|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
aldrinjohnom Newbie cheater Reputation: 0
Joined: 03 Jun 2017 Posts: 15
|
Posted: Mon Aug 21, 2017 7:07 pm Post subject: Faster Execution Script for this AoB Scan>Replace |
|
|
Hey to you all Guys I have been enjoying Lua scripting since I discovered it with cheat engine. But every code that I have was just basic and was given to me by the community. This Script below Scans a MULTIPLE 4 byte values and change them all into "14",
But the problem persist to the amount of TIME it consumed when I type to execute this LUA Script it takes two minutes for it to finish its scan(for a 512 scan buffer). When I tried to change the scan buffer into "16", the time became 20 seconds for the lua to finish, which is a huge difference to the amount of time and is very helpful...
BUT... Is there ANY WAY to make the this Script Faster? If someone can customize my Script below for faster improvement, They I Might like that . Im Looking forward through "INSTANT FINISH" XD
Code: |
function replace(searchV, replaceV)
if type(searchV) ~= "table" then
searchV = {(assert(tonumber(searchV),"Could not convert first argument to number"))}
end
replaceV = math.floor(replaceV)
for i,v in ipairs(searchV) do
v = math.floor(v)
local res = AOBScan(string.format("%02X %02X %02X %02X", v & 0xff, v>>8 & 0xff, v>>16 & 0xff, v>>24 & 0xff), "+W-C", 1, 4)
if res then
for j=0, res.Count-1, 1 do
writeInteger(res[j], replaceV)
end
res.destroy()
end
end
end
replace({2400006,59374,29686,14406,118830,59374,21606,12006,16006,4006,1400000,60480006,........},14)
|
Last edited by aldrinjohnom on Sat Aug 26, 2017 12:49 am; edited 3 times in total |
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4289
|
Posted: Mon Aug 21, 2017 8:36 pm Post subject: |
|
|
You could speed it up by restricting the scans to a certain memory region or by using a custom type for a single-pass scan, but why are you even scanning for that many values in the first place? Searching for and replacing values blindly isn't a good idea the vast majority of the time because it's slow and can cause many unforeseen problems. Code injection could be a much better way of doing whatever you're trying to do.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
FreeER Grandmaster Cheater Supreme Reputation: 53
Joined: 09 Aug 2013 Posts: 1091
|
Posted: Mon Aug 21, 2017 8:48 pm Post subject: |
|
|
I'm mostly guessing here but if those are constant values then quit doing the int to str aob conversion in the function. It's fine to use some code to generate the aob eg.
Code: | function replace(searchV, replaceV)
if type(searchV) ~= "table" then
searchV = {(assert(tonumber(searchV),"Could not convert first argument to number"))}
end
replaceV = math.floor(replaceV)
print('{')
for i,v in ipairs(searchV) do
v = math.floor(v)
searchV[i] = string.format("'%02X %02X %02X %02X'",
v & 0xff, v>>8 & 0xff, v>>16 & 0xff, v>>24 & 0xff)
-- this can probably be simplified to just string.format('%x', v)
end
print(table.concat(searchV,', '))
print('}')
end
|
but after that just store them as usable data in the script
Code: | function replace(searchV, replaceV)
if type(searchV) ~= "table" then
searchV = {(assert(tonumber(searchV),"Could not convert first argument to number"))}
end
replaceV = math.floor(replaceV)
for i,v in ipairs(searchV) do
local res = AOBScan(v, "+W-C", 1, 4)
if res then
for j=0, res.Count-1, 1 do
writeInteger(res[j], replaceV)
end
res.destroy()
end
end
end
local aobs = { '06 9F 24 00', 'EE E7 00 00', 'F6 73 00 00', '46 38 00 00', '2E D0 01
00', 'EE E7 00 00', '66 54 00 00', 'E6 2E 00 00', '86 3E 00 00', 'A6 0F 00 00',
...
}
replace(aobs, 14)
|
beyond that you might be able to use createThead eg.
Code: | function replace(searchV, replaceV)
if type(searchV) ~= "table" then
searchV = {(assert(tonumber(searchV),"Could not convert first argument to number"))}
end
replaceV = math.floor(replaceV)
for i,v in ipairs(searchV) do
createThread(function(Thread,v)
local res = AOBScan(v, "+W-C", 1, 4)
if res then
for j=0, res.Count-1, 1 do
writeInteger(res[j], replaceV)
end
res.destroy()
end
end,v)
end
end
local aobs = { ... }
replace(aobs, 14)
|
Now, I ran out of memory trying that on the tutorial so you probably don't want to create a new thread for every one but just using 10 or so etc.
Of course there's the obvious options of limiting the scan region if you know all the results are in a certain module etc. or finding the code that uses those values and modifying it to use 14 instead of whatever the value is (or changing the value to 14)...
|
|
Back to top |
|
|
aldrinjohnom Newbie cheater Reputation: 0
Joined: 03 Jun 2017 Posts: 15
|
Posted: Mon Aug 21, 2017 9:14 pm Post subject: |
|
|
ParkourPenguin wrote: | You could speed it up by restricting the scans to a certain memory region or by using a custom type for a single-pass scan, but why are you even scanning for that many values in the first place? Searching for and replacing values blindly isn't a good idea the vast majority of the time because it's slow and can cause many unforeseen problems. Code injection could be a much better way of doing whatever you're trying to do. |
Those values that are currently being replaced into "14" are the amount of resources required to build a certain "city" in my game. As you can see there are many things. because those are combinations of gold,lumber,zinc,mineral,ect... changing it to "14" on my game will result all those value to become "FREE" instead of spending a large amount of resources to build it. So yeah, I need to change it all . Previously, you had suggested code injecton to me, But I got confused on tutorials that I cant get over how to do the code injection,analyzing breakpoints .
So I sticked to my Old fashioned way of Changing all those values "One by One" into "14" XD XD.
As answer to a conclusion, Is there no way to make the execution instant as possible? I Still need to learn more things so please have patience to me
FreeER wrote: | I'm mostly guessing here but if those are constant values then quit doing the int to str aob conversion in the function. It's fine to use some code to generate the aob eg.
Code: | function replace(searchV, replaceV)
if type(searchV) ~= "table" then
searchV = {(assert(tonumber(searchV),"Could not convert first argument to number"))}
end
replaceV = math.floor(replaceV)
print('{')
for i,v in ipairs(searchV) do
v = math.floor(v)
searchV[i] = string.format("'%02X %02X %02X %02X'",
v & 0xff, v>>8 & 0xff, v>>16 & 0xff, v>>24 & 0xff)
-- this can probably be simplified to just string.format('%x', v)
end
print(table.concat(searchV,', '))
print('}')
end
|
but after that just store them as usable data in the script
Code: | function replace(searchV, replaceV)
if type(searchV) ~= "table" then
searchV = {(assert(tonumber(searchV),"Could not convert first argument to number"))}
end
replaceV = math.floor(replaceV)
for i,v in ipairs(searchV) do
local res = AOBScan(v, "+W-C", 1, 4)
if res then
for j=0, res.Count-1, 1 do
writeInteger(res[j], replaceV)
end
res.destroy()
end
end
end
local aobs = { '06 9F 24 00', 'EE E7 00 00', 'F6 73 00 00', '46 38 00 00', '2E D0 01
00', 'EE E7 00 00', '66 54 00 00', 'E6 2E 00 00', '86 3E 00 00', 'A6 0F 00 00',
...
}
replace(aobs, 14)
|
beyond that you might be able to use createThead eg.
Code: | function replace(searchV, replaceV)
if type(searchV) ~= "table" then
searchV = {(assert(tonumber(searchV),"Could not convert first argument to number"))}
end
replaceV = math.floor(replaceV)
for i,v in ipairs(searchV) do
createThread(function(Thread,v)
local res = AOBScan(v, "+W-C", 1, 4)
if res then
for j=0, res.Count-1, 1 do
writeInteger(res[j], replaceV)
end
res.destroy()
end
end,v)
end
end
local aobs = { ... }
replace(aobs, 14)
|
Now, I ran out of memory trying that on the tutorial so you probably don't want to create a new thread for every one but just using 10 or so etc.
