Isolating New Values

[ikene]

Is it possible to show only new values introduced since the last search?

For example, let's say I've done a Dword new search for "100" in 'all memory', and moments later I want to search for the same value again, but return results for only new values of "100" that weren't previously reported.

I wasn't able to figure out if this can be done in 'How has the value changed?' dialog box.

Thank you

[CmP]

This can be accomplished through lua script.
In general terms, the algorithm is next:

1. Perform a search for desired value (gg.searchNumber).
2. Save the results in variable t1 (gg.getResults).
3. Clear results list (gg.clearResults).
4. Perform a search for desired value.
5. Save the results in variable t2.
6. Create variable t3 as a new table.
7. Iterate over table t2. In each iteration check, if element with the same address exists in t1 (by iterating over t1). If exists - skip to next iteration, if not - add element to table t3.

Table t3 will contain all elements which value became equal to desired value since first search.

[Enyby]

It will be very slow, plus you will not be able to process more than 100,000 from each search.

[CmP]

2 hours ago, CmP said:

Table t3 will contain all elements which value became equal to desired value since first search.

Though, at the moment, it is not possible to set search results to contain custom list of elements through lua script.
That's why you may want to slightly modify the algorithm, so it will leave only required elements in results list.

Table t3 that is created in the step 6 will be used not for storing elements that meet the condition but elements that do not meet it (i.e. which need to be deleted from search results list). For this, in the step 7 you will need to add element to table t3 only if it exists in t1 and do nothing otherwise. After this, one more step is needed, step 8 - remove elements with addresses contained in table t3 from results list (gg.removeResults).
Note: you will also need to specify type of element when adding it to table t3.

[Enyby]

In general it can be:

1. Read 100,000 chunk, store to file

2. Remove loaded chunk from result set, fetch next chunk.

3. Repeat until not fetch all data from search.

4. Make second search.

5. Load data from file in small chunks.

6. Remove from search loaded chunks.

7. Repeat untill not fetch all data from file.

8. Load results from search list. It is exactly what you want.

 

It must be very slow. And take a lot of space on disk.

[NoFear]

Unknown dword.

When the moment comes to search the new introduced value, unknown changed (or increased or decreased). Then search 100.

If you are trying to track a value that relocates due to menu changes or something. You could, every time you load menu, unknown changed, unknown changed.... And if this narrows results enough, one might be a pointer, that always points to that 100 value, no matter where it is.

[CmP]

Thanks to @Enyby for his algorithm to solve the task and for explanation about gg.removeResults function.

Here is the function to show only new introduced values between 2 searches with same parameters, works only when count of search results is less than 100,000.

Description
        Performs the search with given parameters, then closes GG interface. Waits for user to press GG icon, then performs the search once again. Removes the results from first search from current search results. Only new values, that were introduced after first search and meet search condition remain in search results.

Parameters
        Same as for gg.searchNumber function.

Returns
        Table or string with error (see returned value in gg.getResults function).

Code

local function newValuesSearch(text, type_, encrypted, sign, memoryFrom, memoryTo)
  local operationResult
  
  gg.clearResults()
  operationResult = gg.searchNumber(text, type_, encrypted, sign, memoryFrom, memoryTo)
  if type(operationResult) == 'string' then
    return operationResult
  end
  
  local resultsCount = gg.getResultCount()
  if resultsCount > 100000 then
    return 'Can\'t process more than 100,000 results'
  end

  local firstSearchResults = gg.getResults(resultsCount)
  if type(firstSearchResults) == 'string' then
    return firstSearchResults
  end
  
  if gg.isVisible() then
    gg.setVisible(false)
  end
  while true do
    if gg.isVisible() then
      break
    else
      gg.sleep(100)
    end
  end
  
  gg.clearResults()
  operationResult = gg.searchNumber(text, type_, encrypted, sign, memoryFrom, memoryTo)
  if type(operationResult) == 'string' then
    return operationResult
  end
  
  resultsCount = gg.getResultCount()
  if resultsCount > 100000 then
    return 'Can\'t process more than 100,000 results'
  end
  
  operationResult = gg.removeResults(firstSearchResults)
  if type(operationResult) == 'string' then
    return operationResult
  end

  local newValues = gg.getResults(100000)
  if type(newValues) == 'string' then
    return newValues
  end
  
  return newValues
end

 Example of usage

local values = newValuesSearch('111', gg.TYPE_DWORD)
if type(values) == 'string' then
  print('Error: ', values)
else
  for i = 1, 5 do
    print('Address of result №' .. i .. ': ' .. tostring(values[i].address))
    print('Type of result №' .. i .. ': ' .. tostring(values[i].flags))
    print('Value of result №' .. i .. ': ' .. tostring(values[i].value))
  end
end

 

[ikene]

Thank you all, very helpful in understanding the GG better.

CmP, I loaded the script but am not sure how to get it to work. I did a New Search and when I run the script, it says 'Script ended:', and I have options to 'Restart', 'Copy', or 'OK'.

[CmP]

8 hours ago, ikene said:

CmP, I loaded the script but am not sure how to get it to work.

Learn Lua at least on basic level, also read GG API docs.
https://gameguardian.net/help/index.html

You need to call the function for it to work, see example of usage.
And consider that function declaration needs to be above any call to it.