[SOLVED] Sneaky Hidden Pointer?

3oddbits

What is cheating?
Jul 6, 2017
11
0
1
#1
This coding has the real address static while the AoB changes with every load of the game. :!:
Also, AutoAssemble fails to build this code. A nop attempt under Advanced Options throws a warning about 'doesn't contain what it should'
Is it really a sneaky hidden pointer put where it should not be?

All the info I have read on Assembly doesn't mention this as 'proper code'.
What is the proper way to pull the value from 'game.exe+5DBAC8' into that line of code?
AND / OR
If I want to change 'sub' to 'add', or even better, have the result 'no change', how?

On every attempt I have made, the failure(s) have suggested that 'game.exe+5DBAC8' needs to go away for AutoAssemble to work.

Problem Line of Code :
Code:
game.exe+F456E - 29 04 FD C8 BA 6B 01     - sub [edi*8+game.exe+5DBAC8],eax
Address referred to ???
Code:
game.exe+5DBAC7 - 00 00                 - add [eax],al
game.exe+5DBAC9 - 00 F0                 - add al,dh
Thank you for your time.
 

Squall8

RCE Fanatics
Talents
Mar 3, 2017
313
12
18
#2
Use wildcards in your aob for the bytes that change. Example below.

Youre going to need to make your signature more unique as well. Use readmem in your script to get a read off of the bytes that change. You can set it up like this:

Code:
aobscan/module(aobname,29 04 FD * * * * xx xx xx xx xx xx....)
alloc(newmem,$1000,whatever)

label(code)
label(return)

newmem:
  jmp return  //Your code goes here. //Simply putting a "jmp return" here will stop the instruction from executing.

code:
  readmem(aobname,7) //Parameter:  --(address/symbol,number of bytes to read)
  jmp return

aobname:
  jmp newmem
return:
registersymbol(aobname)
registersymbol(code)

[DISABLE]

aobname:
  readmem(code,7)

unregistersymbol(aobname)
unregistersymbol(code)
dealloc(newmem)
That is the most simplest way to write it out. There is a bit more for the parameters for readmem, I suggest reading up on it.
 

3oddbits

What is cheating?
Jul 6, 2017
11
0
1
#3
@Squall8

Thanks! :D
It worked. Two lines of mutating AoB no longer cause 'can't find it' problems.
Used nop instead to match bit count for the line. Tested with three reboots.