AOBScan and Replace All Result

Want Cheat Engine to do something specific and no idea how to do that, ask here. (From simple scripts to full trainers and extensions)
Post Reply
ZixMatrix
Noobzor
Noobzor
Posts: 7
Joined: Tue Oct 20, 2020 1:40 pm
Reputation: 1

AOBScan and Replace All Result

Post by ZixMatrix »

is there any example of simple AOBScan then replace all the result ?
in my case i want scan ?? 00 14 00 0E, the result is more than one
then i want replace all of it with 01 00 14 00 0E
thank you very much

User avatar
LeFiXER
LeFixer
LeFixer
Posts: 414
Joined: Wed Mar 24, 2021 9:35 am
Reputation: 199

Re: AOBScan and Replace All Result

Post by LeFiXER »

You need a unique AOB, or at least narrow it down by using aobscanregion

ZixMatrix
Noobzor
Noobzor
Posts: 7
Joined: Tue Oct 20, 2020 1:40 pm
Reputation: 1

Re: AOBScan and Replace All Result

Post by ZixMatrix »

LeFiXER wrote:
Sat Sep 17, 2022 11:18 pm
You need a unique AOB, or at least narrow it down by using aobscanregion
[ENABLE]
{$lua}
local pattern = "?? 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00"
local replace = "00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00"
local scans = AOBScan(pattern)
local saved = {}
local length = (#replace + 1) / 3
for i = 0, scans.Count - 1 do
local backup = readBytes(scans[i], length, true)
local bytes = {}
for hex in string.gmatch(replace, "%S+") do
local size = #bytes + 1
if hex == "??" then
bytes[size] = backup[size]
else
bytes[size] = tonumber(hex, 16)
end
end
saved[i] = backup
writeBytes(scans[i], bytes)
end
_G[cheat_name] = {
["scans"] = scans,
["saved"] = saved
}
end


this is already unique and the result between 2-4 result
before i'm using this lua, i was using auto assembly
but assembly just replace the first result
i dont know how to make this lua script works

1. im using auto assembly because i need to set hotkey to it
2. then i change make assemby to {$lua} but it can not working

ZixMatrix
Noobzor
Noobzor
Posts: 7
Joined: Tue Oct 20, 2020 1:40 pm
Reputation: 1

Re: AOBScan and Replace All Result

Post by ZixMatrix »

thanks already solved this

User avatar
LeFiXER
LeFixer
LeFixer
Posts: 414
Joined: Wed Mar 24, 2021 9:35 am
Reputation: 199

Re: AOBScan and Replace All Result

Post by LeFiXER »

ZixMatrix wrote:
Sun Sep 18, 2022 3:27 am
thanks already solved this
Care to share for others on how you fixed it?

ZixMatrix
Noobzor
Noobzor
Posts: 7
Joined: Tue Oct 20, 2020 1:40 pm
Reputation: 1

Re: AOBScan and Replace All Result

Post by ZixMatrix »

LeFiXER wrote:
Sun Sep 18, 2022 9:17 am
Care to share for others on how you fixed it?
ok, first i will let you know about my objective
  • I have this specific AOB that i want to search for
  • I realize the address always change after I finish the battle or go to the lobby
  • I have tried to using pointer and always failed cause when I restart the game, the pointer also change

let's break down the method
  1. scan the AOB, in this case is "?? 00 00 00 00 00 00 00 00 00 00 00 01"
  2. it will return with 2 or more result, so we can not use AA Aobscan
  3. so we use this instead

    Code: Select all

    local results = AOBScan('?? 00 00 00 00 00 00 00 00 00 00 00 01')
  4. i tried to scan and add address manually to addresslist and found out that when i change the type to 4bytes, i just need to change the value to 0 (i want to replace ?? with 00)
  5. then add result.count and writeinteger

    Code: Select all

    for i=0, results.Count-1 do
      writeInteger(results[i], 0)
    end
  6. the final code should be like this

    Code: Select all

    loadlibrary(luaclient-i386.dll)
    luacall(openLuaServer('CELUASERVER'))
    CELUA_ServerName:
    db 'CELUASERVER',0
    [ENABLE]
    {$lua}
    local results = AOBScan('?? 00 00 00 00 00 00 00 00 00 00 00 01')
    for i=0, results.Count-1 do
      writeInteger(results[i], 0)
    end
    results.destroy()
    {$asm}
    [DISABLE]
    {$lua}
    local results = AOBScan('?? 00 00 00 00 00 00 00 00 00 00 00 01')
    for i=0, results.Count-1 do
      writeInteger(results[i], 0)
    end
    results.destroy()
    {$asm}
why the [enabled] and [disabled] code are same ?
because i want to set the assembly script with Hotkey
so when the address change, i just need hit the hotkey (toggle enabled or disabled) then the script will to the magic
whether it enabled or disabled i just dont care, because it will do the same

User avatar
Glowmoss
Negan
Negan
Posts: 130
Joined: Sun Oct 17, 2021 10:14 pm
Reputation: 94

Re: AOBScan and Replace All Result

Post by Glowmoss »

ZixMatrix wrote:
Sun Sep 18, 2022 11:43 am
If you want to just toggle it without putting the same code in enable and disable just put this at the bottom of your enable script

Code: Select all

local t = createTimer()
t.Interval = 1
t.OnTimer = function(t)
t.destroy()
memrec.Active = false
end

User avatar
SunBeam
RCE Fanatics
RCE Fanatics
Posts: 4283
Joined: Sun Feb 04, 2018 7:16 pm
Reputation: 3659

Re: AOBScan and Replace All Result

Post by SunBeam »

A few notes:

1) I've been using this code for a while now, adapting it to my needs:

Code: Select all

function stopExec( s )
  error( print( string.format( "\r\n>> %s <<", s ) ) )
end

function aobScanEx( aob )
  -- thanks panraven for this function!
  -- https://forum.cheatengine.org/viewtopic.php?t=577536
  -- simplified for my needs
  -- scan the entire memory space: e = nil or '*X*W'
  -- scan only executable code: e = nil or '+X'
  local p, a, n, s, e = nil or '+X', nil or fsmNotAligned, nil or '0', getAddress( process ) or 0x0, ( getAddress( process ) + getModuleSize( process ) ) or 0xffffffffffffffff
  local ms = pb and createMemScan( pb ) or createMemScan()
  local fl = createFoundList( ms )
  ms.firstScan( soExactValue, vtByteArray, nil, aob, nil, s, e, p, a, n, true, false, false, false )
  ms.waitTillDone()
  fl.initialize()
  local result = nil
  if fl ~= nil and fl.getCount() > 0 then
    result = createStringlist()
    for i = 1, fl.getCount() do result.add( fl.getAddress( i - 1 ) ) end
  end
  fl.destroy()
  ms.destroy()
  return result
end

-- GetOxygen
local aob_GetOxygen = "488BD84885C00F84????????8078??0175??48"
local sl = aobScanEx( aob_GetOxygen )
if not sl or sl.Count < 1 then stopExec( "'aob_GetOxygen' not found." ) end
local t = tonumber( sl[0], 16 )
See if it better fits your agenda (I prefer it to using 'aobscan'). Of course, if your scan is supposed to return multiple results, then the last line above should be a loop (like you already presented) in which you'd go through all "sl{i}". (had to use { instead of [, as bbcode would parse it as italics)

2) You can force scripts to error out so they don't enable, both in AA or Lua. Just add one of the snippets below at the end of your [ENABLE] section:

AA:

Code: Select all

0:
db 'artificial error so script does not enable',0
Lua:

Code: Select all

return("assert(true")
The above are artificial errors. They would run at the end of your [ENABLE], triggering an error, so the script never enables. This might get a bit confusing for people who are used to seeing the "[x]" in front of a script, so they'll whine "script dun werk" :D

User avatar
Glowmoss
Negan
Negan
Posts: 130
Joined: Sun Oct 17, 2021 10:14 pm
Reputation: 94

Re: AOBScan and Replace All Result

Post by Glowmoss »

SunBeam wrote:
Sun Sep 18, 2022 9:14 pm
This might get a bit confusing for people who are used to seeing the "[x]" in front of a script, so they'll whine "script dun werk" :D
lol yeah I had to put a confirmation message on some things that auto disable because I had a few geniuses like that message me.

Post Reply

Who is online

Users browsing this forum: No registered users