|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
AylinCE Grandmaster Cheater Supreme Reputation: 32
Joined: 16 Feb 2017 Posts: 1250
|
Posted: Sun Feb 24, 2019 12:18 am Post subject: How is this complex process encoded? |
|
|
A unique aob code cannot be created.
However, the closest result can be obtained with the Text code.
Below is a search, format and change problem.
Thanks in advance for your help.
Text will be searched, a code will be selected,
Double will be searched and changed!
It's a complex process, but in a nutshell,
1) Aob code to be searched.
2) From the result: the last 11 digits will be taken.
3) The 11 digits received will be formatted with Double.
4) Double search.
5) will change with new figure.
Or you can search Aob to save some time.
Search Text:
Aob translation: Code: | 73 65 6C 65 63 74 5F 49 74 65 6D 5F 31 30 32 3A 22 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? -- '??' 11 digits at the end of the code, 'double' to be dialed. |
Aob search result: Code: | 73 65 6C 65 63 74 5F 49 74 65 6D 5F 31 30 32 3A 22 [u]31 35 32 32 31 38 38 39 37 38 32[/u] |
Format Double: Code: | 31 35 32 32 31 38 38 39 37 38 32 |
sample:
15221889782
Format and search Aob: Code: | 00 00 B0 D7 5C 5A 0C 42 |
search: Code: | 00 00 B0 D7 5C 5A 0C 42 |
change: Code: | 00 ?? ?? ?? 44 34 79 42 |
or
Format Double: Code: | 31 35 32 32 31 38 38 39 37 38 32 |
sample:
search Double:
change Double:
How do I make this search and exchange function?
_________________
|
|
Back to top |
|
|
Corroder Grandmaster Cheater Supreme Reputation: 75
Joined: 10 Apr 2015 Posts: 1667
|
Posted: Sun Feb 24, 2019 6:09 pm Post subject: |
|
|
If I not misunderstood what you want :
Step 1 : text 'select_Item_102:'
Step 2 : Change text to AOB
Step 3 : Scan that AOB
Step 4 : Take the last 11 bytes from the scan result
Step 5 : Change that 11 bytes to double value
Step 6 : Scan that double value
Step 7 : Change that double value to your double value code
This part I am really not understand :
Quote: | Format Double:
Code:
31 35 32 32 31 38 38 39 37 38 32
sample:
Code:
15221889782
15221889782
Format and search Aob:
Code:
00 00 B0 D7 5C 5A 0C 42
search:
Code:
00 00 B0 D7 5C 5A 0C 42
change:
Code:
00 ?? ?? ?? 44 34 79 42 |
anyway 31 35 32 32 31 38 38 39 37 38 32 = 4.66450615834406E-33 in double value
and 15221889782 = F6 9A 4B 8B FF FF FF FF in bytes array
_________________
Stealing Code From Stolen Code...
And Admit It.. Hmmm....Typically LOL
Last edited by Corroder on Sun Feb 24, 2019 8:06 pm; edited 1 time in total |
|
Back to top |
|
|
AylinCE Grandmaster Cheater Supreme Reputation: 32
Joined: 16 Feb 2017 Posts: 1250
|
Posted: Sun Feb 24, 2019 8:01 pm Post subject: |
|
|
Yes: The current English translation, more complex expression.
I'll try to explain it again.
Unique "Double" code cannot be created.
But: With the help of a text, I find the unique "Double" number.
The number I tried to reach: 11 figures after the text.
Constant Variable
select_Item_102:"15221889782"
I'll format the text as Aob to find the variable number 11.
Aob translation: and Search Code;
Code:
Code: | 73 65 6C 65 63 74 5F 49 74 65 6D 5F 31 30 32 3A 22 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? |
Print scan result:
UDF1.CEEdit1.Text=tostring("?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??") --
This will be a result of screening.
Code: | UDF1.CEEdit1.Text="31 35 32 32 31 38 38 39 37 38 32"
|
Below is a format and an example of scanning, modifying.
But the above code first: take the scan results,
The last 11 digits must be printed on CEEdit1.
Then the following code will do the final scan and exchange.
