CE-Examples/bypassTutorial.CT at master · FreeER/CE-Examples · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
<?xml version="1.0" encoding="utf-8"?>
<CheatTable CheatEngineTableVersion="26">
  <CheatEntries>
    <CheatEntry>
      <ID>0</ID>
      <Description>"Enable Next Button"</Description>
      <LastState/>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>[ENABLE]
{$lua}
-- CE does not clear the symbol list when attaching to a new process, so we do it
onOpenProcess = function(pid)
  autoAssemble[[
    unregisterSymbol(bypassThread)
    unregisterSymbol(info)
    unregisterSymbol(quit)
  ]]
end
{$asm}

globalalloc(bypassThread, $1000)
createThread(bypassThread)
bypassThread:
  cmp [quit], 0
  je @f
  ret
@@:
  push #100
  call mysleep
  call getForegroundWindow
  push nextCaption
  push 0
  push 0
  push rax
  call FindWindowEx
  mov [info], rax
  test rax,rax
  jz bypassThread
  push 1      // true
  push rax    // hwnd
  call myEnableWindow
  jmp bypassThread
nextCaption:
  db 'Next',0
mysleep:
{$lua}
  if targetIs64Bit() then
    return [[
      pop rax // return address
      pop rcx
      push rax
    ]]
  end
{$asm}
  jmp sleep
FindWindowEx:
{$lua}
  if targetIs64Bit() then return [[
    pop rax // return address
    pop rcx
    pop rdx
    pop r8
    pop r9
    push rax
  ]]
  end
{$asm}
 jmp FindWindowExA
myEnableWindow:
{$lua}
  if targetIs64Bit() then return [[
    pop rax // return address
    pop rcx
    pop rdx
    push rax
  ]]
  end
{$asm}
  jmp EnableWindow
quit:
  dd 0
info:
  resq 1

registerSymbol(info)
registerSymbol(quit)
[DISABLE]
{$lua}
-- if the process is still running then stop the thread by writing 1 to quit
if readInteger(process) ~= nil then return 'quit:\ndd 1' end
{$asm}
unregisterSymbol(info)
unregisterSymbol(quit)
unregisterSymbol(bypassThread)
</AssemblerScript>
      <CheatEntries>
        <CheatEntry>
          <ID>1</ID>
          <Description>"Next Window Handle"</Description>
          <ShowAsHex>1</ShowAsHex>
          <VariableType>4 Bytes</VariableType>
          <Address>info</Address>
        </CheatEntry>
      </CheatEntries>
    </CheatEntry>
  </CheatEntries>
  <UserdefinedSymbols/>
  <Comments>To use this on another process without reopening the table you'll have to open the symbol table (memory viewer, view-&gt;User Defined Symbols) and delete all of them (there's a context menu to do so)
</Comments>
</CheatTable>