Help with AOBscan for portability

Anything Cheat Engine related, bugs, suggestions, helping others, etc..
Post Reply
User avatar
gibberishh
Table Makers
Table Makers
Posts: 331
Joined: Fri Jul 02, 2021 5:48 pm
Reputation: 225

Help with AOBscan for portability

Post by gibberishh »

Good ladies and gentlemen of the internet,

I come to thee with 2 problems I would like help with. As a quest giver, I promise loads of experience and no gold. My backstory is an interesting one. Gather around, children, and I will tell you of my troubles:

I use aobscanmodule extensively. I'm fairly new to assembly, cheat engine and lua, but I consider myself to be a pretty good programmer (other languages) in general. I started learning the code flow by modifying scripts of others. Having seen the various coding styles of define(address, bytes), aobscan and aobscanmodule, I have concluded that aobscanmodule is the best for me because it provides maximum flexibility while not having the potential heavy load of aobscan.

A lot of the initial scripts I learnt from were of the type:

Code: Select all

[ENABLE]
aobscanmodule(placeholder,App.exe,89 87 ?? ?? EF ?? 89)
...
...
code:
  mov eax,[ecx+02EFAC01]
...
[DISABLE]
placeholder:
  db 89 87 01 AC EF 02
So I thought to myself, what is the point of using wildcards in the scan, if the disable script is hard-coded? I asked high-lord Google for an answer and found [Link], which taught me readmem() so that I could simply have the code inject what it scanned in the first place. Success.

So far so good. Now my problems:

1. I wish to find a way to store "App.exe" in a global variable (let's call it procname) so that I can use aobscanmodule(placeholder,procname,...). This way, I have to specify the exe name in only one place and if the exe ever changes, all scripts don't need to be updated. Or, even better, I would like to extract the name of the process currently attached to cheat engine and use that within aobscanmodule. Is either of these possible? If so, pray tell me how.

2. Continuing my previous gripe with wildcards, what is the point of using wildcards in aobscanmodule if the actual code references a hard-coded offset? Instead of eax,[ecx+02EFAC01], I should be able to generate "02EFAC01" from the wildcards read in aobscanmodule, otherwise the script isn't really portable, is it? Is there any way to do this? If so, how?

I thank thee gentle and kind citizens.

ShyTwig16
Expert Cheater
Expert Cheater
Posts: 335
Joined: Thu Apr 06, 2017 7:14 pm
Reputation: 19

Re: Help with AOBscan for portability

Post by ShyTwig16 »

process is a Lua variable CE makes available when attached to a process, and you can use $process in the aob scan module parameter as CE treats it like an address. You can even use some Lua like this MODULE_NAME = enumModules()[1].Name and then in the aob scan module parameter use $MODULE_NAME.

Wildcards can allow the signature to work even after updates, plus if the bytes are a hard coded address then it will change with every restart of the game.

Code: Select all

mgsvtpp.exe+B03BDB:  F3 0F5E C1                  -  divss xmm0,xmm1                    
////  INJECTING START  ----------------------------------------------------------
mgsvtpp.exe+B03BDF:  0F2F 05 A6365A01            -  comiss xmm0,[mgsvtpp.exe+20A728C]  
////  INJECTING END  ----------------------------------------------------------
mgsvtpp.exe+B03BE6:  F3 0F11 43 14               -  movss [rbx+14],xmm0                
mgsvtpp.exe+B03BEB:  76 68                       -  jna mgsvtpp.exe+B03C55    
If you wanted to inject here you'd need to use wildcards as these bytes will change with every restart. And you'd need to use readmem to store the original bytes to use for disabling.
Here's some more info on AOBs/signatures.
[Link]

And on a side note, when asking questions get straight to the point. The first time reading your post I moved on without answering the question, it was only after my mood changed that I decided to come back to this. If you're willing to waste my time just asking a question, you'll likely weaste far more if I try to help. And time tends to be one of the most important commodities for most people.

Post Reply

Who is online

Users browsing this forum: No registered users