Scanning options

This pages describes all of the options for scanning.

Data Type

This specifies what type of data you're looking to search for:

• Byte (aka Int8)
• Int16 (aka short)
• Int32 (aka int)
• Int64 (aka long)
• Float (single precision, 32 bit floating point number)
• Double (double precision, 64 bit floating point number)
• String
• ByteArray

For integer types, the search query(ies) can be optionally parsed as hexadecimal.

The can also be unsigned by checking the "Unsigned" check box in the Integer tab.

Strings can be decoded in a specific encoding (e.g. UTF16), however, most strings are probably ASCII which is why it's the default. You can also toggle Ignore Cases to completely ignore capitalization of characters.

ByteArray is the byte/pattern scanning option (wildcard chars are completely optional!). You enter the bytes (in hexadecimal format) to search for, and for wildcards, just type a single question mark. Each byte/wildcard token is separated by a whitespace. For example: 04 C6 ? CA FE ? ? 02

Expression Mode

Note

Note, if you get NaN results, add v == v to your expression.

This is an alternative to Compare Mode, togglable via the Expr. button. The value field will be parsed as an expression, and if the computed value is non-zero, a result is added to the scan results list.

Expressions have variables:

• v is the value that was read from the console.
• For next scans, first and prev are the first and previous scan result values.

They can also call functions, such as sum(...) (which adds all of the parameters into a final value).

The expression library treats booleans with the assumption that true is non-zero and false is zero, regardless of type (Int32, Float, etc.). So technically, if you just set the expression as v, then any value that isn't zero will be found as a scan result, because the effectively compiled code is:

if ((v) != 0)
    // add scan result to UI

Some notes about floating point numbers

If you're new to floating point numbers, you may run into some weird issues.

NaN

You might get NaN results when your expressions checks a range that crosses zero (i.e. v <= 100 && v >= -100).

To solve this, you would make the expression v == v && v <= 100 && v >= -100.

== and !=

Not recommended. For example, for double-precision floats, 0.1 + 0.2 == 0.3 is actually false, whereas for single-precision floats, it is true. This is due to rounding issues. To get around this. you could do abs((0.1 + 0.2) - 0.3) < TOLERANCE. The tolerance could be, for example, 0.001, or anything you want. For "roughly" equal, use a number closer to 1.0. For very nearly equal, use a much smaller number. This might not work well for huge numbers (e.g. beyond 100,000).

This works because abs() converts negative numbers into positive. So if the result is smaller than the tolerance, they can be classed as "close enough".

Conditional Operators

Conditional AND (&&) and OR (||) operators are slightly different from Bitwise AND (&) and OR (|) in that they convert the value into a boolean first.

For example, the expression (v > 0.0 && v < 1000.0) || (v != 50.5) is effectively compiled as:

// Data type is float, so all values are floating point
if (((v > 0.0F ? 1.0F : 0.0F) && (v < 1000.0F ? 1.0F : 0.0F)) != 0.0F || (v != 50.0F ? 1.0F : 0.0F) != 0.0F)
    // add scan result to UI

So just to clarify, an expression like 500 or v || 1 or !0 will always yield true, and so you're literally just finding every single possible result based on your scan range.

Operator precedence

The precedence of operators is the same as the C# language. This means parts of the expression with higher-precedent operators are basically wrapped in brackets. 5 * ~10 ^ 5 / +15 & 0x7 + 20 is parsed as ((5 * (~10)) ^ ((5 / (+15)) & (7 + 20)))

Category	Operators
Unary	+v, -v, !v, ~v
Multiplicative	v * v, v / v, v % v
Additive	v + v, v - v
Binary Shifting	v << 1, v >> 1
Relational	v < 0, v <= 0, v > 0, v >= 0
Equality	v == 0, v != 0
Bitwise AND	v & 0xFF
Bitwise XOR	v ^ 0x7F
Bitwise OR	v | 0x80
Conditional/Boolean AND	v && first
Conditional/Boolean OR	first || prev

Compare Mode

Compare mode is the default alternative to expressions, where you specify how to compare a value to the console value.

Integer and Float types can be compared in a specific way:

• Equals
• Not Equals
• Less Than
• Less Than Or Equals
• Greater Than
• Greater Than Or Equals
• Between (shows two search query fields instead of 1)
• NotBetween (shows two search query fields instead of 1)

Strings can only be compared as equal. Byte arrays support wildcards but again can only be compared as equal.

Comparison Order

The console's value is the left comparand, and the search query is the right. Say you're searching for 23, and the engine read a value of 254, and the scan type is LessThan, the final comparison 254 < 23, which equates to false, meaning no scan result is created for 254.

If the scan type is Between, and your Min/Max query is 40 to 70, and the scanning engine has read a value of 55, the final comparison is 55 >= 40 && 55 <= 70, which equates to true, so you'll get a scan result.

Float Truncation

Floats have post-processing after being read from the console.

• Truncating to query means removing decimal places up to the amount present in the query. So if you search for 23.456 and the value read from the console is 23.456924, the console's value gets truncated to 23.456.
• Round to query is the same, except the last decimal number gets rounded (specifically rounded towards even, so 0.5 becomes 1.0, 0.4 becomes 0.0), so the value would end up as 23.457

More may be added in the future, with extra customisations.

"Any" (unknown data type)

This search mode lets you search for all data types at once. The "Unknown" tab allows you to change the order that integers are searched, while float/double/string are fixed. Any data type can be enabled/disabled, if you wish to do so

First/Previous Value

For numeric data types, you can toggle the First or Prev buttons on the right side of the search query. These toggle whether to use the First or Previous value (respectfully) as the actual search query.

Say you have some results and you've done a few next scans. Say the First value is 25, Previous value is 450, Current value is 234. Enabling First compares 234 to 25. So if Scan Type was LessThan, the comparison would be 234 < 25, which equates to false, so the scan result gets removed.

Additional Options (Memory Scanning Options)

This panel contains the Start/Length fields, as well as alignment, DEBUG PAUSE and scan memory pages.

• Start is the starting address of the scan
• Length is the amount of bytes to read.
• Align specifies the value to offset the current address being processed for each iteration. Code probably explains it better: for (addr = start; addr < (start + length); addr += align) // process value at addr
• DEBUG PAUSE toggles if the console is frozen during scanning. Freezing the console massively speeds up scan speeds, especially when playing a game.
• Scan Memory Pages toggles whether to process memory sections that are within the scan range. This can speed up scans if, for example, no actual memory is allocated for 50% of your scan range.

Note, if the console is already frozen when DEBUG PAUSE is enabled, it will become unfrozen after the scan finishes. Disable DEBUG PAUSE to stop this

First Scan, Next Scan, Reset

First scan processes the entire scan range (or all memory sections intersecting it, if Scan Memory Pages is ticked) and searches for values that match your search query(ies).

Next Scan reads the values from all of your scan results and compares it to the search query (or the first/prev value if you have those toggled), and removes any that no longer match.

Reset clears all scan results, allowing you to perform the first scan again.