Of course there's the obvious options of limiting the scan region if you know all the results are in a certain module etc. or finding the code that uses those values and modifying it to use 14 instead of whatever the value is (or changing the value to 14)... |
Oh, I dont Know where to start on those Scripts. But I will try it out. I will send My concerns there after
Last edited by aldrinjohnom on Sat Aug 26, 2017 12:52 am; edited 1 time in total |
|
Back to top |
|
|
FreeER Grandmaster Cheater Supreme Reputation: 53
Joined: 09 Aug 2013 Posts: 1091
|
Posted: Mon Aug 21, 2017 9:41 pm Post subject: |
|
|
Quote: | Is there no way to make the execution instant as possible? | You might as well ask if there is no way to find 50 random people out of 7 billion... because that's pretty close to what you're doing. You have a game that's probably using a few billion bytes of data and you're trying to scan all of that data to find what you care about, many times.
At the least you could probably instead find how many resources you have and max them out instead of finding the costs and making them cheap, because there are probably fewer resources to change than item costs. Even better would be to understand the code that uses those resources and change it to not use any (or to use them even if you don't have enough, letting the values become negative).
|
|
Back to top |
|
|
aldrinjohnom Newbie cheater Reputation: 0
Joined: 03 Jun 2017 Posts: 15
|
Posted: Fri Aug 25, 2017 4:30 am Post subject: |
|
|
FreeER wrote: | I'm mostly guessing here but if those are constant values then quit doing the int to str aob conversion in the function. It's fine to use some code to generate the aob eg.
Code: | function replace(searchV, replaceV)
if type(searchV) ~= "table" then
searchV = {(assert(tonumber(searchV),"Could not convert first argument to number"))}
end
replaceV = math.floor(replaceV)
print('{')
for i,v in ipairs(searchV) do
v = math.floor(v)
searchV[i] = string.format("'%02X %02X %02X %02X'",
v & 0xff, v>>8 & 0xff, v>>16 & 0xff, v>>24 & 0xff)
-- this can probably be simplified to just string.format('%x', v)
end
print(table.concat(searchV,', '))
print('}')
end
|
|
Your idea is great that I should guess the AoB Already by using your first code. But How can I use this?
function replace(searchV, replaceV)
if type(searchV) ~= "table" then
searchV = {(assert(tonumber(searchV),"Could not convert first argument to number"))}
end
replaceV = math.floor(replaceV)
print('{')
for i,v in ipairs(searchV) do
v = math.floor(v)
searchV[i] = string.format("'%02X %02X %02X %02X'",
v & 0xff, v>>8 & 0xff, v>>16 & 0xff, v>>24 & 0xff)
-- this can probably be simplified to just string.format('%x', v)
end
print(table.concat(searchV,', '))
print('}')
end
For example I want to search "2400006" into an AoB. Where should I input it on that code? I dont quite understand how the code works actually XD because im still a newbie until now XD
|
|
Back to top |
|
|
FreeER Grandmaster Cheater Supreme Reputation: 53
Joined: 09 Aug 2013 Posts: 1091
|
Posted: Fri Aug 25, 2017 5:18 am Post subject: |
|
|
basically the same way you used it before. function replace({'240006'}, 123) though replaceV isn't actually used anymore so you could remove the math.floor line and just not pass anything.
|
|
Back to top |
|
|
aldrinjohnom Newbie cheater Reputation: 0
Joined: 03 Jun 2017 Posts: 15
|
Posted: Fri Aug 25, 2017 7:16 am Post subject: |
|
|
FreeER wrote: | basically the same way you used it before. function replace({'240006'}, 123) though replaceV isn't actually used anymore so you could remove the math.floor line and just not pass anything. |
Is this the right way to use this script? I have tried both the second and the third code you post:
If I choose your second Code,it will look like this:
Code: |
function replace(searchV, replaceV)
if type(searchV) ~= "table" then
searchV = {(assert(tonumber(searchV),"Could not convert first argument to number"))}
end
replaceV = math.floor(replaceV)
for i,v in ipairs(searchV) do
local res = AOBScan(v, "+W-C", 1, 4)
if res then
for j=0, res.Count-1, 1 do
writeInteger(res[j], replaceV)
end
res.destroy()
end
end
end
replace({'2400006','59374'},14)
|
If I use your third code, it will look like this:
Code: |
function replace(searchV, replaceV)
if type(searchV) ~= "table" then
searchV = {(assert(tonumber(searchV),"Could not convert first argument to number"))}
end
replaceV = math.floor(replaceV)
for i,v in ipairs(searchV) do
createThread(function(Thread,v)
local res = AOBScan(v, "+W-C", 1, 4)
if res then
for j=0, res.Count-1, 1 do
writeInteger(res[j], replaceV)
end
res.destroy()
end
end,v)
end
end
replace({'2400006','59374'},14)
|
Both of this code doen't work.. Am I doing something wrong?
|
|
Back to top |
|
|
FreeER Grandmaster Cheater Supreme Reputation: 53
Joined: 09 Aug 2013 Posts: 1091
|
Posted: Fri Aug 25, 2017 8:28 am Post subject: |
|
|
The ones that actually write to memory expect a valid AOB strings eg replace({'06 9F 24 00', 'EE E7 00 00'}, 14), the one that just prints is used to convert replace({'2400006','59374'},14) to the table {'06 9F 24 00', 'EE E7 00 00'} so that you can copy and paste that into your script so that you don't have to do all the converting while trying to scan (which, theoretically, makes it take a bit longer).
|
|
Back to top |
|
|
aldrinjohnom Newbie cheater Reputation: 0
Joined: 03 Jun 2017 Posts: 15
|
Posted: Fri Aug 25, 2017 10:25 am Post subject: |
|
|
FreeER wrote: | The ones that actually write to memory expect a valid AOB strings eg replace({'06 9F 24 00', 'EE E7 00 00'}, 14), the one that just prints is used to convert replace({'2400006','59374'},14) to the table {'06 9F 24 00', 'EE E7 00 00'} so that you can copy and paste that into your script so that you don't have to do all the converting while trying to scan (which, theoretically, makes it take a bit longer). |
Ok Got it . SO what I need to do is to convert those decimals into a BIG endian hexadecimals. I will try out the scripts accuracy and reply a feedback.
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4289
|
Posted: Fri Aug 25, 2017 10:38 am Post subject: |
|
|
aldrinjohnom wrote: | SO what I need to do is to convert those decimals into a BIG endian hexadecimals |
Minor note: that's actually little endian.
Code: | value (dec): 2400006
value (hex): 0x00249F06
big endian: 00 24 9F 06
little endian: 06 9F 24 00 |
Also, if you could edit your first post and remove that ridiculously long list of values, I think everyone reading this thread would appreciate it.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
FreeER Grandmaster Cheater Supreme Reputation: 53
Joined: 09 Aug 2013 Posts: 1091
|
Posted: Fri Aug 25, 2017 11:34 am Post subject: |
|
|
ParkourPenguin wrote: | Also, if you could edit your first post and remove that ridiculously long list of values, I think everyone reading this thread would appreciate it. |
It'll also need to be removed from the quote. I've come across it before so I just created a JS script (or 2) to fix it https://github.com/FreeER/CE-Examples/blob/master/ce%20forum%20break%20long%20lines.js with a little css help from Sn34kyMofo/h3x1c
|
|
Back to top |
|
|
aldrinjohnom Newbie cheater Reputation: 0
Joined: 03 Jun 2017 Posts: 15
|
Posted: Sat Aug 26, 2017 1:22 am Post subject: |
|
|
ParkourPenguin wrote: | aldrinjohnom wrote: | SO what I need to do is to convert those decimals into a BIG endian hexadecimals |
Minor note: that's actually little endian.
