Cheat Engine

Reak · Posted: Mon Oct 15, 2007 7:33 am Post subject: [Delphi] Searching for AOB's

foreword: Well my overall-knowledge is damn low, but my knowledge in ASM is VERRYY low.

Some of you guys know GameVision. (Made by Shu)
It updates scripts/pointers..whatever.
But how does it work ?
How can I search for AOB's in another process to get the adress?
I asked the same question in another forum, a delphi forum. But they didn't really understand what Im talking about, they said the adress Im talking about likes 00643E7E is a offset.
Idk if it's true. But here's my question...
How can I scan for an AOB in a process to get the adress/offset and save it in a variable ?

atom0s · Posted: Mon Oct 15, 2007 10:28 am Post subject:

I can't help with the code, but I can point out what you will need.

Firstly, if the game is using code shifting, you would need to know the base address of the module that the pointer is located in. I will use HL2 for this example. Everything player based is based on server.dll.

So the first three things you will need is:
- Process ID of HL2.exe [For OpenProcess to get handle.]
- Module Base of server.dll
- Module Size of server.dll

You want the base and size because you only want to scan in this modules memory, scanning else where will take more time and may locate AoB's that you don't want.

To get the process ID, module base and size you will need the following API:
- CreateToolhelp32Snapshot
- Process32First
- Process32Next
- Module32First
- Module32Next
- OpenProcess
- CloseHandle

(Theres other ways to get the above info, this is the easiest method.)

Next, once you have the above info, you will want to open the process for at least reading access, but, PROCESS_ALL_ACCESS does the trick Wink

Once open, you will need to copy the memory of the module space into a temporary buffer. To do that, you will need:
- ReadProcessMemory

Create a buffer array to hold the bits, the buffer should be the size of the module that you will be scanning, then the read should be something like:

ReadProcessMemory( gHandle, pBaseAddress, &pBuffer, dwModuleSize, NULL );

Which reads the memory of the dll (start at the dlls base address) and reads the full size of it into your buffer. Now that its in your applications memory, you can use memcmp (memory compare) to compare against another buffer which would hold your AoB.

So you would need to loop the size of the module for that in a for loop stepping 1 spot each time. (This method doesn't include unknown bytes that change so you will need to do a little more work to do that.)

So you would do something like:

SXGuy · Posted: Mon Oct 15, 2007 10:40 am Post subject:

i dont think that helps at all.

there will be tons of arrays which hold the first byte, he wants to know the exact array.

atom0s · Posted: Mon Oct 15, 2007 12:00 pm Post subject:

Symbol · Posted: Mon Oct 15, 2007 12:25 pm Post subject:

You could check the scan when type is "Array of Bytes" in the ce source. Wink

Good luck? Laughing