Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Aobscan w/ multiple AOBs [Closed]

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Lua Scripting
View previous topic :: View next topic  
Author Message
paul44
Expert Cheater
Reputation: 2

Joined: 20 Jul 2017
Posts: 152

PostPosted: Sat Aug 06, 2022 3:27 am    Post subject: Aobscan w/ multiple AOBs [Closed] Reply with quote

Tried this out in order to distinct multiple game updates: [ https://imgur.com/a/dvqiTW1 ]
It works fine; results shown in 2nd pic: 1st aob "hits" '1428xxx', 2nd does not exist (returns '', not nil since being stringlist?!).

Issue: it takes a pretty long time to complete the scan; i assume because the 2nd aob does not exist and CE scans complete memory...?
Did try to find more info related to this particular function (incl github; closest i got was the frmautoinject), but nothing 'I' could relate... Rolling Eyes

Q: does this fn also supports parameters such as 'protectionflags' and 'Start_mem - End_mem' ?

ps: i assume this particular syntax parcours memory just once, while scanning for both aobs; which should give a performance improvement, hence my interest.
ps2: i just noticed that i'm using result, result1... i've uploaded wrong test_image here. anyways: only 1 var, being 'result'


Last edited by paul44 on Mon Aug 08, 2022 10:54 am; edited 1 time in total
Back to top
View user's profile Send private message
LeFiXER
Grandmaster Cheater Supreme
Reputation: 20

Joined: 02 Sep 2011
Posts: 1054
Location: 0x90

PostPosted: Sat Aug 06, 2022 5:40 am    Post subject: Reply with quote

I can confirm that AOBScan does indeed, return a stringlist. Do note that AOBScan will scan all modules pertaining to the process.

For your other issues, perhaps this will be of use:
Code:

AOBScan(x,x,x,x,...): Scans the currently opened process and returns a StringList object containing all the results. Don't forget to free this list when done
Bytevalue of higher than 255 or anything other than an integer will be seen as a wildcard.
AOBScan(aobstring, OPTIONAL protectionflags, OPTIONAL alignmenttype, OPTIONAL alignmentparam): See above. But here you just input one string.
AOBScanUnique(aobstring, OPTIONAL protectionflags, OPTIONAL alignmenttype, OPTIONAL alignmentparam) - Integer: Scans for the aobstring and returns the first result it finds, nil if nothing is found. Make sure it is unique because it will return the first result found whether it is unique or not, as it will return any random match.
AOBScanModuleUnique(modulename, aobstring, OPTIONAL protectionflags, OPTIONAL alignmenttype, OPTIONAL alignmentparam) - Integer: Scans for the aobstring in the designated module.


Further reading: celua.txt
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Sat Aug 06, 2022 2:23 pm    Post subject: Reply with quote

paul44 wrote:
Code:
AOBScan('8B 81 F8 FE FF FF 89', '8B 81 E8 FE FF FF 89')
AOBScan doesn't work like that. See celua.txt

There is another value type called vtByteArrays (15) used internally by the auto assembler; however, the results of such a memscan don't seem to be accessible from Lua. (GetOnlyOneResults isn't published)

In this case, the differences between the patterns aren't much. Use a wildcard and expand the pattern if it isn't unique:
Code:
local address = AOBScanModuleUnique('game.exe', '8B 81 ?8 FE FF FF 89', '+X-C-W')
Note the Unique variants of AOBScan return an integer
_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
paul44
Expert Cheater
Reputation: 2

Joined: 20 Jul 2017
Posts: 152

PostPosted: Mon Aug 08, 2022 10:46 am    Post subject: perhaps a Request...? Reply with quote

@LeFiXER: yep, which got me confused initially, hence why i've mentioned it. my order of (re)search is usually: a) forum b) Celua.txt (which one can also find in CE's installdir c) CE's github (more as a last resort to be frank)

@ParkourPenguin:
> "AOBScan doesn't work like that": not sure what you mean by that, but using that syntax works fine; but from my point of view not really practical.
As #LeFiXER stated - and i assumed so much - the scan parcours all memory, therefore taking far more time then performing 2 seperate "mem_ranged" scans. (in my example: 2 scans: 3~5secs - multi_aob scan: 5~10+ secs)
> wildcards: no-go in my case, as it returns far more results (up to a point that additional bytes would/might make the scan unreliable)
=> also evaluated other values within that very same struct, with no luck unfortunately.
btw: this topic is actually related to a prev topic; basically a new update caused a change in opcode_offset.

bottomline: multi_aob scan would be great if other scan parameters are also available. perhaps a future version passing on an array of AOBs as 1st param Shocked ?
Just to be clear: i think this is ONLY the 2nd time that i got confronted with such issue; AND:with a final release, these particular "splinters" get removed in a hearbeat anyway. in fact, i need to do this so i can keep supporting some previous release(s) here... (iow i would rarely use aobscan this way)
Back to top
View user's profile Send private message
AylinCE
Grandmaster Cheater Supreme
Reputation: 31

Joined: 16 Feb 2017
Posts: 1234

PostPosted: Mon Aug 08, 2022 11:37 am    Post subject: Reply with quote

Doesn't this happen?
Get addresses and interpret results etc.

Code:
local address1 = AOBScanModuleUnique('game.exe', '8B 81 F8 FE FF FF 89', '+X-C-W')
local address2 = AOBScanModuleUnique('game.exe', '8B 81 E8 FE FF FF 89', '+X-C-W')

_________________
Hi Hitler Different Trainer forms for you!
https://forum.cheatengine.org/viewtopic.php?t=619279
Enthusiastic people: Always one step ahead
Do not underestimate me Master: You were a beginner in the past
Back to top
View user's profile Send private message Visit poster's website MSN Messenger
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Mon Aug 08, 2022 12:17 pm    Post subject: Reply with quote

paul44 wrote:
"AOBScan doesn't work like that": not sure what you mean by that, but using that syntax works fine; but from my point of view not really practical.
It doesn't work like that. Example:
Code:
globalalloc(foo,4096)

foo:
  db 12 34 AB CD

foo+100:
  db 56 78 90 EF

{$lua}
if syntaxcheck then return end

createTimer(100, function()
  local res1, res2 = AOBScan('12 34 AB CD', '56 78 90 EF')

  print('res1:', tostring(res1))  -- prints 'res1: userdata: 000000000655CD78'
  print('res2:', tostring(res2))  -- prints 'res2: nil'

  if res1 then res1.destroy(); end
  if res2 then res2.destroy(); end
end)
{$asm}
The AOB '56 78 90 EF' clearly exists, but res2 is still nil. That's because the second string gets parsed as protection flags (e.g. '+X-C-W') and not as a second AOB to simultaneously search for.
_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
paul44
Expert Cheater
Reputation: 2

Joined: 20 Jul 2017
Posts: 152

PostPosted: Tue Aug 09, 2022 10:27 am    Post subject: stand corrected... Reply with quote

@AylinCE: my interpretation was that one could scan multiple AOBs in just one "mem_scan"; thus removing one 1 (or more) additional scan(s) if future updates introduce similar changes. (~ atm i'm running 2 scans)

@ParkourPenguin: yep, you are right; just verified this and it only returns "2" values. adding a 2nd & 3rd existing aob gives the same result...

=> so, how does one need to interpret that particular scan_syntax as it clearly states in the celua: "...here you just input ONE string" ?!
(which made me conclude/assume that in the 1st aobscan method, them resp. Xs represent resp. AOBs). Iow what is the distinction between these 2 aobscans ?
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Tue Aug 09, 2022 10:55 am    Post subject: Reply with quote

Do you mean `AOBScan(x,x,x,x,...)`? The x are just bytes.
Code:
AOBScan(0x10, 0x20, 0x30, ...)

In celua.txt there is more detail later on:
Quote:
Code:
AOBScan("aobstring", protectionflags OPTIONAL, alignmenttype OPTIONAL, alignmentparam HALFOPTIONAL):
protectionflags is a string.
  X=Executable W=Writable memory C=Copy On Write. Add a + to indicate that flag MUST be set and a - to indicate that that flag MUST NOT be set. (* sets it to don't care)
  Examples:
    +W-C = Writable memory exluding copy on write and doesn't care about the Executable flag
    +X-C-W = Find readonly executable memory
    +W = Finds all writable memory and don't care about copy on write or execute
    "" = Find everything (is the same as "*X*C*W" )


alignmenttype is an integer:
  0=No alignment check
  1=Address must be dividable by alignmentparam
  2=Address must end with alignmentparam
alignmentparam is a string which either holds the value the addresses must be dividable by or what the last digits of the address must be
For the alignment type, I'd use these in defines.lua:
Quote:
Code:
--scan types: (fast scan methods)
fsmNotAligned=0
fsmAligned=1
fsmLastDigits=2

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Lua Scripting All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites