 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
kik4444
Expert Cheater
 Reputation: 0
Joined: 07 Sep 2013
Posts: 120
Location: Bulgaria
|
 Posted: Sun Dec 01, 2013 5:17 am Post subject: AOB scan |
 |
|
When doing an aobscan to see if an option for a trainer would still work, how do I know which bytes I have to scan? Also I've noticed that in CE 6.4 (which I still don't have), there's an option for an AOB injection. What's the difference between that and a normal script? Does it automatically find the correct bytes?
_________________
Silence will fall when the question is asked... |
|
| Back to top |
|
 |
Chris12
Expert Cheater
![]() Reputation: 1
Joined: 27 Apr 2012
Posts: 103
|
| Posted: Sun Dec 01, 2013 6:09 am Post subject: |
|
|
Serach your AoB in the new executable. If there is result and it's more or less at the same position then your code should still work.
Of course it's not guaranteed but the chance is quite high that it will still work.
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Sun Dec 01, 2013 12:01 pm Post subject: |
|
|
The bytes are shown in 'Memory Viewer', in the 'Bytes' column. They are also automatically added to your script when you use 'cheat table framework code' and then 'code injection'. For example, they will be written at the bottom, like so:
| Code: | | //Alt: db E8 2C 04 00 00 |
Here is a template I use for AOB (with added info):
| Code: |
[ENABLE]
aobscan(AOB1,?? ?? ?? ?? ?? ?? ?? ?? ??) //Put AOB code here, can be customized and can have wildcards
alloc(newmem,40)
label(returnhere)
label(XX1) //all labels XX1 can be changed to whatever, I typically increment them as I add more scripts (e.g. XX1, then XX2, then XX3 etc....same with AOB1, AOB2 etc.)
registersymbol(XX1)
newmem:
?????????????????????? //new code here
jmp returnhere
AOB1:
XX1:
jmp newmem
?????????????????????? //required nop's here, if any
returnhere:
[DISABLE]
dealloc(newmem)
XX1:
db ?? ?? ?? ?? ?? ?? ?? ?? ?? //AOB info to restore code, can be written as assembly code
unregistersymbol(XX1) |
|
|
| Back to top |
|
|
daspamer
Grandmaster Cheater Supreme
 Reputation: 54
Joined: 13 Sep 2011
Posts: 1588
|
| Posted: Sun Dec 01, 2013 12:43 pm Post subject: |
|
|
| Code: | [ENABLE]
registersymbol(AOB1)
aobscan(AOB1,?? ?? ?? ?? ?? ?? ?? ?? ??) //Put AOB code here, can be customized and can have wildcards
alloc(newmem,40)
label(returnhere)
newmem:
?????????????????????? //new code here
jmp returnhere
AOB1:
jmp newmem
?????????????????????? //required nop's here, if any
returnhere:
[DISABLE]
dealloc(newmem)
AOB1:
db ?? ?? ?? ?? ?? ?? ?? ?? ?? //AOB info to restore code, can be written as assembly code
unregistersymbol(AOB1) |
_________________
I'm rusty and getting older, help me re-learn lua. |
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Sun Dec 01, 2013 4:00 pm Post subject: |
|
|
| Yes, either way should work. My template was based off of an old script that Geri had published as part of his AOB tutorial.
|
|
| Back to top |
|
|
daspamer
Grandmaster Cheater Supreme
Reputation: 54
Joined: 13 Sep 2011
Posts: 1588
|
| Posted: Sun Dec 01, 2013 7:09 pm Post subject: |
|
|
| ++METHOS wrote: | | Yes, either way should work. My template was based off of an old script that Geri had published as part of his AOB tutorial. |
Yes yours is the method that was used in C.E 6.2
While in the new version, you can skip the label stuff and etc.
_________________
I'm rusty and getting older, help me re-learn lua. |
|
| Back to top |
|
|
kik4444
Expert Cheater
Reputation: 0
Joined: 07 Sep 2013
Posts: 120
Location: Bulgaria
|
| Posted: Thu Dec 19, 2013 1:37 pm Post subject: |
|
|
Sorry to bump this up again, but I finally tried doing it on a game, and it crashes it. Here's the code I used:
| Code: | define(game,"StateOfDecay.exe"+1112A0F)
define(bytes,CC 0F 11 80 AC 00 00 00)
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
registersymbol(aob1)
label(returnhere)
aobscan(aob1,bytes)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
push eax
mov eax,(float)999999
movd xmm0,eax
pop eax
game:
jmp newmem
nop
nop
nop
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
game:
movss [eax+000000AC],xmm0
db bytes
unregistersymbol(aob1) |
_________________
Silence will fall when the question is asked... |
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Thu Dec 19, 2013 2:27 pm Post subject: |
|
|
| Code: | [ENABLE]
aobscan(AOB1,CC 0F 11 80 AC 00 00 00) //Perform an array of byte scan on this to ensure that this is the only instance that occurs in code; modify if necessary
alloc(newmem,248)
label(returnhere)
registersymbol(AOB1)
newmem:
push eax
mov eax,(float)999999
movd xmm0,eax
pop eax
jmp returnhere
AOB1:
jmp newmem
nop
nop
nop
returnhere:
[DISABLE]
dealloc(newmem)
AOB1:
movss [eax+000000AC],xmm0
unregistersymbol(AOB1) |
|
|
| Back to top |
|
|
kik4444
Expert Cheater
Reputation: 0
Joined: 07 Sep 2013
Posts: 120
Location: Bulgaria
|
| Posted: Sat Dec 21, 2013 9:57 am Post subject: |
|
|
I tried this code on the same game after studying Geri's tutorial, and when I try to activate it, CE freezes for a few seconds and refuses to activate the code.
| Code: | [ENABLE]
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
label(test)
registersymbol(test)
aobscan(aob1,CC 0F 11 80 AC 00 00 00)
newmem:
push eax
mov eax,(float)999999
movd xmm0,eax
pop eax
originalcode:
movss [eax+000000AC],xmm0
exit:
jmp returnhere
aob1:
test:
jmp newmem
nop
nop
nop
returnhere:
[DISABLE]
dealloc(newmem)
test:
db CC 0F 11 80 AC 00 00 00
unregistersymbol(test)
|
_________________
Silence will fall when the question is asked... |
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Sat Dec 21, 2013 11:18 am Post subject: |
|
|
| Code: | [ENABLE]
alloc(newmem,248)
label(returnhere)
label(originalcode)
registersymbol(aob1)
aobscan(aob1,CC 0F 11 80 AC 00 00 00) //You must check this (make sure 'writable' box is filled-in with solid square) to ensure that there are no other instances occurring in code
newmem:
push eax
mov eax,(float)999999
movd xmm0,eax
pop eax
originalcode:
movss [eax+000000AC],xmm0
jmp returnhere
aob1:
jmp newmem
nop
nop
nop
returnhere:
[DISABLE]
dealloc(newmem)
aob1:
db CC 0F 11 80 AC 00 00 00
unregistersymbol(aob1)
|
|
|
| Back to top |
|
|
kik4444
Expert Cheater
Reputation: 0
Joined: 07 Sep 2013
Posts: 120
Location: Bulgaria
|
| Posted: Sat Dec 21, 2013 11:51 am Post subject: |
|
|
I tried just pasting your entire code that you posted, and the same things happens - CE freezes for a few seconds, after which it unfreezes without the code activating. And I tried doing an AOB search with this:
CC 0F 11 80 AC 00 00 00 * * * * * * * * * * * * * * * *
and I made sure that WRITABLE and EXECUTABLE had a square in them, after scanning for 2 seconds, it shows up with 0 addresses
ALSO, not sure if this matters, but I'm using CE 6.3 so is this code example for the usual code injection, or for the new AOB injection in the 6.4 beta, which I still don't have?
EDIT: Just noticed something. Have the bytes changed? Cause I tried searching for those even without the stars, then I tried searching for them in the memory with and without the stars and nothing showed up. Have the bytes changed or something? Cause I'm pretty sure that the last time I searched for them (which was the previous time I booted the game up) they were there, now nothing. Is it possible for bytes to change? Cause I know that SOME game updates change the bytes, but I haven't updated the game or edited it in any way.
_________________
Silence will fall when the question is asked... |
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Sat Dec 21, 2013 12:03 pm Post subject: |
|
|
Do an AOB scan for this:
CC 0F 11 80 AC 00 00 00
You should have at least 1 result, assuming you did everything right. (Make sure you haven't altered any other settings - such as your search range)
EDIT:
In memory viewer, if you right-click and select 'go to address', and paste this in:
"StateOfDecay.exe"+1112A0F
Is the instruction correct? If so, highlight it, select tools/auto assemble, template/cheat table framework code/template/code injection etc., and check to see that your script is set up correctly. Check to see that this is the same:
//Alt: db CC 0F 11 80 AC 00 00 00
|
|
| Back to top |
|
|
kik4444
Expert Cheater
Reputation: 0
Joined: 07 Sep 2013
Posts: 120
Location: Bulgaria
|
| Posted: Sat Dec 21, 2013 3:33 pm Post subject: |
|
|
EDIT: ok, did it like this
| Code: | [ENABLE]
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
registersymbol(aob1)
aobscan(aob1,F3 0F 11 80 AC 00 00 00 F3 0F 10 44 24 08 F3 0F 11 80 B0 00 00 00 C3 CC)
newmem:
push eax
mov eax,(float)999999999
movd xmm0,eax
pop eax
jmp returnhere
originalcode:
movss [eax+000000AC],xmm0
exit:
jmp returnhere
aob1:
jmp newmem
nop
nop
nop
returnhere:
[DISABLE]
dealloc(newmem)
aob1:
db F3 0F 11 80 AC 00 00 00
unregistersymbol(aob1) |
it works perfectly now
My next question is: How can this be used to (for example) spawn items in games?
Also on a sidenote: How do I integrate speedhack as an option? For example 1 option increases speed hack, 1 decreases it and one sets it to normal?
_________________
Silence will fall when the question is asked... |
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Sat Dec 21, 2013 5:51 pm Post subject: |
|
|
To be sure, close the game and close out cheat engine, completely...run the game and re-open cheat engine...try to search for your AOB (do not enable script unless AOB is found by a manual search). If you can't find your AOB, search for the short version:
F3 0F 11 80 AC 00 00 00
If that doesn't work, then I believe you may be dealing with an encrypted target process.
By the way:
| Code: | newmem:
push eax
mov eax,(float)999999999
movd xmm0,eax
pop eax
jmp returnhere
originalcode:
movss [eax+000000AC],xmm0 |
Your originalcode is not getting executed here.
EDIT:
You appear to have revised your post. Is it working now? What happened?
EDIT2:
You can integrate the speed hack function by using an LUA script. Alternatively, you can try looking for the value in the game code that handles game speed.
|
|
| Back to top |
|
|
kik4444
Expert Cheater
Reputation: 0
Joined: 07 Sep 2013
Posts: 120
Location: Bulgaria
|
| Posted: Sat Dec 21, 2013 5:58 pm Post subject: |
|
|
Yeah, I forgot that closing CE while the cheat is running DOESN'T actually stop the cheat as well, so when I restarted CE and started it again, I couldn't find the bytes, cause the previous cheat was still running so the bytes weren't the same as they were when it WASN'T running, but anyways I got it all sorted out now.
Can you show me an example of speedhack running in LUA as an option?
And how can AOB be used to hack things that are usually not hackable via searching for a value? Things like the price of an item in a game where you buy stuff, or backpack space? I know there's a really big State Of Decay CT trainer with stuff like backpack space as an option. How do you do that? Cause in most games (even tho you can swap backpacks for more room) backpack space is static and there's no way to change it, so how do you go about actually finding the code that's used to change backpack space? I know Ultimap is very useful for some of these things, but I have an AMD CPU, so Ultimap isn't really an option for me.
_________________
Silence will fall when the question is asked... |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
