Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Finding a certain address in program code with lua

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Lua Scripting
View previous topic :: View next topic  
Author Message
Rawing
Cheater
Reputation: 0

Joined: 01 May 2010
Posts: 42
Location: Austria

PostPosted: Wed Sep 21, 2016 8:03 am    Post subject: Finding a certain address in program code with lua Reply with quote

I've written a trainer for a game using lua. The problem is that the address of a certain value (let's pretend it's the player's money) tends to change with each new game patch.

To counter this, I thought I could do something like this:
1) Find some code that accesses the money value. Say the code looks like
Code:
mov eax,[01234567]

and is at address "GAME.EXE+15".
2) Find the start of the function (say it's "GAME.EXE+10").
3) Use lua to disassemble the code starting at "GAME.EXE+10" until it finds an instruction of the form "mov eax,[some address]", and extract the address.

I implemented this and confirmed it produces the expected result. For reference, the code looks like this:
Code:
function find_address()
    local address= "GAME.GSysAlloc_SingletonSupport<FGFxAllocator>::GSysAlloc_SingletonSupport<FGFxAllocator>+8F57A0"
    local max_offset= 50

    local offset= 0
    --address= getAddress(address) --no idea why, but the code won't work if I call getAddress here...
    while offset<max_offset do
          local addr= address..'+'..offset
          local code= disassemble(addr)
          local match= string.match(code, ',%[([0-9A-F]+)%]') --we're looking for lines of the form "instruction whatever,[address]"
          if match~=nil then
             return match
          end
          offset= offset+getInstructionSize(addr)
    end
    return '00000000'
end


Now, the question is, what do I do if the game's code changes due to a patch, and suddenly "GAME.EXE+10" is no longer the start of the function, but (worst case scenario) in the middle of another instruction that started at, say, "GAME.EXE+9"? Disassembling the code starting at "GAME.EXE+10" would then produce wrong results, wouldn't it? Is there a way to find an address at which an instruction begins, so that I can start disassembling there? (It doesn't necessarily have to be the start of the function.)

_________________
Game over! Die again!
Back to top
View user's profile Send private message MSN Messenger
Zanzer
I post too much
Reputation: 126

Joined: 09 Jun 2013
Posts: 3278

PostPosted: Wed Sep 21, 2016 1:47 pm    Post subject: Reply with quote

Use AOBScan() with wildcards.
Code:
local found = AOBScan("A1 ?? ?? ?? ?? XX XX XX XX XX")
Back to top
View user's profile Send private message
Rawing
Cheater
Reputation: 0

Joined: 01 May 2010
Posts: 42
Location: Austria

PostPosted: Thu Sep 22, 2016 10:36 am    Post subject: Reply with quote

I'll try that, thanks. Looking at how large my offset is (+8F57A0), the position of that instruction will probably change by a lot with the next patch, so an AOBScan is likely more reliable.
_________________
Game over! Die again!
Back to top
View user's profile Send private message MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Lua Scripting All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites