Why is AOB script more CPU intensive than searching manually?

[Turtle]

I have an AOB in my script that gets searched for, but the computer fan whirs up a bit when searching, but if I search the same AOB manually it doesn't use as much CPU. Is there a way to mitigate CPU usage, maybe by limiting the scope of memory that has to be searched or something?

I find AOB by taking a snapshot (copy/paste) of bytes around the health address, restart the game and then take the same snapshot, then compare the snapshots in diffmerge and look for an array of unique bytes that exists in both snapshots

[SunBeam]

Make sure you use aobscanmodule in normal games. aobscan is useful only for Unity or .NET games whose engine's JIT-ed dynamically in memory (you won't find your code by aob inside the main .exe).

[Turtle]

Make sure you use aobscanmodule in normal games. aobscan is useful only for Unity or .NET games whose engine's JIT-ed dynamically in memory (you won't find your code by aob inside the main .exe).

I'm not familiar with it, this is my script for finding number of inventory leaves in the game The Forest

Code: Select all

[Enable]
aobscan(leaves, 00 00 18 01 00 00 0E 00 00 00 FF FF FF 7F 00 00 00)
label(forestleaves)
registersymbol(forestleaves)

leaves:
forestleaves:

[DISABLE]
unregistersymbol(forestleaves)

Then to get the actual leaves address I manually add the address

Code: Select all

forestleaves + 26

in the table

It works, but what should I be doing instead?

Also is it bad practice to use 00 bytes at the start of an AOB as it means more work for CE? Since 00 is very common

[SunBeam]

Like I said, Unity will allocate memory for its IL code to be JIT-ed when needed (google those acronyms if you don't know what they mean). That allocation can be close to the game executable or far up in high memory. If you do aobscan, that scans WHOLE memory. Depending how spliced your memory is at the time you do that scan (how many processes you got open, how many allocations are done, etc.), the scan go slow or fast. The higher the allocation, the slower the scan (it has to scan more to find your AOB). Look at this logically, please, rather than forming generic opinions on what you think an aobscan does.

[Turtle]

Like I said, Unity will allocate memory for its IL code to be JIT-ed when needed (google those acronyms if you don't know what they mean). That allocation can be close to the game executable or far up in high memory. If you do aobscan, that scans WHOLE memory. Depending how spliced your memory is at the time you do that scan (how many processes you got open, how many allocations are done, etc.), the scan go slow or fast. The higher the allocation, the slower the scan (it has to scan more to find your AOB). Look at this logically, please, rather than forming generic opinions on what you think an aobscan does.

I want to limit the scan to only the game's process, how can I do that?
What do I change in the script? use aobscanmodule?

[SunBeam]

^ It's obvious you ignored everything I wrote or you simply just don't get it. The CODE you are looking for is ASSEMBLED by Unity on-the-fly, in RANDOMLY allocated memory. The allocation DEPENDS ON YOUR MEMORY LOAD. You CANNOT scan "only the game process", because that code of your IS NOT in the game process. Do you understand or not?

[GreenHouse]

Still, it looks like you're doing an aobscan of the literal value, not an instruction that accesses the address with that value. So as far as I'm concerned, you can't use aobscanmodule. Check what accesses or writes that address, and then use mono to write the script (alloc, move value to alloc). If you can't use mono because the game uses Ill2cpp, then just do the same thing but on the GameAssembly DLL, that way you can use aobscanmodule (aobScanModule(SymbolName, ModuleName, AOBString)).

[Turtle]

^ It's obvious you ignored everything I wrote or you simply just don't get it. The CODE you are looking for is ASSEMBLED by Unity on-the-fly, in RANDOMLY allocated memory. The allocation DEPENDS ON YOUR MEMORY LOAD. You CANNOT scan "only the game process", because that code of your IS NOT in the game process. Do you understand or not?

I think I get it now, but I have never encountered a game that allocates in this way. Seems dangerous that CE even allows you to access anything outside the game's process.

I'm not scanning for the literal value, that is an array of bytes before the value.

I just got started with AOB scripting so links to useful guides would be appreciated.

[Cake-san]

Better use mono features instead of aobscan... for heavy-lifting..

The newest CE already cover il2cpp. Nice