Code: | value (dec): 2400006
value (hex): 0x00249F06
big endian: 00 24 9F 06
little endian: 06 9F 24 00 |
Also, if you could edit your first post and remove that ridiculously long list of values, I think everyone reading this thread would appreciate it. |
Oh, you're right xD I was dazzled about the difference of big and little endian before but now I know
post edited Im also having a hard time scrolling to the right to click the "quote" button xD Hahaha.
FreeER wrote: | ParkourPenguin wrote: | Also, if you could edit your first post and remove that ridiculously long list of values, I think everyone reading this thread would appreciate it. |
It'll also need to be removed from the quote. |
Quote edited
I've come across it before so I just created a JS script (or 2) to fix it {I deleted the url because I cant post url yet} with a little css help from Sn34kyMofo / h3x1c [/quote]
I dont quite understand how to use this.
SO now I have completed my code converting them into hexadecimal in little endian form. And FreeER was right about the improved speed. But I am curious how other players make their executions on their scripts blazingly fast(like it finished instantly). I mean as I tried to make every resource instant(as what you seen on my first code which is that very long code),the speed was not enough if I compared it on the performance of other scripts which players used.
But as Parkour Penguin said about code injection,If players used code injection, did they mastered the game already? I mean what I know is that I need to be familiar with the memory of the game and detect where should I inject my code. It is like mastering its memory with alot of trial end error(I guess). Any examples where I can start?
|
|
Back to top |
|
|
FreeER Grandmaster Cheater Supreme Reputation: 53
Joined: 09 Aug 2013 Posts: 1091
|
Posted: Sat Aug 26, 2017 9:35 am Post subject: |
|
|
aldrinjohnom wrote: | I dont quite understand how to use this [javascript]. | Open the dev console and paste in the js code or create a bookmark and edit it so that the "url" is the minified js code. There's two different variations, one splits the textNode for long lines into multiple shorter ones and adds line breaks inbetween while the other uses CSS to format the table which contains the lines so that they have a max width.
aldrinjohnom wrote: | It is like mastering its memory with alot of trial end error(I guess). | Not really, find the values and then seen what accesses them and change that code to do what you want. You need some basic understand of assembly but alot of the most common instructions are fairly understandable like 'add' (add), 'sub' (subtract), 'mov' (move), fst (float store) and CE does a decent job of helping at the bottom of the disassembler. In this case there's probably a compare against your actual resources to see if you have enough, a conditional jump to fail if you don't, and then a sub to actually change your resources. Those could be in the same function and close together or the check could be a separate function from the one that changes your resources.
As for where to start:
http://forum.cheatengine.org/viewtopic.php?t=542093 - step 4 +
http://forum.cheatengine.org/viewtopic.php?t=572465
http://forum.cheatengine.org/viewtopic.php?t=570083
|
|
Back to top |
|
|
aldrinjohnom Newbie cheater Reputation: 0
Joined: 03 Jun 2017 Posts: 15
|
Posted: Sat Aug 26, 2017 11:04 am Post subject: |
|
|
FreeER wrote: | Not really, find the values and then seen what accesses them and change that code to do what you want. You need some basic understand of assembly but alot of the most common instructions are fairly understandable like 'add' (add), 'sub' (subtract), 'mov' (move), fst (float store) and CE does a decent job of helping at the bottom of the disassembler. In this case there's probably a compare against your actual resources to see if you have enough, a conditional jump to fail if you don't, and then a sub to actually change your resources. Those could be in the same function and close together or the check could be a separate function from the one that changes your resources.
|
Thank you for sharing your ideas But As I have already passed level 8(pointer scan values of CE tutorial), there is something missing still which I cant figure out. We all know that The Pointer tutorial is just an example and is very different on certain games(like mine) and I dis not help me in finding the right pointer(even analyzing the memory). And I have also read those two articles by Sir Rydian,and I believe that when I try to pointer scan the code and follow specific methods of pointer scanning(like at youtube videos). CE pointer scanner always gave Me a blank result after specific Inspection Tryouts on the Memory. Do some of you experience that too? Well My game uses "shockwave flash" as a hint. Help
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|