Page 1 of 1
Why is AOB script more CPU intensive than searching manually?
Posted: Wed May 13, 2020 6:05 am
by Turtle
I have an AOB in my script that gets searched for, but the computer fan whirs up a bit when searching, but if I search the same AOB manually it doesn't use as much CPU. Is there a way to mitigate CPU usage, maybe by limiting the scope of memory that has to be searched or something?
I find AOB by taking a snapshot (copy/paste) of bytes around the health address, restart the game and then take the same snapshot, then compare the snapshots in diffmerge and look for an array of unique bytes that exists in both snapshots
Re: Why is AOB script more CPU intensive than searching manually?
Posted: Wed May 13, 2020 6:40 am
by SunBeam
Make sure you use aobscanmodule in normal games. aobscan is useful only for Unity or .NET games whose engine's JIT-ed dynamically in memory (you won't find your code by aob inside the main .exe).
Re: Why is AOB script more CPU intensive than searching manually?
Posted: Wed May 13, 2020 10:20 am
by Turtle
SunBeam wrote: ↑Wed May 13, 2020 6:40 am
Make sure you use aobscanmodule in normal games. aobscan is useful only for Unity or .NET games whose engine's JIT-ed dynamically in memory (you won't find your code by aob inside the main .exe).
I'm not familiar with it, this is my script for finding number of inventory leaves in the game The Forest
Code: Select all
[Enable]
aobscan(leaves, 00 00 18 01 00 00 0E 00 00 00 FF FF FF 7F 00 00 00)
label(forestleaves)
registersymbol(forestleaves)
leaves:
forestleaves:
[DISABLE]
unregistersymbol(forestleaves)
Then to get the actual leaves address I manually add the address
in the table
It works, but what should I be doing instead?
Also is it bad practice to use 00 bytes at the start of an AOB as it means more work for CE? Since 00 is very common
Re: Why is AOB script more CPU intensive than searching manually?
Posted: Wed May 13, 2020 11:38 pm
by SunBeam
Like I said, Unity will allocate memory for its IL code to be JIT-ed when needed (google those acronyms if you don't know what they mean). That allocation can be close to the game executable or far up in high memory. If you do aobscan, that scans WHOLE memory. Depending how spliced your memory is at the time you do that scan (how many processes you got open, how many allocations are done, etc.), the scan go slow or fast. The higher the allocation, the slower the scan (it has to scan more to find your AOB). Look at this logically, please, rather than forming generic opinions on what you
think an aobscan does.
Re: Why is AOB script more CPU intensive than searching manually?
Posted: Thu May 14, 2020 3:33 am
by Turtle
SunBeam wrote: ↑Wed May 13, 2020 11:38 pm
Like I said, Unity will allocate memory for its IL code to be JIT-ed when needed (google those acronyms if you don't know what they mean). That allocation can be close to the game executable or far up in high memory. If you do aobscan, that scans WHOLE memory. Depending how spliced your memory is at the time you do that scan (how many processes you got open, how many allocations are done, etc.), the scan go slow or fast. The higher the allocation, the slower the scan (it has to scan more to find your AOB). Look at this logically, please, rather than forming generic opinions on what you
think an aobscan does.
I want to limit the scan to only the game's process, how can I do that?
What do I change in the script? use aobscanmodule?
Re: Why is AOB script more CPU intensive than searching manually?
Posted: Thu May 14, 2020 3:37 am
by SunBeam
^ It's obvious you ignored everything I wrote or you simply just don't get it. The CODE you are looking for is ASSEMBLED by Unity on-the-fly, in RANDOMLY allocated memory. The allocation DEPENDS ON YOUR MEMORY LOAD. You CANNOT scan "only the game process", because that code of your IS NOT in the game process. Do you understand or not?
Re: Why is AOB script more CPU intensive than searching manually?
Posted: Thu May 14, 2020 4:28 am
by GreenHouse
Still, it looks like you're doing an aobscan of the literal value, not an instruction that accesses the address with that value. So as far as I'm concerned, you can't use aobscanmodule. Check what accesses or writes that address, and then use mono to write the script (alloc, move value to alloc). If you can't use mono because the game uses Ill2cpp, then just do the same thing but on the GameAssembly DLL, that way you can use aobscanmodule (aobScanModule(SymbolName, ModuleName, AOBString)).
Re: Why is AOB script more CPU intensive than searching manually?
Posted: Thu May 14, 2020 4:54 am
by Turtle
SunBeam wrote: ↑Thu May 14, 2020 3:37 am
^ It's obvious you ignored everything I wrote or you simply just don't get it. The CODE you are looking for is ASSEMBLED by Unity on-the-fly, in RANDOMLY allocated memory. The allocation DEPENDS ON YOUR MEMORY LOAD. You CANNOT scan "only the game process", because that code of your IS NOT in the game process. Do you understand or not?
I think I get it now, but I have never encountered a game that allocates in this way. Seems dangerous that CE even allows you to access anything outside the game's process.
I'm not scanning for the literal value, that is an array of bytes before the value.
I just got started with AOB scripting so links to useful guides would be appreciated.
Re: Why is AOB script more CPU intensive than searching manually?
Posted: Thu May 14, 2020 5:01 am
by Cake-san
Better use mono features instead of aobscan... for heavy-lifting..
The newest CE already cover il2cpp. Nice
