{$lua}
  memrec.OnActivate = function (memoryrecord, before, currentstate)
    if currentstate and not before then
       print("Bytes: " .. getAddress("endCode - startCode"))
    end
    return before
  end
{$ASM}

[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
aobscanmodule(INJECT,Tutorial-i386.exe,81 BB 80 04 00 00 E8 03 00 00) // should be unique
alloc(newmem,$1000)

label(code)
label(endCode)
label(startCode)
registerSymbol(startCode)
registerSymbol(endCode)

newmem:

code:
startCode:
  cmp [ebx+00000480],000003E8
  jmp return
endCode:

INJECT:
  jmp newmem
  nop
  nop
  nop
  nop
  nop
return:
registersymbol(INJECT)

[DISABLE]
//code from here till the end of the code will be used to disable the cheat
INJECT:
  db 81 BB 80 04 00 00 E8 03 00 00
unregistersymbol(startCode)
unregistersymbol(endCode)
unregistersymbol(INJECT)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "Tutorial-i386.exe"+23FE3

"Tutorial-i386.exe"+23FD1: C9                             -  leave
"Tutorial-i386.exe"+23FD2: C3                             -  ret
"Tutorial-i386.exe"+23FD3: 00 00                          -  add [eax],al
"Tutorial-i386.exe"+23FD5: 00 00                          -  add [eax],al
"Tutorial-i386.exe"+23FD7: 00 00                          -  add [eax],al
"Tutorial-i386.exe"+23FD9: 00 00                          -  add [eax],al
"Tutorial-i386.exe"+23FDB: 00 00                          -  add [eax],al
"Tutorial-i386.exe"+23FDD: 00 00                          -  add [eax],al
"Tutorial-i386.exe"+23FDF: 00 53 89                       -  add [ebx-77],dl
"Tutorial-i386.exe"+23FE2: C3                             -  ret
// ---------- INJECTING HERE ----------
"Tutorial-i386.exe"+23FE3: 81 BB 80 04 00 00 E8 03 00 00  -  cmp [ebx+00000480],000003E8
// ---------- DONE INJECTING  ----------
"Tutorial-i386.exe"+23FED: 75 2C                          -  jne Tutorial-i386.exe+2401B
"Tutorial-i386.exe"+23FEF: 8B 83 68 04 00 00              -  mov eax,[ebx+00000468]
"Tutorial-i386.exe"+23FF5: B2 01                          -  mov dl,01
"Tutorial-i386.exe"+23FF7: 8B 8B 68 04 00 00              -  mov ecx,[ebx+00000468]
"Tutorial-i386.exe"+23FFD: 8B 09                          -  mov ecx,[ecx]
"Tutorial-i386.exe"+23FFF: FF 91 20 02 00 00              -  call dword ptr [ecx+00000220]

 

MemoryRecord Class:
The memoryrecord objects are the entries you see in the addresslist

properties
  ID: Integer - Unique ID
  Index: Integer - The index ID for this record. 0 is top. (ReadOnly)
  Description: string- The description of the memory record
  Address: string - Get/set the interpretable address string. Useful for simple address settings.
  AddressString: string - Get the address string shown in CE (ReadOnly)
  OffsetCount: integer - The number of offsets. Set to 0 for a normal address
  Offset[] : integer - Array to access each offset
  OffsetText[] : string - Array to access each offset using the interpretable text style

  CurrentAddress: integer - The address the memoryrecord points to
  VarType: ValueType (string) - The variable type of this record. See vtByte to vtCustom
  Type: ValueType (number) - The variable type of this record. See vtByte to vtCustom
    If the type is vtString then the following properties are available:
     String.Size: Number of characters in the string
     String.Unicode: boolean
     String.Codepage: boolean

    If the type is vtBinary then the following properties are available
      Binary.Startbit: First bit to start reading from
      Binary.Size : Number of bits

    If the type is vtByteArray then the following properties are available
      Aob.Size : Number of bytes

