Difference between revisions of "Cheat Engine:Internals"
m (Undo revision 638 by 112.206.129.13 (Talk) (This idiot pasted a part again -_-)) |
m |
||
| (20 intermediate revisions by 14 users not shown) | |||
| Line 1: | Line 1: | ||
| + | [[Category:Help]] | ||
== Speedhack == | == Speedhack == | ||
| − | CE has 2 different types of speedhack | + | CE has 2 different types of speedhack: the old one and the new one. |
| − | |||
| − | The old one is located in speedhack.pas of the cehook project (cehook.dll) | + | The old one is located in '''speedhack.pas''' of the cehook project ('''cehook.dll'''). |
| − | When it gets activated it uses a simple hook on those functions (just place with a hook and never even bother calling the original function) | + | When it gets activated, it uses a simple hook on those functions (just place with a hook and never even bother calling the original function). |
| − | + | Then it injects and starts a very high priority thread in the open process (game) which will increase time counters for itself using timed sleeping. The speed the time increments with is determined by the speed variable. | |
| − | When the | + | When the open (target) process calls those functions, it just fetches the emulated timer functions and passes it to the caller. |
| Line 14: | Line 14: | ||
The new one is a bit more complex, but less prone to bugs because of a too low sleeptime, or too high, and no thread that counts time for you. | The new one is a bit more complex, but less prone to bugs because of a too low sleeptime, or too high, and no thread that counts time for you. | ||
| − | The source for this is located in speedhack2.pas in the main program, and the separate speedhack project | + | The source for this is located in '''speedhack2.pas''' in the main program, and the separate speedhack project. |
| − | The speedhack.dll gets injected into the target process and the dll itself has some exports, like speed, addresses of original functions, and an initialize speedhack routine | + | The '''speedhack-i386.dll''' or '''speedhack-x86_64.dll''' gets injected into the target process and the dll itself has some exports, like speed, addresses of original functions, and an initialize speedhack routine. |
| − | Here the hooking and controlling takes place from CE's side and | + | Here the hooking and controlling takes place from CE's side and its auto assembler functions. |
| − | What it does is it first uses the API hook template script on the to hook functions. This results in a script that can be used to hook the functions and fills in some predetermined addresses with the location to call if you want to call the original function (thats what the exports for the original functions are for) | + | What it does is it first uses the API hook template script on the to hook functions. This results in a script that can be used to hook the functions and fills in some predetermined addresses with the location to call if you want to call the original function (thats what the exports for the original functions are for). |
| − | After it's hooked the export "speed" of the dll is modified to the wanted speed and CreateRemoteThread is called with the address of the Initialize function to | + | After it's hooked, the export "speed" of the dll is modified to the wanted speed and '''CreateRemoteThread''' API is called with the address of the Initialize function to start the speedhack and set a base of reference (the current time). |
| − | + | When a timer function is called it will calculate the new time based on the initial time the speedhack got started, the current time, and the speed. So: '''returned_time = base_time + ((current_time - base_time) * speed)''' . | |
| − | When speed is modified the basetime itself is modified as well to make sure the time doesn't go backwards | + | When the speed is modified, the basetime itself is modified as well to make sure the time doesn't go backwards. |
| − | |||
| − | |||
| − | |||
Latest revision as of 14:51, 23 April 2022
Speedhack[edit]
CE has 2 different types of speedhack: the old one and the new one.
The old one is located in speedhack.pas of the cehook project (cehook.dll). When it gets activated, it uses a simple hook on those functions (just place with a hook and never even bother calling the original function). Then it injects and starts a very high priority thread in the open process (game) which will increase time counters for itself using timed sleeping. The speed the time increments with is determined by the speed variable.
When the open (target) process calls those functions, it just fetches the emulated timer functions and passes it to the caller.
The new one is a bit more complex, but less prone to bugs because of a too low sleeptime, or too high, and no thread that counts time for you.
The source for this is located in speedhack2.pas in the main program, and the separate speedhack project. The speedhack-i386.dll or speedhack-x86_64.dll gets injected into the target process and the dll itself has some exports, like speed, addresses of original functions, and an initialize speedhack routine.
Here the hooking and controlling takes place from CE's side and its auto assembler functions. What it does is it first uses the API hook template script on the to hook functions. This results in a script that can be used to hook the functions and fills in some predetermined addresses with the location to call if you want to call the original function (thats what the exports for the original functions are for).
After it's hooked, the export "speed" of the dll is modified to the wanted speed and CreateRemoteThread API is called with the address of the Initialize function to start the speedhack and set a base of reference (the current time).
When a timer function is called it will calculate the new time based on the initial time the speedhack got started, the current time, and the speed. So: returned_time = base_time + ((current_time - base_time) * speed) .
When the speed is modified, the basetime itself is modified as well to make sure the time doesn't go backwards.
