Перейти к содержанию

TrainMe CE Protect


Vlad2

Рекомендуемые сообщения

33 минуты назад, Submarinа сказал:

Какой программой можно оперативную помять анализировать, что бы посмотреть, что грузится, или выгружается.

x32_dbg и x64_dbg

Ссылка на комментарий
Поделиться на другие сайты

58 минут назад, partoftheworlD сказал:

А зачем вообще его расшифровывать(второй трейнер)? Его же просто можно вызвать, а там посмотреть какие байты были изменены.

large

Ссылка на комментарий
Поделиться на другие сайты

10 час назад, partoftheworlD сказал:

А зачем вообще его расшифровывать(второй трейнер)? Его же просто можно вызвать, а там посмотреть какие байты были изменены.

Затем, что в данной теме поставленна задача распаковать, а не посмотреть, что он пишет

Ссылка на комментарий
Поделиться на другие сайты

  • 2 года спустя...
В 25.11.2016 в 17:21, Гость сказал:

 

Действительно. А как это дело расшифровать?

 

  Показать контент

--RegisterSymbolLookupCallback
slStart = 0 --The very start of a symbol lookup. Before tokenization
slNotInt = 1 --Called when it has been determined it's not a hexadecimal only string. Before tokenization
slNotModule = 2 --Called when it has been determined the current token is not a modulename
cba=decodeFunction('c-oa(TaV,]k*}$YJ!5+D(1MV)xgbjzMs?}C4?BzH)l]T%lE]j)bc-l.kNwi1$kP)tB#%H,eesiwAa=d*H]!#d].?mJPx%o(Mq:dl7xqu:AMjSyAtm*pd$DQEbl2sas[*dPQ;.UNx4U#};D#{4OZko;-/R+-zdVvQKaVaN1+rhU7x,usN#NIRqaj)VhIDX!Eqw}gmoUVWR*zOgl5{5@R:ZL_dayF2Pp:EodyQ3rc(Q1rRM;4aVQy3UskD.bTdfKK+t[3Y^mhbDAd$e/UCDzv*:KbSUN.3VwIy%0!m+!Qt2X%lgY=.T3uICOWIwkWZK+H*Q6d]kjX#q9/!VRTHE@zUhvr[J)t-4*(@30Y-(^*t4^%wqrq5tapI/i$UxKb,;]MPFeOf3O1=ji2HV?a/kX9C}rMr3wc6T#ez*N39WCJY!6fkF*^=%F=fFCR8_IGsW1L.q^puej;^SyCvCUt.b^kxF.]By@r0m@:DH4fnKU.cysUjOA6g8$$?;2Kq(zZCpme{#WP0}9dlzi_FR/8QE+uE2EN6(MI#Px@fWV%q2t[8(lmtAJO(b1L6,l7z+neAnml4qvcHe(DfFKVr#}VCl$rF67.d+iYHpU.WQJA}W^),G4.^McLbP:gd8u?:G.Ios[BBT+aMEB2qE$SrNEaMr%MH#Lg9vx]Ok0*Z?#9nddA?*#*-#d6XM?s*W-nJ59krI34-3c=#3RY0vk)fWh:_YF=)XqdhC-r2ec-Mne^IHF0Ae1XCwogG!P/j}JLsl0zQ+pYSMk0/f7RM-T$v1x5#@$/sO5OcG/6?}wg8Otc/c$pkc@3ZAFAgK1+;)F^.)M1I1YDM6klZQlv[49riHG3UXtA9=%(Op9Te2rSb(64!}.@lAaIP#;K-Nve]0Wa+rH$z$a-3Hv-X0*G{!oPp074Vf-XY5OxjO*%Pfdof:_9sm/Il^g*tfTqSNMv#Rp(O^oB#[:,8VOu;hot+PU;hlPK$tTfS#4n.FCs/NYxq0chsbC=foTw(CFBpq3u*OKdW-K1hoe0Cr=a(E:jEC6rPUObSNth;0R9,J]uOP_@Z=hZY[FoghxEcssV0Z?D;x9,KIIT#b[1JVdQ[r2*$E]@})gX]/3,[W6W(wVxOc!A%N:vw-i=EGTMr]IMDT^Gu7omCSGKxo+(099om^v/hAhyh1rj!_r*NoyvBxE2x#/L{(JKfB6A;sUJ$u;Y-egb:eM}R/,]vr^Rc$fso(jAn[X$3rChKrE0O=DlTlkWp^:zFj:NLeuhw?CH.$PXd*o_WE50{kd-h:*.3cY-XXonXut.L-@o-BTWdKPRB$Spq@F(oWT0z:zqG!FUdn#F.?:prp=%hUu^rN05bhu2VCPIR-OKJJBhRLnn*7n6]Ly;gR(eE#_Unky*L7$P%g*eNJU!?SI9S%ZXeTP;C=6JVuOAOjsIU0mN_HnMFKikXE1$0;}wtKjui,giXQJfjMNs0?DYKVw9h0nsN*Om=g@}#o]rX/kV+;gg%T1(w/KBKU4u:ERbzW0dGtow{pT[CcN81SVSzKZ%bi8F)BR,RSCwnWFMUbH}iLU5G^0DTo;kElVb;CEG.C:N6=^KE(=A5hRUL4r}tbLSws#qe{U69/Y=:G5l81JJBrzUo}O,#Ixy$yF@^nvou{.!q.#NuLR1N.tj=BE(6ikZD:3B22MJaMauWG2[gE(]SNHY=QE.WgGsjb;SE;W]d$xov%sd)}Je@=gf%78:vZM_q7I[1nlOfoTao@9:As$p?