Cheat Engine

[paul44]

I regularly collect certain mem_addresses "embedded" within the opcode; and wrote a lua script (see below) for that. My 'latest' version worked fine untill I came accross this code:
[code]
"MadMax.exe"+1E37E6D: 48 8B 05 5C 69 9C FF - mov rax,[MadMax.exe+17FE7D0]
"MadMax.exe"+1E37E74: 8B 88 3C 0A 00 00 - mov ecx,[rax+00000A3C][/code]

I get that address by running {getStaticAddr("8B 88 3C 0A 00 00",4,"pChallenge")}. Basically, the fn calculates/collects the address shown in {[MadMax.exe+17FE7D0]}...

After some recalcs, I found out I had to add an additional check {== "FF"} to get that part working.
It works fine now, but my question is more generic: what is the proper way to get this working overall?
(btw: game is x64; no issues - sofar - with x32 games)

[code]
function getStaticAddr(sAOB,nOffset,sBaseAddr,nEval)
nEval = nEval or 0
--local scan1 = AOBScan(sAOB,"+X-C-W")
local scan = createMemScan(false)
scan.setOnlyOneResult(true)
scan.firstScan(soExactValue,vtByteArray,rtRounded,sAOB,nil,0,0xffffffffffffffff,"*W+X-C",
fsmNotAligned,nil,true,false,false,false)
scan.waitTillDone()
scan.getOnlyResult()
--print(sAOB)
local addrStruct = scan.Result
--print(string.format('- %X -',scan.Result))
if (nEval == 0) then
local offsVal = scan.Result - nOffset
--print(string.format('- %X -',offsVal))
-- ... as per suggested solution below
offsVal = string.format('%X',readInteger(offsVal,true))
--offsVal = string.format('%X',readInteger(offsVal))
--print(offsVal)
-- need to verify/confirm this check...
--if (string.sub(offsVal,1,2) == "FF") then offsVal = "FFFFFFFF" .. offsVal end
addrStruct = scan.Result + tonumber(offsVal,16) - nOffset + 4
addrStruct = readQword(addrStruct)
--print(string.format('[%X]',addrStruct))
end

scan.destroy()

local addrFound = getAddress(sBaseAddr)
writeQword(addrFound,addrStruct)
--print(string.format('* %X *',addrStruct))
end
[/code]

ps: I also use this fn now to get the 'actual' AOB address, rather then using an aobscan (in combo with registerSymbol). Result is the same, but it saves on code.
ps2: if you like this code, feel free to use/alter it any way you want. No permission needed. If you improve it, I obviously like to know about it...
ps3: I tend/try to use the opcode directly following the mem_address I want, as I then have the "base" address and only need to add the offset value (hence: (+)4 means 4 bytes back). Eventually came across code where this was not possible - non-AOB convenient sort of speak - and introduced a "forwarding" rule as well (in which case I need to use negative values)...
ps4: Mad max is a bit of an oddball in that I need to set '*W' to also get opcode scanned properly...

[ParkourPenguin]

RIP relative addressing uses signed offsets. Use "readInteger(offsVal, true)" to read a signed value (and get rid of that 'FF' stuff)

[paul44]

yep, tested and working (even after reboot )

2 remarks/fyi:
a) the 2nd param is not mentioned in the wiki nor in celua.txt
b) I assume that this param also applies to some of the other readXXX instructions; and perhaps writeXXX... if that even makes sense. anyways: I know now it is there, and surely use it again in time...

thx

[ParkourPenguin]