Use AoB to find base address
Posted: Sun Dec 10, 2017 2:19 pm
Hello everyone. I've been using cheat engine for quite a while now, but as I like to keep it simple with cheating, I used to stick with pointer scanning to make my own tables. Recently however, for some games pointer scanning didn't work (no useable pointers, or too many offsets). For example Stronghold 2 or Stronghold Crusader 2.
So I got a little deeper into the tutorial and learned about AoBscans. I followed Rydian's superb tutorial ([Link]) to learn how to make a script that finds the base address every time the game restarts (and then add the base+offset manually, which automatically updates).
Rydian mentions that in order for this to work you need the following condition fulfilled:
Thus, messing around with this code will give everyone the same amount of gold.
Furthermore, when I added the following script:
Then I 'Add address manually' with the following instruction: [_playerbase]+[_multiplier]*4
But the address I add constantly changes to reflect the last gold address that was accessed by the opcode. So I would like to ask, if no unique opcode can be found for gold (or at least not by me, I'm a complete assembly noob), how can I alter my script so that _playerbase and _offset only get stored if it's my gold that is being accessed by the opcode. Or is there an easier way to find an opcode that does only access my gold?
Thanks in advance!
So I got a little deeper into the tutorial and learned about AoBscans. I followed Rydian's superb tutorial ([Link]) to learn how to make a script that finds the base address every time the game restarts (and then add the base+offset manually, which automatically updates).
Rydian mentions that in order for this to work you need the following condition fulfilled:
This is the case for Stronghold 2, but unfortunately for Stronghold Crusader 2 when you look up the value for gold, only 1 useable opcode exists, and it is a code that accesses both my own gold and the gold of my enemies (nothing else):If 'Find out what addresses the instruction accesses' only shows one address as being accessed (which is in this case our health address) then you're good. However if it shows multiple addresses as being accessed, then that's not a decent target for this technique
Code: Select all
mov [edx+edi*4],eax
Furthermore, when I added the following script:
Code: Select all
[ENABLE]
aobscanmodule(INJECT,StrongholdBase.dll,89 04 8A 5B 74 1A) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
globalalloc(_playerbase,4)
globalalloc(_multiplier,4)
newmem:
code:
mov [_playerbase],edx
mov [_multiplier],ecx
mov [edx+ecx*4],eax
pop ebx
je StrongholdBase.StrongholdBase::Estate::GetKeep+2712
jmp return
INJECT:
jmp newmem
nop
return:
registersymbol(INJECT)
[DISABLE]
INJECT:
db 89 04 8A 5B 74 1A
unregistersymbol(INJECT)
dealloc(newmem)
But the address I add constantly changes to reflect the last gold address that was accessed by the opcode. So I would like to ask, if no unique opcode can be found for gold (or at least not by me, I'm a complete assembly noob), how can I alter my script so that _playerbase and _offset only get stored if it's my gold that is being accessed by the opcode. Or is there an easier way to find an opcode that does only access my gold?
Thanks in advance!