 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Rectangle
Advanced Cheater
![]() Reputation: 1
Joined: 23 Feb 2013
Posts: 73
|
 Posted: Sat Feb 23, 2013 8:35 pm Post subject: Clearing the address list, and using soUnknownValue? |
 |
|
Two things:
1.) My script is designed to use the process of elimination to find an unknown 8-byte value (from an internal timer) who's address changes between different levels in the game. I can't figure out how to programmatically clear all records from the addresslist returned via getAddressList(), and this results in my script adding ambiguous entries as opposed to updating it. How can I remove all entries in the addresslist?
2.) Also, I'm having some trouble using memscan_firstScan with soUnknownValue and memscan_nextScan with soDecreasedValue, to find a list of addresses who's value decreases over time (again, I'm trying to manipulate an 8-byte timer variable). I get a lot of access violation errors with memscan_firstScan, even when it's parameters are set to the same ones used to scan addresses via the GUI -- which appears to find the target address(es) just fine, except for the inconvenient fact that you have very little time to search, as well as the fact that you would need to repeat this process between each in-game level. This is why I started scripting in Cheat Engine. Let it be known that I am a knowledgeable C++ Win32 programmer, so I understand what an access violation is and how to counter it... but why does this happen only in code and NOT when using the GUI? Here's my script, thus far:
| Code: | function IS(obj)
if(obj == nil or obj == false) then
showMessage("[ERROR] - null object")
return false
else
return true
end
end
--find all 8-byte values
i = 0
pause()
print("[INFO] - Initial scan...")
ms = createMemScan()
memscan_firstScan(ms, soUnknownValue, vtQword, rtTruncated, 0, nil, 0, 7fffffffffffffff, "", fsmNotAligened, "", false, false, false, false)
memscan_waitTillDone(ms)
found = memscan_getAttachedFoundlist(ms)
if IS(found) then print("- Found "..foundlist_getCount(found).." entries") end
--create an update timer to check for gradually decreased 8-byte values
t = createTimer(nil, false)
timer_setInterval(t, 1500) -- 1.5 seconds
timer_onTimer(t, update)
timer_setEnabled(t, true)
unpause()
--search for any decreased values over a short period of time
function update()
--only allow a maximum of 5 updates, for debugging purposes
i = i + 1
if i > 5 then
timer_setEnabled(t, false)
object_destroy(t)
object_destroy(ms)
print("[INFO] - Timer has been destroyed")
return
end
--display any changes
pause()
print("[INFO] - Updating...");
memscan_nextScan(ms, soDecreasedValue, rtTruncated, 0, nil, false, false, false, false, false, '')
memscan_waitTillDone(ms)
found = memscan_getAttachedFoundlist(ms)
if IS(found) then print("- Found "..foundlist_getCount(found).." entries") end
unpause()
end |
If you feel like helping me out, this is for Candy Crush Saga timed levels, and is attached to FlashPlayerPlugin_11_5_502_149.exe on Windows 7 using Firefox. There are normally 2 of these processes running simultaneously, and youu need to attach to the 2nd one in the list of running processes.
Thanks in advance to anyone who can offer me some advice.
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 458
Joined: 09 May 2003
Posts: 25288
Location: The netherlands
|
| Posted: Sat Feb 23, 2013 9:09 pm Post subject: |
|
|
1:
To delete the addresslist first use getAddressList() to get the addresslist object
Then as long as addresslist_getCount(addresslist) is bigger than 0 delete the first entry of the list : memoryrecord_delete(addresslist_getMemoryRecord(addresslist,0))
2:
That shouldn't give an access violation but just a malformed number error. (it should be 0x7fffffffffffffff or "7fffffffffffffff". I recommend the string version as that's what ce uses internally as parameter )
Also, input1 and input2 MUST be strings. Not values or nil, so "" , ""
memscan_getAttachedFoundlist will return nil as you haven't created a foundlist object . Use createFoundList(ms) to create an associated foundlist object and call foundlist_initialize(fl) after each scan when you want to access the results
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Rectangle
Advanced Cheater
![]() Reputation: 1
Joined: 23 Feb 2013
Posts: 73
|
| Posted: Sat Feb 23, 2013 9:53 pm Post subject: |
|
|
| Dark Byte wrote: | | That shouldn't give an access violation but just a malformed number error. (it should be 0x7fffffffffffffff or "7fffffffffffffff") |
Oops! That was a copy/paste typo. I was using 0x10000000 previously (to test if I still got access violation errors, which I did). However, I changed it to use a string instead, and replaced both input params to null strings, and now I no longer get access violations. But now, searches are returning 0 results. In the GUI, I initially get thousands. Here are my changes:
| Code: | function IS(obj)
if(obj == nil or obj == false) then
showMessage("[ERROR] - null object")
return false
else
return true
end
end
i = 0
count = 0
maxUpdates = 10
--find all 8-byte values
pause()
print("[INFO] - Initial scan...")
ms = createMemScan()
memscan_firstScan(ms, soUnknownValue, vtQword, rtTruncated, "", "", "0", "ffffffffffffffff", "", fsmNotAligened, "", false, false, false, false)
memscan_waitTillDone(ms)
createFoundList(ms)
found = memscan_getAttachedFoundlist(ms)
if IS(found) then
count = foundlist_getCount(found)
print("- Found "..count.." entries")
end
--create an update timer to check for gradually decreased 8-byte values
t = createTimer(nil, false)
timer_setInterval(t, 1500) -- 1.5 seconds
timer_onTimer(t, update)
timer_setEnabled(t, true)
unpause()
--search for any decreased values over a short period of time
function update()
pause()
--only allow a maximum # of updates, for debugging purposes
i = i + 1
if i > maxUpdates then
timer_setEnabled(t, false)
object_destroy(t)
object_destroy(ms)
print("[INFO] - Timer has been destroyed")
unpause()
return
end
--display any changes
print("[INFO] - Updating...");
memscan_nextScan(ms, soDecreasedValue, rtTruncated, "", "", false, false, false, false, false, '')
memscan_waitTillDone(ms)
createFoundList(ms)
found = memscan_getAttachedFoundlist(ms)
if IS(found) then
count = foundlist_getCount(found)
print("- Found "..count.." entries")
end
--add any found entries to the address list
if count > 0 then
--clear any previous records
local al = getAddressList()
if addresslist_getCount(al) > 0 then
memoryrecord_delete(addresslist_getMemoryRecord(al, 0))
end
--update current records
for n=0,count do
local saddress=foundlist_getAddress(found, n)
local mr = addresslist_createMemoryRecord(al)
memoryrecord_setDescription(mr, "Automated Scan #"..i.."/"..maxUpdates)
memoryrecord_setAddress(mr, saddress)
memoryrecord_setType(mr, vtQword)
end
end
unpause()
end |
But as for issue #1, thanks! It works.
Last edited by Rectangle on Sun Feb 24, 2013 9:29 am; edited 1 time in total |
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 458
Joined: 09 May 2003
Posts: 25288
Location: The netherlands
|
| Posted: Sun Feb 24, 2013 5:15 am Post subject: |
|
|
call foundlist_initialize(found) after the scan
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