Code: | --------------------------------------------------
function byteTableToAobString(t)
for k,v in ipairs(t) do
t[k] = ('%02X'):format(v)
end
return table.concat(t, ' ')
end
--------------------------------------------------
function CEButton1Click(sender)
newvalue = UDF1.CEEdit1.Text
newvalue = tonumber(newvalue)
if not newvalue then return end
newvalue = doubleToByteTable(newvalue)
newvalue = byteTableToAobString(newvalue)
Codescan2=UDF1.CEEdit1.Text(' %s '):format(newvalue)) --Format and search: '00 00 B0 D7 5C 5A 0C 42'
Aobswap(codescan2,('00 00 B0 D7 5C 5A 0C 42'))
end |
The question gets stuck in the first process.
Do the first scan, take the last 11 digits and print to CEEdit.
Again, I hope is not a complex narrative.
Thanks for your interest, @Corroder
_________________
|
|
Back to top |
|
|
Corroder Grandmaster Cheater Supreme Reputation: 75
Joined: 10 Apr 2015 Posts: 1667
|
|
Back to top |
|
|
AylinCE Grandmaster Cheater Supreme Reputation: 32
Joined: 16 Feb 2017 Posts: 1250
|
Posted: Mon Feb 25, 2019 2:01 am Post subject: |
|
|
Thanks @Corroder, the code is working.
The correct format will be String / Text.
But Lua uses String as a print,
could not find the code used as value.
In CE Lua, "String" is passed as both string and print.
CE Lua:
Code: | byteTableToWord(table): number - Converts a bytetable to a word
byteTableToDword(table): number - Converts a bytetable to a dword
byteTableToQword(table): number - Converts a bytetable to a qword
byteTableToFloat(table): number - Converts a bytetable to a float
byteTableToDouble(table): number - Converts a bytetable to a double
byteTableToString(table): string - Converts a bytetable to a string
byteTableToWideString(table): string - Converts a bytetable to a widestring and convets that to a string |
I have to format the following code as "String".
so that the search process will be completed.
CE also: Text search "String". How is it used in Lua?
--------------------------------------------------
Code: | function aobTableToString(t)
for k,v in ipairs(t) do
t[k] = ('%02X'):format(v)
end
return table.concat(t, ' ')
end
--------------------------------------------------
function CEButton2Click(sender)
newvalue = UDF1.CEEdit1.Text
newvalue = tonumber(newvalue)
if not newvalue then return end
newvalue = stringToByteTable(newvalue)
newvalue = aobTableToString(newvalue, newvalue)
UDF1.CEEdit2.Text=(' %s '):format(newvalue, newvalue)
end |
_________________
|
|
Back to top |
|
|
Corroder Grandmaster Cheater Supreme Reputation: 75
Joined: 10 Apr 2015 Posts: 1667
|
Posted: Mon Feb 25, 2019 5:51 am Post subject: |
|
|
to search 'string' and change to AOB :
Code: | local fmt,cat,Pack,UPack = string.format,table.concat,table.pack,table.unpack
local ton,tos,floor,sPack,sUPack = tonumber,tostring,math.floor,string.pack,string.unpack
function hx(n,sz)
return fmt("%0"..(sz or 2).."X",n)
end
function s2bt(iswide)
return not iswide and stringToByteTable or wideStringToByteTable
end
local function fnseq(...)
local function seq(f,g,...)
return g==nil and f or seq(function(...)return g(f(...))end,...)
end
return seq(...)
end
local function amap(t,...)
local r,f={n=t.n or #t},fnseq(...)
for i=1,r.n do r[i]=f(t[i])end
return r
end
function s2aob(s,iswide,zterminated)
return cat(amap(s2bt(iswide)(s),hx),' ')..(zterminated and (iswide and ' 00 00' or ' 00') or '')
end
function getByteString(address, bytecount)
local bytes = readBytes(address, bytecount, true)
if bytes then
local result = ""
for i = 1, #bytes do
if #result > 0 then
result = result .. " "
end
result = result .. string.format("%02X", bytes[i])
end
return result
end
end
|
Now, try to your case :
Code: | --- step 1 : Change string to AOB and add wild char
str = 'select_Item_102:'
ori_aob = s2aob(str)
wild_aob = ' ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??'
ori_aob = ori_aob..wild_aob
print(ori_aob) -- result = 73 65 6C 65 63 74 5F 49 74 65 6D 5F 31 30 32 3A ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??
