Array of Bytes (AOB) Scan and Replace All

Want Cheat Engine to do something specific and no idea how to do that, ask here. (From simple scripts to full trainers and extensions)
Post Reply
Sremmurd
Noobzor
Noobzor
Posts: 7
Joined: Sun Mar 18, 2018 8:48 am
Reputation: 0

Array of Bytes (AOB) Scan and Replace All

Post by Sremmurd »

Code: Select all

{$lua}
if syntaxcheck then return end
cheat_name = "MyCheat"
[ENABLE]
local pattern = "48 83 EC 28 E8 ?? ?? ?? ?? 48 83 C4 28"
local replace = "?? ?? ?? ?? 90 90 90 90 90 ?? ?? ?? ??"
-- edit the name of the cheat
-- edit the pattern to search
-- edit the replacement bytes
-- use ?? to ignore the bytes
-- do not edit the code below
local scans = AOBScan(pattern)
if scans == nil then
  showMessage("Unable to find pattern:\n"..pattern)
else
  local saved = {}
  local length = (#replace + 1) / 3
  for i = 0, scans.Count - 1 do
    local backup = readBytes(scans[i], length, true)
    local bytes = {}
    for hex in string.gmatch(replace, "%S+") do
      local size = #bytes + 1
      if hex == "??" then
        bytes[size] = backup[size]
      else
        bytes[size] = tonumber(hex, 16)
      end
    end
    saved[i] = backup
    writeBytes(scans[i], bytes)
  end
  _G[cheat_name] = {
    ["scans"] = scans,
    ["saved"] = saved
  }
end
[DISABLE]
local vars = _G[cheat_name]
if vars ~= nil then
  local scans = vars.scans
  local saved = vars.saved
  for i = 0, scans.Count - 1 do
    writeBytes(scans[i], saved[i])
  end
  scans.Destroy()
  vars.scans = nil
  vars.saved = nil
  vars = nil
  _G[cheat_name] = nil
end


This code from Zanzer on cheat engine forum work, how do I freeze the addresses?

User avatar
FreeER
Expert Cheater
Expert Cheater
Posts: 116
Joined: Fri Mar 10, 2017 7:11 pm
Reputation: 28

Re: Array of Bytes (AOB) Scan and Replace All

Post by FreeER »

Depends on the code you're scanning for. With what's shown iirc E8 is the opcode for a call so if it's the call that changes the values then nopping it with 0x90s will freeze the values (assuming nothing else changes them).

Sremmurd
Noobzor
Noobzor
Posts: 7
Joined: Sun Mar 18, 2018 8:48 am
Reputation: 0

Re: Array of Bytes (AOB) Scan and Replace All

Post by Sremmurd »

FreeER wrote:
Mon Mar 19, 2018 11:19 am
Depends on the code you're scanning for. With what's shown iirc E8 is the opcode for a call so if it's the call that changes the values then nopping it with 0x90s will freeze the values (assuming nothing else changes them).
Uh my game is a little different I cant NOP the opcode... would it be possible to implement this inside my script?

Code: Select all

do
local state = 0; -- not frozen
function freeze(addr,size)
  local data = {readBytes(addr,size)};
  state = 1; -- frozen
  local t = createTimer();
  t.Interval , t.onTimer = 50 , function(this)
    if state == 0 then
      return this.destroy();
    else
      return writeBytes(addr,unpack(data));
    end
  end
end
function unfreeze()
state = 0; -- not frozen
end
end
but it not working I tried
return freeze(scans,4)

I want to freeze the address with the replaced bits

UltimatePoto42
Expert Cheater
Expert Cheater
Posts: 125
Joined: Tue May 02, 2017 6:00 am
Reputation: 15

Re: Array of Bytes (AOB) Scan and Replace All

Post by UltimatePoto42 »

Sremmurd wrote:
Sun Apr 08, 2018 12:28 am
...I cant NOP the opcode...
Why not?
Sremmurd wrote:
Sun Apr 08, 2018 12:28 am
...would it be possible to implement this inside my script?

Code: Select all

do
local state = 0; -- not frozen
function freeze(addr,size)
  local data = {readBytes(addr,size)};
  state = 1; -- frozen
  local t = createTimer();
  t.Interval , t.onTimer = 50 , function(this)
    if state == 0 then
      return this.destroy();
    else
      return writeBytes(addr,unpack(data));
    end
  end
end
function unfreeze()
state = 0; -- not frozen
end
end
Sure. So long as "addr" is always a good address it should work, but I would put in some kind of check; you'd get spammed with errors if the timer is running and "addr" is ever not a good address. With an interval of "50" you may have a hard time disabling the timer or even closing CE, if the game crashes for example.
Also "readBytes" has a "ReturnAsTable" parameter, and "writeBytes" will take a table of bytes as a parameter; so the "{readBytes(addr,size)}" can just be "readBytes(addr, size, true)" and "writeBytes(addr,unpack(data))" can also just be "writeBytes(addr, data)".
Sremmurd wrote:
Sun Apr 08, 2018 12:28 am
...
but it not working I tried
return freeze(scans,4)...
Where/how did you try "return freeze(scans,4)"? And how is it not working?

And what is "scans" (it being plural implies it's a list or table), is it a return from "AOBscan" because that returns a "StringList" not an address. In your first post "scans" is a "StringList", so may be try "freeze(scans[1], 4)".

Sremmurd
Noobzor
Noobzor
Posts: 7
Joined: Sun Mar 18, 2018 8:48 am
Reputation: 0

Re: Array of Bytes (AOB) Scan and Replace All

Post by Sremmurd »

Cannot disable cheat/game crashing :/

edit:i got it working woo thanks
Last edited by Sremmurd on Sun Apr 08, 2018 4:23 am, edited 2 times in total.

UltimatePoto42
Expert Cheater
Expert Cheater
Posts: 125
Joined: Tue May 02, 2017 6:00 am
Reputation: 15

Re: Array of Bytes (AOB) Scan and Replace All

Post by UltimatePoto42 »

The script not disabling is most likely because of the use of "luaCall" in the disable section, it's not a Lua function. Your already using the Lua parser so there is no need for it.

But the game crashing is most likely because of the replaced bytes and that script will replace all matches found. Is that the intention, is yes then why and how many address are you replacing bytes at (you'd need to debug all of the injections)? And is this instruction your scanning for and freezing, if yes then again why?

TimFun13
Expert Cheater
Expert Cheater
Posts: 1354
Joined: Fri Mar 03, 2017 12:31 am
Reputation: 6

Re: Array of Bytes (AOB) Scan and Replace All

Post by TimFun13 »

Sremmurd wrote:
Tue Apr 10, 2018 1:16 am
Hey can you please help me? my script not working again, i forgot what I changed before

Code: Select all

{$lua}
if syntaxcheck then return end
cheat_name = "MyCheat"

[ENABLE]
local state = 0; -- not frozen
function freeze(addr,size)
  local data = readBytes(addr, size, true);
  state = 1; -- frozen
  local t = createTimer();
  t.Interval , t.onTimer = 50 , function(this)
    if state == 0 then
      return this.destroy();
    else
      return writeBytes(addr, data);
    end
  end
end

function threadedAOBScan(t)
local pattern = "48 83 EC 28 E8 ?? ?? ?? ?? 48 83 C4 28"
local replace = "48 88 08 28 E8 ?? ?? ?? ?? 48 83 C4 28"
-- edit the name of the cheat
-- edit the pattern to search
-- edit the replacement bytes
-- use ?? to ignore the bytes
-- do not edit the code below
local scans = AOBScan(pattern)
if scans == nil then
  showMessage("Unable to find pattern:\n"..pattern)
else
  local saved = {}
  local length = (#replace + 1) / 3
  for i = 0, scans.Count - 1 do
    local backup = readBytes(scans[i], length, true)
    local bytes = {}
    for hex in string.gmatch(replace, "%S+") do
      local size = #bytes + 1
      if hex == "??" then
        bytes[size] = backup[size]
      else
        bytes[size] = tonumber(hex, 16)
      end
    end
    saved[i] = backup
    writeBytes(scans[i], bytes)
  end
  _G[cheat_name] = {
    ["scans"] = scans,
    ["saved"] = saved
  }
return freeze(scans[i], bytes) ------In this line I'm trying to get multiple addresses and freeze them to value of replace
end
end
createNativeThread(threadedAOBScan)

[DISABLE]
local vars = _G[cheat_name]
if vars ~= nil then
  local scans = vars.scans
  local saved = vars.saved
  for i = 0, scans.Count - 1 do
    writeBytes(scans[i], saved[i])
  end
  scans.Destroy()
  vars.scans = nil
  vars.saved = nil
  vars = nil
  _G[cheat_name] = nil
end
still not working? btw I cant use OPCODE because my game in LUA, please test code in a game and tell me if it works for you... I dont know why it wont work for me anymore :?:
Read my last post and start answering some questions, I'm not magic I need data to work with.
Sremmurd wrote:
Tue Apr 10, 2018 1:16 am
...i forgot what I changed before...
Don't edit your posts and remove all the relevant content (it's really not cool), and document the fixes you find here on the forum (not in PMs), this will help you and others. I think when learning I had to reread the same posts all the time to relearn what I would forget after breaks in learning/using what I learned.
Sremmurd wrote:
Tue Apr 10, 2018 1:16 am
...I cant use OPCODE because my game in LUA...
That makes no scene every thing that is executed on a computer uses "machine code" and that is "operational code". If "48 83 EC 28 E8" and "48 83 C4 28" is executed then that's opcode. Lua is interpenetrated into opcode, Python is interpenetrated into opcode, C++ is compiled into opcode, and so on. If you just prefer Lua that's fine.
Sremmurd wrote:
Tue Apr 10, 2018 1:16 am
...my script not working again...
Then tell that lazy ass hole to get off the couch and get a Job.

Sremmurd
Noobzor
Noobzor
Posts: 7
Joined: Sun Mar 18, 2018 8:48 am
Reputation: 0

Re: Array of Bytes (AOB) Scan and Replace All

Post by Sremmurd »

ShyTwig16 wrote:
Sun Apr 08, 2018 4:01 am
But the game crashing is most likely because of the replaced bytes and that script will replace all matches found. Is that the intention, is yes then why and how many address are you replacing bytes at (you'd need to debug all of the injections)? And is this instruction your scanning for and freezing, if yes then again why?
There is two addresses that pop up, it wont crash, it replaces the addresses but it does not stay frozen. I just wanted to make a loop to freeze the addresses found, and saved from the script I posted but I got it working before now I forget what I replaced

it replaces two addresses but it wont stay frozen, i tried using different timer methods to keep writing the bytes to the added list of codes from pattern and replace

TimFun13
Expert Cheater
Expert Cheater
Posts: 1354
Joined: Fri Mar 03, 2017 12:31 am
Reputation: 6

Re: Array of Bytes (AOB) Scan and Replace All

Post by TimFun13 »

Sremmurd wrote:
Tue Apr 10, 2018 6:31 am
...
it replaces two addresses but it wont stay frozen...
Then some thing is writing to it, you'll need to disable the code that is writing to it. I would just go with a standard code injection (say in the instruction that is over writing your change), not really sure why your going this rout just to freeze some values, and this really looks like it's instruction to me.

I know there was some thing in the "luaCall" that I mentioned that is not there now but you edited that post and removed the script, so I have no idea what you changed either.

Sremmurd
Noobzor
Noobzor
Posts: 7
Joined: Sun Mar 18, 2018 8:48 am
Reputation: 0

Re: Array of Bytes (AOB) Scan and Replace All

Post by Sremmurd »

ShyTwig16 wrote:
Tue Apr 10, 2018 1:02 pm
Sremmurd wrote:
Tue Apr 10, 2018 6:31 am
...
it replaces two addresses but it wont stay frozen...
Then some thing is writing to it, you'll need to disable the code that is writing to it
Pretty sure the code I copy pasted is wrong, the only thing that writes to it once is the

Code: Select all

saved[i] = backup
    writeBytes(scans[i], bytes)
   
I just dont know how to freeze them

Post Reply

Who is online

Users browsing this forum: No registered users