@slw3I+_vD#dzta%b1qbS_*gMGz5MCg=54UsEn)B(aPC1nJ7okPrA+=cs%G,oPZszSsmGy)Qlbu.7Z8#+2+%nF9fRrU*kby.H$[tjTR/i4e7Db1hP(xyQVQhf8:3gjwd5;PcH1kjx_P)EVKsw?o0elwS59$[9w]Y$*Pc@P2[{CW7ruRI8-kpZ]vS1wN5kbq0vIFL^5jJ(Hy2l$Y/Ytfi6q5D6]+2nih08:,PX*)lrTKiOfxgND[:u:irbO1fxATruYyB,w7Vx*Rnc(Yo9p6V7?S0lQG(ai/S3^p=x??0feN{x6Ki.1f}tf#BhRhXm${pncx)WA}d*eWkQ16P$3v4qzFM7De[*Hiu[iQB8U4)k+@w3/fe]k]7m%;NsBvK75jq{X*$P3LVysfgunu7pAZ{%MF/X(A[N[z2+C$P5dut=ee!]DxlcZNNRbZ:;@{JzAVoef1}u}W6Qo2ABSk*Jq^s*xu_[@HfokOA2r2S$j1;8JffV]p5GnHU5oRv::pJ[vL_wSa81iHchv:+;5@B.L8g1N@dUeC(+3_bmJZ?0Ew(8J];h%qeo23/t8$pEx,D1=%fxZ#!lVA%(jRfV5piTl;es9tpcZS@$NkTY^cAFS,V$7j2GRAaHv=AfOC)ZH5pp4dvBHhhar$=tw),Fw1bJS[msniIlr4daSEuCnBXO*O1WEQPdBTyDCQk.H@*,bKBMN1P0-:bBCV^g%d#F4kOA}Bg]?}jKb8oAbmYmI#C!na1wb;Uni?4E1:k$X]-ERFo?!oNlUbOAsk1SNq$Cj:#dKqmyHZ0(=V6dX$?1ft,rIw24h2R5lYpsJ}fB4D=m^!x5I73gjXq^zsv5=Lir-MmOv$-rncL1gXr1VS?fPpF8Cz=:m@*/mkwoL[A2NcQo]q1ayNGl1zCFFL*;M@q$+pwrI/RTA[Eqbxs(9ho+^6sqgQL(3wdS6MS^):s40DZ_#n,*aD!hoqS:l/M2k^s3}cbA);?+YZBruiAzcV,;JIx5OK]7;l8Q$pX/TDvQ%LJNI4DU?T6xsV{.V#c5fPI+;I%mT+8t({F2ng029qXTz(Nmvlkz11%od@uPqqZ9j4HE(#3$aMPe;Me*wlywyY6?Vpow_J3H3iwluxbI3%),!P:6%ExKTq0XuZBwSE9,_97rbpo3DF=PUP5+.KxxY$xBNd0hr7qPFxDG$1wpDh/=a[YEeN*p)qL#/;HI,XF8sc:cS!fQGR]Kjut2}AT2n*gI*vQuo.QhvrF^{XDv!3f,h.Rb_(zzQ0NCg*/#A^AmZcM@39mpe#CKoLSddLaJiM2(a}[UG*/?tEtwHBaT)Atls/^U4rs,+/__tN*+}6jtRf/Cv}1XifEV:OLMjoRA6AlZ3[M%y:SP7^tGONz09uEPTTH,GP3fHks^$AJJ,A7r=fHVaxG?C3Vl0,s#H=buqav:1xk{XZ_@8MVuiPin4(KaYAnd#1R4Z*PehnI3,nZ/O#K}bY5}HzK[VHaCEp0H+6NQ7/Rql1fl7)lrPpYI7z)c[;l#Nb1j4.#RnG:i+HEx6}#$nxKR:.AjPGUU.)!trz3}AOrXUC6wqx]NW=rvIZrxpfXLc.LT=r[9-8%{;nEZZoF@l:Eyto9DBWWN,S%?4@xUK.E)wh8?X!#*@#DrialdVKM*sI2XM)Olyq5D;v#RI)aAY2lhm40BW^xOkAZQ)Sx?{QkfiwF=vun18gCVuAP?v(%H6QaCTx#$de:e?S#oMHC;Eajp8xp,pe$9}l/p_z}/9ViJcqNYKZRX?W-YMrcOY@rcz}#n.s46CGi)ngj18DipBeOrYPI=2V?bvSncv(n$U$m^oZk;AZOsl]9g(3@omTzdOqZf?lX:_?+X*/Y^=YV*f)^4kIVKQm.,q5^DwB=*H7Xol?x%P?y0M4{77.bBi4@6nI/:WaS,QYRPv?rFi*?a(.E=z{YTSG0;].:W]ol{zqWA0pi+IqE@;_J%=#7;wf[Ru:X9?TGPvLbKTANE[oJ%aN6.}(G5.4z7ZlhJ_MG%a{S,e6cMz8RrqBRckp*#+ZZ[RNh@-zZ:7x+K[EBkvE!H,ALQr8%-Y[AAOtrtEizCj/nLZR4%xlZ{yWp4f1m-01di;g.X1wHrEPG9I,yp4Jj@Q7(Q_Dxwq6d)Vq[=1zjm?!j%8Y*s,K(Leu@c?c_uQzd!V#rHk)1I,xC.rLkInY1lk-m(L=Dt^_Q)MiJaQORQH3=6#fXB7DxLdPR9O(%@]^EVfoIoL9z89WZ!KFGT*lJAMaEz9uWdZ@=U/YYO0n17a$?A5;x7egCx(g5@l%/,j4yK_]ePdq1.3-S)DS?{)Yl/3^AGi5.zUNH9#8CKAT-@.D.9^XN8fB3VUf6)OcoQv*BDq!,k,pntS]z=pwc+?[hTBVa[TTNpq]B1EXsL5{?gM:Cu]J1mi9poJ;.tzK,2M[.Yy+eoA58a(mN4ziWsgo%1L*8gGE/YGL[.[#efXDK#/pi*1Z$hL85xs/y?6,D2Oj+H{?C18f]7N;5L!O=oEBT)dhR_m$:==z-9O!:]^tg1d(s6ss4arzZ@r.FzkKBDV+6)1f.ilDrQvL+JK@3H1e_]t?m,-$J-F,8W^8n[)xRwr9+YqvxpRTW@=;FwQ*@h2k@eKKz!+4a([cQU]rU}+pnVi0dN#B:X-i/L@Hm.?3yz86ua8VCvt3=VxqC}0u24+6L786XREqEizMPIG60ly0kV})$[/=o%krIRT%jnL(fGaj9IB}Q}%rcc-/q;8ikrtIyn3R!(MY0TY6mzS46QuRvpvEuM4eoJ[SJNzTH*;O,H,%42vMQs).^fb(NZ.sJnUQ:yV*k.w^Yiiw8E%.{[zsE_PHNm2DqT#m,@}XwpD{NNTbQwo.7PH3,KzgcpQ=.TaiVC18tF/}2MYUqQ0!^fiT(SDr3Yn$)@(-BFK;jHW0:vp*.8S?A8o/Tdo*]e+U$MI{M9Wk;wvO0iWf_SN#9PJs/FCoct*Kq_fW3?l') cba()
slNotUserdefinedSymbol = 3 --Called when it has been determined it's not a userdefined symbol
slNotSymbol = 4 --Called when it has been determined it's not a symbol in the symbollist
slFailure = 5 --Called when it has no clue what the given string is

