Help with changing address

Anything Cheat Engine related, bugs, suggestions, helping others, etc..
User avatar
TheyCallMeTim13
Administration
Administration
Posts: 1480
Joined: Fri Mar 03, 2017 12:31 am
Reputation: 736

Help with changing address

Post by TheyCallMeTim13 »

You can manually scan for the AOB to check it; just set the value type to "array of bytes" and set the "writable", "executable", and "copyOnWrite" flags to be both (i.e.: the full box, not checked or unchecked). This will allow you to check that your AOBs only have one result.



And for the script you posted. Make sure that if you PUSH something (like EAX), that you POP when you're done else you throw off the stack and likely get a crash or odd behavior at the very least. And in the disable section use the original code or the original bytes but not both as you'll override the bytes after the injection point. And it's better to use the bytes as the code could be assembled differently and be a different length. And make sure you include the original code in the injected script else you'll have a registry not set correctly, not sure if leaving out the [c]mov eax,00000001[/c] is intentional but if not you need to have that to set EAX to what it needs to be.

[CODE=cea][ENABLE]

aobscan(expmult,89 11 B8 01 00 00 00 83 3D ?? ?? ?? 01 00 72 10 77 0C 81 3D ) // should be unique

alloc(newmem,$1000)



label(code)

label(returnhere)

label(exit)



newmem:

pushf

mov eax,[ecx]

sub edx,eax

imul edx,5

add edx,eax

code:

mov [ecx],edx

mov eax,00000001

popf



exit:

jmp returnhere



expmult:

jmp newmem

nop 2

returnhere:



registersymbol(expmult)



[DISABLE]

expmult:

db 89 11 B8 01 00 00 00



unregistersymbol(expmult)

dealloc(newmem)[/CODE]
Last edited by TheyCallMeTim13 on Thu Jan 01, 1970 12:00 am, edited 2 times in total.

kidalot
Novice Cheater
Novice Cheater
Posts: 17
Joined: Tue Oct 10, 2017 8:32 pm
Reputation: 1

Help with changing address

Post by kidalot »

[automerge]1591467075[/automerge]

[QUOTE="TheyCallMeTim13, post: 138407, member: 91"]

You can manually scan for the AOB to check it; just set the value type to "array of bytes" and set the "writable", "executable", and "copyOnWrite" flags to be both (i.e.: the full box, not checked or unchecked). This will allow you to check that your AOBs only have one result.

[/QUOTE]



In my case the AOB ended up with too many ?? by my 4th run through and when I checked it that's when it found 2 instances of it.



I don't think I fully understand AOB code, like what happens if you're using AOB in a script enabled and the bytes changes whilst playing? Will it crash? How can you account for data that can change?



Thanks man
Last edited by kidalot on Sat Jun 06, 2020 6:12 pm, edited 2 times in total.

User avatar
TheyCallMeTim13
Administration
Administration
Posts: 1480
Joined: Fri Mar 03, 2017 12:31 am
Reputation: 736

Help with changing address

Post by TheyCallMeTim13 »

AOBs are meant to be used with executable code, which doesn't really change when running. Even with jitted code it will only be created when it's needed, but once it's jitted it tends to stay. If the executable code is changing with it running then you'd have to figure out what writes to the code and figure out how to change it there, but that's something I've never seen before. But yes, if the code is being changed in ways that creates bad code it would likely case some issues like crashes.

Post Reply

Who is online

Users browsing this forum: No registered users