 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
titomdma
Newbie cheater
![]() Reputation: 0
Joined: 14 Jul 2024
Posts: 12
|
 Posted: Sun Jul 14, 2024 12:05 pm Post subject: search Array of byte |
 |
|
Hi
I have an array for find values I want modify
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 6A 70 8F 3B CD A9 32 3C 9C D2 D2 3B
FF 80 92 3B F3 D1 4D 3A 76 5D 9A 3A F2 04 35 3F CD CC 0C 3F 00 00 00 00
00 00 00 00 1E A5 92 3F 00 00 00 00 0A 07 95 39 7C A8 A8 39 5D 65 56 3B
F2 04 35 3F 00 00 80 3F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 D8 83 C9 BF 00 00 00 00 00 00 00 00 00 68 EA 39 D4 F4 C0 3A
F2 04 35 3F 00 00 80 3F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 3F
00 00 A0 3F 46 94 D6 40 46 94 D6 40 00 00 80 3F 00 00 80 3F 00 00 00 00
00 00 00 00 00 00 00 00 00 00 80 3F 00 00 80 3F 00 00 80 3F 9A 99 19 3F
46 94 D6 40 46 94 D6 40 00 00 80 3F 00 00 80 3F 00 00 00 00 00 00 00 00
00 00 00 00 00 00 80 3F 00 00 80 3F 00 00 80 3F 9A 99 19 3F 46 94 D6 40
46 94 D6 40 00 00 80 3F 00 00 80 3F 00 00 00 00 00 00 00 00 00 00 00 00
This search found me some addresses included the one I want.
I watched every wrong found address are like this
00 00 80 3F 00 00 00 00 00 00 80 3F 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 6A 70 8F 3B CD A9 32 3C 9C D2 D2 3B
FF 80 92 3B F3 D1 4D 3A 76 5D 9A 3A F2 04 35 3F CD CC 0C 3F 00 00 00 00
00 00 00 00 1E A5 92 3F 00 00 00 00 0A 07 95 39 7C A8 A8 39 5D 65 56 3B
F2 04 35 3F 00 00 80 3F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 D8 83 C9 BF 00 00 00 00 00 00 00 00 00 68 EA 39 D4 F4 C0 3A
F2 04 35 3F 00 00 80 3F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 3F
00 00 A0 3F 46 94 D6 40 46 94 D6 40 00 00 80 3F 00 00 80 3F 00 00 00 00
00 00 00 00 00 00 00 00 00 00 80 3F 00 00 80 3F 00 00 80 3F 9A 99 19 3F
46 94 D6 40 46 94 D6 40 00 00 80 3F 00 00 80 3F 00 00 00 00 00 00 00 00
00 00 00 00 00 00 80 3F 00 00 80 3F 00 00 80 3F 9A 99 19 3F 46 94 D6 40
46 94 D6 40 00 00 80 3F 00 00 80 3F 00 00 00 00 00 00 00 00 00 00 00 00
Good ones have this 4 bytes random and fliping
00 00 80 3F 00 00 00 00 00 00 80 3F 00 00 00 00 C4 1F 0C 2F 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 6A 70 8F 3B CD A9 32 3C 9C D2 D2 3B
FF 80 92 3B F3 D1 4D 3A 76 5D 9A 3A F2 04 35 3F CD CC 0C 3F 00 00 00 00
00 00 00 00 1E A5 92 3F 00 00 00 00 0A 07 95 39 7C A8 A8 39 5D 65 56 3B
F2 04 35 3F 00 00 80 3F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 D8 83 C9 BF 00 00 00 00 00 00 00 00 00 68 EA 39 D4 F4 C0 3A
F2 04 35 3F 00 00 80 3F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 3F
00 00 A0 3F 46 94 D6 40 46 94 D6 40 00 00 80 3F 00 00 80 3F 00 00 00 00
00 00 00 00 00 00 00 00 00 00 80 3F 00 00 80 3F 00 00 80 3F 9A 99 19 3F
46 94 D6 40 46 94 D6 40 00 00 80 3F 00 00 80 3F 00 00 00 00 00 00 00 00
00 00 00 00 00 00 80 3F 00 00 80 3F 00 00 80 3F 9A 99 19 3F 46 94 D6 40
46 94 D6 40 00 00 80 3F 00 00 80 3F 00 00 00 00 00 00 00 00 00 00 00 00
I know ?? could used for random value, but this include "0" too.
Is it posible search an array with a parameter for exclude "00 00 00 00" in this region?
Thank so much
|
|
| Back to top |
|
 |
AylinCE
Grandmaster Cheater Supreme
 Reputation: 37
Joined: 16 Feb 2017
Posts: 1524
|
| Posted: Sun Jul 14, 2024 4:05 pm Post subject: |
|
|
| Code: | function getByteString(address, bytecount)
local bytes = readBytes(address, bytecount, true)
if bytes then
local result = ""
for i = 1, #bytes do
if #result > 0 then result = result .. " " end
result = result .. string.format("%02X", bytes[i]) end
return result end
end
local resultAddr = {}
function multiAOBPatch(from,byt)
resultAddr = {}
local res = 0
from = tostring(from)
local aob = AOBScan(from)
if (aob == nil) then
res = 0
else
for i=0,aob.Count-1 do
local address=stringlist_getString(aob,i)
local addrByte = address.."+"..byt
--local b1,b2,b3,b4 = string.format("%02X"
readPer = getByteString(addrByte, 4)
--print(readPer)
--print("\n"..i.."- delete address: "..readPer)
if readPer~="00 00 00 00" then
resultAddr[#resultAddr + 1] = address
res = 1
end
end
aob.Destroy()
end
return res
end
function searchAddr(from,byt)
res1 = multiAOBPatch(from,byt)
if res1==1 then
print(res)
for l,k in pairs(resultAddr) do
local resPer = getByteString(tostring(k), 20) -- 0-20 byte
print(l.."- Found: Address: "..tostring(k).."\nAobs: "..resPer)
-- replace code:
-- autoAssemble(k..":\ndb "..to) -- "to" (replace codes)
end
else
showMessage("Code not found..")
end
end
-- use
search = "00 00 80 3F 00 00 00 00 00 00 80 3F 00 00 00 00 ?? ?? ?? ?? 00 00 00 00"
searchAddr(search,"10") -- hex(10) = 16 byte --> ?? ?? ?? ?? |
_________________
|
|
| Back to top |
|
|
titomdma
Newbie cheater
![]() Reputation: 0
Joined: 14 Jul 2024
Posts: 12
|
| Posted: Sun Jul 14, 2024 6:01 pm Post subject: |
|
|
Thank for reply
I ll try tomorrow
|
|
| Back to top |
|
|
Csimbi
I post too much
 Reputation: 97
Joined: 14 Jul 2007
Posts: 3325
|
| Posted: Mon Jul 15, 2024 8:30 am Post subject: |
|
|
I put in a feature request a while ago for a similar problem.
The idea was to use a different mask, NZ instead of ?? - indicating the byte would have to be Non-Zero.
Not sure whether it'll be implemented and when the next release is due though.
I know 4 persons who have that answer, but neither one of those persons is me.
|
|
| Back to top |
|
|
AylinCE
Grandmaster Cheater Supreme
Reputation: 37
Joined: 16 Feb 2017
Posts: 1524
|
| Posted: Mon Jul 15, 2024 11:16 am Post subject: |
|
|
I just coded it as a superficial solution.
I did not consider its archival nature.
I think 4 known people and hundreds of unknown "visitors" might be interested in such solutions.
OK, if it's still not there, I'll try to archive a function with "N~Z" factor as soon as possible.
_________________
|
|
| Back to top |
|
|
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25804
Location: The netherlands
|
| Posted: Tue Jul 16, 2024 4:06 am Post subject: |
|
|
groupscan would work great here
| Code: |
4:0x3f800000 4:0 4:0x3f800000 4:0 p:* 4:0 4:0
|
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
titomdma
Newbie cheater
![]() Reputation: 0
Joined: 14 Jul 2024
Posts: 12
|
| Posted: Tue Jul 16, 2024 2:02 pm Post subject: |
|
|
| AylinCE wrote: | | Code: | function getByteString(address, bytecount)
local bytes = readBytes(address, bytecount, true)
if bytes then
local result = ""
for i = 1, #bytes do
if #result > 0 then result = result .. " " end
result = result .. string.format("%02X", bytes[i]) end
return result end
end
local resultAddr = {}
function multiAOBPatch(from,byt)
resultAddr = {}
local res = 0
from = tostring(from)
local aob = AOBScan(from)
if (aob == nil) then
res = 0
else
for i=0,aob.Count-1 do
local address=stringlist_getString(aob,i)
local addrByte = address.."+"..byt
--local b1,b2,b3,b4 = string.format("%02X"
readPer = getByteString(addrByte, 4)
--print(readPer)
--print("\n"..i.."- delete address: "..readPer)
if readPer~="00 00 00 00" then
resultAddr[#resultAddr + 1] = address
res = 1
end
end
aob.Destroy()
end
return res
end
function searchAddr(from,byt)
res1 = multiAOBPatch(from,byt)
if res1==1 then
print(res)
for l,k in pairs(resultAddr) do
local resPer = getByteString(tostring(k), 20) -- 0-20 byte
print(l.."- Found: Address: "..tostring(k).."\nAobs: "..resPer)
-- replace code:
-- autoAssemble(k..":\ndb "..to) -- "to" (replace codes)
end
else
showMessage("Code not found..")
end
end
-- use
search = "00 00 80 3F 00 00 00 00 00 00 80 3F 00 00 00 00 ?? ?? ?? ?? 00 00 00 00"
searchAddr(search,"10") -- hex(10) = 16 byte --> ?? ?? ?? ?? |
|
Thanks a lot for your time coding a solution, didnt work for me, maybe Im doing something wrong.Because I tried execute code before & after search, but a lot of red words errors
| Dark Byte wrote: | groupscan would work great here
| Code: |
4:0x3f800000 4:0 4:0x3f800000 4:0 p:* 4:0 4:0
|
|
Thanks for reply this thread, I tried, didnt find an address.
Headers are changing each new event. Maybe I need input adrresses manually after start an event. Slower but more effective.
I dont know if I need start new topic or here is a good place
Is it possible increment 4 float values x% when UP is bigger than 00 00 00 00 & decrease y% when DOWN is bigger than 00 00 00 00. If UP & DOWN are bigger than 00 00 00 00 do nothing
Header address change usually, then I prefer input manually each time.
Input data
input1 = UP 4byte address
input2 = DOWN 4byte address
input3 = 1st value float address
input4 = x% UP
input5 = y% DOWN
adresses for modify
1st value = input 3
2nd value = 1st value address +890 = float
3rd value = 1st value address +1120 = float
4rd value = 1st value address +19B0 = float
Thanks 
|
|
| Back to top |
|
|
AylinCE
Grandmaster Cheater Supreme
Reputation: 37
Joined: 16 Feb 2017
Posts: 1524
|
| Posted: Tue Jul 16, 2024 4:48 pm Post subject: |
|
|
Confess it; The problem is a bit complicated. 
Shall we proceed through the code with examples and corrections?
| Code: | function byteTableToAobString(addr,opt)
local tbl = {}
if opt==1 then -- dword
tbl = dwordToByteTable(readInteger(addr))
elseif opt==2 then -- dword
tbl = doubleToByteTable(readInteger(addr))
elseif opt==3 then -- dword
tbl = floatToByteTable(readInteger(addr))
end
for k,v in ipairs(tbl) do
tbl[k] = ('%02X'):format(v)
end
return table.concat(tbl, ' ')
end
local resultAddr = {}
function multiAOBPatch(from,byt)
resultAddr = {}
local res = 0
from = tostring(from)
local aob = AOBScan(from)
if (aob == nil) then
res = 0
else
for i=0,aob.Count-1 do
local address=stringlist_getString(aob,i)
local addrByte = address.."+"..byt
readPer = byteTableToAobString(addrByte, 1)
if readPer~="00 00 00 00 " then
resultAddr[#resultAddr + 1] = address
res = 1
end
end
aob.Destroy()
end
return res
end
function searchAddr(from,upAddr,downAddr,byt1)
byt = ('%02X'):format(byt1)
res1 = multiAOBPatch(from,byt)
if res1==1 then
--print(res)
local input1 = readInteger(upAddr) -- Up address (4bytes)
local input2 = readInteger(downAddr) -- Up address (4bytes)
for l,k in pairs(resultAddr) do
local input3 = readInteger(k.."+"..byt) -- check "00 00 00 00" (float ?)
if input1 > input3 or input2 > input3 then
if input1 > input3 then
value1 = k
value2 = k.."+890"
value3 = k.."+1120"
value4 = k.."+19B0"
print("Value1: "..k.."\n - Value2: "..readFloat(value2).."\n - Value3: "..readFloat(value3).."\n - Value4: "..readFloat(value4))
elseif input2 > input3 then
value1 = k
value2 = k.."+890"
value3 = k.."+1120"
value4 = k.."+19B0"
print("Value1: "..k.."\n - Value2: "..readFloat(value2).."\n - Value3: "..readFloat(value3).."\n - Value4: "..readFloat(value4))
end
end
end
else
showMessage("Code not found..")
end
end
-- Edit aob code to scan:
search = "00 00 80 3F 00 00 00 00 00 00 80 3F 00 00 00 00 ?? ?? ?? ?? 00 00 00 00"
--The range to be compared is 4 bytes from 16 bytes in the example and is: (Edit it to your liking.)
-- "00 00 80 3F 00 00 00 00 00 00 80 3F 00 00 00 00 ?? ?? ?? ??"
-- 0..1..2..3..4..5..6..7..8..9..10.11.12.13.14.15.16
upAddr = "2B2D5764DC4" -- your address ?
downAddr = "2B2D5764DE4" -- your address ?
searchAddr(src,upAddr,downAddr,16)
|
_________________
|
|
| Back to top |
|
|
titomdma
Newbie cheater
![]() Reputation: 0
Joined: 14 Jul 2024
Posts: 12
|
| Posted: Tue Jul 16, 2024 7:04 pm Post subject: |
|
|
| AylinCE wrote: | Confess it; The problem is a bit complicated.
Shall we proceed through the code with examples and corrections?
| Code: | function byteTableToAobString(addr,opt)
local tbl = {}
if opt==1 then -- dword
tbl = dwordToByteTable(readInteger(addr))
elseif opt==2 then -- dword
tbl = doubleToByteTable(readInteger(addr))
elseif opt==3 then -- dword
tbl = floatToByteTable(readInteger(addr))
end
for k,v in ipairs(tbl) do
tbl[k] = ('%02X'):format(v)
end
return table.concat(tbl, ' ')
end
local resultAddr = {}
function multiAOBPatch(from,byt)
resultAddr = {}
local res = 0
from = tostring(from)
local aob = AOBScan(from)
if (aob == nil) then
res = 0
else
for i=0,aob.Count-1 do
local address=stringlist_getString(aob,i)
local addrByte = address.."+"..byt
readPer = byteTableToAobString(addrByte, 1)
if readPer~="00 00 00 00 " then
resultAddr[#resultAddr + 1] = address
res = 1
end
end
aob.Destroy()
end
return res
end
function searchAddr(from,upAddr,downAddr,byt1)
byt = ('%02X'):format(byt1)
res1 = multiAOBPatch(from,byt)
if res1==1 then
--print(res)
local input1 = readInteger(upAddr) -- Up address (4bytes)
local input2 = readInteger(downAddr) -- Up address (4bytes)
for l,k in pairs(resultAddr) do
local input3 = readInteger(k.."+"..byt) -- check "00 00 00 00" (float ?)
if input1 > input3 or input2 > input3 then
if input1 > input3 then
value1 = k
value2 = k.."+890"
value3 = k.."+1120"
value4 = k.."+19B0"
print("Value1: "..k.."\n - Value2: "..readFloat(value2).."\n - Value3: "..readFloat(value3).."\n - Value4: "..readFloat(value4))
elseif input2 > input3 then
value1 = k
value2 = k.."+890"
value3 = k.."+1120"
value4 = k.."+19B0"
print("Value1: "..k.."\n - Value2: "..readFloat(value2).."\n - Value3: "..readFloat(value3).."\n - Value4: "..readFloat(value4))
end
end
end
else
showMessage("Code not found..")
end
end
-- Edit aob code to scan:
search = "00 00 80 3F 00 00 00 00 00 00 80 3F 00 00 00 00 ?? ?? ?? ?? 00 00 00 00"
--The range to be compared is 4 bytes from 16 bytes in the example and is: (Edit it to your liking.)
-- "00 00 80 3F 00 00 00 00 00 00 80 3F 00 00 00 00 ?? ?? ?? ??"
-- 0..1..2..3..4..5..6..7..8..9..10.11.12.13.14.15.16
upAddr = "2B2D5764DC4" -- your address ?
downAddr = "2B2D5764DE4" -- your address ?
searchAddr(src,upAddr,downAddr,16)
|
|
Thanks again for your time
Your code run without errors but is searching values at wrong values addresses, because I dont know where I need input k address neither up/down percentage.
Im shy to ask this question public and look stupid 
I add value1 address with description "k" didnt works neither
Edited upaddrss & down address well
upAddr = "1DB7E2BEF58" -- your address ?
downAddr = "1DB7E2BEF58" -- your address ?
thanks in advance
|
|
| Back to top |
|
|
AylinCE
Grandmaster Cheater Supreme
Reputation: 37
Joined: 16 Feb 2017
Posts: 1524
|
| Posted: Tue Jul 16, 2024 8:38 pm Post subject: |
|
|
The addresses specified for "k" (belonging to k) are passed through the "multiAOBPatch()" filter.
This will put the results in the table unless the 4 bytes are "00 00 00 00" (it will probably deviate slightly.)
"k" reflects the addresses listed in this table, respectively.
If you want, let's not test "00 00 00 00" in the "multiAOBPatch()" function, probably the "Up" and "Down" addresses already do this test.
| Code: | function multiAOBPatch(from,byt)
resultAddr = {}
local res = 0
from = tostring(from)
local aob = AOBScan(from)
if (aob == nil) then
res = 0
else
for i=0,aob.Count-1 do
local address=stringlist_getString(aob,i)
local addrByte = address.."+"..byt
readPer = byteTableToAobString(addrByte, 1)
if readPer~="00 00 00 00 " then
resultAddr[#resultAddr + 1] = address
res = 1
end
end
aob.Destroy()
end
return res
end |
Second, why are your "Up" and "Down" addresses the same?
upAddr = "1DB7E2BEF58"
downAddr = "1DB7E2BEF58"
If these addresses will be the same, let's code it again with a single address.
