Aobscan tutorials

[VampTY]

Hi,

Here's one more awful tutorial making a script with offsets, when the game ain't on unity/unreal/xna or whatever other engine that doesn't have any names assigned to them, to find them easy.Also in this example, i use "[]", if you'll encounter with more offsets, do it like"[[name]+offset]+offset", you understand, 2 offsets, that will mean adding one more"[" to your left and one more "]" to your right, that "]"is after any offset, the last one don't need any "]", so if there were 7 offsets, for example, you'd have to have on your left 7 "[" and to your right to have 7, like "[[[[[[[name]+offset]+offset]+offset]+offset]+offset]+offset]+offset" If the name is "base" and the offsets are 10 and 12, the result will be "[[base]+10]+12". This will work on whatever machine.Hope this might help somehow!



Take care!

[Messy6666]

^ What a wonderful work making those videos for other people VampTY !

I just thought of a CE plugin which will make life a bit easier using those *** brackets:

An extension by FreeER: copyOffsets.lua
[Link]

It will "print" the correct syntax to be used, ready to copy/paste

edit:
* best to only use that plugin when you understand the offsets

[anl93]

Hey there @aanpsx

I finally managed to did auto asseble script.
I will upload my table here as soon as possible.
Card power updates on hovewed units, although i realized that this trick works on few games.

Game is : "Shadowhand"

Thank you kindly,

[anl93]

Hey there @aanpsx

Your guide here works perfectly for me for some games. I even shared some of my small tables with scripts here on forum.

I want to ask you something new but similar,

Can you make a similar guide for "to update increase/decrease" kind of scripts.

I feel like im slowly improving myself.

If you can make that kind of guide too, i will be very grateful.

Sincerely, thank you.

[anl93]

newmem:
mov [Pointer],ecx
code:
mov eax,[ecx+eax*4+10]
pop ebp
jmp return

Pointer:
dd 0

ShopPointer:
jmp newmem
return:

not working
pointer constanty changes

can someone help

[LeFiXER]

Code: Select all

newmem:
  mov [Pointer],ecx
code:
  mov eax,[ecx+eax*4+10]
  pop ebp
  jmp return

Pointer:
  dd 0

ShopPointer:
  jmp newmem
return:

not working
pointer constanty changes

can someone help

What about this:

Code: Select all

...
Pointer:
  dd 0
 
newmem:
  push edx
  lea edx,[ecx+eax*4+10]
  mov [Pointer],edx
  pop edx
  
code:
  mov eax,[ecx+eax*4+10]
  pop ebp
  jmp return
...

[anl93]

No adresses still changes when script is activated.

[Messy6666]

^
Then it's a multipurpose function, ie it's reading/writing also other data(structures).
Before filling the pointer you'll have to check somehow if they are pointing to the right data ( [ecx] or [ecx+eax] or [ecx+eax*4+10] )
by disecting data/stuctures and scan for some testing values.

for example

Code: Select all

cmp [ecx], TESTVAL 
jne DONT_FILL_POINTER

Code: Select all

cmp [ecx+eax*4], TESTVAL  // maybe that contains the value type for +10
jne DONT_FILL_POINTER

hard to say when not having a part of the original code from the injection point

[SunBeam]

...

I would suggest determining where ecx comes from and what the iterator eax represents. If it's a list/array of pointers to same types of structures, then "filtering" won't work as you'd expect, by just storing the lea result into some static.

A bit of research is required than just numb-storing pointers and thinking of only how to save them, but not what they point to, if player or enemy or if representing what you're after. Am saying this in general, not aimed at you, LeFiXER

[LeFiXER]

I would suggest determining where ecx comes from and what the iterator eax represents. If it's a list/array of pointers to same types of structures, then "filtering" won't work as you'd expect, by just storing the lea result into some static.

A bit of research is required than just numb-storing pointers and thinking of only how to save them, but not what they point to, if player or enemy or if representing what you're after. Am saying this in general, not aimed at you, LeFiXER

I did not take offence. I appreciate you taking the time to give your wisdom, thanks .

[anl93]

Hello guys

Code: Select all

newmem:

code:
  movsxd  rax,dword ptr [rax+6C]
  mov [rbp-000000D8],eax
  jmp return

How can i adjust this code to adjust HP of selected unit?
Or his one for that matter?

Code: Select all

newmem:

code:
  movsxd  rax,dword ptr [r15+6C]
  test eax,eax
  jmp return

I tried changing movsxd to mov but couldnt success so far.
I will find aobscan of another unit, compare and change aobscan(INJECT, ...... (i will replace some of them here with ?? so script should work for all units after i compare to unit aobscans) ) // should be unique

but first i need the correct code that reads current units HP.

Thanks.