--- Step 2 : Scan the result or aob_ori+wild char
aobresult=AOBScan(ori_aob)
j = 0
cnt = 1
if (aobresult~=nil) then
-- print("Results found: "..aobresult.Count)
while j < aobresult.Count do
a = getByteString(aobresult[j], 12)
-- print("Address "..cnt.." = "..aobresult[j].." --> AOB : "..a)
a = string.sub(a, -32)
print(a)
j=j+1
cnt = cnt+1
end
aobresult.destroy()
aobresult=nil
else
print("No results found")
end
-- Test
-- assum ori_aob to scan = '73 65 6C 65 63 74 5F 49 74 65 6D 5F 31 30 32 3A 22 31 35 32 32 31 38 38 39 37 38 32'
a = '73 65 6C 65 63 74 5F 49 74 65 6D 5F 31 30 32 3A 22 31 35 32 32 31 38 38 39 37 38 32'
new_aob = string.sub(a, -32)
print(new_aob) -- result = '31 35 32 32 31 38 38 39 37 38 32' |
Next, you need go to step 3 : change new_aob to double value
step 4 : find double value and replace to your own value
Code: | function findDoubleValueAndReplace(findValue, replaceWith)
memscan = createMemScan()
foundlist = createFoundList(memscan)
protectionflags = "*W*X*C" ----"+W*X-C"
memscan.firstScan(soExactValue, vtDouble, rtTruncated, findValue, nil,
"0","7fffffff",protectionflags,
fsmAligned,"4",
false, false, false, false)
memscan.waitTillDone()
foundlist.initialize()
if foundlist.Count == 0 or foundlist.Count == nil then
--- lResult.Caption = 'Scan result found : NIL'
print('not found')
end
lResult.Caption = 'Scan result found : '..foundlist.Count
for i=0,foundlist.Count-1 do
---- mMemo.append("Address "..tostring(foundlist.Address[i]))
fullAccess( getAddress(foundlist.Address[i]) , 8)
writeDouble( foundlist.Address[i], replaceWith)
end
sleep(50)
foundlist.destroy()
sleep(50)
memscan.destroy()
end
|
_________________
Stealing Code From Stolen Code...
And Admit It.. Hmmm....Typically LOL |
|
Back to top |
|
|
AylinCE Grandmaster Cheater Supreme Reputation: 32
Joined: 16 Feb 2017 Posts: 1250
|
Posted: Mon Feb 25, 2019 8:20 am Post subject: |
|
|
No change. I am sorry.
How do we force the following code into "String / Text" change?
Code: | function CEButton2Click(sender)
newvalue = UDF1.CEEdit1.Text
newvalue = tonumber(newvalue)
-- if not newvalue then return end
newvalue = wideStringToByteTable(newvalue)
newvalue = aobTableToString(newvalue, newvalue)
UDF1.CEEdit2.Text=(' %s '):format(newvalue, newvalue)
end |
The picture shows the status of the process,
How do I get the result in the picture?
http://i64.tinypic.com/20qjb07.png
_________________
|
|
Back to top |
|
|
Corroder Grandmaster Cheater Supreme Reputation: 75
Joined: 10 Apr 2015 Posts: 1667
|
Posted: Mon Feb 25, 2019 9:01 am Post subject: |
|
|
string 165433071529 = 165433071529 in double value
Code: | function findDoubleValueAndReplace(findValue, replaceWith)
memscan = createMemScan()
foundlist = createFoundList(memscan)
protectionflags = "*W*X*C" ----"+W*X-C"
memscan.firstScan(soExactValue, vtDouble, rtTruncated, findValue, nil,
"0","7fffffff",protectionflags,
fsmAligned,"4",
false, false, false, false)
memscan.waitTillDone()
foundlist.initialize()
if foundlist.Count == 0 or foundlist.Count == nil then
--- lResult.Caption = 'Scan result found : NIL'
print('not found')
end
lResult.Caption = 'Scan result found : '..foundlist.Count
for i=0,foundlist.Count-1 do
---- mMemo.append("Address "..tostring(foundlist.Address[i]))
fullAccess( getAddress(foundlist.Address[i]) , 8)
writeDouble( foundlist.Address[i], replaceWith)
end
sleep(50)
foundlist.destroy()
sleep(50)
memscan.destroy()
end
findDoubleValueAndReplace('165433071529', 255433071529) |
_________________
Stealing Code From Stolen Code...
And Admit It.. Hmmm....Typically LOL |
|
Back to top |
|
|
DaSpamer Grandmaster Cheater Supreme Reputation: 52
Joined: 13 Sep 2011 Posts: 1578
|
Posted: Mon Feb 25, 2019 11:51 am Post subject: |
|
|
My turn I guess, so you want to scan for static aob, which points to memory area where you can find yourtrue aob target.
So we need to first to scan for your aob, then we need to fetch the new aob target which is always located at X offset related to to our AoB base address,
The new AoB target is basically a double value represented as a string at that moment so we need to read it as a string and then convert it to double, and from double convert it back to bytes (I prefer aobscan instead memscan).
Then we scan for our new aob and replace it with a dobule value (which we also convert to bytes).
Here's a code
Code: |
function ScanAndReScan(sAob,vDouble,nLength,sOffset)
if ((type(sAob)=='string' and #sAob > 1) and type(vDouble)=='number' and type(nLength)=='number') then
local sPattern,vPattern = sAob:gsub("[^%x%?]+",""),doubleToByteTable(vDouble); -- clean AoB from any unneeded character; converts Double to bytes;
local sOffset = ((#sPattern % 2 == 0) and (type(sOffset)=='number' and sOffset or (#sPattern // 2)) or error('pattern is incorrect')); -- read bytes starting offset;
local sAobs = AOBScan(sPattern); -- yes memscan is faster, but I'm lazy.
if (sAobs) then
-- local vAobs = AOBScan(readBytes(sAobs[0]..'+'..sOffset,8)); -- New scan for the double value; thought the bytes after the aob represent double, but I see we need to format it;
local vAobs = AOBScan(unpack(doubleToByteTable(readString(tonumber(sAobs[0],16)+sOffset,nLength)))); -- converts address from base16 to base10 and adds X offset, reads nLength from given address and converts to double (returns table contains double bytes); unpack the table and scans the double bytes;
-- print('sAOB found @:',sAobs[0],' - found targer double count :', (vAobs and vAobs.count or 'nil'));
if (vAobs) then
for i=0,vAobs.count-1 do -- there's might be lot's of results, including of memory areas you maybe wouldn't want to change
writeBytes(vAobs[i],vPattern); -- writes the double value given after it was converted to bytes...
-- print("Modified address @:",vAobs[i]);
end
vAobs.destroy(); -- cleanup
end
sAobs.destroy();
end
end
end
ScanAndReScan("73 65 6C 65 63 74 5F 49 74 65 6D 5F 31 30 32 3A 22",15221889784,11); -- change double target to 15221889784;
-- ScanAndReScan("73 65 6C 65 63 74 5F 49 74 65 6D 5F 31 30 32 3A ZZ",15221889784,11); -- AoB; Target Value to change to; Number of bytes to read to fetch the source Value AoB;
-- ScanAndReScan("73 65 6C 65 63 74 5F 49 74 65 6D 5F 31 30 32 3A ZZ ?? ?? ?? ?? ?? ?? ?? ?? ?? ??",15221889784,11,17); -- AoB; Target Value; Source Value AoB Length; Source Value AoB offset (address + 17 bytes:)
|
_________________
|
|
Back to top |
|
|
AylinCE Grandmaster Cheater Supreme Reputation: 32
Joined: 16 Feb 2017 Posts: 1250
|
Posted: Tue Feb 26, 2019 7:36 pm Post subject: |
|
|
DaSpamer wrote: | My turn I guess,
Code: |
function ScanAndReScan(sAob,vDouble,nLength,sOffset)
if ((type(sAob)=='string' and #sAob > 1) and type(vDouble)=='number' and type(nLength)=='number') then
local sPattern,vPattern = sAob:gsub("[^%x%?]+",""),doubleToByteTable(vDouble); -- clean AoB from any unneeded character; converts Double to bytes;
local sOffset = ((#sPattern % 2 == 0) and (type(sOffset)=='number' and sOffset or (#sPattern // 2)) or error('pattern is incorrect')); -- read bytes starting offset;
local sAobs = AOBScan(sPattern); -- yes memscan is faster, but I'm lazy.
if (sAobs) then
-- local vAobs = AOBScan(readBytes(sAobs[0]..'+'..sOffset,8)); -- New scan for the double value; thought the bytes after the aob represent double, but I see we need to format it;
local vAobs = AOBScan(unpack(doubleToByteTable(readString(tonumber(sAobs[0],16)+sOffset,nLength)))); -- converts address from base16 to base10 and adds X offset, reads nLength from given address and converts to double (returns table contains double bytes); unpack the table and scans the double bytes;
-- print('sAOB found @:',sAobs[0],' - found targer double count :', (vAobs and vAobs.count or 'nil'));
if (vAobs) then
for i=0,vAobs.count-1 do -- there's might be lot's of results, including of memory areas you maybe wouldn't want to change
writeBytes(vAobs[i],vPattern); -- writes the double value given after it was converted to bytes...
-- print("Modified address @:",vAobs[i]);
end
vAobs.destroy(); -- cleanup
end
sAobs.destroy();
end
end
end
ScanAndReScan("73 65 6C 65 63 74 5F 49 74 65 6D 5F 31 30 32 3A 22",15221889784,11); -- change double target to 15221889784;
-- ScanAndReScan("73 65 6C 65 63 74 5F 49 74 65 6D 5F 31 30 32 3A ZZ",15221889784,11); -- AoB; Target Value to change to; Number of bytes to read to fetch the source Value AoB;
-- ScanAndReScan("73 65 6C 65 63 74 5F 49 74 65 6D 5F 31 30 32 3A ZZ ?? ?? ?? ?? ?? ?? ?? ?? ?? ??",15221889784,11,17); -- AoB; Target Value; Source Value AoB Length; Source Value AoB offset (address + 17 bytes:)
|
|
I didn't get a result when I first tried the code.
But I made the CEF, hours of calls
finally, when I could not find any results again, I reviewed the code.
When used, he successfully made the change and
frankly I shuddered.
This code: Searching, extracting the desired value from the result,
it is formatting the value and Double is calling and changing.
Creepy way amazing.
Thanks again and again.
2 more questions about this code.
1) How do I get "Print" prints to a single "Show Message" panel?
2) Can I search and replace more than 1 code under the same code?
Code: | showMessage=('sAOB found @:',sAobs[0],' - found targer double count :', (vAobs and vAobs.count or 'nil'),("Modified address @:",vAobs[i])) |
Code: | ScanAndReScan("61 76 61 74 61 72 5F 73 70 65 65 64 22 3A ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 7D",2522188978499,13,14);
ScanAndReScan("63 65 72 74 69 66 69 63 61 74 65 5F 6D 61 73 74 65 72 79 22 3A ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 2C",2522188978499,13,21); |
Thanks in advance @DaSpamer.
and thanks @Corroder: Always, to the rescue, for coming.
This output:
A bucket of cold water was poured over my head.
_________________
|
|
Back to top |
|
|
DaSpamer Grandmaster Cheater Supreme Reputation: 52
Joined: 13 Sep 2011 Posts: 1578
|
Posted: Fri Mar 01, 2019 11:11 am Post subject: |
|
|
For 1 question one,
Print function accepts unlimited(?) argumemts and then concatenate all into 1 string.
While showMessage accepts only a single parameter, so you need to concatenate the string yourself upfront and only then call showMessage.
As for question 2 I quite didnt understand.
_________________
|
|
Back to top |
|
|
AylinCE Grandmaster Cheater Supreme Reputation: 32
Joined: 16 Feb 2017 Posts: 1250
|
Posted: Fri Mar 01, 2019 6:13 pm Post subject: |
|
|
DaSpamer wrote: |
As for question 2 I quite didnt understand. |
First of all thanks again for this coding.
2. The question was solved.
--Can I search and replace more than 1 code under the same code?
2) More than one change is added on a button?
Answer: It is added.
Code: | function CEButton41Click(sender) --avatar
UDF1.CEButton41.Font.Style="fsBold";
ScanAndReScan("63 65 72 74 69 66 69 63 61 74 65 5F 61 76 61 74 61 72 5F 73 70 65 65 64 22 3A ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 2C",2155188978499,13,26);
ScanAndReScan("63 65 72 74 69 66 69 63 61 74 65 5F 61 76 61 74 61 72 5F 73 70 65 65 64 22 3A ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 7D",2155188978499,13,26);
UDF1.CEButton41.Font.Style="fsStrikeOut";
end |
I don't understand one thing: there is no explanation in the message.
It just gives you the number of changing codes.
Example: 82
So just: 82.
Not like this:
Code: | Replace Code Count : 82 |
Code: | showMessage('Replace Code Count :', (vAobs and vAobs.count or 'nil')); |
After all, this is enough.
This encoding is like magic. Thanks again.
_________________
|
|
Back to top |
|
|
DaSpamer Grandmaster Cheater Supreme Reputation: 52
Joined: 13 Sep 2011 Posts: 1578
|
Posted: Sat Mar 02, 2019 5:01 am Post subject: |
|
|
I print used just for debugging.
It prints how many results it founds for the extracted double value.
As for explanation, what do you need?
Code: | showMessage('Replace Code Count :'..(vAobs and vAobs.count or 'nil')..' | search value :' .. readString(tonumber(sAobs[0],16)+sOffset,nLength) .. ' & replace value :' .. vDouble); |
If you wish the function to return the total count of changed objects (so you could verify it changed);
you may use this
Code: |
function ScanAndReScan(sAob,vDouble,nLength,sOffset)
if ((type(sAob)=='string' and #sAob > 1) and type(vDouble)=='number' and type(nLength)=='number') then
local sPattern,vPattern = sAob:gsub("[^%x%?]+",""),doubleToByteTable(vDouble);
local sOffset,sAobs = ((#sPattern % 2 == 0) and (type(sOffset)=='number' and sOffset or (#sPattern // 2)) or error('pattern is incorrect')),AOBScan(sPattern);
if (sAobs) then
local vAobs = AOBScan(unpack(doubleToByteTable(readString(tonumber(sAobs[0],16)+sOffset,nLength))));
sAobs.destroy();
if (vAobs) then
for i=0,vAobs.count-1 do
writeBytes(vAobs[i],vPattern);
end
local count = vAobs.count;
vAobs.destroy();
return count;
end
end
end
return 0;
end |
It should return number bigger than 0 if successfully
_________________
|
|
Back to top |
|
|
AylinCE Grandmaster Cheater Supreme Reputation: 32
Joined: 16 Feb 2017 Posts: 1250
|
Posted: Sat Mar 02, 2019 5:43 am Post subject: |
|
|
Master, no need for a new configuration.
The following fix is enough, thanks.
The code you gave: The game was used to fix the errors.
(A little too: To increase reinforcement times )
In the video of use, I have indicated the code owner.
Anyone who revives the game stream is grateful to you.
And I thank you.
The result of the previous coding and explanation:
Code: | showMessage('sAOB found @:',sAobs[0],'\nReplace Code Count :', (vAobs and vAobs.count or 'nil')); |
Current code and description result:
Code: | showMessage('Replace Code Count :'..(vAobs and vAobs.count or 'nil')..' | search value :' .. readString(tonumber(sAobs[0],16)+sOffset,nLength) .. ' & replace value :' .. vDouble); |
Again Thanks Master
_________________
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|