How to update AOB script when the functions are changed?

Dec 16, 2017
70
0
6
#1
Hello Smart People!
I have question about - how to update aob script when the functions are changed? - how then update script?
I have one script and I found 100% correct memory region of the script but in new version of the game, the address where the script should be activated - has totally different functions but the rest memory region is 100% correct.

Is it possible to update such a script? or I must hack game once again?



 
Dec 16, 2017
70
0
6
#2
For [edx+3A4] I was doing something like that:



Memory region for SHOOT doesn't change at all. Only in TARGET memory region functions are changed and now I don't know what to do to make this script works again.

If I follow the CALL in the NEW MEMORY REGION I have something like this:



If I follow the next call at E8 80 00 00 00, then I have something like this:



So how to update that script?
 

Renardo La Moustache

What is cheating?
Mar 11, 2018
9
0
1
#3
nope this call or put a ret on the push ebp . maybe

Edit : never mind, some screenshot where not loaded when i answered. just ignore this :lol:
 

SunBeam

Administrator
Staff member
Administrative Team
Feb 4, 2018
349
33
28
#4
As long as the function doesn't change ASM shape between updates, you can rely on an AOB. Else - as seen in Dishonored 2 with major function cosmetics - you will have to find it again. One way I'd recommend to do it is - and this submits again to the same idea I started this reply with - finding one or all references to your function (open DLL in a debugger) and AOB those instead ;)

Example:

141000000:
push rbp
mov rbp,rsp
..
..
pop rbp
ret

Let's say the above is your function. And it's located at address 141000000. By finding all references to it you will encounter lots of "CALL 141000000" or "JMP 141000000". What you can then do - if the code around these CALLs/JMPs doesn't change - is AOB them to get to them. Then is only a matter of going inside the CALL or following the JMP to get to your function ;) This also works if the function at 141000000 changes its ASM form.

BR,
Sun