How to make a table that just changes an AOB and nothing more?

Memory scanning, code injection, debugger internals and other gamemodding related discussion
Post Reply
TheVine
Novice Cheater
Novice Cheater
Posts: 17
Joined: Tue Aug 31, 2021 2:34 pm
Reputation: 0

How to make a table that just changes an AOB and nothing more?

Post by TheVine »

I want to make a checkbox that toggles on/off an AOB edit

Like if I had some AOB like AA BB CC DD (making up random stuff there) and I want to click the box to change it to FF BB CC DD, and if I uncheck the box it goes back again.

I tried opening memory view and doing ctrl + A then putting down a template for an AOB injection, code injection, etc, but an injection isn't what I am trying to do and it seems to select way more than I want to edit. I just want to have it change a byte in the designated AOB.

UltimatePoto42
Expert Cheater
Expert Cheater
Posts: 103
Joined: Tue May 02, 2017 6:00 am
Reputation: 15

Re: How to make a table that just changes an AOB and nothing more?

Post by UltimatePoto42 »

TheVine wrote:
Thu Jan 27, 2022 3:41 am
I want to make a checkbox that toggles on/off an AOB edit

Like if I had some AOB like AA BB CC DD (making up random stuff there) and I want to click the box to change it to FF BB CC DD, and if I uncheck the box it goes back again.

I tried opening memory view and doing ctrl + A then putting down a template for an AOB injection, code injection, etc, but an injection isn't what I am trying to do and it seems to select way more than I want to edit. I just want to have it change a byte in the designated AOB.
You do in fact want an injection, you just want to write the bytes you want to change. Here is an example.

Code: Select all

{$STRICT}
define(address, Tutorial-x86_64.exe+2C5B8)
define(bytes, 89 10 48 8B 45 F0)

////
//// ------------------------------ ENABLE ------------------------------
[ENABLE]
aobScanModule(aobTutorialStep5Hook, Tutorial-x86_64.exe, 8910488B45F0488B80xxxxxxxx8B00)
define(injTutorialStep5Hook, aobTutorialStep5Hook)

assert(injTutorialStep5Hook, bytes)
registerSymbol(injTutorialStep5Hook)


////
//// ---------- Injection Point ----------
injTutorialStep5Hook:
	db 90 90 


////
//// ------------------------------ DISABLE ------------------------------
[DISABLE]
////
//// ---------- Injection Point ----------
injTutorialStep5Hook:
	db bytes

unregisterSymbol(injTutorialStep5Hook)
{
Module: Tutorial-x86_64.exe
Address: Tutorial-x86_64.exe+2C5B8
AOB Address: Tutorial-x86_64.exe+2C5B8
Tutorial-x86_64.exe+2C595 - 49 89 E8                - mov r8,rbp
Tutorial-x86_64.exe+2C598 - E8 6392FEFF             - call Tutorial-x86_64.exe+15800
Tutorial-x86_64.exe+2C59D - 0F1F 00                 - nop dword ptr [rax]
Tutorial-x86_64.exe+2C5A0 - 8B 45 E8                - mov eax,[rbp-18]
Tutorial-x86_64.exe+2C5A3 - 3B 45 EC                - cmp eax,[rbp-14]
Tutorial-x86_64.exe+2C5A6 - 74 B0                   - je Tutorial-x86_64.exe+2C558
Tutorial-x86_64.exe+2C5A8 - EB 00                   - jmp Tutorial-x86_64.exe+2C5AA
Tutorial-x86_64.exe+2C5AA - 48 8B 45 F0             - mov rax,[rbp-10]
Tutorial-x86_64.exe+2C5AE - 48 8B 80 E0070000       - mov rax,[rax+000007E0]
Tutorial-x86_64.exe+2C5B5 - 8B 55 E8                - mov edx,[rbp-18]
Tutorial-x86_64.exe+2C5B8 - 89 10                   - mov [rax],edx   <<<---- Injection point
Tutorial-x86_64.exe+2C5BA - 48 8B 45 F0             - mov rax,[rbp-10]
Tutorial-x86_64.exe+2C5BE - 48 8B 80 E0070000       - mov rax,[rax+000007E0]
Tutorial-x86_64.exe+2C5C5 - 8B 00                   - mov eax,[rax]
Tutorial-x86_64.exe+2C5C7 - 3B 45 EC                - cmp eax,[rbp-14]
Tutorial-x86_64.exe+2C5CA - 74 02                   - je Tutorial-x86_64.exe+2C5CE
Tutorial-x86_64.exe+2C5CC - EB 22                   - jmp Tutorial-x86_64.exe+2C5F0
Tutorial-x86_64.exe+2C5CE - 48 8B 45 F0             - mov rax,[rbp-10]
Tutorial-x86_64.exe+2C5D2 - 48 8B 88 C0070000       - mov rcx,[rax+000007C0]
Tutorial-x86_64.exe+2C5D9 - B2 01                   - mov dl,01
Tutorial-x86_64.exe+2C5DB - 48 8B 45 F0             - mov rax,[rbp-10]
}

TheVine
Novice Cheater
Novice Cheater
Posts: 17
Joined: Tue Aug 31, 2021 2:34 pm
Reputation: 0

Re: How to make a table that just changes an AOB and nothing more?

Post by TheVine »

Thanks for the response but I'm not really sure what I'm looking at, the whole difficulty I am having is telling it what to look for and how to just change what I want to change so that the entire program isn't thrown off

This is the code I get when I run the AOB injector

Code: Select all

[ENABLE]


aobscanmodule(INJECT,Game.exe,55 8B EC 6A FF 68 65 66) // should be unique
alloc(newmem,$1000)

label(code)
label(return)

newmem:

code:
  push ebp
  mov ebp,esp
  push -01
  jmp return

INJECT:
  jmp newmem
return:
registersymbol(INJECT)

[DISABLE]

INJECT:
  db 55 8B EC 6A FF

unregistersymbol(INJECT)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: Game.exe+107890

Game.exe+10788F: CC                 - int 3 
// ---------- INJECTING HERE ----------
Game.exe+107890: 55                 - push ebp
// ---------- DONE INJECTING  ----------
Game.exe+107891: 8B EC              - mov ebp,esp
Game.exe+107893: 6A FF              - push -01
Game.exe+107895: 68 65 66 70 00     - push Game.exe+476665
}
All I want to do is change that 55 to a C3 (a return).

1. I guess "55 8B EC 6A FF 68 65 66" is the AOB it determined to be unique, which is OK
2. But I don't understand what "db 55 8B EC 6A FF" is for or why it's shorter than the AOB scanned part
3. I don't understand why it's pulling in a few lines into the "code" section
4. I don't know what I need to change to have it just edit what I want to edit.

User avatar
Rhark
Expert Cheater
Expert Cheater
Posts: 3471
Joined: Tue Apr 16, 2019 1:27 am
Reputation: 1392

Re: How to make a table that just changes an AOB and nothing more?

Post by Rhark »

TheVine wrote:
Thu Jan 27, 2022 4:06 am
All I want to do is change that 55 to a C3 (a return).

1. I guess "55 8B EC 6A FF 68 65 66" is the AOB it determined to be unique, which is OK
Yes, or at least should be unique.
TheVine wrote:
Thu Jan 27, 2022 4:06 am
2. But I don't understand what "db 55 8B EC 6A FF" is for or why it's shorter than the AOB scanned part
It is the bytes of the code that is being covered by the injection (minimum of 5 bytes are needed) and is what is needed to restore the bytes to the original state if you were to do an injection that jumps to another location (or if you were manually editing all of the bytes).
TheVine wrote:
Thu Jan 27, 2022 4:06 am
3. I don't understand why it's pulling in a few lines into the "code" section
Explained above. Has to be a minimum of 5bytes for an injection and the code you see is what covers a minimum of 5 bytes (but this is more than 5 bytes) and has to cover the whole instruction (can't take partial bytes from an instruction, has to take them all so that's why there are more than 5 bytes being restored on disable).
TheVine wrote:
Thu Jan 27, 2022 4:06 am
4. I don't know what I need to change to have it just edit what I want to edit.

Code: Select all

[ENABLE]
aobscanmodule(INJECT,Game.exe,55 8B EC 6A FF 68 65 66) // should be unique

INJECT:
  db C3
registersymbol(INJECT)

[DISABLE]

INJECT:
  db 55
Since you are just wanting to change the "push ebp" which uses bytes "55" with a "ret" which uses bytes "C3" then you only need to have those bytes in the code.

You could also write "ret" under "INJECT:" in the ENABLE section and "push ebp" under "INJECT:" in the DISABLE section.

I'm not very good at explaining things, so maybe someone else can do a better job but this is what you were asking for in the code above. You seem to not know some of the most basic things and I would recommend watching some tutorials on YouTube (CheatTheGame, Stephen Chapman, etc).

UltimatePoto42
Expert Cheater
Expert Cheater
Posts: 103
Joined: Tue May 02, 2017 6:00 am
Reputation: 15

Re: How to make a table that just changes an AOB and nothing more?

Post by UltimatePoto42 »

TheVine wrote:
Thu Jan 27, 2022 4:06 am
...
1. I guess "55 8B EC 6A FF 68 65 66" is the AOB it determined to be unique, which is OK
2. But I don't understand what "db 55 8B EC 6A FF" is for or why it's shorter than the AOB scanned part
3. I don't understand why it's pulling in a few lines into the "code" section
4. I don't know what I need to change to have it just edit what I want to edit.
  1. No, it's what might be unique. Note the "should be unique" comment. So you still need to test it.
  2. It's the original bytes for the hook. A hook is a redirection of the code execution. So in this case it's for a 5 byte jump, but you really only need to write the original bytes in the disable section that were changed in the enable section.
  3. Note the injection point in the example script I posted. It's setting the bytes to NOPs (0x90). You need to do something similar at your injection point. Thus you need to change the stuff under "INJECT:" in the enable section.
I'd say you'd benefit from doing the CE tutorial, it goes over the basics like this. There are even tons of tutorials for the CE tutorial and some are even posted here in the tutorials section.

EDIT: looks like some gave you the answer.

TheVine
Novice Cheater
Novice Cheater
Posts: 17
Joined: Tue Aug 31, 2021 2:34 pm
Reputation: 0

Re: How to make a table that just changes an AOB and nothing more?

Post by TheVine »

I've actually done the CE tutorial already - problem is in practice I find that I'm still running into all sorts of situations not explicitly covered in the tutorial material, so I get a little lost trying to find what I need or understand what's going on.

Thanks for the responses, I'll try to understand this better.

TheVine
Novice Cheater
Novice Cheater
Posts: 17
Joined: Tue Aug 31, 2021 2:34 pm
Reputation: 0

Re: How to make a table that just changes an AOB and nothing more?

Post by TheVine »

I have so many questions about the way this AOB code is set up and what everything actually means / what's going on, is there a good tutorial that explains this? I don't know what "db" means or this 5-byte minimum thing or why we can suddenly change it to a single-byte thing, if the injection point is always at the start of the scanned AOB, why it seems like we can use both code as well as bytecode, what this register/unregister symbols are doing, enable/disable tags, all this stuff.

Like I see [Link] but it doesn't get into the breakdown of what's happening in each piece.

It has a sublink to [Link] but most of the time I go to look up anything on that forum, links are dead, pics are gone, etc.

User avatar
Rhark
Expert Cheater
Expert Cheater
Posts: 3471
Joined: Tue Apr 16, 2019 1:27 am
Reputation: 1392

Re: How to make a table that just changes an AOB and nothing more?

Post by Rhark »

TheVine wrote:
Thu Jan 27, 2022 5:00 am
I have so many questions about the way this AOB code is set up and what everything actually means / what's going on, is there a good tutorial that explains this? I don't know what "db" means or this 5-byte minimum thing or why we can suddenly change it to a single-byte thing, if the injection point is always at the start of the scanned AOB, why it seems like we can use both code as well as bytecode, what this register/unregister symbols are doing, enable/disable tags, all this stuff.
Re-read my post, I give examples of tutorial makers on YouTube. This is where I started. Find the basics in their older videos.

You sound like you have a lot to learn :) Good luck & enjoy it.

TheVine
Novice Cheater
Novice Cheater
Posts: 17
Joined: Tue Aug 31, 2021 2:34 pm
Reputation: 0

Re: How to make a table that just changes an AOB and nothing more?

Post by TheVine »

Watched a video, I think I understand a little more now.

The one thing I still don't quite get is the 5-bytes-minimum thing and what that technically applies to, since the code does allow for a single-byte change. Is this only in the event that we need to jump to newly-allocated memory, and 5 bytes is the minimum needed to perform the jump call?

If so, does this also mean that we might want to preserve whatever got overwritten with the jump call by re-stating those overwritten bytes at the end of whatever our newmem code is executing?

User avatar
STN
Founder
Founder
Posts: 4454
Joined: Thu Mar 02, 2017 7:48 pm
Reputation: 3594

Re: How to make a table that just changes an AOB and nothing more?

Post by STN »

You need to learn assembly language. There are gigantic number of tutorials in the tutorials section of this forum and if you search on the web as well.

5 bytes is the instruction size and no, you can't just make up sizes.

TheVine
Novice Cheater
Novice Cheater
Posts: 17
Joined: Tue Aug 31, 2021 2:34 pm
Reputation: 0

Re: How to make a table that just changes an AOB and nothing more?

Post by TheVine »

I didn't say anything about making up sizes, I'm saying that the AOB script does allow for a single-byte alteration with nothing else changed, so I was wondering if this 5-byte minimum concept only applies in the event of needing to declare a section in new memory. And in the event that a newmem jump is needed, if we need to pay attention to the code being overwritten in order to only change what we need and make sure we aren't overwriting too much.

The tutorials are a little scattered and it's hard to know where to start or which versions are the most up to date, but I'll go through the forum and read everything.

User avatar
LeFiXER
LeFixer
LeFixer
Posts: 489
Joined: Wed Mar 24, 2021 9:35 am
Reputation: 251

Re: How to make a table that just changes an AOB and nothing more?

Post by LeFiXER »

The 5-byte minimum is purely for Cheat Engines internal scanning feature. Anything less than 5-bytes will produce far too many results.
[Link] this will be an invaluable resource in understanding how Cheat Engine works. Not only are there a plethora of tutorials there, you have at your disposal information regarding pretty much every aspect of Cheat Engine.

tfigment
Table Makers
Table Makers
Posts: 659
Joined: Sat Apr 15, 2017 12:49 am
Reputation: 854

Re: How to make a table that just changes an AOB and nothing more?

Post by tfigment »

Not to confuse the situation further. But I've recent started running into cases where a 14 byte jump is required in 64 bit .NET/Unity games. This is due to JIT compiles and where memory is allocated. Apparently CE 7.4 can now generate a 14 byte jump instruction from AA generator if you hold Ctrl key or something. Had to hand craft code for this a couple of times but its tricky to get right. If you going to replace 14+ bytes with a jump you need to likely search and restore all of those.

Granted this is not the normal case but I think table creators should be aware especially if users are complaining of crashes in Unity/.NET games.

Post Reply

Who is online

Users browsing this forum: No registered users