 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
M1CR0H4CK3R
Newbie cheater
![]() Reputation: 0
Joined: 20 Jun 2014
Posts: 10
Location: Indianapolis, Indiana, USA
|
 Posted: Mon Nov 11, 2019 3:04 pm Post subject: How to create serial write CT with AOB scan? |
 |
|
I want to create a .CT that does the following:
On activation, activate script that does the following:
1. Scan for following AOB: | Code: | | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 ?? 00 03 00 ?? 00 ?? 00 ?? |
The addresses found must have 'D30' as their last digits. There should be only one result.
2. For the address found, add 0x10 to it
3. Check if the value ('v') at the current address ('a') ANDed with 0x0000FFFF is equal to 00 00 00 00. If it is, add 0x4 to 'a'. If not, add 0x2 to 'a', make 'v' 0x63, and add 0x2 to 'a' again. (A simple 'equation' for this is in the note at the bottom of this post).
4. Repeat step 3 599 more times.
5. Upon deactivation, do nothing.
Note: Step 3 can be viewed like this (this is essentially TI83/TI84 BASIC language, which is the only real coding I know):
| Code: | c = 600
::loopA
if (v & 0x0000FFFF == 0x00000000);
then (a + 0x4 = a);
else (
a + 0x2 = a;
v = 0x63;
a + 0x2 = a);
c - 1 = c
if (c == 0);
then (goto 'endLoopA');
else (goto 'loopA');
::endLoopA |
|
|
| Back to top |
|
 |
ParkourPenguin
I post too much
 Reputation: 152
Joined: 06 Jul 2014
Posts: 4703
|
| Posted: Mon Nov 11, 2019 9:03 pm Post subject: |
|
|
I'm guessing the values you're working with are 2-byte integers.
Also, the trailing ?? in the AoB signature is useless and only slows the scan down.
| Code: | local ms = createMemScan()
-- assume there is only 1 result
ms.OnlyOneResult = true
ms.firstScan(soExactValue, vtByteArray, rtRounded,
'00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 ?? 00 03 00 ?? 00 ?? 00',
'', 0, 0x7fffffffffffffff, '', fsmLastDigits, 'D30', true, true, false, false)
ms.waitTillDone()
local a = ms.Result
ms.destroy()
assert(a, 'No results found')
a = a + 0x10
for i = 1, 600 do
if readSmallInteger(a) ~= 0 then
writeSmallInteger(a+2, 0x63)
end
a = a + 4
end
|
If you want to put this in an AA script, surround it with this:
| Code: | {$lua}
[ENABLE]
-- code goes here
[DISABLE]
|
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
M1CR0H4CK3R
Newbie cheater
![]() Reputation: 0
Joined: 20 Jun 2014
Posts: 10
Location: Indianapolis, Indiana, USA
|
| Posted: Tue Nov 12, 2019 8:22 am Post subject: |
|
|
| ParkourPenguin wrote: | I'm guessing the values you're working with are 2-byte integers.
Also, the trailing ?? in the AoB signature is useless and only slows the scan down.
| Code: | local ms = createMemScan()
-- assume there is only 1 result
ms.OnlyOneResult = true
ms.firstScan(soExactValue, vtByteArray, rtRounded,
'00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 ?? 00 03 00 ?? 00 ?? 00',
'', 0, 0x7fffffffffffffff, '', fsmLastDigits, 'D30', true, true, false, false)
ms.waitTillDone()
local a = ms.Result
ms.destroy()
assert(a, 'No results found')
a = a + 0x10
for i = 1, 600 do
if readSmallInteger(a) ~= 0 then
writeSmallInteger(a+2, 0x63)
end
a = a + 4
end
|
If you want to put this in an AA script, surround it with this:
| Code: | {$lua}
[ENABLE]
-- code goes here
[DISABLE]
|
|
This doesn't quite work. It only writes 0x63 to the first byte of the second 2 bytes of each dword it is dealing with, whether I change it to 0x6300 or 0x0063, or leave it as-is. I think 'SmallInteger' is being interpreted as 'Byte' for some reason.
Edit: I changed the line to | Code: | | writeBytes(a+2, 0x00, 0x63) |
and it works! Thanks for the help, I really appreciate it!
|
|
| Back to top |
|
|
mgr.inz.Player
I post too much
 Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Sun Nov 17, 2019 10:16 am Post subject: |
|
|
writeSmallInteger (and the rest of read/write) doesn't use VirtualProtectEx.
only writeBytes and writeBytesLocal change protect to PAGE_EXECUTE_READWRITE and after writing restore original protect
_________________
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
