| View previous topic :: View next topic |
| Author |
Message |
TalkToMe
How do I cheat?
![]() Reputation: 0
Joined: 17 Mar 2023
Posts: 6
|
 Posted: Fri Mar 17, 2023 8:37 am Post subject: What is the fastest way to AOBScan? |
 |
|
I find myself in a need to do an AOBScan from lua very quickly. I am currently using:
| Code: | | local cPTR = AOBScan(bytes, '+W*X-C', fsmAligned, '8') |
... and it's very fast. But it would be better if it could go even faster. I'm assuming it will be faster if there are no ??'s in the pattern being searched for, so I already got rid of those. Is an AOB scan faster if I supply it more bytes, or if I trim it down to less bytes? Both alignment 4 and 8 work, which others should I check for? Which one of the two is faster in principle?
Thanks!
|
|
| Back to top |
|
 |
ParkourPenguin
I post too much
 Reputation: 150
Joined: 06 Jul 2014
Posts: 4654
|
| Posted: Fri Mar 17, 2023 11:39 am Post subject: |
|
|
Higher alignment is always better (so long as it still returns the value you want). "Last digits" can be good too. Leading / trailing wildcards only slow the scan down. The more unique the pattern is, the less time it takes to copy results and the faster it will be. If a pattern is already unique, adding more bytes to check won't make it any faster, but it might be good for robustness (assert what you think you're modifying is actually what you're modifying).
It's also highly dependent on the pattern itself. CE checks the pattern starting at the first byte. If common bytes come first (e.g. 00), this slows the scan down by a lot. Have weird, seemingly random bytes come first if at all possible.
I'd do an aobscan for code instead of data, and use an injection copy to get the address. aobscans for mutable data are bad IMO.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
TalkToMe
How do I cheat?
![]() Reputation: 0
Joined: 17 Mar 2023
Posts: 6
|
| Posted: Fri Mar 17, 2023 12:02 pm Post subject: |
|
|
| ParkourPenguin wrote: | Higher alignment is always better (so long as it still returns the value you want). "Last digits" can be good too. Leading / trailing wildcards only slow the scan down. The more unique the pattern is, the less time it takes to copy results and the faster it will be. If a pattern is already unique, adding more bytes to check won't make it any faster, but it might be good for robustness (assert what you think you're modifying is actually what you're modifying).
It's also highly dependent on the pattern itself. CE checks the pattern starting at the first byte. If common bytes come first (e.g. 00), this slows the scan down by a lot. Have weird, seemingly random bytes come first if at all possible.
I'd do an aobscan for code instead of data, and use an injection copy to get the address. aobscans for mutable data are bad IMO. |
I see, thank you so much. Knowing that the first byte matters will help a lot because in my code that part wasn't static. I will read up on alignment to understand what it is better, and see how high I can bump the number up while still getting what I want. Is there any way I can measure how much time it took to complete the scan and compare them?
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 150
Joined: 06 Jul 2014
Posts: 4654
|
| Posted: Fri Mar 17, 2023 12:35 pm Post subject: |
|
|
`getTickCount` can work. Each tick is 1 millisecond, but the resolution is closer to around 16ms.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
Dark Byte
Site Admin
 Reputation: 468
Joined: 09 May 2003
Posts: 25708
Location: The netherlands
|
| Posted: Fri Mar 17, 2023 12:57 pm Post subject: |
|
|
Though if the difference between two scan is less than 16 ms, is it worth the time to optimize?
sure if you have multiple aobs(50+) but then i also suggest using multiple aobscan commands in the AA script as those get grouped into a single scan)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
TalkToMe
How do I cheat?
![]() Reputation: 0
Joined: 17 Mar 2023
Posts: 6
|
| Posted: Fri Mar 17, 2023 4:23 pm Post subject: |
|
|
| Dark Byte wrote: | Though if the difference between two scan is less than 16 ms, is it worth the time to optimize?
sure if you have multiple aobs(50+) but then i also suggest using multiple aobscan commands in the AA script as those get grouped into a single scan) |
This AOBScan only returns a single result. I have an issue finding a proper pointer due to how this program works, so instead at a certain place I can extract 8 bytes that work as an "identifier" (which is very specific and always changing) and then follow those bytes up with a few more static bytes to find a structure specific to what I need. So the script detects the program state, extracts those first 8 bytes properly and follows them up with static bytes specific to the structure I need and does an AOB scan. So it looks like "xx xx xx xx xx xx xx xx f8 7e ad".
My issue is that sometimes the scan happens fast enough and I can use the result as needed, but at other times it is one second too slow. Unfortunately, I cannot follow the above advice that ParkourPenguin kindly provided, it turns out that the structure has no static bytes before the dynamic ones that my scan starts with. Or rather, it does have some but I would have to use a few ??'s as well which I fear would make the scan slower instead of faster.
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 468
Joined: 09 May 2003
Posts: 25708
Location: The netherlands
|
| Posted: Fri Mar 17, 2023 4:32 pm Post subject: |
|
|
??'s don't really make scans slower, those bytes get skipped so not even compared
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
TalkToMe
How do I cheat?
![]() Reputation: 0
Joined: 17 Mar 2023
Posts: 6
|
| Posted: Fri Mar 17, 2023 5:49 pm Post subject: |
|
|
| Dark Byte wrote: | | ??'s don't really make scans slower, those bytes get skipped so not even compared |
Thank you so much. I feel like it has gotten a bit better now that it's always starting from byte 68. I've tested it about 30 times and out of those 30, it failed me only twice. Once was the first time (for some reason the first AOB scan is always really slow), and the second time was quite random, but the scan took almost a full second longer than all the other ones. Any other tips for making it more reliable?
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 150
Joined: 06 Jul 2014
Posts: 4654
|
| Posted: Fri Mar 17, 2023 6:24 pm Post subject: |
|
|
I just tested it, '??' doesn't really make the scan that much slower. It can but only if you put a ridiculous amount at the beginning of the pattern.
The aobscan doesn't have to return a unique result. You can filter down the results as you need afterwards. e.g. maybe a pointer points to some string you can compare against.
Is code injection really not an option?
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
TalkToMe
How do I cheat?
![]() Reputation: 0
Joined: 17 Mar 2023
Posts: 6
|
| Posted: Sat Mar 18, 2023 10:18 am Post subject: |
|
|
| Unfortunately code injection isn't an option. The only less hacky way would be to figure out how the program actually uses these identifiers to find the struct I need, which I assume would take a lot of effort and luck due to my lack of experience.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
