 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
SleepiDreamer
Cheater
![]() Reputation: 0
Joined: 27 Aug 2021
Posts: 41
|
 Posted: Fri Mar 11, 2022 10:21 am Post subject: Lua, what's this instruction accessing? (Solved) |
 |
|
Whoops, posted this in the main thread 
first off, some backstory:
I'm trying to find settings in Minecraft Windows 10 Edition reliably, even through multiple versions.
The current approach we're using is just to try and find a new pointer for every new version and beta version. I've found that our 'main' setting - which is called 'Sun Azimuth' - actually has a 'higher level' setting: this Sun Azimuth setting is writing its own value to another address which is in static memory every frame. So it's basically a duplicate... just better.
I've already found a way to somewhat reliably find this higher setting (using AOBScan), now I just need to figure out how I do 'find out what addresses this instruction accesses' in Lua.
I found a lot of posts abpit it already, but none of their approaches seem to work.
Currently, I'm using this code:
| Code: | openProcess("Minecraft.Windows.exe")
function wait(seconds)
local start = os.time()
repeat until os.time() > start + seconds
end
res = AOBScan("8B 82 A4 00 00 00 89 81 A4 00 00 00 8B 82 A8 00 00 00 89 81 A8 00 00 00 8B 82 AC 00 00 00 89 81 AC 00 00 00")
toplevel = "0x"..res[0]
--toplevel = "0x"..'7FF7C1B2BD2D'
print("toplevel: ",toplevel)
debug_setBreakpoint(toplevel,function(f) print("EBX="..RDX+0xA4) return 0 end)
wait(0.1)
debug_removeBreakpoint(toplevel) |
If I remove both wait and removebreakpoint, it'll spam a few different values (duh), usually 2x zero, 2x some number, 1x some higher number.
If I then add the breakpoint, it seems to only print the zero, and with wait it seems to only print out the last one.
The fact that there are supposedly multiple addresses being accessed is already weird enough, but how 0x0?
Does anyone know what I did wrong/don't understand?
Thanks for helping me!
PS: what does 'res' actually mean/stand for?
_________________
Hope you're having a great day!
Last edited by SleepiDreamer on Sun Mar 13, 2022 12:58 am; edited 1 time in total |
|
| Back to top |
|
 |
ParkourPenguin
I post too much
 Reputation: 152
Joined: 06 Jul 2014
Posts: 4702
|
| Posted: Fri Mar 11, 2022 12:16 pm Post subject: |
|
|
That looks like some sort of memcpy routine. That instruction is probably accessing more addresses than the one you wanted. See step 9 of the CE tutorial for more information.
RDX could be 0 and the game is just handling the segfault, but more likely than not you're doing something wrong. Maybe the aobscan pattern isn't unique.
That wait function is bad. It's a busy loop (terrible) and os.time has a precision of only 1 second. You should also be using os.difftime to get the difference, but on windows and POSIX systems what you're doing is fine.
CE exposes a sleep function that is better than a busy loop.
Minor nitpicks:
- AOBScan should be scanning through executable memory only. It should be unique (use AOBScanUnique), and if it's in a module, you should only be scanning through that module (use AOBScanModuleUnique).
- You should be using local variables.
- Check if res is nil and, for the AOBScan function, destroy it after you're done using it. The Unique variant of the AOBScan functions just returns an integer- there's no stringlist to destroy.
- You print the text "EBX=" but read from RDX.
| Code: | local result = AOBScanUnique('8B 82 A4 00 00 00 89 81 A4 00 00 00 8B 82 A8 00 00 00 89 81 A8 00 00 00 8B 82 AC 00 00 00 89 81 AC 00 00 00', '+X-W')
assert(result, 'Could not find AOB pattern')
print(('toplevel: %08X'):format(result))
debug_setBreakpoint(result, function()
-- test if address being accessed is correct (CE tutorial step 9)
local isCorrect = true
if isCorrect then
print(('RDX+A4 = %08X'):format(RDX+0xA4))
debug_removeBreakpoint(result)
end
return 0
end)
|
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
SleepiDreamer
Cheater
![]() Reputation: 0
Joined: 27 Aug 2021
Posts: 41
|
| Posted: Sun Mar 13, 2022 12:58 am Post subject: |
|
|
Thanks for the reply, it works now! The problem was indeed AOBScan.
_________________
Hope you're having a great day! |
|
| Back to top |
|
|
Frouk
Grandmaster Cheater
![]() Reputation: 5
Joined: 22 Jun 2021
Posts: 510
|
| Posted: Sun Mar 13, 2022 2:16 am Post subject: |
|
|
sleep function is the same as yours wait function but there's second difference
| Code: | wait = sleep --still need to type ms
--or
function wait(seconds)
sleep(1000 * seconds)
end
|
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