  CustomTypeName: String - If the type is vtCustom this will contain the name of the CustomType
  Script: String - If the type is vtAutoAssembler this will contain the auto assembler script
  Value: string - The value in stringform.
  Selected: boolean - Set to true if selected (ReadOnly)
  Active: boolean - Set to true to activate/freeze, false to deactivate/unfreeze
  Color: integer
  ShowAsHex: boolean - Self explanatory
  ShowAsSigned: boolean - Self explanatory
  AllowIncrease: boolean - Allow value increasing, unfreeze will reset it to false
  AllowDecrease: boolean - Allow value decreasing, unfreeze will reset it to false
  Collapsed: boolean - Set to true to collapse this record or false to expand it. Use expand/collapse methods for recursive operations. 
  IsGroupHeader: boolean - Set to true if the record was created as a Group Header with no address or value info. (ReadOnly)
  IsReadable: boolean - Set to false if record contains an unreadable address. NOTE: This property will not be set until the value property is accessed at least once. (ReadOnly)

  Options: String set - a string enclosed by square brackets filled with the options seperated by a comma. Valid options are: moHideChildren, moActivateChildrenAsWell, moDeactivateChildrenAsWell, moRecursiveSetValue, moAllowManualCollapseAndExpand, moManualExpandCollapse
  
  DropDownLinked: boolean - if dropdown list refers to list of another memory record eg. (memrec name)
  DropDownLinkedMemrec: string - Description of linked memrec or emptystring if not linked
  DropDownList : StringList - list of "value:description" lines, lists are still separate objects when linked, read-write
  DropDownReadOnly: boolean - true if 'Disallow manual user input' is set
  DropDownDescriptionOnly: boolean - self explanatory
  DisplayAsDropDownListItem: boolean - self explanatory
  DropDownCount: integer - equivalent to .DropDownList.Count
  DropDownValue[index] : Array to access values in DropDownList (ReadOnly)
  DropDownDescription[index] : Array to access Descriptions in DropDownList (ReadOnly)

  Count: Number of children
  Child[index] : Array to access the child records
  [index] = Child[index]
  Parent: MemoryRecord - self explanatory

  HotkeyCount: integer - Number of hotkeys attached to this memory record
  Hotkey[] : Array to index the hotkeys

  Async: Boolean - Set to true if activating this entry will be asynchronious. (only for AA/Lua scripts)
  AsyncProcessing: Boolean - True when async is true and it's being processed
  AsyncProcessingTime: qword - The time that it has been processing in milliseconds

  OnActivate: function(memoryrecord,before,currentstate):boolean - The function to call when the memoryrecord will change (or changed) Active to true. If before is true, not returning true will cause the activation to stop.
  OnDeactivate: function(memoryrecord,before,currentstate):boolean - The function to call when the memoryrecord will change (or changed) Active to false. If before is true, not returning true will cause the deactivation to stop.
  OnDestroy: function() - Called when the memoryrecord is destroyed.
  OnGetDisplayValue: function(memoryrecord,valuestring):boolean,string - This function gets called when rendering the value of a memory record. Return true and a new string to override the value shown
  DontSave: boolean - Don't save this memoryrecord and it's children

methods
  getDescription()
  setDescription()
  getAddress() : Returns the interpretable addressstring of this record. If it is a pointer, it returns a second result as a table filled with the offsets
  setAddress(string) : Sets the interpretable address string, and if offsets are provided make it a pointer

  getOffsetCount(): Returns the number of offsets for this memoryrecord
  setOffsetCount(integer): Lets you set the number of offsets

  getOffset(index) : Gets the offset at the given index
  setOffset(index, value) : Sets the offset at the given index

  getCurrentAddress(): Returns the current address as an integer (the final result of the interpretable address and pointer offsets)

  appendToEntry(memrec): Appends the current memory record to the given memory record

  getHotkey(index): Returns the hotkey from the hotkey array
  getHotkeyByID(integer): Returns the hotkey with the given id

  reinterpret()
  createHotkey({keys}, action, value OPTIONAL): Returns a hotkey object 

  disableWithoutExecute(): Sets the entry to disabled without executing the disable section

global events
  function onMemRecPreExecute(memoryrecord, newstate BOOLEAN):
    If above function is defined it will be called before action* has been performed.
    Active property is about to change to newState.
  
  function onMemRecPostExecute(memoryrecord, newState BOOLEAN, succeeded BOOLEAN):
    If above function is defined it will be called after action*.
    Active property was supposed to change to newState.
    If 'succeeded' is true it means that Active state has changed and is newState.
    
    newState and succeeded are read only.
  
    *action can be: running auto assembler script (ENABLE or DISABLE section), freezing and unfreezing.