| View previous topic :: View next topic |
| Author |
Message |
user202729
Newbie cheater
![]() Reputation: 0
Joined: 05 Nov 2016
Posts: 13
|
 Posted: Sun Nov 13, 2016 2:49 am Post subject: Adjust offset instead of address? / Binary |
 |
|
Assume I have an address in the address list that is [[A]+B]. If I copy-paste it and then adjust address by 1, the resulting address is [[B]+B]. I want [[A]+C] instead. Is there any way to achieve that? ("adjust offset")?
The reason why I am doing this is because the program use multi-dimensional array pointed to by a pointer. Or is there a cleaner way to do this? (For example, [parent_address + B]
-----------------------------------------------------------------------------------
Another question:
Is there any way to get big-endian fixed-width binary? Or at least, one of them?
-----------------------------------------------------------------------------------
Also, is there any way to have Cheat Engine recognize offset as a pointer? For example I want to add this to cheat table:
[[A.dll+16CE6C]+[[A.dll+16CE6C]+8D64]]
So,
Base pointer address = A.dll+16CE6C
Offset = [[A.dll+16CE6C]+8D64]
?
(A.dll is some dll's file name)
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25807
Location: The netherlands
|
| Posted: Sun Nov 13, 2016 4:22 am Post subject: |
|
|
not really sure what you want
but you can use calculations and lua code inside offsets in 6.6 perhaps that can be used for something
or use the +x address for children of a parrent address, but i think copy/paste + offsetchange won't work on those
and for big endian check
http://forum.cheatengine.org/viewtopic.php?p=5305367#5305367
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
user202729
Newbie cheater
![]() Reputation: 0
Joined: 05 Nov 2016
Posts: 13
|
| Posted: Sun Nov 20, 2016 7:12 am Post subject: |
|
|
I see that, when you use Decimal and Binary, the length of the number is dependent on the content, while when you use Hex, the length is fixed. So can I adapt your algorithm for big endian 2-byte and 4-byte Hex to make big endian 2-byte and 4-byte Binary?
---------------------------------------
Use LUA inside offset? So you means the offset can have something like "readInteger(0x12345678)"? But when I type such things into the offset it doesn't work.
EDIT It seems that [12345678] and +, - work, but what about "and" and "or"? &&, &, "word ptr" and bAnd not work.
---------------------------------------
The +x for child address is really useful. Is it documented anywhere?
---------------------------------------
I notice that, when you copy-paste multiple addresses, the order is reversed. Why does that happen?
---------------------------------------
What about multi-dimensional array support in Cheat Engine?
Last edited by user202729 on Sun Nov 20, 2016 7:39 am; edited 1 time in total |
|
| Back to top |
|
|
Zanzer
I post too much
![]() Reputation: 126
Joined: 09 Jun 2013
Posts: 3278
|
| Posted: Sun Nov 20, 2016 7:26 am Post subject: |
 |
|
Activate the below script and then you should be able to have "mybase+myoffset" as an address.
| Code: | [ENABLE]
label(mybase)
label(myoffset)
[A.dll+16CE6C]:
mybase:
[[A.dll+16CE6C]+8D64]:
myoffset:
registersymbol(mybase)
registersymbol(myoffset)
[DISABLE]
unregistersymbol(mybase)
unregistersymbol(myoffset) |
If you have a huge list you're copying and pasting. Just copy and paste the reversed list to get it back in order.
What do you mean by support multidimensional arrays? You just need to know how to use them.
CE uses assembly and Lua, both of which support multidimensional arrays.
| Code: | myarray = {}
myarray[1] = {}
myarray[1][1] = "Cory"
print(myarray[1][1]) |
|
|
| Back to top |
|
|
user202729
Newbie cheater
![]() Reputation: 0
Joined: 05 Nov 2016
Posts: 13
|
| Posted: Sun Nov 20, 2016 8:45 am Post subject: |
|
|
| Zanzer wrote: |
If you have a huge list you're copying and pasting. Just copy and paste the reversed list to get it back in order.
|
That is a really good trick. But, did Dark Byte make the copy-and-paste reverse intentionally?
| Zanzer wrote: |
What do you mean by support multidimensional arrays?
|
I think if there is a good way to display them (as an 2d array of numbers)
|
|
| Back to top |
|
|
mgr.inz.Player
I post too much
 Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Sun Nov 20, 2016 9:08 am Post subject: Re: Adjust offset instead of address? / Binary |
|
|
| user202729 wrote: | Also, is there any way to have Cheat Engine recognize offset as a pointer? For example I want to add this to cheat table:
[[A.dll+16CE6C]+[[A.dll+16CE6C]+8D64]] |
if you want it in Lua script for readInteger, readFloat.....
Some time ago @markheloking asked about the same thing here link
In the end I came up with a solution like this link
I will copy it here too.
addressString parser support for those. Note: this will slightly slow down CE (if you have address list with hundreds entries)
[sym1+100]+[sym2]*[sym3]
[sym1+sym4*10]+[sym2]*[sym3]
| Code: | skipMoreAdvancedLookup=false
function moreAdvancedLookup(s)
if skipMoreAdvancedLookup then return nil end
if s=='' then return end
local copyofs,result=s
skipMoreAdvancedLookup=true
for out in s:gmatch('%b[]') do
local address = string.format('%x',(readPointer(out:sub(2,-2)) or 0))
local out2=out:gsub('[.*+%%[-]','%%%1') -- escape more chars, forgot about it in rev1
copyofs=copyofs:gsub(out2,address)
end
--skipMoreAdvancedLookup=true
local errorOnLookupFailureOldState=errorOnLookupFailure(false)
result=getAddress(copyofs)
errorOnLookupFailure(errorOnLookupFailureOldState)
skipMoreAdvancedLookup=false
return result
end
if moreAdvancedLookupID~=nil then unregisterSymbolLookupCallback(moreAdvancedLookupID) end
moreAdvancedLookupID = registerSymbolLookupCallback(moreAdvancedLookup, slNotInt) |
addressString parser support for those. Note: this will slow down CE even more
[sym1+[sym4]*10]+[sym2]*[sym3]
[[sym1+[sym4]*10]+[sym2]*[sym3]]
| Code: | skipMoreAdvancedLookup=false
function moreAdvancedLookup(s)
if skipMoreAdvancedLookup then return nil end
if s=='' then return end
local copyofs,result=s
for out in s:gmatch('%b[]') do
local address = string.format('%x',(readPointer(out:sub(2,-2)) or 0))
local out2=out:gsub('[.*+%%[-]','%%%1') -- escape more chars, forgot about it in rev1
copyofs=copyofs:gsub(out2,address)
end
skipMoreAdvancedLookup=true
local errorOnLookupFailureOldState=errorOnLookupFailure(false)
result=getAddress(copyofs)
errorOnLookupFailure(errorOnLookupFailureOldState)
skipMoreAdvancedLookup=false
return result
end
if moreAdvancedLookupID~=nil then unregisterSymbolLookupCallback(moreAdvancedLookupID) end
moreAdvancedLookupID = registerSymbolLookupCallback(moreAdvancedLookup, slNotInt) |
choose which one you want to use, copy and paste into Lua file (create new text file, rename it to something.lua ) inside autorun folder.
And as DB said earlier, with CE6.6 memory records can have more complex offsets.
So, if you need [[A.dll+16CE6C]+[[A.dll+16CE6C]+8D64]]
just use this:
base: A.dll+16CE6C
offset0: [[A.dll+16CE6C]+8D64]
offset1: 0
_________________
|
|
| Back to top |
|
|
user202729
Newbie cheater
![]() Reputation: 0
Joined: 05 Nov 2016
Posts: 13
|
| Posted: Tue Nov 22, 2016 6:00 am Post subject: |
|
|
Unfortunately the first script make Cheat Engine report "....lua:3: unexpected symbol near '<\160>'".
(I use newest version)
@Dark Byte:
1. oddly the message box is too short that I have to rename many things in order to make the whole message (and especially the number 3) to fit in the message box.
2. If [] is used with * the result is wrong. For example [12345678] * 10000 is interpreted as [12345678] + 10000, while 4321 * 10000 is 43210000 correct.
I figured out the + - * [] operators myself, but what about AND and OR ?
Instead of "x AND ffff" I tried "x * 10000 / 10000" but the result is wrong as I described above.
|
|
| Back to top |
|
|
mgr.inz.Player
I post too much
Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Tue Nov 22, 2016 6:13 am Post subject: |
|
|
| Quote: | | unexpected symbol near '<\160>'" |
What did you do?
_________________
|
|
| Back to top |
|
|
user202729
Newbie cheater
![]() Reputation: 0
Joined: 05 Nov 2016
Posts: 13
|
| Posted: Wed Nov 23, 2016 12:37 am Post subject: |
|
|
I just do what you told me. Create a new text file in "autorun" folder, paste the code, save it and change its extension from TXT to LUA.
Also how about AND and OR?
|
|
| Back to top |
|
|
mgr.inz.Player
I post too much
Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Wed Nov 23, 2016 4:01 am Post subject: |
|
|
| Quote: | | I just do what you told me. |
So from where this <\160> come from? My script doesn't have this.
| Quote: | | If [] is used with * the result is wrong. For example [12345678] * 10000 is interpreted as [12345678] + 10000, while 4321 * 10000 is 43210000 correct. |
Address field, pointer base address field, address string used for readInteger (readFloat and etc)
By default allows those as input:
symbols, usersymbols, modulename, hexnumber, Lua variable (prefixed with $)
Additionally, for symbols, usersymbols, modulename, hexnumber, it also allows simple calculations like addition, subtraction, multiplication (nothing more):
symbol1+symbol2*symbol3-symbol4
hexnumber1+hexnumber2*hexnumber3-hexnumber4
modulename+symbol1*symbol2-hexnumber1
But, if there are brackets. It only accepts this form: [[[addressstring]+offset0]+offset1]
No other calculations, nested pointers.
Offset field
For a very long time, offset field can only have hex numbers. Since CE6.6, it behaves like address field.
Plus, it can have Lua function.
| Quote: | | Also how about AND and OR? |
So, if you need AND , OR inside offset field, you have to do like this:
AND
| Code: | | readInteger(youraddresshere) & 0xFFFF |
OR
| Code: | | readInteger(youraddresshere) | 0xFFFF |
(you can use readQword too)
base address field: A.dll+16CE6C
offset0 field: readInteger("[A.dll+16CE6C]+8D64") & 0xFFFF
offset1 field: 0
Edit:
typo
_________________
Last edited by mgr.inz.Player on Fri Dec 02, 2016 11:37 am; edited 1 time in total |
|
| Back to top |
|
|
user202729
Newbie cheater
![]() Reputation: 0
Joined: 05 Nov 2016
Posts: 13
|
| Posted: Fri Dec 02, 2016 7:33 am Post subject: |
|
|
Thank you very much, that is really useful.
One last question: So address field is worse than offset field? (in the sense that it does not support Lua function)
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
