Script to show all AOB of Scan in Float

[Mister Modification]

Hello,

I am messing around with Blood Omen 2 (Steam) and I want to edit dark gift attributes.

My question is on how to write a script which shows the float value of every byte to edit with.
I need to do it this way since it is much easier because my AOB is never changed by my game.

AOB is: 98 25 84 00 B4 25 84 00 00 // is unique

Float is: 0 0 270 0.80

270 = Rage Usage Cost

I want to activate the script and then it shows me all AOB as Floats and let's me edit these values.

I am thankful for every help!

[SunBeam]

You'll learn that if you really don't express yourself properly, with as much details information on what you did, how you did it, what you want to achieve extensively, screenshots or code snippets, you won't get much help. It's not cuz people don't want to help, it's the poor details you've provided.

You say that AOB is fixed and it doesn't change. What's the AOB about? Is it ASM (instructions)? Is it random data that you scan for and it's fixed? Provide screenshots of how it looks like in Memory Viewer (top and bottom, hex and disassembler view).

Then you say "Float is: ...". Where, related to that AOB? Is the AOB transformed into Float that looks like that? Or how did you get to "0 0 270 0.8"? Did you offset it? Like "scan for this AOB and 10 bytes from it I find 0 0 270 0.8 one after the other".

See.. a lot of shit that doesn't make sense for us to help you with.

I would use Lua if I were you, as it's much straight forward to test out:

- open Memory View
- press Ctrl+L
- copy the below:

Code: Select all

function _readInteger( Input )
  -- thanks, Pox!
  local Value = readInteger( Input )
  if Value < 0x80000000 then return Value
  else return Value - 0x100000000 end
end

function aobScanEx( aob, p, a, n, s, e, pb )
  local p, a, n, s, e = p or '*X*W', a or fsmNotAligned, n or '0', s or 0x0, e or 0xffffffffffffffff
  local ms = pb and createMemScan( pb ) or createMemScan()
  local fl = createFoundList( ms )
  ms.firstScan( soExactValue, vtByteArray, nil, aob, nil, s, e, p, a, n, true, false, false, false )
  ms.waitTillDone()
  fl.initialize()
  local result = nil
  if fl ~= nil and fl.getCount() > 0 then
    result = createStringlist()
    for i = 1, fl.getCount() do result.add( fl.getAddress( i - 1 ) ) end
  end
  fl.destroy()
  ms.destroy()
  return result
end

local gameProcess = 'game.exe' -- change the game .exe name here with yours
local gameModule = getAddress( gameProcess )
local t = aobScanEx( '98258400B425840000', nil, nil, nil, gameModule, gameModule + getModuleSize( gameProcess ) )
t = tonumber( t[0], 16 )
print( string.format( "My address is: 0x%X.", t ) )

- paste it in the Lua window, bottom tab (left of the 'Execute' button)
- change 'game.exe' to your executable name (e.g.: 'bloodomen2.exe' or whatever it's called)
- click Execute

Now if you don't see "My address is: 0x<address>." in the Lua window, then that array of yours is not that unique

Then there's this that I don't understand: "AOB is: 98 25 84 00 B4 25 84 00 00 // is unique; Float is: 0 0 270 0.80". There's no way in hell 98258400B425840000 is that pair of 4 floats. See.. another faulty enunciation that leads to randomness..

BR,
Sun

[Mister Modification]

First I open my game and my Cheat Table.

[Link]

Then I go to my Current Rage Value and switch it to Float Display.

[Link]

I add the Address to my table and look out for what accesses it.

[Link]

After I take my address and reduce it by offset.

[Link]

Now I open Reclass, attach it to my game and paste my base address to it.
Then I go and add bytes until I find what I search.

[Link]

So far so good. I make it matrix to see which values are stored there.

[Link]

Now I know that there is what I need. So I copy it's address and paste it in Cheat Engine.

[Link]

And here is my AOB: 98 25 84 00 B4 25 84 00 00

[Link]

Finally we have reached my core question:

How do I write a script which searches my never changing AOB and shows me it's bytes as floats, so that I can edit them?

Best Regards!

MOD EDIT: You deleted all your linked images and the ugly placeholders were left; deleted image tags.

[SunBeam]

I don't think you understand the idea behind "aob". You use an aob to find the ASM that accesses your memory address; not to find the memory address bytes. Why? Because that address you're showing (11375000) may contain other bytes on other people's PCs. Imagine this: if I have one bla upgrade for my shit, will it still show 270 as float? I doubt it, as value is increasing based on your level/upgrades. Not to mention 11375000 is dynamic, thus what will you do - enable/disable the script x 50 times as you change levels or go back to main menu/back in-game? Makes no sense.

Then you don't need ReClass to calculate stuff. Memory View > Tools > Dissect data/structures - is the same as ReClass, just a tiny bit dumbed down.

As for the address itself, if you want to find the base, just click that line:

"fld dword ptr [eax+24]"

And look at "eax". That's your address, where you'd see 11375000. No need for extra tools, pages, calculations.

Try the script I posted and tell me what you get.

BR,
Sun

[SunBeam]

I think you were aiming too high with what you are asking for, especially in the Lua section. You don't really get what I posted here, do you? I'm asking cuz you replied almost instantly when I asked for details and now you're idling.. One's gotta assume..

[Mister Modification]

Spoiler

function _readInteger( Input )
-- thanks, Pox!
local Value = readInteger( Input )
if Value < 0x80000000 then return Value
else return Value - 0x100000000 end
end

function aobScanEx( aob, p, a, n, s, e, pb )
local p, a, n, s, e = p or '*X*W', a or fsmNotAligned, n or '0', s or 0x0, e or 0xffffffffffffffff
local ms = pb and createMemScan( pb ) or createMemScan()
local fl = createFoundList( ms )
ms.firstScan( soExactValue, vtByteArray, nil, aob, nil, s, e, p, a, n, true, false, false, false )
ms.waitTillDone()
fl.initialize()
local result = nil
if fl ~= nil and fl.getCount() > 0 then
result = createStringlist()
for i = 1, fl.getCount() do result.add( fl.getAddress( i - 1 ) ) end
end
fl.destroy()
ms.destroy()
return result
end

local gameProcess = 'bo2.exe' -- change the game .exe name here with yours
local gameModule = getAddress( gameProcess )
local t = aobScanEx( '98258400B425840000', nil, nil, nil, gameModule, gameModule + getModuleSize( gameProcess ) )
t = tonumber( t[0], 16 )
print( string.format( "My address is: 0x%X.", t ) )

Error:[string "function _readInteger( Input )
..."]:28: attempt to index a nil value (local 't')
Script Error
function _readInteger( Input )
-- thanks, Pox!
local Value = readInteger( Input )
if Value < 0x80000000 then return Value
else return Value - 0x100000000 end
end

function aobScanEx( aob, p, a, n, s, e, pb )
local p, a, n, s, e = p or '*X*W', a or fsmNotAligned, n or '0', s or 0x0, e or 0xffffffffffffffff
local ms = pb and createMemScan( pb ) or createMemScan()
local fl = createFoundList( ms )
ms.firstScan( soExactValue, vtByteArray, nil, aob, nil, s, e, p, a, n, true, false, false, false )
ms.waitTillDone()
fl.initialize()
local result = nil
if fl ~= nil and fl.getCount() > 0 then
result = createStringlist()
for i = 1, fl.getCount() do result.add( fl.getAddress( i - 1 ) ) end
end
fl.destroy()
ms.destroy()
return result
end

local gameProcess = 'bo2.exe' -- change the game .exe name here with yours
local gameModule = getAddress( gameProcess )
local t = aobScanEx( '98258400B425840000', nil, nil, nil, gameModule, gameModule + getModuleSize( gameProcess ) )
t = tonumber( t[0], 16 )
print( string.format( "My address is: 0x%X.", t ) )

Error:[string "function _readInteger( Input )
..."]:28: attempt to index a nil value (local 't')
Script Error

[Mister Modification]

I think you were aiming too high with what you are asking for, especially in the Lua section. You don't really get what I posted here, do you? I'm asking cuz you replied almost instantly when I asked for details and now you're idling.. One's gotta assume..

Sorry, grandpa had his birthday today.

I know you want to make me think about my question.

And I am pretty sure that these bytes will stay the same without editing by users.

These are values of a Skill (Dark Gift) and they determine different things (270 = Rage cost per execution // 0.80 = Delay before Character can use the gift again)

You can see the skill used here.

And I hope that it helps to better understand what I am trying to explain.



Edit:

I am also using Reclass because it gives me comments about what is where (Heap / DarkGift Stats / e.g).
But yes, Cheat Engine works too.

And you can't upgrade anything of all these dark gifts.
They are static abilities.
And every new gift fits together with all you have unlocked before.
They are like a puzzle.

Ok , have a nice day.

[SunBeam]

I see you made no observation about what I asked you to do: run a Lua script and post the result. Which means even that you really don't need any Lua scripts and posted in the wrong section, cuz you don't know how to use Lua. So I'll leave others help you out. Have a nice day!

[Mister Modification]

The result was (like above):

Error:[string "function _readInteger( Input )
..."]:28: attempt to index a nil value (local 't')
Script Error

All fine. I will find out how to write the script I wish myself.

BR!

[Mister Modification]

The solution to work with is:

[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat

aobscan(Fury, 98258400B425840000)
label(bo2fury)
registersymbol(bo2fury)

Fury:
bo2fury:

[DISABLE]
//code from here till the end of the code will be used to disable the cheat
unregistersymbol(bo2fury)

Topic can be closed.

[SunBeam]

Sure. I'll leave you to it, then when you do the same thing for other games and you'll see that your way of thinking (that array won't be static) will lead you to ask yourself "why isn't it working anymore? it worked yesterday" - you can open a new one Till then, bye bye.