 

 

Друг сделал программу-дешифратор для encodeFunction в СЕ. Вот её возможности.

После расшифровки скрипта который выше

Спойлер

local L0_0
L0_0 = assert
L0_0 = L0_0(io.open("defines.lua", "w"))
f = L0_0
L0_0 = f
L0_0 = L0_0.write
L0_0(L0_0, [[
--Defines:

--checkbox state defines
cbUnchecked=0
cbChecked=1
cbGrayed=2


--onMouseEvent button defines:
mbLeft=0
mbRight=1
mbMiddle=2
mbExtra1=3
mbExtra2=4


--memo scrollbar defines
ssNone=0
ssHorizontal=1
ssVertical=2
ssBoth=3
ssAutoHorizontal=4
ssAutoVertical=5
ssAutoBoth=6


bsNone=0
bsSingle=1
bsSizeable=2
bsDialog=3
bsToolWindow=4
bsSizeToolWin=5

 

--scan types: (fast scan methods)
fsmNotAligned=0
fsmAligned=1
fsmLastDigits=2

--rounding types
rtRounded=0
rtExtremerounded=1
rtTruncated=2

--scan options
soUnknownValue=0
soExactValue=1
soValueBetween=2
soBiggerThan=3
soSmallerThan=4
soIncreasedValue=5
soIncreasedValueBy=6
soDecreasedValue=7
soDecreasedValueBy=8
soChanged=9
soUnchanged=10


--debug variables
--Breakpoint methods:
bpmInt3=0
bpmDebugRegister=1
bpmException=2


--Breakpoint triggers:
bptExecute=0
bptAccess=1
bptWrite=2

--breakpoint continue methods:
co_run=0
co_stepinto=1
co_stepover=2

--CloseAction types
caNone=0;
caHide=1;
caFree=2;
caMinimize=3;

--alignment types
alNone=0
alTop=1
alBottom=2
alLeft=3
alRight=4
alClient=5

--message dialog types
mtWarning=0
mtError=1
mtInformation=2
mtConfirmation=3

--message dialog button types
mbYes=0
mbNo=1
mbOK=2
mbCancel=3
mbAbort=4
mbRetry=5
mbIgnore=6
mbAll=7
mbNoToAll=8
mbYesToAll=9
mbHelp=10
mbClose=11


--message dialog results:
mrNone = 0;
mrOK = mrNone + 1
mrCancel = mrNone + 2
mrAbort = mrNone + 3
mrRetry = mrNone + 4
mrIgnore = mrNone + 5
mrYes = mrNone + 6
mrNo = mrNone + 7
mrAll = mrNone + 8
mrNoToAll = mrNone + 9
mrYesToAll = mrNone + 10
mrLast = mrYesToAll

--duplicate enum
dupIgnore = 0
dupAccept = 1
dupError = 2


--Variable types
vtByte=0
vtWord=1
vtDword=2
vtQword=3
vtSingle=4
vtDouble=5
vtString=6
vtUnicodeString=7 --Only used by autoguess
vtByteArray=8
vtBinary=9
vtAutoAssembler=11
vtPointer=12 --Only used by autoguess and structures
vtCustom=13
vtGrouped=14

