[SOLVED] Sneaky Hidden Pointer?

Want Cheat Engine to do something specific and no idea how to do that, ask here. (From simple scripts to full trainers and extensions)
Post Reply
3oddbits
Noobzor
Noobzor
Posts: 10
Joined: Thu Jul 06, 2017 6:32 pm
Reputation: 0

[SOLVED] Sneaky Hidden Pointer?

Post by 3oddbits » Sat Jul 15, 2017 10:52 pm

This coding has the real address static while the AoB changes with every load of the game. :!:
Also, AutoAssemble fails to build this code. A nop attempt under Advanced Options throws a warning about 'doesn't contain what it should'
Is it really a sneaky hidden pointer put where it should not be?

All the info I have read on Assembly doesn't mention this as 'proper code'.
What is the proper way to pull the value from 'game.exe+5DBAC8' into that line of code?
AND / OR
If I want to change 'sub' to 'add', or even better, have the result 'no change', how?

On every attempt I have made, the failure(s) have suggested that 'game.exe+5DBAC8' needs to go away for AutoAssemble to work.

Problem Line of Code :

Code: Select all

game.exe+F456E - 29 04 FD C8 BA 6B 01     - sub [edi*8+game.exe+5DBAC8],eax
Address referred to ???

Code: Select all

game.exe+5DBAC7 - 00 00                 - add [eax],al
game.exe+5DBAC9 - 00 F0                 - add al,dh
Thank you for your time.
Last edited by 3oddbits on Mon Jul 17, 2017 1:47 am, edited 1 time in total.

Squall8
Expert Cheater
Expert Cheater
Posts: 176
Joined: Fri Mar 03, 2017 7:43 am
Reputation: 91

Re: [HELP] Sneaky Hidden Pointer?

Post by Squall8 » Sun Jul 16, 2017 1:27 am

Use wildcards in your aob for the bytes that change. Example below.

Youre going to need to make your signature more unique as well. Use readmem in your script to get a read off of the bytes that change. You can set it up like this:

Code: Select all

aobscan/module(aobname,29 04 FD * * * * xx xx xx xx xx xx....)
alloc(newmem,$1000,whatever)

label(code)
label(return)

newmem:
  jmp return  //Your code goes here. //Simply putting a "jmp return" here will stop the instruction from executing.

code:
  readmem(aobname,7) //Parameter:  --(address/symbol,number of bytes to read)
  jmp return

aobname:
  jmp newmem
return:
registersymbol(aobname)
registersymbol(code)

[DISABLE]

aobname:
  readmem(code,7)

unregistersymbol(aobname)
unregistersymbol(code)
dealloc(newmem)
That is the most simplest way to write it out. There is a bit more for the parameters for readmem, I suggest reading up on it.

User avatar
SunBeam
Trouble Makers
Trouble Makers
Posts: 354
Joined: Thu Mar 02, 2017 10:15 pm
Reputation: 95

Re: [HELP] Sneaky Hidden Pointer?

Post by SunBeam » Sun Jul 16, 2017 11:21 pm

My impression is he's not looking at executable code, but the representation of HIS address in ASM code (his address looked at in top part of Memory Viewer).

3oddbits
Noobzor
Noobzor
Posts: 10
Joined: Thu Jul 06, 2017 6:32 pm
Reputation: 0

Re: [HELP] Sneaky Hidden Pointer?

Post by 3oddbits » Mon Jul 17, 2017 1:44 am

@Squall8

Thanks! :D
It worked. Two lines of mutating AoB no longer cause 'can't find it' problems.
Used nop instead to match bit count for the line. Tested with three reboots.

Post Reply

Who is online

Users browsing this forum: Baidu [Spider]