 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Xoslorg
How do I cheat?
![]() Reputation: 0
Joined: 03 Nov 2016
Posts: 5
Location: A Coruņa, Spain
|
 Posted: Sat Jul 22, 2017 10:27 am Post subject: Help with aobscan. |
 |
|
Hi I'm trying to implement aobscan in a script in the Axiom Verge Steam game but it does not work for me and I'm out of my mind.
The posting of the scripts.
First: With assert, it works perfectly.
| Code: | define(address,OuterBeyond.THSaveData::SubtractHitPoints+25)
define(bytes,29 81 B0 00 00 00)
define(_HEALTH_CURRENT,000000B0)
define(_HEALTH_MAXIMUM,000000B4)
[ENABLE]
assert(address,bytes)
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
label(code)
label(PLAYER_BaseAddress)
label(healthMaximum)
registersymbol(PLAYER_BaseAddress)
registersymbol(healthMaximum)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
PLAYER_BaseAddress:
dd 0
dd 0
healthMaximum:
push eax
mov eax,[ecx+000000b4]
mov [ecx+000000b0],eax
pop eax
jmp returnhere
code:
// La Inyeccion comienza aqui.
mov [PLAYER_BaseAddress],ecx
jmp healthMaximum
originalcode:
//sub [ecx+_HEALTH_CURRENT],eax
exit:
jmp returnhere
address:
jmp code
nop
returnhere:
[DISABLE]
address:
sub [ecx+_HEALTH_CURRENT],eax
dealloc(newmen)
unregistersymbol(PLAYER_BaseAddress)
unregistersymbol(healthMaximum)
{
OuterBeyond.THSaveData::SubtractHitPoints+1C - F2 0F10 04 24 - movsd xmm0,[esp]
OuterBeyond.THSaveData::SubtractHitPoints+21 - F2 0F2C C0 - cvttsd2si eax,xmm0
---------------------------------------------------------------------------------------------
OuterBeyond.THSaveData::SubtractHitPoints+25 - 29 81 B0000000 - sub [ecx+000000B0],eax << INJECT - Decrease health.
---------------------------------------------------------------------------------------------
OuterBeyond.THSaveData::SubtractHitPoints+2B - 83 B9 B0000000 00 - cmp dword ptr [ecx+000000B0],00
} |
Second: With aobscan, which does not work for me.
| Code: | define(bytes,29 81 B0 00 00 00)
define(_HEALTH_CURRENT,000000B0)
define(_HEALTH_MAXIMUM,000000B4)
[ENABLE]
aobscan(aobbaseaddress,bytes)
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
label(code)
label(PLAYER_BaseAddress)
label(healthMaximum)
registersymbol(aobbaseaddress)
registersymbol(PLAYER_BaseAddress)
registersymbol(healthMaximum)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
PLAYER_BaseAddress:
dd 0
healthMaximum:
push eax
mov eax,[ecx+000000b4]
mov [ecx+000000b0],eax
pop eax
jmp returnhere
code:
// La Inyeccion comienza aqui.
mov [PLAYER_BaseAddress],ecx
jmp healthMaximum
originalcode:
//sub [ecx+_HEALTH_CURRENT],eax
exit:
jmp returnhere
aob:
jmp code
nop
returnhere:
[DISABLE]
aobbaseaddress:
sub [ecx+_HEALTH_CURRENT],eax
dealloc(newmen)
unregistersymbol(PLAYER_BaseAddress)
unregistersymbol(healthMaximum)
unregistersymbol(aob)
{
OuterBeyond.THSaveData::SubtractHitPoints+1C - F2 0F10 04 24 - movsd xmm0,[esp]
OuterBeyond.THSaveData::SubtractHitPoints+21 - F2 0F2C C0 - cvttsd2si eax,xmm0
---------------------------------------------------------------------------------------------
OuterBeyond.THSaveData::SubtractHitPoints+25 - 29 81 B0000000 - sub [ecx+000000B0],eax << INJECT - Decrease health.
---------------------------------------------------------------------------------------------
OuterBeyond.THSaveData::SubtractHitPoints+2B - 83 B9 B0000000 00 - cmp dword ptr [ecx+000000B0],00
} |
Can someone throw me some light, thank you.
Sorry for my faulty English. |
|
| Back to top |
|
 |
panraven
Grandmaster Cheater
![]() Reputation: 62
Joined: 01 Oct 2008
Posts: 958
|
| Posted: Sat Jul 22, 2017 10:54 am Post subject: |
|
|
AOBScan and friends execute before DEFINE command, so what AOBscan see the text 'bytes' is an aob itself instead of the defined textual pattern "29 81 B0 00 00 00" (when define works, which's not for aobscan).
The aobscan will see 'bytes' as aob pattern but some non-hexidecimal digit will seen as wild card, so what aobscan search is "bytes" -> "b? ?e ??".
Try write the aob pattern explicitly.
btw, if scan starting address is known, using aobscanRegion will have a quicker scan,eg
| Code: |
aobscanRegion(aobbaseaddress, OuterBeyond.THSaveData::SubtractHitPoints+000,OuterBeyond.THSaveData::SubtractHitPoints+100,29 81 B0 00 00 00)
|
_________________
- Retarded. |
|
| Back to top |
|
|
Xoslorg
How do I cheat?
![]() Reputation: 0
Joined: 03 Nov 2016
Posts: 5
Location: A Coruņa, Spain
|
| Posted: Sat Jul 22, 2017 11:06 am Post subject: |
|
|
Thanks for the quick reply panraven.
I already tried and it does not work, it continues discounting life.
| Code: | //define(bytes,29 81 B0 00 00 00)
define(_HEALTH_CURRENT,000000B0)
define(_HEALTH_MAXIMUM,000000B4)
[ENABLE]
aobscan(aobbaseaddress,29 81 B0 00 00 00)
|
|
|
| Back to top |
|
|
panraven
Grandmaster Cheater
![]() Reputation: 62
Joined: 01 Oct 2008
Posts: 958
|
| Posted: Sat Jul 22, 2017 11:35 am Post subject: |
|
|
Where the symbol "aob" come from?
| Code: |
exit:
jmp returnhere
aob: //////////// here, should be aobbaseaddress?
jmp code
nop
returnhere:
[DISABLE]
aobbaseaddress:
sub [ecx+_HEALTH_CURRENT],eax
|
_________________
- Retarded. |
|
| Back to top |
|
|
Xoslorg
How do I cheat?
![]() Reputation: 0
Joined: 03 Nov 2016
Posts: 5
Location: A Coruņa, Spain
|
| Posted: Sat Jul 22, 2017 11:41 am Post subject: |
|
|
Lol, what a mistake  , I did not see, thank you very much, and I was going crazy.
Do not change aob for aobaddress.
And thank you, I did not know aobscanModule or aobscanRegion. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
