Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


address arithmetic
Goto page Previous  1, 2
 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Lua Scripting
View previous topic :: View next topic  
Author Message
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Wed Jul 20, 2016 1:38 pm    Post subject: Reply with quote

In CE's directory, the file main.lua contains documentation on the memscan class. Examples are available online if you search for it.

Restricting the search area won't help you that much in this case since those addresses vary widely. The only pattern I see is that they end in either 4 or C. If you offset the start by 4, you can search on an 8-byte aligned boundary which will speed up the scan a lot.

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
de donia
Newbie cheater
Reputation: 0

Joined: 11 Jul 2016
Posts: 12

PostPosted: Wed Jul 20, 2016 2:04 pm    Post subject: Reply with quote

Oh, I actually had not payed attention to that,
glad you caught it before I did the edit ;)

I did look into the documentation, but only very briefly, and the initial websearch did not turn up a lot of details.

I will try dig a bit deeper, and come back if I encounter something more.
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Wed Jul 20, 2016 2:09 pm    Post subject: Reply with quote

You don't need the memscan class for that- you can just use aobscan. From main.lua:
Code:
AOBScan("aobstring", protectionflags OPTIONAL, alignmenttype OPTIONAL, alignmentparam HALFOPTIONAL):
protectionflags is a string.
  X=Executable W=Writable memory C=Copy On Write. Add a + to indicate that flag MUST be set and a - to indicate that that flag MUST NOT be set. (* sets it to don't care)
  Examples:
    +W-C = Writable memory exluding copy on write and doesn't care about the Executable flag
    +X-C-W = Find readonly executable memory
    +W = Finds all writable memory and don't care about copy on write or execute
    "" = Find everything (is the same as "*X*C*W" )


alignmenttype is an integer:
  0=No alignment check
  1=Address must be dividable by alignmentparam
  2=Address must end with alignmentparam
alignmentparam is a string which either holds the value the addresses must be dividable by or what the last digits of the address must be

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
de donia
Newbie cheater
Reputation: 0

Joined: 11 Jul 2016
Posts: 12

PostPosted: Wed Jul 20, 2016 2:11 pm    Post subject: Reply with quote

That doesn't mean I don't want to figure out how to utilize memscan Razz
Back to top
View user's profile Send private message
de donia
Newbie cheater
Reputation: 0

Joined: 11 Jul 2016
Posts: 12

PostPosted: Fri Jul 22, 2016 2:53 pm    Post subject: Reply with quote

ParkourPenguin wrote:
If you offset the start by 4, you can search on an 8-byte aligned boundary which will speed up the scan a lot.

How would I do that?

I did try some stuff:
Code:

local pattern = "?? ?? ?? 50 00 00 00 ?? 40 00 00 ?? ?? ?? ?? ??"
scans = AOBScan(pattern)
--- avg 2.41 sec ---

local pattern = "?? ?? ?? 50 00 00 00 ?? 40 00 00 ?? ?? ?? ?? ??"
scans = AOBScan(pattern,"",1,4)
--- avg 0.73 sec ---

local pattern = "?? ?? ?? 50 00 00 00 ?? 40 00 00 ?? ?? ?? ?? ??"
scans = AOBScan(pattern,"",2,"C")
--- avg 0.31 sec ---

local pattern = "?? ?? ?? 50 00 00 00 ?? 40 00 00 ?? ?? ?? ?? ??"
scans = AOBScan(pattern,"",2,"4")
--- avg 0.30 sec ---


Maybe you mean like this?
Code:

local pattern = "00 00 00 00 ?? ?? ?? 50 00 00 00 ?? 40 00 00 ?? ?? ?? ?? ??"
scans = AOBScan(pattern,"",1,8)
--- avg 0.48 sec ---

Now everything ends in 0 or 8.

Is it possible to combine the methods?
So I can search for something with 8-byte alignment that only end with 8 or 0?
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Fri Jul 22, 2016 3:13 pm    Post subject: Reply with quote

de donia wrote:
Code:
local pattern = "00 00 00 00 ?? ?? ?? 50 00 00 00 ?? 40 00 00 ?? ?? ?? ?? ??"
scans = AOBScan(pattern,"",1,8)

This is exactly what I meant, assuming those 4 initial bytes will always be 0 for every address you want.

I will still recommend you to change the protectionflags to match the protection on the data you're searching for. If that AoB is suppose to be values and not code, you're probably looking for "-X+W-C" (not executable, writable, not CoW).

Also, I did some testing, and you should remove the trailing wildcards. They will only slow down the scan.

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
de donia
Newbie cheater
Reputation: 0

Joined: 11 Jul 2016
Posts: 12

PostPosted: Fri Jul 22, 2016 3:26 pm    Post subject: Reply with quote

They will always be zero.

I removed the trailing wildcards and added protectionflags.
Now it is --- avg 0.44 ---

When I checked out of curiosity trailing values don't seem to have a big impact, if any, only wildcards do.
Is that correct?
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Fri Jul 22, 2016 3:51 pm    Post subject: Reply with quote

They won't have a big impact, but it's still something.
For example, using the CE tutorial and this lua code:
Code:
t = getTickCount()
local res = AOBScan("")
print(getTickCount()-t)
res.destroy()

I tested these AoB signatures:
"12" - average time, around 250 ms. Number of results is just over 53000.
"12 ?? ?? ?? ?? ??" - Average time, around 280 ms. Number of results is just over 53000.
"00" - Average time, around 18 seconds. Number of results is just over 8.5 million.
"00 ?? ?? ?? ?? ??" - Average time, around 24.5 seconds. Number of results is just over 8.5 million.

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Lua Scripting All times are GMT - 6 Hours
Goto page Previous  1, 2
Page 2 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites