I've not tested all addreses for 10.78, but all seems to work.
I've not tested all addreses for 10.78, but all seems to work.
How to find battlelist address --> http://tpforums.org/forum/thread-8146.html
Updating addresses --> http://tpforums.org/forum/thread-8625.html
DataReader --> http://tpforums.org/forum/thread-10387.html
I've been using a similar system for XenoBot for about a year now, and there's some things I've learned:
1. Lua is your friend. Making your scanning scriptable so you can use logic in the scan is immensely helpful for hard-to-find addresses.
2. Wild-cards are awesome, it seems like you current don't support them.
3. Utilities like locateNextFunctionCallTarget and locateNextJumpTarget and findReferencesToString will make your patterns make much more sense.
4. Many addresses are co-dependent, so using one address to find another is useful.
I use a functional-style way of defining how to locate addresses, wrapped inside of Lua tables. In hindsight, this could be cleaner, but it looks like this:
Code:{ name = "RSAKey", match = {LocateString}, args = { "13212", 1, true } }Code:local packetMatcher = {LocateFunctionHead, LocatePattern} function GeneratePacketCreationPattern(packetType) return {0xB9, packetType, 0, 0, 0, 0xE8} end {name = "Speak", match = packetMatcher, args = {GeneratePacketCreationPattern(0x96), 1}}, {name = "PrivateMessage", match = packetMatcher, args = {GeneratePacketCreationPattern(0x96), 2}}, {name = "BrowseField", match = packetMatcher, args = {GeneratePacketCreationPattern(0xCB)}}, {name = "UseItem", match = packetMatcher, args = {GeneratePacketCreationPattern(0x82)}}, {name = "UseItemWithItem", match = packetMatcher, args = {GeneratePacketCreationPattern(0x83)}}, {name = "UseWithCreature", match = packetMatcher, args = {GeneratePacketCreationPattern(0x84)}}, {name = "MoveItem", match = packetMatcher, args = {GeneratePacketCreationPattern(0x78)}}Code:{ name = "SendOutgoingPacket", match = { LocateFunctionHead, LocatePattern }, args = { {0x25, 0x07, 0x00, 0x00, 0x80} } }, { name = "SendPacketJump", match = { {add, {0x0A}}, GetKnownAddress }, args = { "SendOutgoingPacket" } }, { name = "SendPacketRestore", match = { {add, {0x06}}, GetKnownAddress }, args = { "SendPacketJump" } },
Of course, all of the above are at the cost of speed. For my 70~ addresses, my updater takes about a minute. It could probably be optimized by changing the way it scans, but here accuracy and ease is quite a bit better than speed.
Hopefully this gives you some ideas Now my competitors know my secret to 30-minute updates, though >
Thanks Dark for showing intrest in this thread.
I was thinking on adding a new function to compare byte arrays like this should match.
Code:byte[] SearchBytes = new byte[] { 0x6A, 0x01, 0x6A, 0xFF, 0x6A, 0xFF, 0xE8 }; byte[] RealBytes = new byte[] { 0x6A, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xE8 };Code:public List<int> ScanBytes(byte[] value,int ignoreAtPos,int IgnoreLen)
How to find battlelist address --> http://tpforums.org/forum/thread-8146.html
Updating addresses --> http://tpforums.org/forum/thread-8625.html
DataReader --> http://tpforums.org/forum/thread-10387.html
If you look at what I did with CodeReload (an old, XML-based scanner), you might get some ideas.
https://github.com/nickcano/codereload
Specifically, the pattern descriptions:
This is the part you would be interested inCode:<!-- 0xFFFF is wildcard match (Actually, anything prefixed with 0xFF__ will be wildcard, so the last 2 digits could be used for personal reference or whatever .. but 0xFF00 is reserved) 0xFF00 matches the start of where our address is in the pattern (defaults to 0-index) 0xFE02 will match anything less than 2 (0xFE03 less than 3, etc) 0xFD02 will match anything greater than 2 (0xFD03 greater than 3, etc) Anything else can be matched by its actual value -->
It ould probably be much more optimized if you flipped the entire statement over, since 0x00 compareType will be the most common, but 3-year-ago-me didn't think of that :P .. or you could just use a switchCode:BYTE compareType = (this->data[p] & 0xFF00) / 0x100; BYTE compareValue = this->data[p] & 0xFF; bool valid = false; if (compareType == 0xFF) valid = true; else if (compareType == 0xFE && inData[p] < compareValue) valid = true; else if (compareType == 0xFD && inData[p] > compareValue) valid = true; else if (compareType == 0x00 && inData[p] == compareValue) valid = true;
Added some more addresses and functions
How to find battlelist address --> http://tpforums.org/forum/thread-8146.html
Updating addresses --> http://tpforums.org/forum/thread-8625.html
DataReader --> http://tpforums.org/forum/thread-10387.html
github it! gonna be easier to follow its growth.
What about a "byte mask" while searching for the patterns? I guess would be easier to find a good array of bytes using something like:
byte[] pattern = {0x1, 0x2, 0x3, 0xFFF, 0xFFF, 0x6, 0x7, 0xFFF, 0x9};
It would kinda ignore the "0xFFF" byte and don't look if they match in the array, so where there are addresses in a sequence, we can just "skip" them and keep checking ahead. It's just an idea, didn't checked the code that much yet.
Edit: Well, looking into the code, I just made it work with this "mask" I was talking about.
Of course I had to change the arrays to "int" since byte max value is 255(0xFF), so I used a "fixed" value to the mask, 0x100 (256 in int), and changed the for loop in the memory scanner:
PHP Code:
//It is just an example
int[] SearchBytes = new int[] { 0x83, 0xCF, 0xFF, 0x100, 0x100, 0x100, 0x100, 0xCC, 0xFE, 0xFF, 0xFF, 0x81, 0x100, 0x100, 0x3D, 0x5B }; //0x100 bytes will be ignored in the byte match scan
//New method to scan
public List<int> ScanBytes(int[] value)
{
List<int> result = new List<int>();
int len = value.Length;
int end = Buffer.Length - len;
for (int i = 0; i < end; ++i)
{
int j = 0;
for (; j < len; ++j)
{
if(value[j] == 0x100) continue;
if (Buffer[i + j] != (byte)value[j]) break;
}
if (j == len)
{
result.Add(MemoryStarts + i);
}
}
return result;
}
Last edited by Casky; 05-13-2015 at 09:25 PM.
Good idea, better than FF since byte is from 0 to 255
How to find battlelist address --> http://tpforums.org/forum/thread-8146.html
Updating addresses --> http://tpforums.org/forum/thread-8625.html
DataReader --> http://tpforums.org/forum/thread-10387.html
I thought that one byte max value was 255 == 0xFF
Or -127 to 128? like c# sbyte?
Last edited by klusbert; 05-13-2015 at 11:59 PM.
How to find battlelist address --> http://tpforums.org/forum/thread-8146.html
Updating addresses --> http://tpforums.org/forum/thread-8625.html
DataReader --> http://tpforums.org/forum/thread-10387.html