Memory patterns

Discuss the development of Lua addons for Ashita v3 here.
Post Reply
shinzaku
Posts: 48
Joined: Wed May 17, 2017 8:34 am

Memory patterns

Post by shinzaku » Wed Jan 17, 2018 2:04 pm

Does anyone have any tips or tutorials on gathering the memory patterns for use with ashitas memory find and findpattern functions?
Trying to locate the amount of job points for players and keep that locked in without needing packets.

I know that the data is stored in an array per job, 2 bytes per value for: current CP, current JP, JP spent on job
User avatar
atom0s
Site Admin
Posts: 359
Joined: Sat May 14, 2016 5:13 pm

Re: Memory patterns

Post by atom0s » Wed Jan 17, 2018 2:38 pm

Memory patterns are used to locate pointers to specific data, such as in this case, job points. You would need to debug and reverse what function(s) are writing to the job point table and see if any of them hold a suitable pointer to the table to create a useful pattern. (Patterns are also referred to as array of bytes (AoB).) Cheat Engine's forums have more in-depth information about them and how to create them. I don't personally have the time to write a full-on tutorial for it though.

As a means to help you get started, here is the job points pattern I made and use in my EliteAPI on EliteMMO Network:

Code: Select all

    {
        "jobpoints",
        (BYTE*)"\xC3\x8D\x70\x08\xB9\xFF\xFF\xFF\xFF\xBF\xFF\xFF\xFF\xFF\xF3\xA5\x8A\x0D",
        "xxxxx????x????xxxx",
        10, 0
    },
The setup of this is:
- name
- pattern
- mask
- offset
- usage count (If the pattern is found more than once, which one to use, 0 means use the first one found.)

This points to:

Code: Select all

03EE7A14 - C3                    - ret 
03EE7A15 - 8D 70 08              - lea esi,[eax+08]
03EE7A18 - B9 25000000           - mov ecx,00000025 { 37 }
03EE7A1D - BF 2C1E2C04           - mov edi,042C1E2C { [00000000] }
03EE7A22 - F3 A5                 - repe movsd 
03EE7A24 - 8A 0D 201E2C04        - mov cl,[042C1E20] { [000F0013] }
03EE7A2A - 8B 7C 24 10           - mov edi,[esp+10]
03EE7A2E - 80 C9 04              - or cl,04 { 4 }
03EE7A31 - 88 0D 201E2C04        - mov [042C1E20],cl { [000F0013] }
03EE7A37 - 8B 87 C4780200        - mov eax,[edi+000278C4]
03EE7A3D - 85 C0                 - test eax,eax
03EE7A3F - 0F84 BE000000         - je 03EE7B03
03EE7A45 - BE 01000000           - mov esi,00000001 { 1 }
03EE7A4A - 56                    - push esi
03EE7A4B - FF 97 C4780200        - call dword ptr [edi+000278C4]
03EE7A51 - 83 C4 04              - add esp,04 { 4 }
03EE7A54 - 46                    - inc esi
03EE7A55 - 83 FE 16              - cmp esi,16 { 22 }
03EE7A58 - 7E F0                 - jle 03EE7A4A
03EE7A5A - 5F                    - pop edi
03EE7A5B - 5E                    - pop esi
03EE7A5C - B0 01                 - mov al,01 { 1 }
03EE7A5E - 5D                    - pop ebp
03EE7A5F - C3                    - ret 
Which is one of the funcs that touches the job points array which we can use to get the pointer to it.
Lead Ashita Developer

Want to donate to say thanks?
https://www.paypal.me/atom0s
shinzaku
Posts: 48
Joined: Wed May 17, 2017 8:34 am

Re: Memory patterns

Post by shinzaku » Fri Jan 19, 2018 6:24 am

Thanks again at0m0s! That was more than enough to get me started. :)
Post Reply