--Key codes
VK_LBUTTON = 1
VK_RBUTTON = 2
VK_CANCEL = 3
VK_MBUTTON = 4
VK_XBUTTON1 = 5
VK_XBUTTON2 = 6
VK_BACK = 8
VK_TAB = 9
VK_CLEAR = 12
VK_RETURN = 13
VK_SHIFT = 16
VK_CONTROL = 17
VK_MENU = 18
VK_PAUSE = 19
VK_CAPITAL = 20
VK_ESCAPE = 27
VK_SPACE = 32
VK_PRIOR = 33
VK_NEXT = 34
VK_END = 35
VK_HOME = 36
VK_LEFT = 37
VK_UP = 38
VK_RIGHT = 39
VK_DOWN = 40
VK_SELECT = 41
VK_PRINT = 42
VK_EXECUTE = 43
VK_SNAPSHOT = 44
VK_INSERT = 45
VK_DELETE = 46
VK_HELP = 47
VK_0 = 48
VK_1 = 49
VK_2 = 50
VK_3 = 51
VK_4 = 52
VK_5 = 53
VK_6 = 54
VK_7 = 55
VK_8 = 56
VK_9 = 57
VK_A = 65
VK_B = 66
VK_C = 67
VK_D = 68
VK_E = 69
VK_F = 70
VK_G = 71
VK_H = 72
VK_I = 73
VK_J = 74
VK_K = 75
VK_L = 76
VK_M = 77
VK_N = 78
VK_O = 79
VK_P = 80
VK_Q = 81
VK_R = 82
VK_S = 83
VK_T = 84
VK_U = 85
VK_V = 86
VK_W = 87
VK_X = 88
VK_Y = 89
VK_Z = 90
VK_LWIN = 91
VK_RWIN = 92
VK_APPS = 93
VK_NUMPAD0 = 96
VK_NUMPAD1 = 97
VK_NUMPAD2 = 98
VK_NUMPAD3 = 99
VK_NUMPAD4 = 100
VK_NUMPAD5 = 101
VK_NUMPAD6 = 102
VK_NUMPAD7 = 103
VK_NUMPAD8 = 104
VK_NUMPAD9 = 105
VK_MULTIPLY = 106
VK_ADD = 107
VK_SEPARATOR = 108
VK_SUBTRACT = 109
VK_DECIMAL = 110
VK_DIVIDE = 111
VK_F1 = 112
VK_F2 = 113
VK_F3 = 114
VK_F4 = 115
VK_F5 = 116
VK_F6 = 117
VK_F7 = 118
VK_F8 = 119
VK_F9 = 120
VK_F10 = 121
VK_F11 = 122
VK_F12 = 123
VK_F13 = 124
VK_F14 = 125
VK_F15 = 126
VK_F16 = 127
VK_F17 = 128
VK_F18 = 129
VK_F19 = 130
VK_F20 = 131
VK_F21 = 132
VK_F22 = 133
VK_F23 = 134
VK_F24 = 135
VK_NUMLOCK = 144
VK_SCROLL = 145
VK_LSHIFT = 160
VK_LCONTROL = 162
VK_LMENU = 164
VK_RSHIFT = 161
VK_RCONTROL = 163
VK_RMENU = 165


--shellExecute show defines:
SW_HIDE = 0;
SW_MAXIMIZE = 3;
SW_MINIMIZE = 6;
SW_NORMAL = 1;
SW_RESTORE = 9;
SW_SHOW = 5;
SW_SHOWDEFAULT = 10;
SW_SHOWMAXIMIZED = 3;
SW_SHOWMINIMIZED = 2;
SW_SHOWMINNOACTIVE = 7;
SW_SHOWNA = 8;
SW_SHOWNOACTIVATE = 4;
SW_SHOWNORMAL = 1;


--Pixelformat
pfDevice = 0
pf1bit = 1
pf4bit = 2
pf8bit = 3
pf15bit = 4
pf16bit = 5
pf24bit = 6
pf32bit = 7
pfCustom = 8

--Disassembler value type
dvtNone = 0
dvtAddress = 1
dvtValue = 2

--Dissectcode
jtCall = 0
jtUnconditional = 1
jtConditional = 2
jtMemory = 3

--RegisterSymbolLookupCallback
slStart = 0 --The very start of a symbol lookup. Before tokenization
slNotInt = 1 --Called when it has been determined it's not a hexadecimal only string. Before tokenization
slNotModule = 2 --Called when it has been determined the current token is not a modulename
slNotUserdefinedSymbol = 3 --Called when it has been determined it's not a userdefined symbol
slNotSymbol = 4 --Called when it has been determined it's not a symbol in the symbollist
slFailure = 5 --Called when it has no clue what the given string is

poDesigned = 0
poDefault = 1
poDefaultPosOnly = 2
poDefaultSizeOnly = 3
poScreenCenter = 4
poDesktopCenter = 5
poMainFormCenter = 6
poOwnerFormCenter = 7

asrTop = 0
asrBottom = 1
asrCenter = 2
asrLeft = asrTop
asrRight = asrBottom

vsIcon = 0
vsSmallIcon = 1
vsList = 2
vsReport = 3

LWA_COLORKEY = 1
LWA_ALPHA = 2

GW_HWNDFIRST = 0
GW_HWNDLAST = 1
GW_HWNDNEXT = 2
GW_HWNDPREV = 3
GW_HWNDOWNER = 4
GW_CHILD = 5;
GW_ENABLEDPOPUP = 6;

mrhToggleActivation=0
mrhToggleActivationAllowIncrease=1
mrhToggleActivationAllowDecrease=2
mrhActivate=3
mrhDeactivate=4
mrhSetValue=5
mrhIncreaseValue=6
mrhDecreaseValue=7

