Which strategy to find a variable using AOB scan in Cpp?
Posted: Tue Jan 28, 2020 10:52 am
I've written a little program in C++2019 for theHunter (x64) that reads a global variable (number of animals I've scared away) and plays a short sound clip whenever that increments. It works well until there is a game update and then I need to update the pointers, so I would like to transition to an AOB-based system (for the challenge and for convenience), and this is where I've come a bit unstuck.
I have some code from here that I've tweaked to address x64, and I have a candidate AOB from CE. So far so good.
The existing code it expects to find the AOB within the external module's address range (e.g. theHunter.exe), but my target variable isn't in this range (according to CE). If I tweak the code to just run everything from 0x0 to 0x7fffffffffff then I get bad_alloc errors from VS (I wonder if this is due to how the code tries to clone the memory space in its entirety) but either way it is a massive range to trudge through even if broken up into chunks. If I instead use my a-priori knowledge of the location of the variable and set it to run over a small range, say +/- 0xffff then it finds the address, so the code works in some sense.
So yeah, full-disclosure: my understanding of this is weak, and address 0x1804405B300 (for example) may as well be in outer space. I am not clear on whether this is an address 'owned' by the game or a shared space, but either way I think I need to fine tune the range I'm scanning and I have only a primitive sense of how to do that. Using pointers might mean I'm back to square one, so is a brute force scan from 0x0 to 0xMAX likely to work?
Alternatively, should I be using the AOB corresponding to the instructions that modify the variable? I don't want to do any code injection, and my meagre understanding is that the register storing the address will only hold it for a short while while those instructions run and won't be a reliable place to read it from. I'm sure there is a way, I just don't know it and will need a steer.
Which strategy is likely to pay off and how might I move on from here?
Finally, What should I be googling/reading to understand how memory addressing (?) works?
Thanks for reading this far and any help you can give. I'm happy to provide additional detail on anything. I love this new hobby, but there is just so much to learn!
EDIT 29/1/20: its probably not a global variable, but a variable generated at runtime. Oops.
I have some code from here that I've tweaked to address x64, and I have a candidate AOB from CE. So far so good.
The existing code it expects to find the AOB within the external module's address range (e.g. theHunter.exe), but my target variable isn't in this range (according to CE). If I tweak the code to just run everything from 0x0 to 0x7fffffffffff then I get bad_alloc errors from VS (I wonder if this is due to how the code tries to clone the memory space in its entirety) but either way it is a massive range to trudge through even if broken up into chunks. If I instead use my a-priori knowledge of the location of the variable and set it to run over a small range, say +/- 0xffff then it finds the address, so the code works in some sense.
So yeah, full-disclosure: my understanding of this is weak, and address 0x1804405B300 (for example) may as well be in outer space. I am not clear on whether this is an address 'owned' by the game or a shared space, but either way I think I need to fine tune the range I'm scanning and I have only a primitive sense of how to do that. Using pointers might mean I'm back to square one, so is a brute force scan from 0x0 to 0xMAX likely to work?
Alternatively, should I be using the AOB corresponding to the instructions that modify the variable? I don't want to do any code injection, and my meagre understanding is that the register storing the address will only hold it for a short while while those instructions run and won't be a reliable place to read it from. I'm sure there is a way, I just don't know it and will need a steer.
Which strategy is likely to pay off and how might I move on from here?
Finally, What should I be googling/reading to understand how memory addressing (?) works?
Thanks for reading this far and any help you can give. I'm happy to provide additional detail on anything. I love this new hobby, but there is just so much to learn!
EDIT 29/1/20: its probably not a global variable, but a variable generated at runtime. Oops.