Array of Bytes (AOB) Scan and Replace All

#1
Code:
{$lua}
if syntaxcheck then return end
cheat_name = "MyCheat"
[ENABLE]
local pattern = "48 83 EC 28 E8 ?? ?? ?? ?? 48 83 C4 28"
local replace = "?? ?? ?? ?? 90 90 90 90 90 ?? ?? ?? ??"
-- edit the name of the cheat
-- edit the pattern to search
-- edit the replacement bytes
-- use ?? to ignore the bytes
-- do not edit the code below
local scans = AOBScan(pattern)
if scans == nil then
  showMessage("Unable to find pattern:\n"..pattern)
else
  local saved = {}
  local length = (#replace + 1) / 3
  for i = 0, scans.Count - 1 do
    local backup = readBytes(scans[i], length, true)
    local bytes = {}
    for hex in string.gmatch(replace, "%S+") do
      local size = #bytes + 1
      if hex == "??" then
        bytes[size] = backup[size]
      else
        bytes[size] = tonumber(hex, 16)
      end
    end
    saved[i] = backup
    writeBytes(scans[i], bytes)
  end
  _G[cheat_name] = {
    ["scans"] = scans,
    ["saved"] = saved
  }
end
[DISABLE]
local vars = _G[cheat_name]
if vars ~= nil then
  local scans = vars.scans
  local saved = vars.saved
  for i = 0, scans.Count - 1 do
    writeBytes(scans[i], saved[i])
  end
  scans.Destroy()
  vars.scans = nil
  vars.saved = nil
  vars = nil
  _G[cheat_name] = nil
end

This code from Zanzer on cheat engine forum work, how do I freeze the addresses?
 

FreeER

RCE Fanatics
Talents
#2
Depends on the code you're scanning for. With what's shown iirc E8 is the opcode for a call so if it's the call that changes the values then nopping it with 0x90s will freeze the values (assuming nothing else changes them).
 
#3
FreeER post_id=38293 time=1521458392 user_id=980 said:
Depends on the code you're scanning for. With what's shown iirc E8 is the opcode for a call so if it's the call that changes the values then nopping it with 0x90s will freeze the values (assuming nothing else changes them).
Uh my game is a little different I cant NOP the opcode... would it be possible to implement this inside my script?
Code:
do
local state = 0; -- not frozen
function freeze(addr,size)
  local data = {readBytes(addr,size)};
  state = 1; -- frozen
  local t = createTimer();
  t.Interval , t.onTimer = 50 , function(this)
    if state == 0 then
      return this.destroy();
    else
      return writeBytes(addr,unpack(data));
    end
  end
end
function unfreeze()
state = 0; -- not frozen
end
end
but it not working I tried
return freeze(scans,4)

I want to freeze the address with the replaced bits
 

TheyCallMeTim13

Wiki Monster
Talents
Fearless Donors
#4
Sremmurd post_id=41723 time=1523147336 user_id=14219 said:
...I cant NOP the opcode...
Why not?
Sremmurd post_id=41723 time=1523147336 user_id=14219 said:
...would it be possible to implement this inside my script?
Code:
do
local state = 0; -- not frozen
function freeze(addr,size)
  local data = {readBytes(addr,size)};
  state = 1; -- frozen
  local t = createTimer();
  t.Interval , t.onTimer = 50 , function(this)
    if state == 0 then
      return this.destroy();
    else
      return writeBytes(addr,unpack(data));
    end
  end
end
function unfreeze()
state = 0; -- not frozen
end
end
Sure. So long as "addr" is always a good address it should work, but I would put in some kind of check; you'd get spammed with errors if the timer is running and "addr" is ever not a good address. With an interval of "50" you may have a hard time disabling the timer or even closing CE, if the game crashes for example.
Also "readBytes" has a "ReturnAsTable" parameter, and "writeBytes" will take a table of bytes as a parameter; so the "{readBytes(addr,size)}" can just be "readBytes(addr, size, true)" and "writeBytes(addr,unpack(data))" can also just be "writeBytes(addr, data)".
Sremmurd post_id=41723 time=1523147336 user_id=14219 said:
...
but it not working I tried
return freeze(scans,4)...
Where/how did you try "return freeze(scans,4)"? And how is it not working?

And what is "scans" (it being plural implies it's a list or table), is it a return from "AOBscan" because that returns a "StringList" not an address. In your first post "scans" is a "StringList", so may be try "freeze(scans[1], 4)".
 

TheyCallMeTim13

Wiki Monster
Talents
Fearless Donors
#6
The script not disabling is most likely because of the use of "luaCall" in the disable section, it's not a Lua function. Your already using the Lua parser so there is no need for it.

But the game crashing is most likely because of the replaced bytes and that script will replace all matches found. Is that the intention, is yes then why and how many address are you replacing bytes at (you'd need to debug all of the injections)? And is this instruction your scanning for and freezing, if yes then again why?
 

TheyCallMeTim13

Wiki Monster
Talents
Fearless Donors
#7
Sremmurd time=1523323019 user_id=14219 said:
Hey can you please help me? my script not working again, i forgot what I changed before
Code:
{$lua}
if syntaxcheck then return end
cheat_name = "MyCheat"

[ENABLE]
local state = 0; -- not frozen
function freeze(addr,size)
  local data = readBytes(addr, size, true);
  state = 1; -- frozen
  local t = createTimer();
  t.Interval , t.onTimer = 50 , function(this)
    if state == 0 then
      return this.destroy();
    else
      return writeBytes(addr, data);
    end
  end
end

function threadedAOBScan(t)
local pattern = "48 83 EC 28 E8 ?? ?? ?? ?? 48 83 C4 28"
local replace = "48 88 08 28 E8 ?? ?? ?? ?? 48 83 C4 28"
-- edit the name of the cheat
-- edit the pattern to search
-- edit the replacement bytes
-- use ?? to ignore the bytes
-- do not edit the code below
local scans = AOBScan(pattern)
if scans == nil then
  showMessage("Unable to find pattern:\n"..pattern)
else
  local saved = {}
  local length = (#replace + 1) / 3
  for i = 0, scans.Count - 1 do
    local backup = readBytes(scans[i], length, true)
    local bytes = {}
    for hex in string.gmatch(replace, "%S+") do
      local size = #bytes + 1
      if hex == "??" then
        bytes[size] = backup[size]
      else
        bytes[size] = tonumber(hex, 16)
      end
    end
    saved[i] = backup
    writeBytes(scans[i], bytes)
  end
  _G[cheat_name] = {
    ["scans"] = scans,
    ["saved"] = saved
  }
return freeze(scans[i], bytes) ------In this line I'm trying to get multiple addresses and freeze them to value of replace
end
end
createNativeThread(threadedAOBScan)

[DISABLE]
local vars = _G[cheat_name]
if vars ~= nil then
  local scans = vars.scans
  local saved = vars.saved
  for i = 0, scans.Count - 1 do
    writeBytes(scans[i], saved[i])
  end
  scans.Destroy()
  vars.scans = nil
  vars.saved = nil
  vars = nil
  _G[cheat_name] = nil
end
still not working? btw I cant use OPCODE because my game in LUA, please test code in a game and tell me if it works for you... I dont know why it wont work for me anymore :?:
Read my last post and start answering some questions, I'm not magic I need data to work with.
Sremmurd time=1523323019 user_id=14219 said:
...i forgot what I changed before...
Don't edit your posts and remove all the relevant content (it's really not cool), and document the fixes you find here on the forum (not in PMs), this will help you and others. I think when learning I had to reread the same posts all the time to relearn what I would forget after breaks in learning/using what I learned.
Sremmurd time=1523323019 user_id=14219 said:
...I cant use OPCODE because my game in LUA...
That makes no scene every thing that is executed on a computer uses "machine code" and that is "operational code". If "48 83 EC 28 E8" and "48 83 C4 28" is executed then that's opcode. Lua is interpenetrated into opcode, Python is interpenetrated into opcode, C++ is compiled into opcode, and so on. If you just prefer Lua that's fine.
Sremmurd time=1523323019 user_id=14219 said:
...my script not working again...
Then tell that lazy ass hole to get off the couch and get a Job.
 
#8
TheyCallMeTim13 post_id=41737 time=1523160093 user_id=91 said:
But the game crashing is most likely because of the replaced bytes and that script will replace all matches found. Is that the intention, is yes then why and how many address are you replacing bytes at (you'd need to debug all of the injections)? And is this instruction your scanning for and freezing, if yes then again why?
There is two addresses that pop up, it wont crash, it replaces the addresses but it does not stay frozen. I just wanted to make a loop to freeze the addresses found, and saved from the script I posted but I got it working before now I forget what I replaced

it replaces two addresses but it wont stay frozen, i tried using different timer methods to keep writing the bytes to the added list of codes from pattern and replace
 

TheyCallMeTim13

Wiki Monster
Talents
Fearless Donors
#9
Sremmurd post_id=41917 time=1523341871 user_id=14219 said:
...
it replaces two addresses but it wont stay frozen...
Then some thing is writing to it, you'll need to disable the code that is writing to it. I would just go with a standard code injection (say in the instruction that is over writing your change), not really sure why your going this rout just to freeze some values, and this really looks like it's instruction to me.

I know there was some thing in the "luaCall" that I mentioned that is not there now but you edited that post and removed the script, so I have no idea what you changed either.
 
#10
TheyCallMeTim13 post_id=41939 time=1523365342 user_id=91 said:
Sremmurd post_id=41917 time=1523341871 user_id=14219 said:
...
it replaces two addresses but it wont stay frozen...
Then some thing is writing to it, you'll need to disable the code that is writing to it
Pretty sure the code I copy pasted is wrong, the only thing that writes to it once is the
Code:
saved[i] = backup
    writeBytes(scans[i], bytes)
I just dont know how to freeze them
 
Top Bottom