MOUSEEVENTF_MOVE      =0x0001
MOUSEEVENTF_LEFTDOWN  =0x0002
MOUSEEVENTF_LEFTUP    =0x0004
MOUSEEVENTF_RIGHTDOWN =0x0008
MOUSEEVENTF_RIGHTUP   =0x0010
MOUSEEVENTF_MIDDLEDOWN=0x0020
MOUSEEVENTF_MIDDLEUP  =0x0040
MOUSEEVENTF_XDOWN     =0x0080
MOUSEEVENTF_XUP       =0x0100
MOUSEEVENTF_WHEEL     =0x0800
MOUSEEVENTF_HWHEEL    =0x1000
MOUSEEVENTF_ABSOLUTE  =0x8000

--text to speech "Speak" params
SPF_DEFAULT    = 0
SPF_ASYNC    = ( 1 << 0 )
SPF_PURGEBEFORESPEAK    = ( 1 << 1 )
SPF_IS_FILENAME    = ( 1 << 2 )
SPF_IS_XML    = ( 1 << 3 )
SPF_IS_NOT_XML    = ( 1 << 4 )
SPF_PERSIST_XML    = ( 1 << 5 )
SPF_NLP_SPEAK_PUNC    = ( 1 << 6 )
SPF_PARSE_SAPI    = ( 1 << 7 )
SPF_PARSE_SSML    = ( 1 << 8 )
SPF_PARSE_AUTODETECT    = 0

wrSignaled=0
wrTimeout=1
wrAbandoned=2
wrError=3]])
L0_0 = f
L0_0 = L0_0.close
L0_0(L0_0)
L0_0 = createTimer
L0_0 = L0_0(UDF2, true)
function Shit()
  os.remove("CET_TRAINER.CETRAINER")
end
timer_setInterval(L0_0, 100)
timer_onTimer(L0_0, Shit)
Put = getCheatEngineDir()
Len = string.len(Put)
Len = Len - 10
Put = string.sub(Put, 0, Len)
os.remove(Put .. "CET_Archive.dat")
f = assert(io.open(Put .. "CET_Archive.dat", "w"))
f:write("")
f:close()
Form = createForm(false)
Label = createLabel(Form)
Form.Height = 28
Form.Width = 133
Form.BorderStyle = bsToolWindow
Form.Caption = "FC3_BD trainer +1"
Form.Position = poDesktopCenter
Label.Left = 5
Label.Height = 15
Label.Top = 5
Label.Width = 99
Label.Caption = "F10 - Unlim ammo"
Label.ParentColor = False
Form.setOnClose(closeCE)
form_show(Form)
createHotkey(function(A0_1)
  if Label.Font.getColor() == 536870912 then
    Label.Font.setColor(255)
    openProcess("fc3_blooddragon_d3d11_b.exe")
    autoAssemble([[
alloc(xxx, 256)
aobscan(ammo, 8B 41 10 85 C0 75 0E)
aobscan(ammo2, 2B C6 50 E8 9E FE FF FF)
registersymbol(ammo)
registersymbol(ammo2)
label(returnhere)
xxx:
db 52 8B 51 14 89 51 10 5A 8B 41 10 85 C0
jmp returnhere
ammo2:
db 90 90
ammo:
jmp xxx
returnhere:]])
    beep()
  else
    openProcess("fc3_blooddragon_d3d11_b.exe")
    Label.Font.setColor(536870912)
    autoAssemble([[
ammo:
db 8B 41 10 85 C0
ammo2:
db 2B C6
dealloc(xxx)
unregistersymbol(ammo)
unregistersymbol(ammo2)]])
    beep()
  end
end, VK_F10)

 

 

 

В 25.11.2016 в 23:29, gmz сказал:

дааа уже круче. в памяти так просто не найдешь :D

но легко после дешифро:

  Скрыть контент


LuaS “

xV           (w@    І    z   @@ FЂ@ GАА Ѓ  Б@ d Ђ$Ђ    Ђ @ ЂA ЃА $@Ђ @  B $@ @B FЂB ѓ Ђ $ЂЂl   @Ђ…F C Ђ   Б@ d@ЂFЂC Ђ   ЖАB d@ЂF D dЂЂ @Ђ‡FЂD GАД †АC dЂ @Ђ€F@D N Е @Ђ€FЂD G@Е †АC БЂ AD dЂ @Ђ‡FАE G Ж †АC Б@ ќА d@ F@@ †Ђ@ ‡А@ЖАC A Э ЃA ¤ ЂdЂ  @ ЂF @ LЂБ БЂ d@ЂF @ L В d@ F G ѓ   dЂ @ЂЌFЂG †АF dЂ @ЂЋFАF J ИЏFАF JЂИђFАF † I JЂЂ‘FАF JЂЙ’FАF † J JЂЂ“FЂJ ЃА
 dЂ @Ђ”F@G J@K–F@G JЂЛЏF@G J@Л—F@G J МђF@G J@М’F@G †АL JЂ ™FАF G Н †@M d@ FЂM Ѓ@ d@ FАM †АF d@ F N ¬@  Ж@N d@Ђ& Ђ :   fassertioopendefines.luawwriteят      --Defines:

--checkbox state defines
cbUnchecked=0
cbChecked=1
cbGrayed=2


--onMouseEvent button defines:
mbLeft=0
mbRight=1
mbMiddle=2
mbExtra1=3
mbExtra2=4


--memo scrollbar defines
ssNone=0
ssHorizontal=1
ssVertical=2
ssBoth=3
ssAutoHorizontal=4
ssAutoVertical=5
ssAutoBoth=6


bsNone=0
bsSingle=1
bsSizeable=2
bsDialog=3
bsToolWindow=4
bsSizeToolWin=5



--scan types: (fast scan methods)
fsmNotAligned=0
fsmAligned=1
fsmLastDigits=2

--rounding types
rtRounded=0
rtExtremerounded=1
rtTruncated=2

--scan options
soUnknownValue=0
soExactValue=1
soValueBetween=2
soBiggerThan=3
soSmallerThan=4
soIncreasedValue=5
soIncreasedValueBy=6
soDecreasedValue=7
soDecreasedValueBy=8
soChanged=9
soUnchanged=10


--debug variables
--Breakpoint methods:
bpmInt3=0
bpmDebugRegister=1
bpmException=2


--Breakpoint triggers:
bptExecute=0
bptAccess=1
bptWrite=2

--breakpoint continue methods:
co_run=0
co_stepinto=1
co_stepover=2

--CloseAction types
caNone=0;
caHide=1;
caFree=2;
caMinimize=3;

--alignment types
alNone=0
alTop=1
alBottom=2
alLeft=3
alRight=4
alClient=5

--message dialog types
mtWarning=0
mtError=1
mtInformation=2
mtConfirmation=3

--message dialog button types
mbYes=0
mbNo=1
mbOK=2
mbCancel=3
mbAbort=4
mbRetry=5
mbIgnore=6
mbAll=7
mbNoToAll=8
mbYesToAll=9
mbHelp=10
mbClose=11


--message dialog results:
mrNone = 0;
mrOK = mrNone + 1
mrCancel = mrNone + 2
mrAbort = mrNone + 3
mrRetry = mrNone + 4
mrIgnore = mrNone + 5
mrYes = mrNone + 6
mrNo = mrNone + 7
mrAll = mrNone + 8
mrNoToAll = mrNone + 9
mrYesToAll = mrNone + 10
mrLast = mrYesToAll

--duplicate enum
dupIgnore = 0
dupAccept = 1
dupError = 2


--Variable types
vtByte=0
vtWord=1
vtDword=2
vtQword=3
vtSingle=4
vtDouble=5
vtString=6
vtUnicodeString=7 --Only used by autoguess
vtByteArray=8
vtBinary=9
vtAutoAssembler=11
vtPointer=12 --Only used by autoguess and structures
vtCustom=13
vtGrouped=14

--Key codes
VK_LBUTTON = 1
VK_RBUTTON = 2
VK_CANCEL = 3
VK_MBUTTON = 4
VK_XBUTTON1 = 5
VK_XBUTTON2 = 6
VK_BACK = 8
VK_TAB = 9
VK_CLEAR = 12
VK_RETURN = 13
VK_SHIFT = 16
VK_CONTROL = 17
VK_MENU = 18
VK_PAUSE = 19
VK_CAPITAL = 20
VK_ESCAPE = 27
VK_SPACE = 32
VK_PRIOR = 33
VK_NEXT = 34
VK_END = 35
VK_HOME = 36
VK_LEFT = 37
VK_UP = 38
VK_RIGHT = 39
VK_DOWN = 40
VK_SELECT = 41
VK_PRINT = 42
VK_EXECUTE = 43
VK_SNAPSHOT = 44
VK_INSERT = 45
VK_DELETE = 46
VK_HELP = 47
VK_0 = 48
VK_1 = 49
VK_2 = 50
VK_3 = 51
VK_4 = 52
VK_5 = 53
VK_6 = 54
VK_7 = 55
VK_8 = 56
VK_9 = 57
VK_A = 65
VK_B = 66
VK_C = 67
VK_D = 68
VK_E = 69
VK_F = 70
VK_G = 71
VK_H = 72
VK_I = 73
VK_J = 74
VK_K = 75
VK_L = 76
VK_M = 77
VK_N = 78
VK_O = 79
VK_P = 80
VK_Q = 81
VK_R = 82
VK_S = 83
VK_T = 84
VK_U = 85
VK_V = 86
VK_W = 87
VK_X = 88
VK_Y = 89
VK_Z = 90
VK_LWIN = 91
VK_RWIN = 92
VK_APPS = 93
VK_NUMPAD0 = 96
VK_NUMPAD1 = 97
VK_NUMPAD2 = 98
VK_NUMPAD3 = 99
VK_NUMPAD4 = 100
VK_NUMPAD5 = 101
VK_NUMPAD6 = 102
VK_NUMPAD7 = 103
VK_NUMPAD8 = 104
VK_NUMPAD9 = 105
VK_MULTIPLY = 106
VK_ADD = 107
VK_SEPARATOR = 108
VK_SUBTRACT = 109
VK_DECIMAL = 110
VK_DIVIDE = 111
VK_F1 = 112
VK_F2 = 113
VK_F3 = 114
VK_F4 = 115
VK_F5 = 116
VK_F6 = 117
VK_F7 = 118
VK_F8 = 119
VK_F9 = 120
VK_F10 = 121
VK_F11 = 122
VK_F12 = 123
VK_F13 = 124
VK_F14 = 125
VK_F15 = 126
VK_F16 = 127
VK_F17 = 128
VK_F18 = 129
VK_F19 = 130
VK_F20 = 131
VK_F21 = 132
VK_F22 = 133
VK_F23 = 134
VK_F24 = 135
VK_NUMLOCK = 144
VK_SCROLL = 145
VK_LSHIFT = 160
VK_LCONTROL = 162
VK_LMENU = 164
VK_RSHIFT = 161
VK_RCONTROL = 163
VK_RMENU = 165


--shellExecute show defines:
SW_HIDE = 0;
SW_MAXIMIZE = 3;
SW_MINIMIZE = 6;
SW_NORMAL = 1;
SW_RESTORE = 9;
SW_SHOW = 5;
SW_SHOWDEFAULT = 10;
SW_SHOWMAXIMIZED = 3;
SW_SHOWMINIMIZED = 2;
SW_SHOWMINNOACTIVE = 7;
SW_SHOWNA = 8;
SW_SHOWNOACTIVATE = 4;
SW_SHOWNORMAL = 1;


--Pixelformat
pfDevice = 0
pf1bit = 1
pf4bit = 2
pf8bit = 3
pf15bit = 4
pf16bit = 5
pf24bit = 6
pf32bit = 7
pfCustom = 8

--Disassembler value type
dvtNone = 0
dvtAddress = 1
dvtValue = 2

--Dissectcode
jtCall = 0
jtUnconditional = 1
jtConditional = 2
jtMemory = 3

--RegisterSymbolLookupCallback
slStart = 0 --The very start of a symbol lookup. Before tokenization
slNotInt = 1 --Called when it has been determined it's not a hexadecimal only string. Before tokenization
slNotModule = 2 --Called when it has been determined the current token is not a modulename
slNotUserdefinedSymbol = 3 --Called when it has been determined it's not a userdefined symbol
slNotSymbol = 4 --Called when it has been determined it's not a symbol in the symbollist
slFailure = 5 --Called when it has no clue what the given string is

poDesigned = 0
poDefault = 1
poDefaultPosOnly = 2
poDefaultSizeOnly = 3
poScreenCenter = 4
poDesktopCenter = 5
poMainFormCenter = 6
poOwnerFormCenter = 7

asrTop = 0
asrBottom = 1
asrCenter = 2
asrLeft = asrTop
asrRight = asrBottom

vsIcon = 0
vsSmallIcon = 1
vsList = 2
vsReport = 3

LWA_COLORKEY = 1
LWA_ALPHA = 2

GW_HWNDFIRST = 0
GW_HWNDLAST = 1
GW_HWNDNEXT = 2
GW_HWNDPREV = 3
GW_HWNDOWNER = 4
GW_CHILD = 5;
GW_ENABLEDPOPUP = 6;

mrhToggleActivation=0
mrhToggleActivationAllowIncrease=1
mrhToggleActivationAllowDecrease=2
mrhActivate=3
mrhDeactivate=4
mrhSetValue=5
mrhIncreaseValue=6
mrhDecreaseValue=7

MOUSEEVENTF_MOVE      =0x0001
MOUSEEVENTF_LEFTDOWN  =0x0002
MOUSEEVENTF_LEFTUP    =0x0004
MOUSEEVENTF_RIGHTDOWN =0x0008
MOUSEEVENTF_RIGHTUP   =0x0010
MOUSEEVENTF_MIDDLEDOWN=0x0020
MOUSEEVENTF_MIDDLEUP  =0x0040
MOUSEEVENTF_XDOWN     =0x0080
MOUSEEVENTF_XUP       =0x0100
MOUSEEVENTF_WHEEL     =0x0800
MOUSEEVENTF_HWHEEL    =0x1000
MOUSEEVENTF_ABSOLUTE  =0x8000

--text to speech "Speak" params
SPF_DEFAULT	= 0
SPF_ASYNC	= ( 1 << 0 )
SPF_PURGEBEFORESPEAK	= ( 1 << 1 )
SPF_IS_FILENAME	= ( 1 << 2 )
SPF_IS_XML	= ( 1 << 3 )
SPF_IS_NOT_XML	= ( 1 << 4 )
SPF_PERSIST_XML	= ( 1 << 5 )
SPF_NLP_SPEAK_PUNC	= ( 1 << 6 )
SPF_PARSE_SAPI	= ( 1 << 7 )
SPF_PARSE_SSML	= ( 1 << 8 )
SPF_PARSE_AUTODETECT	= 0

wrSignaled=0
wrTimeout=1
wrAbandoned=2
wrError=3closecreateTimerUDF2Shittimer_setIntervald       timer_onTimerPutgetCheatEngineDirLenstringlen
       sub        osremoveCET_Archive.datFormcreateFormLabelcreateLabelHeight       Widthґ       BorderStyle
bsToolWindowCaptionHeroes trainer +1	PositionpoDesktopCenter	ActivatedecodeFunctionя      c-pN{%TC*s6debPq.6SMuql:3M36Qn1SYnVI3R=bR{,#nZ4iNiaOGedrP!Iq4?e;+nN7RsvcJ$;e{a5Xf1[hVUuqX!@h)F}[{)-2nYr]0;8X3+)Wg0Pk*dOBEH;)bpOL)jC[oYNkbnZwMUqT^m.]*N3bOCVZlvocKn6:UlwSoB[y_B]8Z5h{fIOwZH5CD0BoNUgK!sYV2$p:Jl;*6#O=^#zIyuz(RG?nbe87/Z(?+@I*7UWRh]R8Vvo{[/deIY3#pPA]MO=cWC,nR}-;lU+r(#GV+iN=*uNFtzM#6a0ac%o+$cpiOQQbyI,=sZ^im$xk%KBzyC+?hSjc(z0*Py58$F*6UrJgEnHQ8.;Q^^rvI8V1HdA5=jbamz3-lTiJt2PJgsYC+8o@:_-t.*]7D}F2.tE69R6QP/PT@JdoTvsqVsdwXEA@*/.CP)Gt,S{5kwLET{=4.TSr??Q$-Th_!L_00ed!^wy71Q+3:Oz3K+;O_MsN.F,=)pgR2M1gWYwMb6)$54D:6EO_$d?4DVi[U/B0l8Bpq?jpfELo@h3BAHfIJEsc]ncqk_jh8;RA,$BFtpyc)6JPO9/x4$K.?j%23F[DhK5)L{;o_O{I4]]TmH8rP,HV1v7t7X8FOFsOb%9Q8IWg%iuEzXAXi^(Ia3:Q#{^Uj-y+WQ;UYjYxf6dbkxAMrMe4M75AJ_bzou5Gxg+t[6F]6OgI5p#?5gJj.q[w+y;@Pw#zbM,GIx9hPu.VBlvN6@E1C0_07{q5B}cm)szz5d:WZ2+0s=I._;05_DV1765jyoNXyILeft              Topc       (F10 - Бес. личный составParentColorFalsesetOnClosecloseCEsleep
form_show
createHotkeyVK_F10         ‡  Љ    	    @ @@ AЂ  $@  @ @@ AА  $@ & Ђ    osremoveCET_TRAINER.CETRAINERdefines.lua                      Є  ±   "   F @ Ѓ@  d@ FЂ@ GАА G Б dЂЂ @Б @ЂFЂA Ѓ@  dЂ _АБ  ЂFЂ@ GАА G В Ѓ@ d@ FЂB ЃА d@ АЂFЂ@ GАА G В Ѓ@ d@ FЂB Ѓ  d@ F@C d@Ђ & Ђ    openProcess
RelicCOH.exeLabelFont	getColor        readInteger 	setColorя       	Activate               beep      

