0 Then If GUICtrlRead($Type_Combo) = "String" = 1 Then $String_Text = GUICtrlRead($Text_Input) $Text_AoB = _StringToArrayOfByte($String_Text) $Adress_Start = GUICtrlRead($Start_Adress_Input) $Adress_End = GUICtrlRead($Stop_Adress_Input) Do $Result = _MemoryScan($Open, $Text_AoB, False, $Adress_Start, $Adress_End) If $Result = -3 Then ExitLoop Else _GUICtrlEdit_InsertText($Adress_Array, $Result & @CRLF, -1) EndIf $Adress_Start = $Result + 1 Until $Result = -3 ElseIf GUICtrlRead($Type_Combo) = "Array of Byte" = 1 Then _GUICtrlEdit_SetText($Adress_Array, "") $String_Text = GUICtrlRead($Text_Input) $Adress_Start = GUICtrlRead($Start_Adress_Input) $Adress_End = GUICtrlRead($Stop_Adress_Input) Do $Result = _MemoryScan($Open, $String_Text, False, $Adress_Start, $Adress_End) If $Result = -3 Then ExitLoop Else _GUICtrlEdit_InsertText($Adress_Array, $Result & @CRLF, -1) EndIf $Adress_Start = $Result + 1 Until $Result = -3 EndIf Else MsgBox(0, "Error", "Your choosen process is not running!") EndIf EndFunc ;==>_Scan Func _Process() If ProcessExists("S4Client.exe") > 0 Then $Open = _MemoryOpen(ProcessExists("S4Client.exe")) GUICtrlSetData($Status_Label, "Engine is atteched!") AdlibRegister("_Wait_for_close", 750) AdlibUnRegister("_Process") EndIf EndFunc ;==>_Process Func _Wait_for_close() If Not ProcessExists("S4Client.exe") = 1 Then GUICtrlSetData($Status_Label, "Waiting for S4 Client") AdlibRegister("_Process") AdlibUnRegister("_Wait_for_close") EndIf EndFunc ;==>_Wait_for_close Func _Exit() Exit EndFunc ;==>_Exit Func _MemoryScan($ah_Handle, $pattern, $after = False, $iv_addrStart = 0x00400000, $iv_addrEnd = 0X0FFFFFFF, $step = 51200) If Not IsArray($ah_Handle) Then SetError(1) Return -1 EndIf $pattern = StringRegExpReplace($pattern, "[^0123456789ABCDEFabcdef.]", "") If StringLen($pattern) = 0 Then SetError(2) Return -2 EndIf For $addr = $iv_addrStart To $iv_addrEnd Step $step - (StringLen($pattern) / 2) StringRegExp(_MemoryRead($addr, $ah_Handle, "byte[" & $step & "]"), $pattern, 1, 2) If Not @error Then If $after Then Return StringFormat("0x%.8X", $addr + ((@extended - 2) / 2)) Else Return StringFormat("0x%.8X", $addr + ((@extended - StringLen($pattern) - 2) / 2)) EndIf EndIf Next Return -3 EndFunc ;==>_MemoryScan Func _StringToArrayOfByte($String) Local $AoB = StringToBinary($String) Local $AntiHex = _StringBetween($AoB, "0x", "") Return $AntiHex[0] EndFunc ;==>_StringToArrayOfByte Func _SEDEBUG() Local $tagLUIDANDATTRIB = "int64 Luid;dword Attributes" Local $count = 1 Local $tagTOKENPRIVILEGES = "dword PrivilegeCount;byte LUIDandATTRIB[" & $count * 12 & "]" Local $call = DllCall("advapi32.dll", "int", "OpenProcessToken", "hwnd", _WinAPI_GetCurrentProcess(), "dword", 0x20, "int*", "") Local $hToken = $call[3] $call = DllCall("advapi32.dll", "int", "LookupPrivilegeValue", "str", "", "str", "SeDebugPrivilege", "int64*", "") Local $iLuid = $call[3] Local $TP = DllStructCreate($tagTOKENPRIVILEGES) Local $LUID = DllStructCreate($tagLUIDANDATTRIB, DllStructGetPtr($TP, "LUIDandATTRIB")) DllStructSetData($TP, "PrivilegeCount", $count) DllStructSetData($LUID, "Luid", $iLuid) DllStructSetData($LUID, "Attributes", $SE_PRIVILEGE_ENABLED) $call = DllCall("advapi32.dll", "int", "AdjustTokenPrivileges", "hwnd", $hToken, "int", 0, "ptr", DllStructGetPtr($TP), "dword", 0, "ptr", "", "ptr", "") EndFunc ;==>_SEDEBUG
If you have any questions to this source then ask in this thread.
Regards, Applecode
Edit: This version is detected! I dont release the undetected version because you have to find it self how to make it undetected ;o