Help about AOB Injection

[amell]

Hi sweetys, i'm really new to CE and scripts in general, so thanks to "Cuphead - Mono Dissector" i did my own script ^3^.

But the problem is that everytime i reopen the game, all addresses are changed in the memory, is something like a protect protocol (...? ) so it makes my script invalid to use, so i have to do another script doing the same steps, is there a way to make it like "autoupdate" that checks the memory and set in my script those addresses that has changed?

[cfemen]

hi, can you show me your script?

[amell]

//This script does nukes the cd
//All skills cd are gone


[ENABLE]

aobscan(CD_1,8A CA EF 00 00 00 00 55 8B EC 53 57) // should be unique
alloc(newmem,$1000)

label(code)
label(return)

newmem:


code:
ret //push ebp
mov ebp,esp //
push ebx //call MP
push edi
jmp return

CD_1+07:
jmp newmem
return:
registersymbol(CD_1)

[DISABLE]

CD_1+07:
db 55 8B EC 53 57

unregistersymbol(CD_1)
dealloc(newmem)

It keep working this script, is ok.
The problem starts when i reopen the game and use the same script, it does not change anything so i have to go memory again, find the address again and change the "push" to "ret"

[amell]

Game reopen, so i add the new address in my script


//This script does nukes the cd
//All skills cd are gone


[ENABLE]

aobscan(CD_2,0E FA 00 00 00 00 55 8B EC 53 57) // should be unique
alloc(newmem,$1000)

label(code)
label(return)

newmem:

code:
ret //push ebp
mov ebp,esp //
push ebx //call MP
push edi
jmp return



CD_2+06:
jmp newmem
return:
registersymbol(CD_2)

[DISABLE]

CD_2+06:
db 55 8B EC 53 57

unregistersymbol(CD_2)
dealloc(newmem)

[cfemen]

problem here:

Code: Select all

alloc(newmem,$1000)

definition of alloc:
alloc(SymbolName, Size, AllocateNearThisAddress OPTIONAL)

you dont give a address for the third parameter, coz this your jump will use more than 5 bytes.

actually you dont need to alloc any memory to do this:

Code: Select all

//This script does nukes the cd
//All skills cd are gone


[ENABLE]

aobscan(aobCD1,8A CA EF 00 00 00 00 55 8B EC 53 57) // -> works only if its the original bytes without executing the previous script

aobCD1+07:
db C3
registersymbol(aobCD1)

[DISABLE]

aobCD1+07:
db 55

unregistersymbol(aobCD1)

this should work, but script will take a long time to activate coz aobscan without module infos.
game is using mono : you can do a Full Injection instead of an AOB Injection to the symbol -> AbilityCooldownSystem:Execute

script will activate fast and generate a correct sized jump.

Game reopen, so i add the new address in my script

this "new address" (changed aobs) are only coz of executing the script.

the fastest way would be:
(activate mono features) and use this:

Code: Select all

[ENABLE]
AbilityCooldownSystem:Execute:
DB C3

 
 
[DISABLE]
AbilityCooldownSystem:Execute:
DB 55

[amell]

Ohh thanks, i'll try it as you say and practice more with this, i knew i don't know anything about scripts at all but that just mindblow me haha i really appreciate your time ^3^ i'll update with my progress

[cfemen]

Ohh thanks, i'll try it as you say and practice more with this, i knew i don't know anything about scripts at all but that just mindblow me haha i really appreciate your time ^3^ i'll update with my progress

and you should google some stuff about [Link] to understand why you need atleast 5 bytes for a jump and how it works

you cant just add new code to a function/method without overwriting, you can only swap bytes.

especially on unity games with mono you cant count on the auto. generated AOB scripts, it will often generate code that will not work on game-restart.
coz this its important to understand how this works, then you can adjust the script.

mono code is even more "tricky" -> its JIT (Just In Time) compilation and will generate different code on other computers.
but dont worry about that for now this is only a thing to deal with if you are sharing your tables.

until you understand how to work with jumps/aobs you should avoid AOB Injections on Unity+Mono games.
use the Full Injection and work only with the Symbols.

[amell]

Thanks for the help, it was really useful ^3^.
Ok so, i did a lot of progress, actually i did all mono stuffs in the game, the only issue are 2, the first one with that you say

but dont worry about that for now this is only a thing to deal with if you are sharing your tables

I share my table to my best best best friend who i really love him, but it does not work, The second one is:

generate different code on other computers.

I noticed that often my code get untable to use even my own pc, most of the time when i reboot.

Optcode has 2 values... (?????), the first one is when you open the game, for example, there's a button to buy "crystals", with "cargo", so if i just open the game, go to address, the optcode is: call 169D4E4C
CommandBuyColorCrystalsSystem:ExecuteCommand+1cb - E8 BC000000 - call 169D4E4C

But if i buy crystals then the the optcode change to: call ResourcesExtensions:BuyForCargo
CommandBuyColorCrystalsSystem:ExecuteCommand+1cb - E8 E0300000 - call ResourcesExtensions:BuyForCargo

But if i reboot a few times it goes like this : call 165C4F4D
CommandBuyColorCrystalsSystem:ExecuteCommand+1cb - E8 BC000000 - call 165C4F4D

To ride with it, i did a simple script as you told me but when the optcode changes i have to go back memory and look the address and etc, etc, etc.

[amell]

Thanks for the "hooks/detourfunction" url.
Every new stuffs to learn are best than just waste my time in he same 2 stuffs that i barely do (?) xoxo

[cfemen]

Well, on game start you see the address

Code: Select all

call 169D4E4C

if you buy something the function gets compiled and you see the Symbol

Code: Select all

call ResourcesExtensions:BuyForCargo

next game start you have a different address but same Symbol, coz this i said to you dont use AOBs.

use only the Symbol - > ResourcesExtensions:BuyForCargo <- with an Full Injection.

AOBs on Mono are only useful if you are experienced enough to mix Mono with AOBs and wildcards.