Question about AOB and fast injection

Memory scanning, code injection, debugger internals and other gamemodding related discussion
Post Reply
User avatar
SilverRabbit90
Table Makers
Table Makers
Posts: 214
Joined: Fri Jan 15, 2021 12:01 am
Reputation: 191

Question about AOB and fast injection

Post by SilverRabbit90 »

The game is Soul Sacrifice Delta for Vita3K (emulator).
First Question:
I would like to know how do you activate a code even without having done the action that triggers that code? Let me explain when I start the game and in the main Menu (or in a mission) I try to activate any cheat it gives me the error "<<Error while scanning for AOB's: NameOfTheScript Error: Not all results found>>", for example if I try to activate the script to have unlimited Skills if I try to activate the script without first using a Skill the script does not activate, instead if I try to activate the script after using any Skill the script activates without errors. In fact, when I try to search the Array with chet engine, if I don't use any Skill, chet engine finds 0 results otherwise it finds the result I'm looking for. I think the problem is that the AOB hasn't been igneted in the game yet, I guess I have to replace some values with ?? or xx (like when updating a script after the game has been updated or like after restarting the game on the PCSX2 emulator). Is there any way to find the right arrey even without doing the necessary action?

Second Question:
When I try to activate a script Cheat Engine takes a long time to activate the script, it can take up to three minutes. Is there a way to speed up activation?
For example for the infinite Skills cheat I made this script:
Spoiler

Code: Select all

{ Game   : Vita3K.exe
  Version: 
  Date   : 2023-02-06
  Author : SilverRabbit90

  This script does blah blah blah
}

[ENABLE]

aobscan(SkillCountAA,01 00 00 43 89 44 35 00 41 8B 47 2C 89) // should be unique
alloc(newmem,$1000,SkillCountAA)

label(code)
label(return)

newmem:

code:
mov eax,(int)99
  mov [r13+r14+00],eax
  jmp return

SkillCountAA+03:
  jmp newmem
return:
registersymbol(SkillCountAA)

[DISABLE]

SkillCountAA+03:
  db 43 89 44 35 00

unregistersymbol(SkillCountAA)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: 1E02EA74056

1E02EA7402F: CC                    - int 3 
1E02EA74030: E8 DB 6F FD FD        - call 1E02CA4B010
1E02EA74035: E9 21 FF FF FF        - jmp 1E02EA73F5B
1E02EA7403A: CC                    - int 3 
1E02EA7403B: 0F 1F 44 00 00        - nop dword ptr [rax+rax+00]
1E02EA74040: 41 8B 47 08           - mov eax,[r15+08]
1E02EA74044: 83 C0 00              - add eax,00
1E02EA74047: 41 89 47 0C           - mov [r15+0C],eax
1E02EA7404B: 45 8B 77 24           - mov r14d,[r15+24]
1E02EA7404F: 41 81 C6 AC 01 00 00  - add r14d,000001AC
// ---------- INJECTING HERE ----------
1E02EA74056: 43 89 44 35 00        - mov [r13+r14+00],eax
// ---------- DONE INJECTING  ----------
1E02EA7405B: 41 8B 47 2C           - mov eax,[r15+2C]
1E02EA7405F: 89 44 24 30           - mov [rsp+30],eax
1E02EA74063: 31 C0                 - xor eax,eax
1E02EA74065: 44 8B 74 24 30        - mov r14d,[rsp+30]
1E02EA7406A: 41 83 FE 00           - cmp r14d,00
1E02EA7406E: F5                    - cmc 
1E02EA7406F: 9F                    - lahf 
1E02EA74070: 0F 90 C0              - seto al
1E02EA74073: 41 89 47 4C           - mov [r15+4C],eax
1E02EA74077: 48 83 6C 24 20 04     - sub qword ptr [rsp+20],04
}
Searching online I saw that aobscan should be changed to obiscanregion or aobscanmodule, but I don't know what I have to do in the script, also because the injection point changes every time the game starts (// ORIGINAL CODE - INJECTION POINT: 1E02EA74056).
Does anyone have a solution?
Thank you

neroxros
Novice Cheater
Novice Cheater
Posts: 15
Joined: Wed Jan 25, 2023 4:13 pm
Reputation: 27

Re: Question about AOB and fast injection

Post by neroxros »

I don't have an answer for your first question, but for your second question, I suggest using aobscanregion, like this:

aobscanregion(SkillCountAA,?,?,01 00 00 43 89 44 35 00 41 8B 47 2C 89)

Then change the question marks to roughly where the address of your aob is. For example if the address of your aob was at "300A4FDE", then your range is 30000000,40000000.

Like this:
aobscanregion(SkillCountAA,30000000,40000000,01 00 00 43 89 44 35 00 41 8B 47 2C 89)

Post Reply

Who is online

Users browsing this forum: No registered users