AOB Inject Byte Resets w/ Wildcards

arlight1

Cheater
Fearless Donors
Apr 25, 2017
40
0
6
#1
Hello everyone, sorry for making a new topic for this question, but I wanted it separate due to the nature of it.

If I've got a AOB injection script that has a signature of:
F3 41 0F 59 B7 ?? 00 00 00

How can I make it's [DISABLE] redefining fill in the ?? or * to what it is supposed to be as when it found that array? So right now it finds and injects at:

F3 41 0F 59 B7 ?? 00 00 00

but redefines those bytes when disabled at:
db F3 41 0F 59 B7 88 00 00 00

As you can the 88 sometimes changes, which is problematic when disabling the script. Any way to do this?

Thanks.
 

STN

Pleb
Staff member
Administrator
Mar 2, 2017
3,028
60
48
#2
in [enable}

readmem the bytes to an allocated memory, then in disable, simple restore those saved bytes using readmem on your allocated memory.
 

arlight1

Cheater
Fearless Donors
Apr 25, 2017
40
0
6
#3
STN post_id=7061 time=1493611810 user_id=48 said:
in [enable}

readmem the bytes to an allocated memory, then in disable, simple restore those saved bytes using readmem on your allocated memory.
I'm sorry, could you provide an example, I don't really follow?
 

STN

Pleb
Staff member
Administrator
Mar 2, 2017
3,028
60
48
#4
psuedo code
game.exe+92ace 8b 9f 45 44 01 mov bla bla

[enable]
savebytes:
readmem(aobpoint, 5) //8b 9f 45 44 01
cave:
//awesome injection
//if you wish to recreate original code
readmem(aobpoint, 5)
jmp return

aobpoint: //game.exe+92ace
jmp cave
return:

[disable]
aobpoint:
readmem(savebytes, 5) // 8b 9f 45 44 01
 

arlight1

Cheater
Fearless Donors
Apr 25, 2017
40
0
6
#5
STN post_id=7165 time=1493690914 user_id=48 said:
psuedo code
game.exe+92ace 8b 9f 45 44 01 mov bla bla

[enable]
savebytes:
readmem(aobpoint, 5) //8b 9f 45 44 01
cave:
//awesome injection
//if you wish to recreate original code
readmem(aobpoint, 5)
jmp return

aobpoint: //game.exe+92ace
jmp cave
return:

[disable]
aobpoint:
readmem(savebytes, 5) // 8b 9f 45 44 01
Great! Thank you.
 
Top Bottom