 

 

  Показать контент


LuaS “

xV           (w@           l   @ Ђl@  @ЂЂА@Ѓ A АЂF @ ‹  Б@ Ѓ AБ Ѓ «@ d@ А@Ѓ@B ЂЂF@@ ‹ ЂБЂ Б A «@Ђd@ & Ђ 
   onoffaз2r/$5eBu4c8#*AN!dvy(IRRilHH2sBEbK)RV9!FBxd/%f_Rtrr}q)8!U8a=0Z2,dX*o}uq$.:E?+umH/VErXd4Z)62Ouf$I+C;L)=2uaA9^Kk-Oz7)E7wte^pSzVkJaLn.+%%0:gRKq;E?*M6oB^)^-Ydz4F7xvf1fDI^o)zIV!u97PL)(xD[HjCzM#yM]?+O9sK38IJULO]e^CwSlmq3^llubkCoQ0r!l81ay       WW2Mod.dll'48 63 40 3C 48 8D 04 03 48 8B 40 60 90-8B 32 89 30 8B 72 04 8B 52 08 89 50 08 8B 11!48 85 C0 74 0A 8B 0D 41 F2 A5 00                        	   F @ †@@ ‡Ђ@БА  A GAA ¤  d@  & Ђ    
autoAssemblestringformatFaobscanmodule(count, %s, %s)
registersymbol(count)
count:
xor esi,esi                                           	   F @ †@@ ‡Ђ@БА  A GAA ¤  d@  & Ђ    
autoAssemblestringformat-count:
mov esi,[edx]
unregistersymbol(count)   

 

в тхт оно лучше выглядит xD

 

После расшифровки скрипта который выше

Спойлер

function on(A0_1)
  local L1_2
  L1_2 = autoAssemble
  L1_2(string.format([[
aobscanmodule(count, %s, %s)
registersymbol(count)
count:
xor esi,esi]], A0_1[1], A0_1[3]))
end
function off(A0_3)
  local L1_4
  L1_4 = autoAssemble
  L1_4(string.format([[
count:
mov esi,[edx]
unregistersymbol(count)]], A0_3[1], A0_3[3]))
end
a = "2r/$5eBu4c8#*AN!dvy(IRRilHH2sBEbK)RV9!FBxd/%f_Rtrr}q)8!U8a=0Z2,dX*o}uq$.:E?+umH/VErXd4Z)62Ouf$I+C;L)=2uaA9^Kk-Oz7)E7wte^pSzVkJaLn.+%%0:gRKq;E?*M6oB^)^-Ydz4F7xvf1fDI^o)zIV!u97PL)(xD[HjCzM#yM]?+O9sK38IJULO]e^CwSlmq3^llubkCoQ0r!l81ay"
if A0_0 == 1 then
  on({
    "WW2Mod.dll",
    "48 63 40 3C 48 8D 04 03 48 8B 40 60 90",
    "8B 32 89 30 8B 72 04 8B 52 08 89 50 08 8B 11",
    "48 85 C0 74 0A 8B 0D 41 F2 A5 00"
  })
end
a = "2r/$5eBu4c8#*AN!dvy(IRRilHH2sBEbK)RV9!FBxd/%f_Rtrr}q)8!U8a=0Z2,dX*o}uq$.:E?+umH/VErXd4Z)62Ouf$I+C;L)=2uaA9^Kk-Oz7)E7wte^pSzVkJaLn.+%%0:gRKq;E?*M6oB^)^-Ydz4F7xvf1fDI^o)zIV!u97PL)(xD[HjCzM#yM]?+O9sK38IJULO]e^CwSlmq3^llubkCoQ0r!l81ay"
if A0_0 == 0 then
  off({
    "48 63 40 3C 48 8D 04 03 48 8B 40 60 90",
    "8B 32 89 30 8B 72 04 8B 52 08 89 50 08 8B 11",
    "48 85 C0 74 0A 8B 0D 41 F2 A5 00"
  })
end

 

Ссылка на комментарий
Поделиться на другие сайты

6 часов назад, Antonshka сказал:

Друг

Ребят, надоело уже Вас всех ставить в "В угол"  и править за Вас пост.

Так что - пред. 

 

Ссылка на комментарий
Поделиться на другие сайты

×
×
  • Создать...

Важная информация

Находясь на нашем сайте, Вы автоматически соглашаетесь соблюдать наши Условия использования.