3) I still don't know if the address specified for "search" is correct.
And if it is false, the range to be tested (16 bytes) may also be different.
input4 = x% UP
input5 = y% DOWN
4) I don't know where "x%" gets these values.
I assume it just reads 4 bytes from the bound address and evaluates it up and down.
5) Let's evaluate the existing code again with its explanations:
Code:
1) Scans the given aob code (search="...")
2) If the specified part of the results (16th byte is pointed) is not "00 00 00 00", it adds those results to the table.
3) The specified part of the addresses in the table (16 bytes marked) is tested with the addresses given for "Up" and "Down".
Test: If "input1-2" is higher than "input3", it does not operate.
It prints the address only if "input1" is higher than "input3". (Reserves for processing.) print(valu1-2-3-4)
If "input1" and "input2" are lower than "input3", it does not work.
What should be paid attention to?
1) To the scan code. (search="...") Is that true?
2) The byte range to be tested (byte 16) Is it in the correct range?
3) If you interpret the current statements, what should or should not happen?
-----------------------------------
Finally; Please don't hesitate to ask questions and develop solutions.
I am a person who has struggled with simpler solutions and asked questions over and over again in the past.
It allows us to understand better and helps novices improve if they visit those archives.
Sometimes you cannot fully explain the problem correctly, and sometimes we offer solutions without understanding it correctly.
_________________
|
|
| Back to top |
|
|
titomdma
Newbie cheater
![]() Reputation: 0
Joined: 14 Jul 2024
Posts: 12
|
| Posted: Wed Jul 17, 2024 7:17 am Post subject: |
|
|
| AylinCE wrote: | The addresses specified for "k" (belonging to k) are passed through the "multiAOBPatch()" filter.
This will put the results in the table unless the 4 bytes are "00 00 00 00" (it will probably deviate slightly.)
"k" reflects the addresses listed in this table, respectively.
If you want, let's not test "00 00 00 00" in the "multiAOBPatch()" function, probably the "Up" and "Down" addresses already do this test.
| Code: | function multiAOBPatch(from,byt)
resultAddr = {}
local res = 0
from = tostring(from)
local aob = AOBScan(from)
if (aob == nil) then
res = 0
else
for i=0,aob.Count-1 do
local address=stringlist_getString(aob,i)
local addrByte = address.."+"..byt
readPer = byteTableToAobString(addrByte, 1)
if readPer~="00 00 00 00 " then
resultAddr[#resultAddr + 1] = address
res = 1
end
end
aob.Destroy()
end
return res
end |
Second, why are your "Up" and "Down" addresses the same?
upAddr = "1DB7E2BEF58"
downAddr = "1DB7E2BEF58"
If these addresses will be the same, let's code it again with a single address.
3) I still don't know if the address specified for "search" is correct.
And if it is false, the range to be tested (16 bytes) may also be different.
input4 = x% UP
input5 = y% DOWN
4) I don't know where "x%" gets these values.
I assume it just reads 4 bytes from the bound address and evaluates it up and down.
5) Let's evaluate the existing code again with its explanations:
Code:
1) Scans the given aob code (search="...")
2) If the specified part of the results (16th byte is pointed) is not "00 00 00 00", it adds those results to the table.
3) The specified part of the addresses in the table (16 bytes marked) is tested with the addresses given for "Up" and "Down".
Test: If "input1-2" is higher than "input3", it does not operate.
It prints the address only if "input1" is higher than "input3". (Reserves for processing.) print(valu1-2-3-4)
If "input1" and "input2" are lower than "input3", it does not work.
What should be paid attention to?
1) To the scan code. (search="...") Is that true?
2) The byte range to be tested (byte 16) Is it in the correct range?
3) If you interpret the current statements, what should or should not happen?
-----------------------------------
Finally; Please don't hesitate to ask questions and develop solutions.
I am a person who has struggled with simpler solutions and asked questions over and over again in the past.
It allows us to understand better and helps novices improve if they visit those archives.
Sometimes you cannot fully explain the problem correctly, and sometimes we offer solutions without understanding it correctly. |
sorry delay I was sleeping
You are right Up/Down address cant be same, was my mistake copied 1 time paste 2 
I explained very bad sorry
Values 2-4 could be bigger, same or lower than value1
Kaddress = value1address
Kaddress +890 = value2address
Kaddress +1120 = value3address
Kaddress +19B0 = value4address
Example
Kaddress = 28259287204
value2address = 28259287A94
value3address = 28259288324
value4address = 28259288BB4
X is a number for calculate increase percentage if UPvalue is bigger than 00 00 00 00
Y is a number for calculate decrease percentage if DOWNvalue is bigger than 00 00 00 00
Example
If Xvalue = 10 = +10%
(Value1)*1,10
(Value2)*1,10
(Value3)*1,10
(Value4)*1,10
If Yvalue = 10 = -10%
(value1)*0,90
(value2)*0,90
(value3)*0,90
(value4)*0,90
Operational order
1) I search kaddress manually
2) I search UPaddress manually
3) I search DOWNaddress manually
then
4) I write kaddress, UPaddress, DOWNaddress, Xvalue & Yvalue on script.
5) Execute script
How many times lua script is running per second? Could be set?
Thanks for your time, you are spending a lot with me. Do you have patreon or similar?
|
|
| Back to top |
|
|
AylinCE
Grandmaster Cheater Supreme
Reputation: 37
Joined: 16 Feb 2017
Posts: 1524
|
| Posted: Wed Jul 17, 2024 11:50 am Post subject: |
|
|
First, let's create the code that finds the correct values.
Calculations can then be made.
| Code: | function byteTableToAobString(addr,opt)
local tbl = {}
if opt==1 then -- dword
tbl = dwordToByteTable(readInteger(addr))
elseif opt==2 then -- dword
tbl = doubleToByteTable(readInteger(addr))
elseif opt==3 then -- dword
tbl = floatToByteTable(readInteger(addr))
end
for k,v in ipairs(tbl) do
tbl[k] = ('%02X'):format(v)
end
return table.concat(tbl, ' ')
end
local resultAddr = {}
function multiAOBPatch(from,byt)
resultAddr = {}
local res = 0
from = tostring(from)
local aob = AOBScan(from)
if (aob == nil) then
res = 0
else
for i=0,aob.Count-1 do
local address=stringlist_getString(aob,i)
-- print(address)
local addrByte = address.."+"..byt
readPer = byteTableToAobString(addrByte, 1)
if readPer~="00 00 00 00 " then
resultAddr[#resultAddr + 1] = address
res = 1
end
end
aob.Destroy()
end
return res
end
function searchAddr(from,upAddr,downAddr,byt1)
byt = ('%02X'):format(byt1)
res1 = multiAOBPatch(from,byt)
if res1==1 then
--print(res)
local input1 = readInteger(upAddr) -- Up address (4bytes)
local input2 = readInteger(downAddr) -- Up address (4bytes)
for l,k in pairs(resultAddr) do
local input3 = readInteger(k.."+"..byt) -- check "00 00 00 00" (float ?)
if input1 > input3 or input2 > input3 then
if input1 > input3 then
value1 = k
value2 = k.."+890"
value3 = k.."+1120"
value4 = k.."+19B0"
print("Value1: "..k.."\n - Value2: "..readFloat(value2).."\n - Value3: "..readFloat(value3).."\n - Value4: "..readFloat(value4))
elseif input2 > input3 then
value1 = k
value2 = k.."+890"
value3 = k.."+1120"
value4 = k.."+19B0"
print("Value1: "..k.."\n - Value2: "..readFloat(value2).."\n - Value3: "..readFloat(value3).."\n - Value4: "..readFloat(value4))
end
end
end
else
showMessage("Code not found..")
end
end
-- Edit aob code to scan:
search = "00 00 80 3F 00 00 00 00 00 00 80 3F 00 00 00 00 ?? ?? ?? ?? 00 00 00 00"
--The range to be compared is 4 bytes from 16 bytes in the example and is: (Edit it to your liking.)
-- "00 00 80 3F 00 00 00 00 00 00 80 3F 00 00 00 00 ?? ?? ?? ??"
-- 0..1..2..3..4..5..6..7..8..9..10.11.12.13.14.15.16
upDownAddr = "2B2D5764DC4" -- your address ?
searchAddr(src,upDownAddr,16) |
Edit this section and make sure you give the correct aob code and correct byte range:
| Code: | -- Edit aob code to scan:
search = "00 00 80 3F 00 00 00 00 00 00 80 3F 00 00 00 00 ?? ?? ?? ?? 00 00 00 00"
--The range to be compared is 4 bytes from 16 bytes in the example and is: (Edit it to your liking.)
-- "00 00 80 3F 00 00 00 00 00 00 80 3F 00 00 00 00 ?? ?? ?? ??"
-- 0..1..2..3..4..5..6..7..8..9..10.11.12.13.14.15.16
upDownAddr = "2B2D5764DC4" -- your address ?
searchAddr(src,upDownAddr,16) |
You can manipulate this code.
For example;
You can see the results and test whether the address you found manually is included in them.
In this function "multiAOBPatch(from,byt)" you can activate the following print line:
| Code: | for i=0,aob.Count-1 do
local address=stringlist_getString(aob,i)
-- print(address) |
Play around with the code, test some parts with "print()" and let me know what's needed.
Let's get the correct aob results first, then we do the calculations.
-------------------------------------------------------------------
-------------------------------------------------------------------
| titomdma wrote: | | Do you have patreon or similar? |
I leave a link here.
For those wondering;
Thank you in advance to everyone who will support CE and CEF and help them survive.
https://www.patreon.com/cheatengine/
-------------------------------------------------------------------
-------------------------------------------------------------------
_________________
|
|
| Back to top |
|
|
titomdma
Newbie cheater
![]() Reputation: 0
Joined: 14 Jul 2024
Posts: 12
|
| Posted: Wed Jul 17, 2024 5:16 pm Post subject: |
|
|
| AylinCE wrote: | First, let's create the code that finds the correct values.
Calculations can then be made.
|
I modified script
| Code: | function byteTableToAobString(addr,opt)
local tbl = {}
if opt==1 then -- dword
tbl = dwordToByteTable(readInteger(addr))
elseif opt==2 then -- dword
tbl = doubleToByteTable(readInteger(addr))
elseif opt==3 then -- dword
tbl = floatToByteTable(readInteger(addr))
end
for k,v in ipairs(tbl) do
tbl[k] = ('%02X'):format(v)
end
return table.concat(tbl, ' ')
end
local resultAddr = {}
function multiAOBPatch(from,byt)
resultAddr = {}
local res = 0
from = tostring(from)
local aob = AOBScan(from)
if (aob == nil) then
res = 0
else
for i=0,aob.Count-1 do
local address=stringlist_getString(aob,i)
-- print(address)
local addrByte = address.."+"..byt
readPer = byteTableToAobString(addrByte, 1)
if readPer~="00 00 00 00 " then
resultAddr[#resultAddr + 1] = address
res = 1
end
end
aob.Destroy()
end
return res
end
function searchAddr(from,upAddr,downAddr,byt1)
byt = ('%02X'):format(byt1)
res1 = multiAOBPatch(from,byt)
if res1==1 then
--print(res)
local input1 = readInteger(upAddr) -- Up address (4bytes)
local input2 = readInteger(downAddr) -- Up address (4bytes)
for l,k in pairs(resultAddr) do
local input3 = readInteger(k.."+"..byt) -- check "00 00 00 00" (float ?)
if input1 > input3 or input2 > input3 then
if input1 > input3 then
value1 = k
value2 = k.."+890"
value3 = k.."+1120"
value4 = k.."+19B0"
print("Value1: "..k.."\n - Value2: "..readFloat(value2).."\n - Value3: "..readFloat(value3).."\n - Value4: "..readFloat(value4))
elseif input2 > input3 then
value1 = k
value2 = k.."+890"
value3 = k.."+1120"
value4 = k.."+19B0"
print("Value1: "..k.."\n - Value2: "..readFloat(value2).."\n - Value3: "..readFloat(value3).."\n - Value4: "..readFloat(value4))
end
end
end
else
showMessage("Code not found..")
end
end
-- Edit aob code to scan:
search = "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 C7 2A 94 3B CD A9 32 3C CD A9 B2 3B CD A9 B2 3B F3 D1 4D 3A 76 5D 9A 3A F2 04 35 3F AE 47 21 3F 00 00 00 00 00 00 00 00 8B 6C A7 3F 00 00 00 00 24 67 11 39 3E EE 8E 39 38 94 0F 3B F2 04 35 3F 00 00 80 3F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8B 6C A7 BF 00 00 00 00 00 00 00 00 3E EE 0E 3A E7 D5 EB 3A F2 04 35 3F 00 00 80 3F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 3F 00 00 A0 3F 46 94 D6 40 46 94 D6 40 00 00 80 3F 00 00 80 3F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 3F 00 00 80 3F 00 00 80 3F 9A 99 19 3F 46 94 D6 40 46 94 D6 40 00 00 80 3F 00 00 80 3F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 3F 00 00 80 3F 00 00 80 3F 9A 99 19 3F 46 94 D6 40 46 94 D6 40 00 00 80 3F 00 00 80 3F 00 00 00 00 00 00 00 00 00 00 00 00"
--The range to be compared is 4 bytes from 16 bytes in the example and is: (Edit it to your liking.)
-- "00 00 80 3F 00 00 00 00 00 00 80 3F 00 00 00 00 ?? ?? ?? ??"
-- 0..1..2..3..4..5..6..7..8..9..10.11.12.13.14.15.16
upDownAddr = "2B2D5764DC4" -- your address ?
searchAddr(src,upDownAddr,16) |
print error
Error:[string "function byteTableToAobString(addr,opt)
..."]:42: bad argument #1 to 'format' (number expected, got nil)
Error:[string "function byteTableToAobString(addr,opt)
..."]:42: bad argument #1 to 'format' (number expected, got nil)
I used DBVM find out read & write for value1 value2 value3 & value4 and print that
Sfxstart.x64_release_final.exe+113B5E8:
7FF73CA3B5DD - 4D 8D 80 90080000 - lea r8,[r8+00000890]
7FF73CA3B5E4 - 41 8B 41 D4 - mov eax,[r9-2C]
7FF73CA3B5E8 - 41 89 80 80F7FFFF - mov [r8-00000880],eax <<
7FF73CA3B5EF - 41 8B 41 D8 - mov eax,[r9-28]
7FF73CA3B5F3 - 41 89 80 7CF7FFFF - mov [r8-00000884],eax
RAX=00000000BDCB4989
RBX=000000D36BDFE818
RCX=00000285279DD860
RDX=00000285279E07BC
RSI=0000000000000006
RDI=00000285279DD860
RSP=000000D36BDFE6C0
RBP=0000000000000005
RIP=00007FF73CA3B5E8
R8=00000285279E0784
R9=000000D36BDFE804
R10=0000000000000003
R11=0000000000000000
R12=00000285D9DCE830
R13=00000285279DD860
R14=0000027DCAA6CAC0
R15=00000000000000D0
Maybe is possible do opposite
Search 4D 8D 80 90 08 00 00 then debug and find where write to obtain value addresses
Thanks
|
|
| Back to top |
|
|
AylinCE
Grandmaster Cheater Supreme
Reputation: 37
Joined: 16 Feb 2017
Posts: 1524
|
| Posted: Wed Jul 17, 2024 7:15 pm Post subject: |
|
|
The code still requests the up and down addresses.
Use the replacement below.
-- searchAddr(from,upAddr,downAddr,byt1)
-- no:
searchAddr(src,upDownAddr,16)
-- use:
searchAddr(search,upDownAddr,upDownAddr,16)
_________________
|
|
| Back to top |
|
|
titomdma
Newbie cheater
![]() Reputation: 0
Joined: 14 Jul 2024
Posts: 12
|
| Posted: Mon Jul 22, 2024 2:17 pm Post subject: |
|
|
| AylinCE wrote: | The code still requests the up and down addresses.
Use the replacement below.
-- searchAddr(from,upAddr,downAddr,byt1)
-- no:
searchAddr(src,upDownAddr,16)
-- use:
searchAddr(search,upDownAddr,upDownAddr,16) |
I tried but didnt works,
Then I search on forum & found a Topic with this tittle
Automatically reveal the address written by an instruction?
I cant add links
Search where function writes.
My functon is
Sfxstart.x64_release_final.exe+113B5E8:
7FF73CA3B5DD - 4D 8D 80 90080000 - lea r8,[r8+00000890]
7FF73CA3B5E4 - 41 8B 41 D4 - mov eax,[r9-2C]
7FF73CA3B5E8 - 41 89 80 80F7FFFF - mov [r8-00000880],eax <<
7FF73CA3B5EF - 41 8B 41 D8 - mov eax,[r9-28]
7FF73CA3B5F3 - 41 89 80 7CF7FFFF - mov [r8-00000884],eax
A friend help me coding that:
| Code: |
[ENABLE]
alloc(newmem,2048,"Sfxstart.x64_release_final.exe"+113B5E8)
label(returnhere)
label(originalcode)
label(exit)
alloc(registeredwriteaddress,8)
registersymbol(registeredwriteaddress)
newmem:
mov [registeredwriteaddress], r8 // save base r8
add [registeredwriteaddress], -880 // set displacement
originalcode:
mov [r8-00000880], eax // Original instruction
exit:
jmp returnhere
"Sfxstart.x64_release_final.exe"+113B5E8:
jmp newmem
nop 2 // Ajusta según el tamaño de la instrucción original
returnhere:
[DISABLE]
dealloc(newmem)
"Sfxstart.x64_release_final.exe"+113B5E8:
mov [r8-00000880], eax // Original instruction
unregistersymbol(registeredwriteaddress)
dealloc(registeredwriteaddress)
|
Sure something wrong in this code because Sfxstart.x64_release_final.exe is in red before I execute script.
When I execute script. CE print this error
[string "[ENABLE]
..."]:1: unexpected symbol near '['
Thanks in advance
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
