Cheat Engine :: View topic - AOB Injection Help

Cheat Engine
The Official Site of Cheat Engine

FAQ

Memberlist

Usergroups

Profile

AOB Injection Help

Cheat Engine Forum Index -> General Gamehacking

View previous topic :: View next topic

Author

Message

technobecet
How do I cheat?

Reputation: 0

Joined: 14 Oct 2016
Posts: 3

Posted: Tue Oct 18, 2016 8:36 am Post subject: AOB Injection Help

Hi, Everyone.
First sorry for my bad english.
İ'm trying AOB injection but i can't do it.
İ want to MinGold, GodMode, MinHeroPoint etc. like AA script.
ScreenShots in attachments
Health Details:
1402D05FD - 8B 44 81 20 - mov eax,[rcx+rax*4+20]

Code:

1402D05F5 - E9 E6920000 - jmp Risen3.exe+2D98E0
1402D05FA - 48 63 C2 - movsxd rax,edx
1402D05FD - 8B 44 81 20 - mov eax,[rcx+rax*4+20] <<
1402D0601 - C3 - ret
1402D0602 - CC - int 3

RAX=0000000000000066
RBX=000000000000006E
RCX=0000000006E25108
RDX=000000000000000A
RSI=0000000006E25108
RDI=0000000006E25108
RSP=000000000014F2E8
RBP=000000000000000A
RIP=00000001402D0601
R8=0000000140A0D7E8
R9=0000000000000028
R10=EA52426655403E2D
R11=000000000014F2F0
R12=000000000000000F
R13=0000000000000000
R14=000000000000000F
R15=000000000014FE68

1402D0D85 - 46 8B 6C A1 20 - mov r13d,[rcx+r12*4+20]

Code:

1402D0D7B - 48 89 7C 24 50 - mov [rsp+50],rdi
1402D0D80 - 4C 89 6C 24 48 - mov [rsp+48],r13
1402D0D85 - 46 8B 6C A1 20 - mov r13d,[rcx+r12*4+20] <<
1402D0D8A - 4C 89 74 24 40 - mov [rsp+40],r14
1402D0D8F - 4E 8D 74 A1 20 - lea r14,[rcx+r12*4+20]

RAX=00002946B47D347E
RBX=0000000006E25108
RCX=0000000006E25108
RDX=000000000000000A
RSI=0000000000000001
RDI=0000000000000067
RSP=00000000068DFC10
RBP=0000000000000067
RIP=00000001402D0D8A
R8=0000000000000067
R9=0000000000000028
R10=EA52426655403E2D
R11=00000000068DFC60
R12=000000000000000A
R13=0000000000000066
R14=0000000000000000
R15=0000000000374581

1402D0E89 - 41 89 2E - mov [r14],ebp

Code:

1402D0E7D - 48 8D 0D FC2A6F00 - lea rcx,[Risen3.exe+9C3980]
1402D0E84 - E8 D75DF2FF - call Risen3.exe+1F6C60
1402D0E89 - 41 89 2E - mov [r14],ebp <<
1402D0E8C - 48 8B 03 - mov rax,[rbx]
1402D0E8F - 41 8B D4 - mov edx,r12d

RAX=0000000000000001
RBX=0000000006E25108
RCX=00000000068DFC28
RDX=000000000000000B
RSI=000000001990F901
RDI=00000001409B9D4B
RSP=00000000068DFC10
RBP=0000000000000067
RIP=00000001402D0E8C
R8=00000000000005DC
R9=0000000000000000
R10=0000000000000000
R11=00000000068DFBB0
R12=000000000000000A
R13=0000000000000066
R14=0000000006E25150
R15=0000000000374581

HeroPoints Details
1402D05FD - 8B 44 81 20 - mov eax,[rcx+rax*4+20]

Code:

1402D05F5 - E9 E6920000 - jmp Risen3.exe+2D98E0
1402D05FA - 48 63 C2 - movsxd rax,edx
1402D05FD - 8B 44 81 20 - mov eax,[rcx+rax*4+20] <<
1402D0601 - C3 - ret
1402D0602 - CC - int 3

RAX=00000000000013CD
RBX=00000000FFFFFFFF
RCX=0000000006E25108
RDX=000000000000000B
RSI=0000000006E25108
RDI=0000000000000000
RSP=000000000014F218
RBP=000000000000000B
RIP=00000001402D0601
R8=0000000140A0D7E8
R9=0000000000000028
R10=EA52426655403E2D
R11=000000000014F1E0
R12=000000000000000F
R13=000000000000000F
R14=0000000016D78B00
R15=000000000D925770

1402D0D85 - 46 8B 6C A1 20 - mov r13d,[rcx+r12*4+20]

Code:

1402D0D7B - 48 89 7C 24 50 - mov [rsp+50],rdi
1402D0D80 - 4C 89 6C 24 48 - mov [rsp+48],r13
1402D0D85 - 46 8B 6C A1 20 - mov r13d,[rcx+r12*4+20] <<
1402D0D8A - 4C 89 74 24 40 - mov [rsp+40],r14
1402D0D8F - 4E 8D 74 A1 20 - lea r14,[rcx+r12*4+20]

RAX=00002946B2E4249E
RBX=0000000006E25108
RCX=0000000006E25108
RDX=000000000000000B
RSI=0000000000000815
RDI=0000000006E25108
RSP=000000000014ECF0
RBP=0000000000000815
RIP=00000001402D0D8A
R8=0000000000000815
R9=0000000000000000
R10=0000000000000000
R11=0000000140A0D7E8
R12=000000000000000B
R13=00000000000013CD
R14=000000000000FFFF
R15=00000000000013CD

1402D0E89 - 41 89 2E - mov [r14],ebp

Code:

1402D0E7D - 48 8D 0D FC2A6F00 - lea rcx,[Risen3.exe+9C3980]
1402D0E84 - E8 D75DF2FF - call Risen3.exe+1F6C60
1402D0E89 - 41 89 2E - mov [r14],ebp <<
1402D0E8C - 48 8B 03 - mov rax,[rbx]
1402D0E8F - 41 8B D4 - mov edx,r12d

RAX=0000000000000001
RBX=0000000006E25108
RCX=000000000014ED08
RDX=000000000000000B
RSI=000000001990F901
RDI=00000001409B9D4B
RSP=000000000014ECF0
RBP=0000000000000815
RIP=00000001402D0E8C
R8=00000000000005DC
R9=0000000000000000
R10=0000000000000000
R11=000000000014EC90
R12=000000000000000B
R13=00000000000013CD
R14=0000000006E25154
R15=00000000000013CD

i try lot of methods and i read lot of tutorial. Bu still i can't. Yeah i can find pointers or i can inject Glory but i can't do it multiple injections.
My Last AOB Tryed injection Code:

Code:

//=========================================
// Tanımlamalar
define(RPS,"Risen3.exe"+2D0D85)
[ENABLE]
//=========================================
// Bu hilenin bu oyun versiyonu ile uyumlu olup olmadığını kontrol et
// Eğer uyumlu değilse tablo aktifleşmeyecektir
aobscanmodule(RPS,Risen3.exe,46 8B 6C A1 20) // should be unique
//=========================================
alloc(Hile,$1000,"Risen3.exe")
//=========================================
// Belirtmeler
label(_ReadHero)
label(_ExitH)
label(_BackRPS)
label(iEnableGM)
label(iEnableMPH)
label(iMinGlory)
globalalloc(pHero,4)
//=========================================
// Sembol Tanımlamarı
registersymbol(RPS)
registersymbol(iEnableGM)
registersymbol(iEnableMPH)
registersymbol(iMinGlory)
//=========================================
Hile:
//=========================================
_ReadHero:
cmp r12,0A
jne _ExitH
mov [pHero],rcx
cmp [iEnableMPH],0
jne _ExitH:

mov esi,[iMinGlory]
cmp esi,[rcx+4C]
jle _ExitH
mov [rcx+4C],esi
//=========================================
_ExitH:
mov r13d,[rcx+r12*4+20]
jmp _BackRPS
//=========================================
// Değişkenler
iEnableGM:
dd 0
iEnableMPH:
dd 0
iMinGold:
dd #99999
iMinGlory:
dd #3600
//=========================================
// Hackleme Bölgeleri
RPS:
jmp _ReadHero
_BackRPS:
//=========================================
// Orjinal Kodlar
[DISABLE]
RPS:
db 46 8B 6C A1 20
//=========================================
// Sembol Kayıtlarını Silme
unregistersymbol(RPS)
unregistersymbol(iEnableGM)
unregistersymbol(iEnableMPH)
unregistersymbol(iMinGlory)
//=========================================
dealloc(Hile)
//============= Kod Sonu ===============

Glory.png

Description:

HeroPoint(Glory) accesses and writes

Filesize:

19.08 KB

Viewed:

6427 Time(s)

Health.png

Description:

Health accesses and writes

Filesize:

15.48 KB

Viewed:

6427 Time(s)

CE.png

Description:

My values

Filesize:

2.78 KB

Viewed:

6427 Time(s)

Last edited by technobecet on Wed Oct 19, 2016 3:10 am; edited 3 times in total

Zanzer
I post too much

Reputation: 126

Joined: 09 Jun 2013
Posts: 3278

Posted: Tue Oct 18, 2016 5:27 pm Post subject:

Code:

[ENABLE]
aobscanmodule(RPS,Risen3.exe,46 8B 6C A1 20)
alloc(newmem,$1000,RPS)

label(code)
label(return)
label(pHero)

newmem:
cmp r12,0B
jne @f
mov [pHero],rcx
mov r13d,[iMinGlory]
cmp r13d,[rcx+r12*4+20]
jle @f
mov [rcx+r12*4+20],r13d
@@:
cmp r12,0A
jne @f
cmp rcx,[pHero]
jne @f
mov [rcx+r12*4+20],#999
code:
mov r13d,[rcx+r12*4+20]
jmp return

pHero:
dq 0

iMinGlory:
dd #3600

RPS:
jmp newmem
return:
registersymbol(RPS)
registersymbol(pHero)
registersymbol(iMinGlory)

[DISABLE]
RPS:
db 46 8B 6C A1 20
unregistersymbol(RPS)
unregistersymbol(pHero)
unregistersymbol(iMinGlory)
dealloc(newmem)

technobecet
How do I cheat?

Reputation: 0

Joined: 14 Oct 2016
Posts: 3

Posted: Wed Oct 19, 2016 1:12 am Post subject:

Thanks for the help, but it did not work. But can you explain this @f, @@: and when use the code: really thanks.
Edit :
Okay Finally MinGlory working
Last Code:

Code:

//=========================================
// Tanımlamalar
define(RPS,"Risen3.exe"+2D05FD)
[ENABLE]
//=========================================
// Bu hilenin bu oyun versiyonu ile uyumlu olup olmadığını kontrol et
// Eğer uyumlu değilse tablo aktifleşmeyecektir
assert(RPS,8B 44 81 20 C3 CC CC CC CC CC CC CC CC CC CC CC CC CC CC 83 FA 6A)
//=========================================
alloc(Hile,$1000,"Risen3.exe")
//=========================================
// Belirtmeler
label(_ReadHero)
label(_ExitReadH)
label(_BackRPS)
label(iEnableGM)
label(iEnableMPH)
label(iMinGlory)
globalalloc(pHero,4)
//=========================================
// Sembol Tanımlamarı
registersymbol(RPS)
registersymbol(iEnableGM)
registersymbol(iEnableMPH)
registersymbol(iMinGlory)
//=========================================
Hile:
//=========================================
_ReadHero:
push ebx //Glory puanlarını karşılaştırma adına yeni bir hafıza kaydı ekle

mov [pHero],rcx // Oyuncu bilgilerini [pHero] belirtmesine yazdır.

cmp dword ptr [iEnableMPH],0 //Hilenin aktifliğini kontrol et
je _ExitReadH // Aktif değil ise atla

mov ebx,[iMinGlory] //Hafıza kaydına belirtilen minimum Glory puanını yazdır
cmp ebx,[rcx+4C] //Minumum Glory ile şuanki Glory'yi karşılaştır
jle _ExitReadH //Eşit yada daha fazla ise atla

mov [rcx+4C],ebx //Değil se Minimum glory'yi Glory'e yazdır

_ExitReadH:
pop ebx //Karşılaştırma için eklenen hafıza kaydını kaldır
mov eax,[rcx+rax*4+20] // Orjinal Kod
ret // Orjinal Kod
jmp _BackRPS // Ana koda geri dön
//=========================================
// Değişkenler
iEnableGM:
dd 0
iEnableMPH:
dd 0
iMinGold:
dd #99999
iMinGlory:
dd #3600
//=========================================
// Hackleme Bölgeleri
RPS:
jmp _ReadHero
_BackRPS:
//=========================================
// Orjinal Kodlar
[DISABLE]
RPS:
//mov eax,[rcx+rax*4+20]
//ret
db 8B 44 81 20 C3
//=========================================
// Sembol Kayıtlarını Silme
unregistersymbol(RPS)
unregistersymbol(iEnableGM)
unregistersymbol(iEnableMPH)
unregistersymbol(iMinGlory)
//=========================================
dealloc(Hile)
//============= Kod Sonu ===============

But still i need god mode.
İ think about it and find a way but i don't know how to do this.

Code:

RCX base address [RCX+48]= 6E25150 Health
RCX base address [RCX+4C]= 6E25154 Glory
RCX base address [RCX+44]= 6E2514C My Full Health

1402D0E89 - 41 89 2E - mov [r14],ebp in here

Code:

R14=0000000006E25154 = Glory
R14=0000000006E25150 = Health

i want to do this if R14 Health mov [r14],[RCX+44] or mov [r14],#999
How can i do this?

technobecet
How do I cheat?

Reputation: 0

Joined: 14 Oct 2016
Posts: 3

Posted: Wed Oct 19, 2016 10:35 am Post subject:

Finally i finish Cheat Table and script.
Last Version:

Code:

{
===========================================
Game Title : Risen 3 - Titan Lords
Game Version : 3.0.30.0 (Steam)
Process Name : Risen3.exe
CE Version : 6.5.1
Release Date : 13.10.2016
Developer : TechnoBeceT
Features:
- God Mode
- Minimum Glory
- Minimum Gold
- Stat Pointers
===========================================
}
//=========================================

//=========================================
// Tanımlamalar
define(RPS,"Risen3.exe"+2D05FD)
define(RGV,"Risen3.exe"+359240)
define(RWS,"Risen3.exe"+2D0E89)
[ENABLE]
//=========================================
// Bu hilenin bu oyun versiyonu ile uyumlu olup olmadığını kontrol et
// Eğer uyumlu değilse tablo aktifleşmeyecektir
assert(RPS,8B 44 81 20 C3 CC CC CC CC CC CC CC CC CC CC CC CC CC CC 83 FA 6A)
assert(RGV,8B 41 38 C3 CC CC CC CC CC CC CC CC CC CC CC CC 40 53 48 83 EC 20)
assert(RWS,41 89 2E 48 8B 03 41 8B D4)
//=========================================
alloc(Hile,$1000,"Risen3.exe")
//=========================================
// Belirtmeler
label(_ReadHero)
label(_ExitReadH)
label(_BackRPS)
label(_WriteHero)
label(_ExitWriteH)
label(_BackRWS)
label(_ReadGold)
label(_ExitReadG)
label(_BackRGV)
label(iEnableGMD)
label(iEnableMPH)
label(iEnableMPG)
label(iMinGold)
label(iMinGlory)
globalalloc(pHero,4)
//=========================================
// Sembol Tanımlamarı
registersymbol(RPS)
registersymbol(RWS)
registersymbol(RGV)
registersymbol(iEnableGMD)
registersymbol(iEnableMPH)
registersymbol(iEnableMPG)
registersymbol(iMinGold)
registersymbol(iMinGlory)
//=========================================
Hile:
//=========================================
_ReadHero:
push ebx // Glory puanlarını karşılaştırma adına yeni bir hafıza kaydı ekle

mov [pHero],rcx // Oyuncu bilgilerini [pHero] belirtmesine yazdır.

cmp dword ptr [iEnableMPH],0 // Hilenin aktifliğini kontrol et
je _ExitReadH // Aktif değil ise atla

mov ebx,[iMinGlory] // Hafıza kaydına belirtilen minimum Glory puanını yazdır
cmp ebx,[rcx+4C] // Minumum Glory ile şuanki Glory'yi karşılaştır
jle _ExitReadH // Eşit yada daha fazla ise atla

mov [rcx+4C],ebx // Değil ise Minimum glory'yi Glory'e yazdır

_ExitReadH:
pop ebx // Karşılaştırma için eklenen hafıza kaydını kaldır
mov eax,[rcx+rax*4+20] // Orjinal Kod
ret // Orjinal Kod
jmp _BackRPS // Ana koda geri dön
//=========================================
_WriteHero:
cmp dword ptr [iEnableGMD],0 // Hilenin aktifliğini kontrol et
je _ExitWriteH // Aktif değil ise atla

cmp rbx,[pHero] // Bilgilerin oyuncu bilgileri olup olmadığını doğrula
jne _ExitWriteH // Değil ise atla

cmp r12,0A // İşlenen bilginin sağlık olup olmadığını kontrol et
jne _ExitWriteH // Değil ise atla

mov ebp,#999 // Sağlığı yükselt

_ExitWriteH:
mov [r14],ebp // Orjinal Kod
mov rax,[rbx] // Orjinal Kod
jmp _BackRWS // Ana koda geri dön
//=========================================
_ReadGold:
push ebx // Altın değerini karşılaştırma adına yeni bir hafıza kaydı ekle
cmp dword ptr [iEnableMPG],0 // Hilenin Aktifliğini kontrol et
je _ExitReadG // Aktif değil ise atla

mov ebx,[iMinGold] // Hafıza kaydına belirtilen minimum altın'ı yazdır
cmp [rcx+38],ebx // Minumum altın ile şuanki altını karşılaştır
jge _ExitReadG // Eşit yada daha fazla ise atla

mov [rcx+38],ebx // Değil ise minimum altın'ı şuanki altına yazdır
_ExitReadG:
pop ebx // Karşılaştırma için eklenen hafıza kaydını kaldır
mov eax,[rcx+38] // Orjinal Kod
ret // Orjinal Kod
int 3 // Orjinal Kod
jmp _BackRGV // Ana koda geri dön
//=========================================
// Değişkenler
iEnableGMD:
dd 0
iEnableMPH:
dd 0
iEnableMPG:
dd 0
iMinGold:
dd #3600
iMinGlory:
dd #3600
//=========================================
// Hackleme Bölgeleri
RPS:
jmp _ReadHero
_BackRPS:
RWS:
jmp _WriteHero
nop
_BackRWS:
RGV:
jmp _ReadGold
_BackRGV:
//=========================================
// Orjinal Kodlar
[DISABLE]
RPS:
//mov eax,[rcx+rax*4+20]
//ret
db 8B 44 81 20 C3
RWS:
db 41 89 2E 48 8B 03
RGV:
db 8B 41 38 C3 CC
//=========================================
// Sembol Kayıtlarını Silme
unregistersymbol(RPS)
unregistersymbol(RGV)
unregistersymbol(RWS)
unregistersymbol(iEnableGMD)
unregistersymbol(iEnableMPH)
unregistersymbol(iEnableMPG)
unregistersymbol(iMinGold)
unregistersymbol(iMinGlory)
//=========================================
dealloc(Hile)
//============= Kod Sonu ===============

[/b]

Risen 3 - Titan Lords v3.0.30.0(Change 339282) Steam.CT

Description:

İf you want to Risen 3 Latest version cheats, feel free to use.

Download

Filename:

Risen 3 - Titan Lords v3.0.30.0(Change 339282) Steam.CT

Filesize:

52.78 KB

Downloaded:

678 Time(s)

Display posts from previous:

	Cheat Engine Forum Index -> General Gamehacking	All times are GMT - 6 Hours
Page 1 of 1

Jump to:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum