 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Fluorescent
Newbie cheater
 Reputation: 0
Joined: 06 Oct 2007
Posts: 18
|
 Posted: Sun Dec 02, 2007 4:58 pm Post subject: Array of Byte Scan. |
 |
|
If been trying to achieve Array Byte Scanning in a memory region of a program.
This is what I found out of Cheat Engine's Source Code
| Code: | if scantype=ValueBetween then
begin
if vartype=0 then //byte
begin
setlength(foundvalue1,number);
setlength(foundvalue1switch,number);
for i:=0 to memoryregions do
begin
bytep:=pointer(memory);
readprocessmemory(processhandle,pointer(Memoryregion[i].BaseAddress),Memory,Memoryregion[i].MemorySize,actualread);
begin
if actualread>0 then
for j:=0 to actualread-1 do
begin
if (bytep^>=ByteValue) and (bytep^<=bytevalue2) then
begin
foundaddress[found]:=Memoryregion[i].BaseAddress+j;
foundvalue1[found]:=bytep^;
inc(found);
if found=number then
begin
//if not found
end;
asm
inc [bytep]
end;
end;
end;
progressbar.stepit;
end;
|
It loops the readprocessmemory function and try to catch for the Array of Byte, the thing i don't understand here, how does it catch the Array of bytes?
Due to my lack of knowledge in Delphi, I don't understand this little piece of snippet
| Code: | if (bytep^>=ByteValue) and (bytep^<=bytevalue2) then
begin
foundaddress[found]:=Memoryregion[i].BaseAddress+j;
foundvalue1[found]:=bytep^; |
I'd really love to hear solutions to this, and better still to have a simplified method of Array of Byte Scanning.
| Code: | AOBScan proc Array,ArraySize,BaseAddress,Range,Result
;Returns the first AoB found
;Array - A pointer to the array
;ArraySize - The size of the array
;BaseAddress - The base address to scan from
;Range - The scan Range
;Result - A pointer to a variable that gets the result,can be NULL
mov eax,BaseAddress
mov ebx,Range
mov ecx,ArraySize
mov edx,Array
add ebx,eax
.while (eax < ebx)
push ebx
NextByte:
mov bl,[eax+ecx-1]
mov bh,[edx+ecx-1]
.if (bl == bh)
.if (ecx==1)
.if (Result != NULL)
mov ebx,Result
mov [ebx],eax
.endif
pop ebx
ret
.endif
dec ecx
jmp NextByte
.endif
inc eax
pop ebx
mov ecx,ArraySize
.endw
xor eax,eax
ret
AOBScan endp |
I also found this after searching through this website, it's posted by DoomsDay.
I'm pretty clear what the code does, only those 16bit (BH and BL) registers confuses me.
| Code: | mov bl,[eax+ecx-1]
mov bh,[edx+ecx-1] |
what does this particular opcode does?
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25791
Location: The netherlands
|
| Posted: Sun Dec 02, 2007 7:27 pm Post subject: |
|
|
| Code: |
if (bytep^>=ByteValue) and (bytep^<=bytevalue2) then
begin
foundaddress[found]:=Memoryregion[i].BaseAddress+j;
foundvalue1[found]:=bytep^;
|
That is the value between scan for the byte type, not array scan
But to explain that code:
bytep is a pointer inside the buffer just read with readprocessmemory
bytep^ dereferences the pointer (converts it to the value of the byte that it currently points to)
----
bh and bl are 8 bits(1 byte)
together they combine bx , and bx belongs to ebx
| Code: |
mov bl,[eax+ecx-1]
mov bh,[edx+ecx-1]
|
bl gets the value stored at eax+ecx-1
bh gets the value stored at edx+ecx-1
----
also, the 'new' array of byte scanroutine is now:
| Code: | function TScanner.ArrayOfByteExact(newvalue,oldvalue: pointer):boolean;
var i: integer;
begin
for i:=0 to abs_arraylength-1 do
if (abs_arraytofind[i]<>-1) and (pbytearray(newvalue)[i]<>abs_arraytofind[i]) then
begin
result:=false; //no match
exit;
end;
result:=true; //still here, so a match
end; |
abs is short for array of byte scan
oldvalue is ignored
for each single byte in the process's memory this routine is called and if it returns true, the address is stored
and I know what you're thinking, a function call for each single byte will be slow as hell, but guess what, it really isn't
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Fluorescent
Newbie cheater
Reputation: 0
Joined: 06 Oct 2007
Posts: 18
|
| Posted: Mon Dec 03, 2007 8:40 pm Post subject: |
|
|
| dark_byte wrote: | bl gets the value stored at eax+ecx-1
bh gets the value stored at edx+ecx-1 |
thank you for the explanation, but what I want to know here exactly is, what does it do in the context of the routine.
eax holds BaseAddress
ecx holds ArraySize
edx holds Array
how will the Addition and Subtraction will cause it to return the same number as
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25791
Location: The netherlands
|
| Posted: Mon Dec 03, 2007 10:24 pm Post subject: |
|
|
eax points to the current byte in the memory that is being scanned
edx points to the current byte in the array it compares to
ecx holds which byte is currently compared to
if it matches, ecx gets decreased and checked if is still matches, till ecx becomes 1 meaning that all bytes matched.
if it doesn't match eax gets increased by 1, and then repeated again, check if the last byte of the array matches, then check if the byte before that matches, etc...)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
