Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


[Question] AoBScan ONLY if AoB isn't at the last address

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Lua Scripting
View previous topic :: View next topic  
Author Message
fuzzayboy
Newbie cheater
Reputation: 0

Joined: 15 Dec 2007
Posts: 17
PostPosted: Sat Feb 06, 2016 11:40 pm    Post subject: [Question] AoBScan ONLY if AoB isn't at the last address Reply with quote
Hey everyone, I don't usually ask for help, but I'm really wondering how I should go about this one.

I'm being picky and I would like my AoBScan to be faster IF the address of the AoB hasn't changed.

That and right now if I don't disable my script when a loading screen happens (Pretty randomly sometimes) then I crash because I'm playing with registers where I shouldn't be anymore. So I would like to maybe have it check if the memory region is still relevant.


In a nutshell, I've thought about it (but don't really know how to go about it or if there's an easier way) and what I think I could do is this:

Upon activation:
1. Create a global variable to hold the Address of the AoB around the float, call it AoBAddress.
2. test the AoB(00 00 0C 00 00 00 00 ?? 43 00 00 C8 ?? ?? ?? 16 44) starting at AoBAddress up to 17 bytes further. // Wildcard the speed as we change it / it changes.

Warning: Horrible pseudocode incoming.
Code:
if AoB at AoBAddress up to 17 bytes further isn't found
{
je StopWritingValueAndExitThread
do a full AoB scan for the Address and store the address in AoBAddress
then continue
}
Else
Use the address of the float that was already found)


I'm really trying to find a way to skip doing a full range AoB scan every time and making activating / deactivating as smooth as possible.


Well, I ended up doing this (see end of post), because it's my first time working with Floats and ASM. Maybe someone can shed some light as of why this float: 00 00 00 78 actually starts a byte after. Is it because of al? 00 00 78 This really throws me off.
I'm at least rewriting everything now, but I want to make it user friendly, if at all possible not have to ask them to shut it off everytime they think there might be a loading screen.


Here's what it looks like

Code:
479BE2B5 - 00 00                 - add [eax],al
479BE2B7 - 00 00                 - add [eax],al
479BE2B9 - 0C 00                 - or al,00
479BE2BB - 00 00                 - add [eax],al
479BE2BD - 00 78 43              - add [eax+43],bh
479BE2C0 - 00 00                 - add [eax],al
479BE2C2 - C8 4200 00            - enter 0042,00
479BE2C6 - 16                    - push ss
479BE2C7 - 44                    - inc esp
479BE2C8 - 00 00                 - add [eax],al
479BE2CA - 48                    - dec eax
479BE2CB - 43                    - inc ebx



and here's my code


Code:
[enable]
aobscan(aob1, 00 00 0C 00 00 00 00 78 43 00 00 C8 ?? ?? ?? 16 44)
alloc(ConstantlyWrite,1024)
label(StopWritingValueAndExitThread)
label(ScriptDisabled)
label(pauseECM)
registersymbol(ScriptDisabled)
registersymbol(pauseECM)
createthread(ConstantlyWrite)

aob1+5:
pauseECM: //only associate pauseECM with the proper address here

ConstantlyWrite:
push 0a
call kernel32.Sleep
cmp [ScriptDisabled],1
je StopWritingValueAndExitThread //when script disabled, thread will exit

mov eax,pauseECM //move address of pauseECM into register
mov edx,(float)400.0 //value to write into another register
mov [eax],edx //write value
jmp ConstantlyWrite //loop forever until script disabled

StopWritingValueAndExitThread: //only reached when script is disabled
ret

ScriptDisabled:
dd 0

[disable]

ScriptDisabled:
dd 1

unregistersymbol(ScriptDisabled)
unregistersymbol(pauseECM)


Some of this might not make any sense because I've been at it for a couple hours and it's very very late now. Smile Thanks for any help!
Back to top
View user's profile Send private message
fuzzayboy
Newbie cheater
Reputation: 0

Joined: 15 Dec 2007
Posts: 17
PostPosted: Fri Feb 12, 2016 10:40 am    Post subject: Reply with quote
bumping in hope someone can shed some light. Not looking for a spoonfed answer, just to be pointed in the right direction.
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 140

Joined: 06 Jul 2014
Posts: 4289
PostPosted: Tue Feb 16, 2016 11:27 am    Post subject: This post has 1 review(s) Reply with quote
You could use Lua for only doing an AoB scan once:
Code:
[ENABLE]
{$lua}
local function cmpBytes(table1,table2)
  if #table1 ~= #table2 then return false end
  for i,v in pairs(table1) do
    if table2[i] ~= v then
      return false
    end
  end
  return true
end

if myAoBAddy == nil or not cmpBytes({0x12, 0x34, 0xAB, 0xDC, 0x77},readBytes(myAoBAddy,5,true)) then
  local list = AOBScan("12 34 AB DC 77")
  if list ~= nil and list.Count == 1 then
    myAoBAddy = tonumber(list[0])
    list.destroy()
  else
    list.destroy()
    return nil
  end
end
registerSymbol("myAoBAddy",myAoBAddy)
{$asm}
...
[DISABLE]
unregisterSymbol(myAoBAddy)
...

If you want it to stop crashing, then stop constantly writing to it. Hook some instruction that accesses (preferably writes to) that address instead and write your value to it there.

fuzzayboy wrote:
Maybe someone can shed some light as of why this float: 00 00 00 78 actually starts a byte after. Is it because of al? 00 00 78 This really throws me off.
I don't know what you mean by this. I'm pretty sure it's not even executable code, as it doesn't make sense regardless of where you start disassembling it.
While both ASM and data are stored in memory as bytes, they are hardly interchangeable. Try to jump into a block of memory that stores data and see how many instructions it takes for the application to crash.
_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
fuzzayboy
Newbie cheater
Reputation: 0

Joined: 15 Dec 2007
Posts: 17
PostPosted: Wed Feb 24, 2016 10:45 pm    Post subject: Reply with quote
ParkourPenguin wrote:

While both ASM and data are stored in memory as bytes, they are hardly interchangeable. Try to jump into a block of memory that stores data and see how many instructions it takes for the application to crash.


So in a nutshell, CE is still trying to interpret it as instructions from the bytes, because that's what it does, but if I know all that memory region contains, is floats one after another, I should disregard the OPCodes I'm seeing?

That would make a LOT of sense and I wish I would have clued in a lot sooner. So much time spent trying to find the relation.

Thank you very much for both that information and the Lua code.
Back to top
View user's profile Send private message
Zanzer
I post too much
Reputation: 126

Joined: 09 Jun 2013
Posts: 3278
PostPosted: Wed Feb 24, 2016 10:59 pm    Post subject: Reply with quote
Code:
myAoBAddy = tonumber(list[0],16)
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Lua Scripting All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites