Help: AOB Scan script crashes my CE!

sh00ter999

sh00ter999

Cheater
Joined
Jan 15, 2018
Messages
39
Hey folks,

this is an issue that might not take longer than a few seconds for a trained pair of eyes to find, but here's what I am currently stuck with:

I want to change my character's name, and I want to re-find my address with an array of bytes. I found a unique signature that returns only one result after each game restart.

The problem is writing a script and dropping the appropriate address into a label that I can re-use if I add it manually to CE.

I followed a video tutorial that showed a working script for the exact thing I'm trying to accomplish, but in my case, Cheat Engine freezes and shuts down. When I manually scan for the aob signature, then I get one result succesfully, after about 2 seconds of total scan time.
Code:
<i>
</i>[ENABLE]
aobscan(INJECT,7A 01 00 00 00 00 00 A4 17 00 00 ?? ?? ?? ?? 01 00 00 00 00 00 00 00 00 00 00 00 ?? FB 2B 03 00 00 00 00 00 13 4A 4D 00 13 4A 4D 00 2D 00 00 00) // should be unique
label(name)
registersymbol(name)


INJECT:
name:
//I'm unsure about this part, but it seemed to work in the video. 

registersymbol(INJECT) //tutorial did not register his AOB Symbol, but I tried both with and without, no success.


[DISABLE]
unregistersymbol(name)
unregistersymbol(INJECT)
 
jungletek

jungletek

Expert Cheater
Joined
Oct 17, 2017
Messages
205
Use aobscanmodule() instead, like:
Code:
aobscanmodule(INJECT,gamename.exe,FF FF AA AA ** FF)
Obviously replace the AOB name, game executable name, and byte pattern to match your use-case.

Here's a simple example (trimmed a bit of fluff that the template I used adds) of an AOB for ntdll.dll (I quickly loaded notepad.exe which uses this DLL, to make this example):
Code:
[ENABLE]
aobscanmodule(INJECT,ntdll.dll,48 89 11 48 83 C1 08 49) // should be unique
registersymbol(INJECT)

[DISABLE]
unregistersymbol(INJECT)
Then to have the address that the AOB corresponds to show up as a table entry, just add a new entry with INJECT (or whatever your registered symbol name is) as the address.

Now, if this actually isn't what you wanted (you instead want the address that the code which the AOB points to manipulates), then you've got do do what's known as an injection copy. This basically lays it out: https://wiki.cheatengine.org/index.php?title=Tutorial:CodeInjection_EditableValues
 
SunBeam

SunBeam

Administrator
Staff member
Administrator
Joined
Feb 4, 2018
Messages
3,490
^ "aobscanmodule" won't help him. Read one more time what he said :p -> "I want to change my character's name, and I want to re-find my address with an array of bytes. I found a unique signature that returns only one result after each game restart." - you can bet your ass that signature isn't part of the game module. So he's doing fine scanning whole memory. He has other problems :p

Why call the address "INJECT" if your script doesn't suggest any injection? I mean, for INJECT to be something that'd make sense, you'd need an "alloc" and re-routing of code to your hook. All you're doing is scanning for a signature.

Try this:
Code:
[ENABLE]

// first define your labels and register them
label( _name )
registersymbol( _name )

// scan for your stuff
aobscan( name_AOB, 7A 01 00 00 00 00 00 A4 17 00 00 ?? ?? ?? ?? 01 00 00 00 00 00 00 00 00 00 00 00 ?? FB 2B 03 00 00 00 00 00 13 4A 4D 00 13 4A 4D 00 2D 00 00 00)

// now you want to associate _name with name_AOB, so..
_name: // this label
name_AOB: // becomes this label

[DISABLE]

// always unregister your shit on DISABLE
unregistersymbol( _name )
There you go. You can also do it in one go, using "_name" directly instead of "name_AOB"; just like @jungletek suggested:
Code:
[ENABLE]

// scan for your stuff
aobscan( _name, 7A 01 00 00 00 00 00 A4 17 00 00 ?? ?? ?? ?? 01 00 00 00 00 00 00 00 00 00 00 00 ?? FB 2B 03 00 00 00 00 00 13 4A 4D 00 13 4A 4D 00 2D 00 00 00)
registersymbol( _name )

[DISABLE]

unregistersymbol( _name )
As far as crashing is concerned, that's something internal for which I doubt you can do anything via posting on the forums. Check your TEMP folder (CE > top right > Settings > Scan Settings > "Store the temporary scanfiles here instead"), that you have enough space on the drive when you do that whole memory scan. Then also try checking or unchecking MEM_MAPPED checkbox in Scan Settings. See if it has any effect.

BR,
Sun
 
sh00ter999

sh00ter999

Cheater
Joined
Jan 15, 2018
Messages
39
Thank you guys so much for your attention and replying!

What exactly is the differene between aobscanmodule and aobscan? From the bits here I gather that aobscanmodule only focuses on a single process, whereas aobscan scans my entire RAM? Is that it? That might indeed explain why my CE freezes for a good 15 seconds or more.

But after trying SunBeams snippet and sitting patiently, it finally worked. Cheat Engine froze again for a while, but then it set the checkmark to my script and my symbol carried the address I wanted :D



Why call the address "INJECT" if your script doesn't suggest any injection?
Fair point, lol. I was just using the AOB injection template from CE and cut away pieces from it that I didn't utilize, but I kept the AOB name.
There you go. You can also do it in one go, using "_name" directly instead of "name_AOB"; just like @jungletek suggested:
That's very neat, I will try to remember this. If my desired address is at AOB+30, then I would dump it into my _name symbol like so?
Code:
_name:
name_AOB+30:

As far as crashing is concerned, that's something internal for which I doubt you can do anything via posting on the forums. Check your TEMP folder (CE > top right > Settings > Scan Settings > "Store the temporary scanfiles here instead"), that you have enough space on the drive when you do that whole memory scan. Then also try checking or unchecking MEM_MAPPED checkbox in Scan Settings. See if it has any effect.

That's also a fair point and good advice, as I was running into this problem recently, where my C drive ran full while scanning some float and I didn't even realize, but that has been taken care off. I'm not sure if that was the issue I had when I did the name scanning. If I use aobscan, it just seems to freeze for roughly 20 seconds until it retrieves the address. I will try the MEM_MAPPED setting ASAP!

Thank you two once more, I appreciate it :D
 
Top