Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


memscan firstScan returns one address and its 0x0

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Lua Scripting
View previous topic :: View next topic  
Author Message
matrix_smq
How do I cheat?
Reputation: 0

Joined: 28 Oct 2021
Posts: 2
PostPosted: Fri Sep 01, 2023 7:45 am    Post subject: memscan firstScan returns one address and its 0x0 Reply with quote
Hello,
I've been looking for ways to search for a pointer
(The neededPointer is a Dictionary struct, and the lower pointers keep changing when resizing the Dict.)

Code:
[[[neededPointer+10]+18]+30]  = myValue


but was mostly unsuccessful ( tried custom value type and some lua ).

My current try is with Memscan.firstScan to find and check all addresses that would match my constraint and crossmatch until I find the neededPointer.
I've already done this manually and it works like a charm, but in LUA, it's just not working...

(If anyone has any idea on how to make this simpler, I'm all eyes and ears.)

So, I easily got the address that holds myValue

address-30 is the first baseAddress.

when I try to scan for the baseAddress, it returns an table of 1, that contains 00000000

my code looks like this:
Code:

function callScan (value, varType)
  local memScan = createMemScan()
  memScan.firstScan(soExactValue,
                  varType,
                  rtRounded,
                  value,
                  '',
                  '0',
                  '00007fffffffffff',
                  "+W-C" ,
                  fsmAligned,
                  "4",
                  false,
                  false,
                  false,
                  false
  );
  memScan.waitTillDone()

  local foundlist = createFoundList(memScan)
  foundlist.initialize()

  local output = {}
  for i=1, foundlist.Count do
    table.insert(output, foundlist.Address[i])
  end

  foundlist.deinitialize();
  foundlist.destroy()

  memScan.destroy()

  foundlist = nil
  memScan = nil

  return output
end
 
callSign(0x1CA80, vtWord) -- returns many results

callSign(0xA171CA80, vtDword) -- returns {'00000000'}

callSign(0x1ECA171CA80, vtQword) -- returns {'00000000'}


Am I crazy? The function works fine when using it to find smaller integers

(Windows 10 / CE 7.5)
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 152

Joined: 06 Jul 2014
Posts: 4702
PostPosted: Fri Sep 01, 2023 9:48 am    Post subject: Reply with quote
matrix_smq wrote:
Code:
for i=1, foundlist.Count do
  table.insert(output, foundlist.Address[i])
end
The foundlist is a pascal object, not a Lua object. Indexing starts from 0: i.e. `for i = 0, foundlist.Count - 1 do ... end`.
It's tough to know which things start from 0 (pascal thing) and which start from 1 (lua arrays). Generally speaking, if the documentation mentions something about a byte array (e.g. readBytes, byteTableToX), it's usually a Lua array; if it's an index into a class object (e.g. address list, memory records, string list, etc.), it's usually a pascal thing.

I'd guess you got 0 due to the undefined behaviour of a buffer overflow.
_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
matrix_smq
How do I cheat?
Reputation: 0

Joined: 28 Oct 2021
Posts: 2
PostPosted: Fri Sep 01, 2023 11:09 am    Post subject: Reply with quote
ParkourPenguin wrote:
matrix_smq wrote:
Code:
for i=1, foundlist.Count do
  table.insert(output, foundlist.Address[i])
end
The foundlist is a pascal object, not a Lua object. Indexing starts from 0: i.e. `for i = 0, foundlist.Count - 1 do ... end`.
It's tough to know which things start from 0 (pascal thing) and which start from 1 (lua arrays). Generally speaking, if the documentation mentions something about a byte array (e.g. readBytes, byteTableToX), it's usually a Lua array; if it's an index into a class object (e.g. address list, memory records, string list, etc.), it's usually a pascal thing.

I'd guess you got 0 due to the undefined behaviour of a buffer overflow.


This is actually interesting, I wonder how at least 3 scans ended up in the right memory location and the next ended up with the same results regardless of game/CE restarts. That's actually amazing.
Gotta love buffer overflows.

I've set it to start from 0 and it worked, thank you for the clarification. Maybe darkbyte will consider adding this info to the wiki/celua.txt
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 470

Joined: 09 May 2003
Posts: 25791
Location: The netherlands
PostPosted: Sun Sep 03, 2023 12:09 am    Post subject: Reply with quote
i'll add it to the manual. And it's not a buffer overflow, it's caught and just returns 0 as errorcode, and then lua converts that into the string '00000000'
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Lua Scripting All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites