Help: AOB Scan script crashes my CE!

Memory scanning, code injection, debugger internals and other gamemodding related discussion
Post Reply
User avatar
sh00ter999
Cheater
Cheater
Posts: 37
Joined: Mon Jan 15, 2018 9:41 am
Reputation: 4

Help: AOB Scan script crashes my CE!

Post by sh00ter999 » Tue Aug 06, 2019 3:20 pm

Hey folks,

this is an issue that might not take longer than a few seconds for a trained pair of eyes to find, but here's what I am currently stuck with:

I want to change my character's name, and I want to re-find my address with an array of bytes. I found a unique signature that returns only one result after each game restart.

The problem is writing a script and dropping the appropriate address into a label that I can re-use if I add it manually to CE.

I followed a video tutorial that showed a working script for the exact thing I'm trying to accomplish, but in my case, Cheat Engine freezes and shuts down. When I manually scan for the aob signature, then I get one result succesfully, after about 2 seconds of total scan time.

Code: Select all

[ENABLE]
aobscan(INJECT,7A 01 00 00 00 00 00 A4 17 00 00 ?? ?? ?? ?? 01 00 00 00 00 00 00 00 00 00 00 00 ?? FB 2B 03 00 00 00 00 00 13 4A 4D 00 13 4A 4D 00 2D 00 00 00) // should be unique
label(name)
registersymbol(name)


INJECT:
name:
//I'm unsure about this part, but it seemed to work in the video. 

registersymbol(INJECT) //tutorial did not register his AOB Symbol, but I tried both with and without, no success.


[DISABLE]
unregistersymbol(name)
unregistersymbol(INJECT)

User avatar
jungletek
Shogun
Shogun
Posts: 198
Joined: Tue Oct 17, 2017 7:31 am
Reputation: 55

Re: Help: AOB Scan script crashes my CE!

Post by jungletek » Fri Aug 09, 2019 8:52 am

Use aobscanmodule() instead, like:

Code: Select all

aobscanmodule(INJECT,gamename.exe,FF FF AA AA ** FF)
Obviously replace the AOB name, game executable name, and byte pattern to match your use-case.

Here's a simple example (trimmed a bit of fluff that the template I used adds) of an AOB for ntdll.dll (I quickly loaded notepad.exe which uses this DLL, to make this example):

Code: Select all

[ENABLE]
aobscanmodule(INJECT,ntdll.dll,48 89 11 48 83 C1 08 49) // should be unique
registersymbol(INJECT)

[DISABLE]
unregistersymbol(INJECT)
Then to have the address that the AOB corresponds to show up as a table entry, just add a new entry with INJECT (or whatever your registered symbol name is) as the address.

Now, if this actually isn't what you wanted (you instead want the address that the code which the AOB points to manipulates), then you've got do do what's known as an injection copy. This basically lays it out: https://wiki.cheatengine.org/index.php? ... ableValues

User avatar
SunBeam
Administration
Administration
Posts: 3045
Joined: Sun Feb 04, 2018 7:16 pm
Reputation: 1424

Re: Help: AOB Scan script crashes my CE!

Post by SunBeam » Fri Aug 09, 2019 4:47 pm

^ "aobscanmodule" won't help him. Read one more time what he said :P -> "I want to change my character's name, and I want to re-find my address with an array of bytes. I found a unique signature that returns only one result after each game restart." - you can bet your ass that signature isn't part of the game module. So he's doing fine scanning whole memory. He has other problems :P

Why call the address "INJECT" if your script doesn't suggest any injection? I mean, for INJECT to be something that'd make sense, you'd need an "alloc" and re-routing of code to your hook. All you're doing is scanning for a signature.

Try this:

Code: Select all

[ENABLE]

// first define your labels and register them
label( _name )
registersymbol( _name )

// scan for your stuff
aobscan( name_AOB, 7A 01 00 00 00 00 00 A4 17 00 00 ?? ?? ?? ?? 01 00 00 00 00 00 00 00 00 00 00 00 ?? FB 2B 03 00 00 00 00 00 13 4A 4D 00 13 4A 4D 00 2D 00 00 00)

// now you want to associate _name with name_AOB, so..
_name: // this label
name_AOB: // becomes this label

[DISABLE]

// always unregister your shit on DISABLE
unregistersymbol( _name )
There you go. You can also do it in one go, using "_name" directly instead of "name_AOB"; just like @jungletek suggested:

Code: Select all

[ENABLE]

// scan for your stuff
aobscan( _name, 7A 01 00 00 00 00 00 A4 17 00 00 ?? ?? ?? ?? 01 00 00 00 00 00 00 00 00 00 00 00 ?? FB 2B 03 00 00 00 00 00 13 4A 4D 00 13 4A 4D 00 2D 00 00 00)
registersymbol( _name )

[DISABLE]

unregistersymbol( _name )
As far as crashing is concerned, that's something internal for which I doubt you can do anything via posting on the forums. Check your TEMP folder (CE > top right > Settings > Scan Settings > "Store the temporary scanfiles here instead"), that you have enough space on the drive when you do that whole memory scan. Then also try checking or unchecking MEM_MAPPED checkbox in Scan Settings. See if it has any effect.

BR,
Sun

User avatar
sh00ter999
Cheater
Cheater
Posts: 37
Joined: Mon Jan 15, 2018 9:41 am
Reputation: 4

Re: Help: AOB Scan script crashes my CE!

Post by sh00ter999 » Sat Aug 10, 2019 8:35 pm

Thank you guys so much for your attention and replying!

What exactly is the differene between aobscanmodule and aobscan? From the bits here I gather that aobscanmodule only focuses on a single process, whereas aobscan scans my entire RAM? Is that it? That might indeed explain why my CE freezes for a good 15 seconds or more.

But after trying SunBeams snippet and sitting patiently, it finally worked. Cheat Engine froze again for a while, but then it set the checkmark to my script and my symbol carried the address I wanted :D

Image

Why call the address "INJECT" if your script doesn't suggest any injection?
Fair point, lol. I was just using the AOB injection template from CE and cut away pieces from it that I didn't utilize, but I kept the AOB name.
There you go. You can also do it in one go, using "_name" directly instead of "name_AOB"; just like @jungletek suggested:
That's very neat, I will try to remember this. If my desired address is at AOB+30, then I would dump it into my _name symbol like so?

Code: Select all

_name:
name_AOB+30:
As far as crashing is concerned, that's something internal for which I doubt you can do anything via posting on the forums. Check your TEMP folder (CE > top right > Settings > Scan Settings > "Store the temporary scanfiles here instead"), that you have enough space on the drive when you do that whole memory scan. Then also try checking or unchecking MEM_MAPPED checkbox in Scan Settings. See if it has any effect.

That's also a fair point and good advice, as I was running into this problem recently, where my C drive ran full while scanning some float and I didn't even realize, but that has been taken care off. I'm not sure if that was the issue I had when I did the name scanning. If I use aobscan, it just seems to freeze for roughly 20 seconds until it retrieves the address. I will try the MEM_MAPPED setting ASAP!

Thank you two once more, I appreciate it :D

Post Reply

Who is online

Users browsing this forum: No registered users