 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Hunter926
How do I cheat?
![]() Reputation: 0
Joined: 06 Mar 2025
Posts: 2
|
 Posted: Thu Mar 06, 2025 9:04 pm Post subject: Using bytes in memory as pattern for aobscan? |
 |
|
My goal is to read a static address, then use the bytes from it in an aobscan.
Currently, I'm trying to use readmem, but after extensive testing/googling I don't think readmem can save a byte array to a label/symbol.
I don't know how to use LUA, and would like to avoid it if possible, but I'm not sure this is possible without it.
This was my original goal:
| Code: | bytes:
readmem(201223088, 16) //read bytes
aobscanregion(Address, 201820000, 201830000, bytes) //find bytes in different location
registerSymbol(Address) //register address for use with table group
|
I've tried allocating memory to let readmem store the bytes, but there seems to be no way to access it from autoassembler.
Or is there a way to reference a value in one of the cheat table entries? I could use that as my pattern also.
Any help is appreciated!
|
|
| Back to top |
|
 |
ParkourPenguin
I post too much
 Reputation: 150
Joined: 06 Jul 2014
Posts: 4652
|
| Posted: Thu Mar 06, 2025 10:26 pm Post subject: |
|
|
A label / symbol is an address. You can't store arbitrary values in it.
Even if it could, all `aobscan*` AA functions take a byte string literal- you can't pass a symbol in. You have to use Lua.
The smallest amount of Lua you'd need is to return a string that gets substituted back into the AA script.
| Code: | [ENABLE]
{$lua}
if syntaxcheck then return
'define(INJECT,0)'
end
local bytes = readBytes('game.exe+279B18', 6, true)
-- bytes = { 0, 20, 255, ... }
for i,v in ipairs(bytes) do
bytes[i] = ('%02X'):format(v)
end
-- bytes = { '00', '14', 'FF', ... }
bytes = table.concat(bytes, ' ')
-- bytes = '00 14 FF ...'
return ('aobscanmodule(INJECT,game.exe,%s)'):format(bytes)
{$asm}
alloc(newmem,$1000,INJECT)
... |
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
Hunter926
How do I cheat?
![]() Reputation: 0
Joined: 06 Mar 2025
Posts: 2
|
| Posted: Fri Mar 07, 2025 5:53 pm Post subject: |
|
|
| ParkourPenguin wrote: | A label / symbol is an address. You can't store arbitrary values in it.
Even if it could, all `aobscan*` AA functions take a byte string literal- you can't pass a symbol in. You have to use Lua.
The smallest amount of Lua you'd need is to return a string that gets substituted back into the AA script.
| Code: | [ENABLE]
{$lua}
if syntaxcheck then return
'define(INJECT,0)'
end
local bytes = readBytes('game.exe+279B18', 6, true)
-- bytes = { 0, 20, 255, ... }
for i,v in ipairs(bytes) do
bytes[i] = ('%02X'):format(v)
end
-- bytes = { '00', '14', 'FF', ... }
bytes = table.concat(bytes, ' ')
-- bytes = '00 14 FF ...'
return ('aobscanmodule(INJECT,game.exe,%s)'):format(bytes)
{$asm}
alloc(newmem,$1000,INJECT)
... |
|
Thanks for the help!
I'm used to doing this kind of stuff in C# but have never had any experience with LUA.
I understand most of what you wrote, (had to google the for loop).
But one thing I don't quite understand is the %s in aobscanmodule.
From what I can find %s refers to a string without a 00 terminator.
How does aobscanmodule in your code get the value of the bytes to know what to read?
I'm assuming the last return line initiates an aobscan and is returning the symbol INJECT containing the address from the aobscan.
Really just curious how the scan is getting the "bytes" array and how the %s factors into it.
Thanks again!
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 150
Joined: 06 Jul 2014
Posts: 4652
|
| Posted: Fri Mar 07, 2025 10:24 pm Post subject: |
|
|
See string.format
https://www.lua.org/manual/5.3/manual.html#pdf-string.format
`('string1'):format(...)` is another way of writing `string.format(string1, ...)`
The format option `%s` substitutes a string into another string
| Code: | | assert(string.format('123%s', 'abc') == '123abc') |
The call `readBytes('game.exe+279B18', 6, true)` reads 6 bytes from the address 'game.exe+279B18' and returns the result as a Lua array (a table w/ keys starting at 1). The code between that and the return statement formats the table into a byte string.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
